We are currently working on the projects listed below. More information on these is going to follow soon.
Privacy-Preserving Electronic Bartering
Bartering is defined as the cashless act of trading goods and services in exchange for other goods and services. Bartering has been practiced since the early days of humanity and still plays a crucial role in the global economy. Today, a majority of bartering transactions is carried out via online platforms which allow their users to find potential trade partners in a convenient way. An inherent requirement of these platforms is that a user has to disclose its trading capabilities to the operator and typically also to all other users. As a consequence, private information on the personal preferences of a user is leaked which can undermine his bargaining position.
Within our research project (in cooperation with Stevens Institute of Technology), we designed decentralized cryptographic protocols that allow multiple users to determine potential trade partners and to barter offered goods and services while keeping their trade capabilities private. More precisely, a user only learns what he gets and what he has to give away, but no more information about what his trade partners do in return and no information about the trade capabilities and activities of other users.
Ongoing work deals with bringing theoretical solutions into practice by designing a privacy-preserving bartering system which is capable of handling a large number of users and provides several functionalities known from classic bartering platforms.
Please direct potential thesis interest and other questions to: Stefan Wüller.
Privacy Preserving Applications
Today, applications collect and analyze a vast quantity of (digital) information to optimize performance and availability. Rarely, the privacy concerns of users concerning confidential information is respected. Within our research we try to improve certain applications by developing new privacy-preserving protocols which have the same functionality but consider the privacy concerns of users.
A common problem is the collaboration between organizations. Each party defines their own set of rules under which they are willing to collaborate, e.g., interact, share and exchange resources or information with others. Typically, these individual policies differ for different parties. Thus, collaboration requires the resolving of differences and reaching a consensus. This process is generally referred to as policy reconciliation. Current solutions for policy reconciliation do not take into account the privacy concerns of reconciliating parties. Within our research we've developed new protocols that meet the privacy requirements of the organizations and allow parties to find a common policy rule which optimizes their individual preferences.
A following challenging task is the secure information exchange between organizations respecting their privacy concerns. The participating parties have an interest in the availability as well as in the confidentiality of information. A solution should respect the privacy concerns and maximize the availability of information. A possible approach to solve this problem is pseudonymization. Within our research we've constructed new privacy-preserving protocols based on restricted linkable pseudonyms solving the conflict between availability and confidentiality of information.
Please direct potential thesis interest and other questions to: Georg Neugebauer.
Project homepage: Privacy-preserving applications.
In the last decade mobile devices gained popularity and due to their functionality comparable to recent computers users tend to store their sensitive information on mobile devices rendering them an attractive target for mobile malware writers. As a consequence, mobile malware population increases every single year.
The first area of our research studies the ability of host-based anomaly detection systems to detect mobile malware using low level features such as system calls. Our second focus aims to identify sensor placements in current 3G and 4G backbone networks and detect traffic initiated by mobile malware directly in mobile operators' networks.
Please direct potential thesis interest and other questions to w.r.t to detecting mobile malware in mobile devices to Dominik Teubert and w.r.t to detecting mobile malware in mobile networks to Marián Kühnel
Security for Wireless Mesh Networks
In contrast to infrastructure wireless networking, wireless mesh networks employ multi-hop communication. This fact and the different use cases of multi and single provider setup impose new security challenges. Keeping the dynamic nature of these networks in mind, bootstrapping security associations onto the nodes, as well as detection and mitigating malicious behavior is the current focus of our study.
Please direct potential thesis interest and other questions to: Patrick Herrmann.
Previous projects we were involved in:
Security and Privacy in WLAN Roaming
Currently, roaming in Wi-Fi networks is cumbersome, or outright impossible. While there are WLAN networks in many locations, these are either not accessible without manual configuration effort, or insecure, or must be run be the same party the user already has an account with. A proper roaming protocol would help to solve these problems. We have developed a novel protocol suite for roaming WLAN devices that supports authentication, key agreement, and secure payment between roaming devices and network operators.
Please direct potential thesis interest and other questions to: Johannes Barnickel.
Project homepage: Security and Privacy in WLAN Roaming.
Malware Collection and Botnet Monitoring
The threat that malware imposes on computer networks has grown in past years. A big portion of malware samples includes "botnet" functionality and can thus be controlled by its author. Within our research we try to improve current and develop new methods of acquiring and analysing malware. From the malware samples we extract command & control information and are thus able to monitor the botnet's activity. The overall goal of this research is a more secure and less malicious Internet environment.
The work is conducted in cooperation with the mwcollect.org Alliance.