Refine
H-BRS Bibliography
- yes (132) (remove)
Departments, institutes and facilities
- Institut für Cyber Security & Privacy (ICSP) (132) (remove)
Document Type
- Conference Object (81)
- Article (26)
- Part of a Book (9)
- Preprint (4)
- Conference Proceedings (3)
- Doctoral Thesis (3)
- Report (3)
- Book (monograph, edited volume) (1)
- Contribution to a Periodical (1)
- Research Data (1)
Year of publication
Keywords
- Usable Security (9)
- Robotics (6)
- GDPR (4)
- Risk-based Authentication (4)
- Usable Privacy (4)
- Big Data Analysis (3)
- Cooperative Awareness Message (3)
- IP protection (3)
- Intelligent Transport System (3)
- Machine Learning (3)
- Pseudonym Concept (3)
- Vehicular Ad hoc Networks (3)
- Authentication (2)
- Computersicherheit (2)
- DPA (2)
- Embedded software (2)
- Fault analysis (2)
- Human-Centered Design (2)
- LOTUS Sensor Node (2)
- MESD (2)
- Password (2)
- Privacy (2)
- Rapid Prototyping (2)
- Risk-based Authentication (RBA) (2)
- SEMA (2)
- Side Channel Analysis (2)
- Side-channel analysis (2)
- Smart Card (2)
- Software (2)
- TinyECC 2.0 (2)
- Usable Security and Privacy (2)
- User Interface Design (2)
- Vehicle-to-Vehicle Communication (2)
- Wireless Sensor Network (2)
- usable privacy (2)
- AES (1)
- AMD Family 15h (1)
- API Documentation (1)
- ARM Cortex M3 Processor (1)
- Account (Datenverarbeitung) (1)
- Account Security (1)
- Antifuse memory (1)
- Artificial Intelligence (1)
- Assistive robots (1)
- Authentication features (1)
- Authentifikation (1)
- Authorship watermark (1)
- Autonomous Systems (1)
- Bag of Features (1)
- Beacon Chain (1)
- Behaviour-Driven Development (1)
- Benchmarking (1)
- Block cipher (1)
- CPA (1)
- CPUID instruction (1)
- CUDA (1)
- Cache line fingerprinting (1)
- Cache-independent (1)
- Chip ID (1)
- Code Generation (1)
- Code similarity analysis (1)
- Common Criteria (1)
- Component Models (1)
- Content Security Policies (1)
- Cooperative Intelligent Transport Systems (ITS) (1)
- Counterfeit protection (1)
- Covert channel (1)
- Cross-core (1)
- Cypher (1)
- DFA Lab (1)
- DPA Lab (1)
- Data Generation (1)
- Data Protection Officer (1)
- Developer Centered Security (1)
- Differential analysis (1)
- Digital Ecosystem (1)
- Digital watermarking (1)
- Domain Expert (1)
- Domain-Specific Modeling Languages, (1)
- Domestic service robots (1)
- E-Health (1)
- EM leakage (1)
- Earth Observation (1)
- Eclipse Modeling Framework (1)
- Eingebettetes System (1)
- Elliptic Curve Cryptography (1)
- Employee Privacy (1)
- Employee data protection (1)
- Ethereum (1)
- Expert Interviews (1)
- FPGA implementation (1)
- Fault Channel Watermarking Lab (1)
- Fault-channel watermarks (1)
- Fingerprint watermark (1)
- Graphics Cards (1)
- HTTP (1)
- Header whitelisting (1)
- Human robot interaction (1)
- Human-Robot Interaction (1)
- Humanoid Robot (1)
- IC identification (1)
- ISO 27000 (1)
- IT-Sicherheitsanforderungen (1)
- Implementation Challenges (1)
- Information Privacy (1)
- Information hiding (1)
- Instruction scheduling (1)
- Integrate Development Environment (1)
- Interactive Smart Card Applications (1)
- Intermediaries (1)
- Java <Programmiersprache> (1)
- Language Engineering (1)
- Large-Scale Online Services (1)
- Leakage circuits (1)
- Login (1)
- Manipulation tasks (1)
- Microarchitectural Data Sampling (MDS) (1)
- Model-Based Software Development (1)
- Model-Driven Engineering (1)
- Model-based Approach (1)
- Model-driven Development (1)
- Model-driven engineering (1)
- Multithreaded and multicore architecture (1)
- Neural Machine Translation (1)
- Online Services (1)
- OpenStack (1)
- PHR (1)
- Passwort (1)
- People Detection (1)
- Periodic structures (1)
- Personal Health Record (1)
- Plagiat (1)
- Power Analysis (1)
- Privacy engineering (1)
- Privacy patterns (1)
- Process Models (1)
- Proof of Stake (1)
- Public Key Infrastructure (1)
- Public Key Infrastructures (1)
- Python <Programmiersprache> (1)
- QoS (1)
- RBAR (1)
- RGB-D (1)
- Re-authentication (1)
- Reference Architectural Model Automotive (RAMA) (1)
- Requirements (1)
- Requirements Engineering (1)
- Reusable Software (1)
- Right to Informational Self-Determination (1)
- Risk-Based Account Recovery (1)
- Robot software (1)
- Robotics competitions (1)
- Robots (1)
- Runtime Adaptation (1)
- SAML (1)
- SOAP (1)
- SQL (1)
- ScalarMultiplication (1)
- Schutzobjekte (1)
- Secure Coding Practices (1)
- Semantic gap (1)
- Semantic scene understanding (1)
- Sichere Kommunikation Kritische Infrastrukturen (1)
- Side Channel Countermeasures (1)
- Side Channel Watermarking Lab (1)
- Side channel attack (1)
- Side channels (1)
- Side-channel watermarking (1)
- Similarity matrix (1)
- Simulator (1)
- Smart Card User Interface Design, Interactive Smart Card Applications (1)
- Software Architectures (1)
- Software Development Process (1)
- Software IP protection (1)
- Software and Architecture (1)
- Software reverse engineering (1)
- Stream cipher (1)
- Support Vector Machine (1)
- Template Attacks (1)
- Testing (1)
- Timing analysis (1)
- Timing channel (1)
- Two-factor Authentication (1)
- UAV teleoperation (1)
- Usability (1)
- User experience design (1)
- User-Centered Design (1)
- User-centered privacy engineering (1)
- Variability Management (1)
- Variability Resolution (1)
- Vehicle-2-Infrastructure Kommunikation (1)
- Vehicle-2-Vehicle Communication (1)
- Vehicle-2-Vehicle Kommunikation (1)
- Vehicle-to- Vehicle Communication (V2V) (1)
- Vehicle-to-Infrastructure Communication (1)
- Vehicle-to-Infrastructure Communication (V2I) (1)
- Vehicle-to-Vehicle Com- munication (1)
- Vehicular Ad hoc Networks (VANETs) (1)
- Watermarking (1)
- Web (1)
- XML Signature (1)
- XML Signature Wrapping (1)
- ZombieLoad (1)
- analyses (1)
- analysis (1)
- benchmarking (1)
- blockchain (1)
- classifier combination (1)
- clustering (1)
- component based (1)
- crawling (1)
- cryptanalytic attacks (1)
- denial-of-service (1)
- domestic robots (1)
- eavesdropping (1)
- embedded systems (1)
- employee privacy (1)
- factor analysis (1)
- feature extraction (1)
- force sensing (1)
- human-centred design (1)
- industrial robots (1)
- informational self-determination (1)
- intervention mechanisms (1)
- latent class analysis (1)
- machine learning (1)
- manipulation (1)
- mental models (1)
- multi robot systems (1)
- object categorization (1)
- privacy at work (1)
- privacy by design (1)
- property-based testing for robots (1)
- radio-frequency identification (RFID) systems (1)
- remote-controlled robots (1)
- robot competitions (1)
- robotics (1)
- run-time adaptation (1)
- security (1)
- security and privacy literacy (1)
- sensor fusion (1)
- simulation (1)
- simulation-based robot testing (1)
- slip detection (1)
- structural equation modeling (1)
- tactile sensing (1)
- transparency-enhancing technologies (1)
- usable privacy controls (1)
- usable secure email (1)
- user interface design (1)
- verification and validation of robot action execution (1)
- web (1)
- website (1)
XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recommended in the NIST digital identity guidelines, it has so far been used almost exclusively by major online services. This is partly due to a lack of open knowledge and implementations that would allow any service provider to roll out RBA protection to its users.
To close this gap, we provide a first in-depth analysis of RBA characteristics in a practical deployment. We observed N=780 users with 247 unique features on a real-world online service for over 1.8 years. Based on our collected data set, we provide (i) a behavior analysis of two RBA implementations that were apparently used by major online services in the wild, (ii) a benchmark of the features to extract a subset that is most suitable for RBA use, (iii) a new feature that has not been used in RBA before, and (iv) factors which have a significant effect on RBA performance. Our results show that RBA needs to be carefully tailored to each online service, as even small configuration adjustments can greatly impact RBA's security and usability properties. We provide insights on the selection of features, their weightings, and the risk classification in order to benefit from RBA after a minimum number of login attempts.
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication. We identify pitfalls and provide guidelines for putting RBA into practice.
Risikobasierte Authentifizierung (RBA) ist ein adaptiver Ansatz zur Stärkung der Passwortauthentifizierung. Er überwacht eine Reihe von Merkmalen, die sich auf das Loginverhalten während der Passworteingabe beziehen. Wenn sich die beobachteten Merkmalswerte signifikant von denen früherer Logins unterscheiden, fordert RBA zusätzliche Identitätsnachweise an. Regierungsbehörden und ein Erlass des US-Präsidenten empfehlen RBA, um Onlineaccounts vor Angriffen mit gestohlenen Passwörtern zu schützen. Trotz dieser Tatsachen litt RBA unter einem Mangel an offenem Wissen. Es gab nur wenige bis keine Untersuchungen über die Usability, Sicherheit und Privatsphäre von RBA. Das Verständnis dieser Aspekte ist jedoch wichtig für eine breite Akzeptanz.
Diese Arbeit soll ein umfassendes Verständnis von RBA mit einer Reihe von Studien vermitteln. Die Ergebnisse ermöglichen es, datenschutzfreundliche RBA-Lösungen zu schaffen, die die Authentifizierung stärken bei gleichzeitig hoher Menschenakzeptanz.
The RoCKIn@Work Challenge
(2014)
The BRICS component model: a model-based development paradigm for complex robotics software systems
(2013)
A deployment of the Vehicle-to-Vehicle communication technology according to ETSI is in preparation in Europe. Currently, a Public Key Infrastructure policy for Intelligent Transport Systems in Europe is in discussion to enable V2V communication. This policy set aside two classes of keys and certificates for ITS vehicle stations: long term authentication keys and pseudonymous keys and certificates. We show that from our point of view the periodic sent Cooperative Awareness Messages with extensive data have technical limitations and together with the pseudonym concept cause privacy problems.
The ongoing digitisation in everyday working life means that ever larger amounts of personal data of employees are processed by their employers. This development is particularly problematic with regard to employee data protection and the right to informational self-determination. We strive for the use of company Privacy Dashboards as a means to compensate for missing transparency and control. For conceptual design we use among other things the method of mental models. We present the methodology and first results of our research. We highlight the opportunities that such an approach offers for the user-centred development of Privacy Dashboards.