Refine
H-BRS Bibliography
- yes (107) (remove)
Departments, institutes and facilities
- Institut für Cyber Security & Privacy (ICSP) (107) (remove)
Document Type
- Conference Object (74)
- Article (18)
- Part of a Book (4)
- Preprint (4)
- Doctoral Thesis (3)
- Conference Proceedings (2)
- Contribution to a Periodical (1)
- Research Data (1)
Year of publication
Language
- English (107) (remove)
Keywords
- Robotics (6)
- Usable Security (5)
- GDPR (4)
- Risk-based Authentication (4)
- Big Data Analysis (3)
- Cooperative Awareness Message (3)
- IP protection (3)
- Intelligent Transport System (3)
- Machine Learning (3)
- Pseudonym Concept (3)
- Vehicular Ad hoc Networks (3)
- Authentication (2)
- DPA (2)
- Embedded software (2)
- Fault analysis (2)
- Human-Centered Design (2)
- LOTUS Sensor Node (2)
- MESD (2)
- Password (2)
- Privacy (2)
- Rapid Prototyping (2)
- Risk-based Authentication (RBA) (2)
- SEMA (2)
- Side Channel Analysis (2)
- Side-channel analysis (2)
- Smart Card (2)
- TinyECC 2.0 (2)
- Usable Security and Privacy (2)
- User Interface Design (2)
- Vehicle-to-Vehicle Communication (2)
- Wireless Sensor Network (2)
- usable privacy (2)
- AES (1)
- AMD Family 15h (1)
- API Documentation (1)
- ARM Cortex M3 Processor (1)
- Account (Datenverarbeitung) (1)
- Account Security (1)
- Antifuse memory (1)
- Artificial Intelligence (1)
- Assistive robots (1)
- Authentication features (1)
- Authentifikation (1)
- Authorship watermark (1)
- Autonomous Systems (1)
- Bag of Features (1)
- Beacon Chain (1)
- Behaviour-Driven Development (1)
- Benchmarking (1)
- Block cipher (1)
- CPA (1)
- CPUID instruction (1)
- CUDA (1)
- Cache line fingerprinting (1)
- Cache-independent (1)
- Chip ID (1)
- Code Generation (1)
- Code similarity analysis (1)
- Component Models (1)
- Computersicherheit (1)
- Content Security Policies (1)
- Counterfeit protection (1)
- Covert channel (1)
- Cross-core (1)
- Cypher (1)
- DFA Lab (1)
- DPA Lab (1)
- Data Generation (1)
- Data Protection Officer (1)
- Developer Centered Security (1)
- Differential analysis (1)
- Digital Ecosystem (1)
- Digital watermarking (1)
- Domain Expert (1)
- Domain-Specific Modeling Languages, (1)
- Domestic service robots (1)
- E-Health (1)
- EM leakage (1)
- Earth Observation (1)
- Eclipse Modeling Framework (1)
- Elliptic Curve Cryptography (1)
- Employee Privacy (1)
- Employee data protection (1)
- Ethereum (1)
- Expert Interviews (1)
- FPGA implementation (1)
- Fault Channel Watermarking Lab (1)
- Fault-channel watermarks (1)
- Fingerprint watermark (1)
- Graphics Cards (1)
- HTTP (1)
- Header whitelisting (1)
- Human robot interaction (1)
- Human-Robot Interaction (1)
- Humanoid Robot (1)
- IC identification (1)
- Implementation Challenges (1)
- Information Privacy (1)
- Information hiding (1)
- Instruction scheduling (1)
- Integrate Development Environment (1)
- Interactive Smart Card Applications (1)
- Intermediaries (1)
- Language Engineering (1)
- Large-Scale Online Services (1)
- Leakage circuits (1)
- Login (1)
- Manipulation tasks (1)
- Microarchitectural Data Sampling (MDS) (1)
- Model-Based Software Development (1)
- Model-Driven Engineering (1)
- Model-based Approach (1)
- Model-driven Development (1)
- Model-driven engineering (1)
- Multithreaded and multicore architecture (1)
- Neural Machine Translation (1)
- Online Services (1)
- OpenStack (1)
- PHR (1)
- Passwort (1)
- People Detection (1)
- Periodic structures (1)
- Personal Health Record (1)
- Power Analysis (1)
- Privacy engineering (1)
- Privacy patterns (1)
- Process Models (1)
- Proof of Stake (1)
- Public Key Infrastructure (1)
- Public Key Infrastructures (1)
- QoS (1)
- RBAR (1)
- RGB-D (1)
- Re-authentication (1)
- Requirements (1)
- Requirements Engineering (1)
- Reusable Software (1)
- Right to Informational Self-Determination (1)
- Risk-Based Account Recovery (1)
- Robot software (1)
- Robotics competitions (1)
- Robots (1)
- Runtime Adaptation (1)
- SAML (1)
- SOAP (1)
- SQL (1)
- ScalarMultiplication (1)
- Secure Coding Practices (1)
- Semantic gap (1)
- Semantic scene understanding (1)
- Side Channel Countermeasures (1)
- Side Channel Watermarking Lab (1)
- Side channel attack (1)
- Side channels (1)
- Side-channel watermarking (1)
- Similarity matrix (1)
- Simulator (1)
- Smart Card User Interface Design, Interactive Smart Card Applications (1)
- Software (1)
- Software Architectures (1)
- Software Development Process (1)
- Software IP protection (1)
- Software and Architecture (1)
- Software reverse engineering (1)
- Stream cipher (1)
- Support Vector Machine (1)
- Template Attacks (1)
- Testing (1)
- Timing analysis (1)
- Timing channel (1)
- Two-factor Authentication (1)
- UAV teleoperation (1)
- Usability (1)
- User experience design (1)
- User-Centered Design (1)
- User-centered privacy engineering (1)
- Variability Management (1)
- Variability Resolution (1)
- Vehicle-2-Vehicle Communication (1)
- Vehicle-to- Vehicle Communication (V2V) (1)
- Vehicle-to-Infrastructure Communication (1)
- Vehicle-to-Infrastructure Communication (V2I) (1)
- Vehicle-to-Vehicle Com- munication (1)
- Vehicular Ad hoc Networks (VANETs) (1)
- Watermarking (1)
- Web (1)
- XML Signature (1)
- XML Signature Wrapping (1)
- ZombieLoad (1)
- analyses (1)
- analysis (1)
- benchmarking (1)
- blockchain (1)
- classifier combination (1)
- clustering (1)
- component based (1)
- crawling (1)
- cryptanalytic attacks (1)
- denial-of-service (1)
- domestic robots (1)
- eavesdropping (1)
- embedded systems (1)
- employee privacy (1)
- factor analysis (1)
- feature extraction (1)
- force sensing (1)
- human-centred design (1)
- industrial robots (1)
- informational self-determination (1)
- intervention mechanisms (1)
- latent class analysis (1)
- machine learning (1)
- manipulation (1)
- mental models (1)
- multi robot systems (1)
- object categorization (1)
- privacy at work (1)
- privacy by design (1)
- property-based testing for robots (1)
- radio-frequency identification (RFID) systems (1)
- remote-controlled robots (1)
- robot competitions (1)
- robotics (1)
- run-time adaptation (1)
- security (1)
- security and privacy literacy (1)
- sensor fusion (1)
- simulation (1)
- simulation-based robot testing (1)
- slip detection (1)
- structural equation modeling (1)
- tactile sensing (1)
- transparency-enhancing technologies (1)
- usable privacy controls (1)
- usable secure email (1)
- user interface design (1)
- verification and validation of robot action execution (1)
- web (1)
- website (1)
The European General Data Protection Regulation requires the implementation of Technical and Organizational Measures (TOMs) to reduce the risk of illegitimate processing of personal data. For these measures to be effective, they must be applied correctly by employees who process personal data under the authority of their organization. However, even data processing employees often have limited knowledge of data protection policies and regulations, which increases the likelihood of misconduct and privacy breaches. To lower the likelihood of unintentional privacy breaches, TOMs must be developed with employees’ needs, capabilities, and usability requirements in mind. To reduce implementation costs and help organizations and IT engineers with the implementation, privacy patterns have proven to be effective for this purpose. In this chapter, we introduce the privacy pattern Data Cart, which specifically helps to develop TOMs for data processing employees. Based on a user-centered design approach with employees from two public organizations in Germany, we present a concept that illustrates how Privacy by Design can be effectively implemented. Organizations, IT engineers, and researchers will gain insight on how to improve the usability of privacy-compliant tools for managing personal data.
Users should always play a central role in the development of (software) solutions. The human-centered design (HCD) process in the ISO 9241-210 standard proposes a procedure for systematically involving users. However, due to its abstraction level, the HCD process provides little guidance for how it should be implemented in practice. In this chapter, we propose three concrete practical methods that enable the reader to develop usable security and privacy (USP) solutions using the HCD process. This chapter equips the reader with the procedural knowledge and recommendations to: (1) derive mental models with regard to security and privacy, (2) analyze USP needs and privacy-related requirements, and (3) collect user characteristics on privacy and structure them by user group profiles and into privacy personas. Together, these approaches help to design measures for a user-friendly implementation of security and privacy measures based on a firm understanding of the key stakeholders.
Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication
(2024)
Risikobasierte Authentifizierung (RBA) ist ein adaptiver Ansatz zur Stärkung der Passwortauthentifizierung. Er überwacht eine Reihe von Merkmalen, die sich auf das Loginverhalten während der Passworteingabe beziehen. Wenn sich die beobachteten Merkmalswerte signifikant von denen früherer Logins unterscheiden, fordert RBA zusätzliche Identitätsnachweise an. Regierungsbehörden und ein Erlass des US-Präsidenten empfehlen RBA, um Onlineaccounts vor Angriffen mit gestohlenen Passwörtern zu schützen. Trotz dieser Tatsachen litt RBA unter einem Mangel an offenem Wissen. Es gab nur wenige bis keine Untersuchungen über die Usability, Sicherheit und Privatsphäre von RBA. Das Verständnis dieser Aspekte ist jedoch wichtig für eine breite Akzeptanz.
Diese Arbeit soll ein umfassendes Verständnis von RBA mit einer Reihe von Studien vermitteln. Die Ergebnisse ermöglichen es, datenschutzfreundliche RBA-Lösungen zu schaffen, die die Authentifizierung stärken bei gleichzeitig hoher Menschenakzeptanz.
Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example
(2023)
Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside of online banking. Relying on password authentication alone, however, is not an option in light of recent attack patterns such as credential stuffing.
Risk-Based Authentication (RBA) can serve as an interim solution to increase password-based account security until better methods are in place. Unfortunately, RBA is currently used by only a few major online services, even though it is recommended by various standards and has been shown to be effective in scientific studies. This paper contributes to the hypothesis that the low adoption of RBA in practice can be due to the complexity of implementing it. We provide an RBA implementation for the open source cloud management software OpenStack, which is the first fully functional open source RBA implementation based on the Freeman et al. algorithm, along with initial reference tests that can serve as a guiding example and blueprint for developers.
Digital ecosystems are driving the digital transformation of business models. Meanwhile, the associated processing of personal data within these complex systems poses challenges to the protection of individual privacy. In this paper, we explore these challenges from the perspective of digital ecosystems' platform providers. To this end, we present the results of an interview study with seven data protection officers representing a total of 12 digital ecosystems in Germany. We identified current and future challenges for the implementation of data protection requirements, covering issues on legal obligations and data subject rights. Our results support stakeholders involved in the implementation of privacy protection measures in digital ecosystems, and form the foundation for future privacy-related studies tailored to the specifics of digital ecosystems.