Refine
Departments, institutes and facilities
Document Type
- Conference Object (80)
- Article (35)
- Part of a Book (7)
- Book (monograph, edited volume) (6)
- Contribution to a Periodical (6)
- Research Data (1)
- Lecture (1)
- Preprint (1)
- Report (1)
Year of publication
Keywords
- Usable Security (12)
- HTTP (5)
- security (5)
- Big Data Analysis (4)
- Cloud (4)
- REST (4)
- Risk-based Authentication (4)
- Usable Privacy (4)
- Web (4)
- Authentication (3)
- GDPR (3)
- Java <Programmiersprache> (3)
- Privacy (3)
- Python <Programmiersprache> (3)
- Risk-based Authentication (RBA) (3)
- SOA (3)
- Security (3)
- web caching (3)
- web services (3)
- Authentication features (2)
- Cloud Security (2)
- Password (2)
- SOAP (2)
- TLS (2)
- Usable Security and Privacy (2)
- WS-Security (2)
- XML Signature (2)
- XML Signature Wrapping (2)
- usable privacy (2)
- API Documentation (1)
- API usability (1)
- Account Security (1)
- Adaptive Media Streaming (1)
- Adaptive Streaming (1)
- Advance Encryption Standard (1)
- Affective computing (1)
- Browser cache (1)
- Cache Poisoning (1)
- Certificates (1)
- Cipher Block Chain (1)
- Cloud Computing security (1)
- Cloud Malware Injection (1)
- Cloud Standards (1)
- CoAP (1)
- Conformance Testing (1)
- Content Security Policies (1)
- DASH (1)
- DNSSEC (1)
- Data Compression (1)
- Data Protection Officer (1)
- Data Reduction (1)
- Data Tiles (1)
- Denial of Service (1)
- Design patterns (1)
- Developer Centered Security (1)
- Difference-coding (1)
- Digital Ecosystem (1)
- Digital signatures (1)
- E-Health (1)
- Evaluation (1)
- Expert Interviews (1)
- Frontend architecture (1)
- Full-text Search (1)
- HTML5 (1)
- HTTPS (1)
- Header whitelisting (1)
- Human factors (1)
- Human-Centered Design (1)
- Human-Robot-Interaction (HRI) (1)
- Implementation Challenges (1)
- Informationssicherheit (1)
- Intermediaries (1)
- Internet Technology (1)
- IoT services security (1)
- JOSE (1)
- JSON (1)
- Large-Scale Online Services (1)
- Legal metrology (1)
- Live Streaming (1)
- Message Authentication (1)
- Microservices (1)
- Multimedia Communication (1)
- Online Services (1)
- OpenStack (1)
- PHR (1)
- Partial Data Protection (1)
- Partial Signature (1)
- PartialEncryption (1)
- Password Masking (1)
- Password Visualization (1)
- Passwords (1)
- Performance (1)
- Personal Health Record (1)
- Phishing (1)
- Privacy patterns (1)
- Public Key Infrastructure (1)
- Push-based Streaming (1)
- RACS (1)
- RBAR (1)
- REST security (1)
- Re-authentication (1)
- Requirements Engineering (1)
- Restful Web Services (1)
- Risk-Based Account Recovery (1)
- SAML (1)
- SELMA (1)
- SaaS (1)
- Secure Cloud Storage (1)
- Secure Coding Practices (1)
- Secure data transfer (1)
- Security APIs (1)
- Security Protocol (1)
- Semantic gap (1)
- Service-Oriented Architecture (1)
- Software Security (1)
- Testing (1)
- Testing Tool (1)
- Thin Client (1)
- Two-factor Authentication (1)
- UI-Dressing (1)
- URI (1)
- User experience design (1)
- User-Centered Design (1)
- User-centered privacy engineering (1)
- Video (1)
- Warnings (1)
- Web Browser (1)
- Web Browser Cache (1)
- Web Information Systems and Technologies (1)
- Web Interfaces and Applications (1)
- Web Portal (1)
- Web Security (1)
- Web Service (1)
- Web Service Security (1)
- Web Services and Web Engineering (1)
- WebSocket (1)
- WebSockets (1)
- Wind Fields (1)
- Wind Flow Visualization (1)
- XML (1)
- XML Security (1)
- XSpRES (1)
- attacks (1)
- caching (1)
- cryptographic apis (1)
- developer console (1)
- distributed systems (1)
- emotion recognition (1)
- employee privacy (1)
- end-to-end security (1)
- factor analysis (1)
- focus groups (1)
- human-centred design (1)
- humanoidrobot (1)
- informational self-determination (1)
- intervention mechanisms (1)
- latent class analysis (1)
- mental models (1)
- participatory design (1)
- privacy at work (1)
- privacy by design (1)
- security and privacy literacy (1)
- security warning design (1)
- services (1)
- signature (1)
- social robots (1)
- software development (1)
- structural equation modeling (1)
- transparency-enhancing technologies (1)
- usable privacy controls (1)
- usable secure email (1)
- user interface design (1)
- visualization (1)
- web services security (1)
We present a systematization of usable security principles, guidelines and patterns to facilitate the transfer of existing knowledge to researchers and practitioners. Based on a literature review, we extracted 23 principles, 11 guidelines and 47 patterns for usable security and identified their interconnection. The results indicate that current research tends to focus on only a subset of important principles. The fact that some principles are not yet addressed by any design patterns suggests that further work on refining these patterns is needed. We developed an online repository, which stores the harmonized principles, guidelines and patterns. The tool enables users to search for relevant guidance and explore it in an interactive and programmatic manner. We argue that both the insights presented in this article and the web-based repository will be highly valuable for students to get a good overview, practitioners to implement usable security and researchers to identify areas of future research.
Listen to Developers! A Participatory Design Study on Security Warnings for Cryptographic APIs
(2020)
Echtzeit-orientierte Multimedia-Kommunikation im Internet eröffnet eine Vielzahl neuer Anwendungen. Diese innovative Kommunikationsplattform ist gerade für weltweit operierende Unternehmen von Interesse. So können z.B. durch die Verwendung von VoIP-Lösungen oder Groupware-Applikationen Kosten gesenkt und gleichzeitig die Zusammenarbeit der Mitarbeiter optimiert werden. Dies trifft auch für Video-Konferenzsysteme zu. Anstelle regelmäßiger Meetings, die meist mit Dienstreisen eines Großteils der Teilnehmer verbunden sind, können Konferenzen virtuell durch die Übertragung von Sprachund Videodaten über das Internet abgehalten werden. Die Akzeptanz der beschriebenen Kommunikationsanwendungen hängt stark von den Faktoren Dienstgüte und Sicherheit ab. Die Übertragung der echtzeit-orientierten Mediendaten muss möglichst kontinuierlich erfolgen, so dass sowohl eine ruckelfreie Wiedergabe der Sprache als auch der Bewegtbilder möglich ist. Da Konferenzen firmenintern und vertraulich sind, werden sie hinter verschlossener Tür abgehalten. Das Pendant in der elektronischen Welt muss eine Entsprechung anbieten. Se- curity-Mechanismen haben allerdings einen Einfluss auf Dienstgüteparameter. Dies muss bei der Entwicklung von Techniken zum Schutz multimedialer Kommunikation berücksichtigt und abgestimmt werden. Dieser Beitrag zeigt anhand des Beispiels eines Video-Konferenzsystems für das Internet, wie Sicherheitsmechanismen in echtzeit-orientierte Multimedia-Kommunikationsanwendungen unter Berücksichtigung von Quality of Service (QoS) integriert werden können.
Das Auslesen von Messdaten in elektronischer Form ermöglicht es, diese vom Ursprung bis zur Rechnungsstellung effizient und ohne Medienbruch zu erheben und zu verarbeiten. Gerade im liberalisierten Energiemarkt ist dies von Bedeutung, da eine Vielzahl von Marktteilnehmern miteinander kommunizieren muss. Das im VERNET-Programm geförderte SELMA-Projekt verfolgt das Ziel, einen Standard für den sicheren elektronischen Austausch von Messdaten zu entwickeln und zu etablieren. Eine der zentralen Anforderungen ist die Gewährleistung der Authentizität und Integrität der über offene Netze ausgelesenen Messdaten, die über die gesamte Lebensdauer der Messdaten nachprüfbar sein sollen. Die technische Umsetzung dieser Anforderungen resultiert in einer Sicherheitsarchitektur, die durch den durchgängigen Einsatz elektronischer Signaturen gekennzeichnet ist. Mit den signierten Datensätzen können die Rechnungen von den Marktteilnehmern auf ihre Authentizität und Integrität hin überprüft werden. Dieser Beitrag zeigt die gesetzgeberischen Hindernisse auf, die bei der Umsetzung der Anforderungen an qualifizierte Signaturen im elektronischen Messdatenaustausch auftreten und wie dennoch eine größtmögliche Beweiskraft für fortgeschrittene Signaturen erreicht werden kann.
This work introduces Grid computing, showsits use in eHealth environments and elicits trends towards the integration of custodians in eHealth Grids. It considers security and privacy requirements for the use of Grid computing in eHealth scenariosand discusses the possible integration of different types of data custodians. Finally the paper concludes and gives an outlook on the development and deployment of eHealth Gridsinthe near future.
In recent years a new category of digital signature algorithms based on Elliptic Curve Cryptography (ECC) has taken place besides well known schemes as RSA or DSA. So far it is, however, still not obvious how ECC-based signature schemes can be integrated in X.509-based Public Key Infrastructures (PKI).This paper briefly introduces cryptographic basics of signature schemes based on elliptic curves and points out the necessary cryptography parameters that are important in this context. Afterwards the structure and the encoding of X.509 certificates and Certificate Revocation Lists (CRL) are discussed regarding the integration of ECC public keys and ECC signatures respectively. The paper closes with exemplary implementations of ECC-based security systems.
Data transfer and staging services are common components in Grid-based, or more generally, in service-oriented applications. Security mechanisms play a central role in such services, especially when they are deployed in sensitive application fields like e-health. The adoption of WS-Security and related standards to SOAP-based transfer services is, however, problematic as a straightforward adoption of SOAP with MTOM introduces considerable inefficiencies in the signature generation process when large data sets are involved. This paper proposes a non-blocking, signature generation approach enabling a stream-like processing with considerable performance enhancements.
The @neurIST project
(2008)
This paper presents the security architecture of the @neurIST medical information system. @neurIST aims at a research and decision support system for treating diseases that unites multiple medical institutions and service providers offering technical solutions based on the Service Oriented Architecture (SOA) paradigm. The security architecture provides secure access to federated medical data spread across multiple sites and protects the privacy of the patients by pseudonymisation of the medical data required for the study.
When entering a password (or other secrets) the typed input is most commonly masked, i.e. the characters are hidden behind bullets or asterisks. This, however, complicates the input and highly decreases the user's confident causing several issues such as login failure attempts. On the other hand, password masking is an important security requirement for a lot of applications and contexts to prevent a third person to read the password. Thus, simply dropping password masking is not feasible in general. A common solution provides the user with the choice of toggling password masking on and off, but due to distinct defaults (in dependency of the application and context) this is rather complex and confusing. Enhanced password visualization technologies beyond the simple masking of passwords can provide more sophisticated solutions from both a usability and security perspective. In this paper, available password visualization technologies are presented and discussed. Furthermore a novel password visualization approach is introduced, the TransparentMask, which provides unique properties in comparison to the existing schemes. Amongst these are the ability to detect mistakes while typing and being able to localize and correct the typo within a certain range. Finally, a security analysis of the TransparentMask shows that the protection level given by a certain password length is slightly decreased in comparison to the fully masked approach.