005 Computerprogrammierung, Programme, Daten
Refine
Departments, institutes and facilities
- Institut für Cyber Security & Privacy (ICSP) (161)
- Institut für Verbraucherinformatik (IVI) (108)
- Fachbereich Informatik (63)
- Fachbereich Wirtschaftswissenschaften (58)
- Institut für Technik, Ressourcenschonung und Energieeffizienz (TREE) (7)
- Fachbereich Ingenieurwissenschaften und Kommunikation (3)
- Graduierteninstitut (1)
- Institut für funktionale Gen-Analytik (IFGA) (1)
- Institute of Visual Computing (IVC) (1)
- Zentrum für Ethik und Verantwortung (ZEV) (1)
Document Type
- Conference Object (187)
- Article (76)
- Part of a Book (21)
- Book (monograph, edited volume) (12)
- Contribution to a Periodical (8)
- Working Paper (4)
- Conference Proceedings (3)
- Master's Thesis (3)
- Research Data (2)
- Doctoral Thesis (2)
Year of publication
Keywords
- Usable Security (10)
- GDPR (8)
- Cloud (5)
- HTTP (5)
- Privacy (5)
- Usable Privacy (5)
- security (5)
- usable privacy (5)
- Big Data Analysis (4)
- Global Software Engineering (4)
Das Deutsche Zentrum für Luft- und Raumfahrt (DLR) führt viele Forschungen und Studien im Bereich der Luft- und Raumfahrt durch. Dabei spielen die Studien für die Gesundheit und Medizin auch eine sehr wichtige Rolle bei der DLR. Zu diesem Zweck führt die DLR die Artificial Gravity bed rest study (AGBRESA) im Auftrag der European Space Agency (esa) und in Kooperation der NASA durch. In dieser Studie werden die negativen Auswirkungen der Schwerelosigkeit auf dem Menschen im Weltall simuliert. Dabei werden Experimente durchgeführt, um die negative Auswirkungen entgegenzuwirken. Die Ergebnisse der Experimente werden in der DLR digital, aber auch auf Papier dokumentiert. In diesem Master-Projekt habe ich nun die Aufgabe, die Papierprotokolle für den Bereich der Blutabnahme und der Labordokumentation in eine digitale Form zu ersetzen.
Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study
(2016)
Das autonome Fahren wird die Mobilität revolutionieren. Um die Auswirkung der Vollautomation auf dieEigenschaften der Verkehrsmittel und die Präferenzen der Nutzer besser zu verstehen, haben wir dieNutzenwerte neuen Verkehrsmodi im Vergleich zu den bestehenden Verkehrsmodi analysiert und imRahmen einer Online-Umfrage von potentiellen Nutzern in Form eines vollständigen Paarvergleichsbewerten lassen. Die Studie zeigt, dass der Privat-PKW, unabhängig davon ob traditionell odervollautomatisiert, zwar nach wie vor das präferierte Verkehrsmittel ist, im direkten Vergleich das Carsharingjedoch viel stärker von der Vollautomation profitiert. Darüber hinaus gibt es Hinweise darauf, dass dasvollautomatisierte Carsharing verstärkt in Konkurrenz zum ÖPNV tritt.
Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems' platform providers. To this end, we present the results of an interview study with seven data protection officers representing a total of 12 digital ecosystems in Germany. We identified current and future challenges for the implementation of data protection requirements, covering issues on legal obligations and data subject rights. Our results support stakeholders involved in the implementation of privacy protection measures in digital ecosystems, and form the foundation for future privacy-related studies tailored to the specifics of digital ecosystems.
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor authentication and just as secure. However, users currently obtain RBA's high security and usability benefits at the cost of exposing potentially sensitive personal data (e.g., IP address or browser information). This conflicts with user privacy and requires to consider user rights regarding the processing of personal data. We outline potential privacy challenges regarding different attacker models and propose improvements to balance privacy in RBA systems. To estimate the properties of the privacy-preserving RBA enhancements in practical environments, we evaluated a subset of them with long-term data from 780 users of a real-world online service. Our results show the potential to increase privacy in RBA solutions. However, it is limited to certain parameters that should guide RBA design to protect privacy. We outline research directions that need to be considered to achieve a widespread adoption of privacy preserving RBA with high user acceptance.
Risk-based authentication (RBA) aims to protect users against attacks involving stolen passwords. RBA monitors features during login, and requests re-authentication when feature values widely differ from those previously observed. It is recommended by various national security organizations, and users perceive it more usable than and equally secure to equivalent two-factor authentication. Despite that, RBA is still used by very few online services. Reasons for this include a lack of validated open resources on RBA properties, implementation, and configuration. This effectively hinders the RBA research, development, and adoption progress.
To close this gap, we provide the first long-term RBA analysis on a real-world large-scale online service. We collected feature data of 3.3 million users and 31.3 million login attempts over more than 1 year. Based on the data, we provide (i) studies on RBA’s real-world characteristics plus its configurations and enhancements to balance usability, security, and privacy; (ii) a machine learning–based RBA parameter optimization method to support administrators finding an optimal configuration for their own use case scenario; (iii) an evaluation of the round-trip time feature’s potential to replace the IP address for enhanced user privacy; and (iv) a synthesized RBA dataset to reproduce this research and to foster future RBA research. Our results provide insights on selecting an optimized RBA configuration so that users profit from RBA after just a few logins. The open dataset enables researchers to study, test, and improve RBA for widespread deployment in the wild.
Login Data Set for Risk-Based Authentication
Synthesized login feature data of >33M login attempts and >3.3M users on a large-scale online service in Norway. Original data collected between February 2020 and February 2021.
This data sets aims to foster research and development for <a href="https://riskbasedauthentication.org">Risk-Based Authentication (RBA) systems. The data was synthesized from the real-world login behavior of more than 3.3M users at a large-scale single sign-on (SSO) online service in Norway.