|Pictures as passwords – the spotlight-topic of the latest GI-Radar (22-04-2021)|
The German Informatics Society (GI) spotlighted the SECUSO research on graphical authentication methods in their last newsletter. Several studies showed that people and especially kids can remember pictures better than complex passwords based on alphanumerical strings. Which makes authentication methods using pictures more secure than ht euse of weak passwords. In a study with 44 students on a German elementary school, we wanted to examine, weather the kids could remember pictures. The result was overwhelming: If the pictures are chosen which are close to the kid’s world of experience, those authentication methods are an excellent option.
GI-Radar No. 284
|Competence in E-Voting @ KIT (19-04-2021)|
Several professors are researching different aspects of E-Voting at KIT: Melanie Volkamer, Bernhard Beckert, Jörn Müller-Quade and Armin Grunwald. They bundled their competences to help authorities, who are responsible for the election, make an informed decision regarding which system is adequate for their type of elections. Since it is not always easy to understand the underlying cryptographic processes of E-Voting systems, professional advice is helpful to find suitable election systems and elections procedures.Read more (only German version)
|A New Blog Post about the Online-Game “Phishing Master” (16-04-2021)|
The blog post is published on the digilog-bw.de website. First, it provides general information about phishing. If additional knowledge is desired, further links are provided to the SECUSO Website. Two students Tobias Länge and Philipp Matheis developed the entertaining (online phishing) game. It helps users to learn to distinguish between fraudulent and real(legitim) messages. The idea to learn about phishing with a game can catch the interest of new target groups as well. The game was developed as part of the digilog@bw project, which is financed by MWK (Ministerium für Wissenschaft, Forschung und Kunst).
|Recommendations for CISOs in the 'Spotlight’ (14-04-2021)|
The German journal for cybersecurity “<kes>” picked up on the research of Melanie Volkamer, head of the SECUSO research group, and Benjamin Bachmann, Director Cyber Security at EXXETA. The authors developed seven recommendations. The guidelines are based on scientific research and practical knowledge. In its biweekly “Spotlight”, the journal flags the recommendations for Chief Information Security Officers (CISO) which are designed to help implementing preventive security measures in companies.Read more (only German version)
|New article on the right to informational self-determination (09-04-2021)|
Several members of KASTEL, Dr. iur. Anne Steinbrück, Dr. rer. pol. Marcus Wiens, Dr. ing. Pascal Birnstill, Florian Kaiser, Dr. Tim Zander, Prof. (apl.) Dr. Oliver Raabe, Prof. Dr. Frank Schultmann and Prof. Dr. Melanie Volkamer, published a joint article in the German legal journal „Recht auf Datenverarbeitung (RDV 2021, S. 7)“ (Right of information processing). The article analyses the legal arguments of an 2019’s order of the Oberlandesgericht Düsseldorf (OLG Düsseldorf v. 26.08.2019, Az.: VI Kart 1/19 (V)) from an economical point of view. The order deals with the application of antitrust legislation in the context of violation of privacy rights.Read more
|New research paper on how GDPR has affected users’ reaction to cookie disclaimers (07-04-21)|
|Prof. Volkamer on Corona-phishing and phishing awareness (01-04-2021)|
Phishing and staff awareness campaigns is one of the main topics in the latest issue of the German journal “Computer und Arbeit”. Prof. Volkamer, head of the SECUSO research group, explains why phishing trainings are not always recommended and which are more effective ways to train your staff. Increasing awareness is essential since the strategies of the cybercriminals become more and more sophisticated. AI systems, for example, are trained to automatically extract information on the targeted persons. This aids cybercriminals, says Prof. Müller-Quade, head of the Institute for Cryptography and Security at KIT.Read the full text
|Interview with Prof. Volkamer (30-03-2021)|
Hoxhunt, a Finnish security-company, recently interviewed Prof. Melanie Volkamer, head of the SECUSO research group, about security risks and the future of security trainings – both in the context of phishing. Since phishing E-Mail become more and more sophisticated and more people are working from home, security trainings need to be diverse to meet individual learning preferences.Read the interview
|SECUSO member Peter Mayer has reprised his role in the organizing committee of the 2021 Annual Computer Security Applications Conference (ACSAC) (26-03-2021)|
ACSAC brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, workshops, and professional development and training courses, ACSAC continues its core mission of investigating practical solutions for computer and network security technology. This year's conference will be held from 6-10 December 2021.ACSAC website
|Peter Mayer joined the Program Committee of PETS 2022 and the Editorial Board of the Proceedings on Privacy Enhancing Technologies (PoPETs) (26-03-2021)|
Peter Mayer has joined the program committee of PETS 2022 and the editorial board of the Proceedings on privacy enhancing technologies (PoPETs). The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Submitted papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PETS/PoPETs is the premier venue for novel applied and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies.PETS website
|Inspecting Fake Shops: First results in the BMBF-project INSPECTION (26-03-2021)|
Last Wednesday, 24.03.2021, all partners met for a second project meeting in the INSPECTION project, which is funded by the German Federal Ministry of Education and Research. The partners from MindUp Web & Intelligence GmbH, BDO AG Wirtschaftsprüfungsgesellschaft and the SECUSO research group presented new research results. Associated partners as well as other interested parties talked about their current projects (amongst others Allianz für Sicherheit in der Wirtschaft (ASW), Baden-Württembergischer Handwerkstag (BWTH), Deutschland sicher im Netz e.V., eco - Verband der Internetwirtschaft, dem Fachverband Elektro- und Informationstechnik Baden Württemberg (FV EIT BW), der Swiss Internet Security Alliance, Watchlist Internet and Verbraucherzentrale Nordrhein-Westfalen). In the research project INSPECTION we are identifying a special type of hacking through Fake Shop owners. Dr. Peter Mayer and Anne Hennig, M.A., from the SECUSO research group are focussing on ways to contact the victims and provide awareness materials.More about INSPECTION
|Call for Papers: EuroUSEC 2021 (25-03-2021)|
We invite you to submit a paper and join us at EuroUSEC 2021, which will be held online on October 11 & 12, 2021. We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches. Dr. Peter Mayer, Program Co-Chair, and Anne Hennig, Publicity Co-Chair, will represent SECUSO as part of the event. From this year on, EuroUSEC 2021 will be an independent event with proceedings published in the ACM ICPS. The attendance at the conference is free.Read more
|Update on TORPEDO (22-03-2021)|
Sending out E-Mails with malicious links is a common practice of scammers. In order to effectively detect phishing emails, it is necessary to carefully check the web address (also called URL) behind the link. TORPEDO (TOoltip-poweRed Phishing Email DetectiOn) helps to expose malicious links in phishing e-mails so that you can expose their attempts to deceive you.
|Prof. Volkamer is editorial board member of ACM journal (19-03-2021)|
Melanie Volkamer is editorial board member for the Transactions on Privacy and Security (TOPS) journal. The journal is published by the Association for Computing Machinery (ACM). Research results in the fields of information and system security and privacy are welcomed!All editorial board members
|Dr. Peter Mayer on Corona rapid tests and Fake Shops (17-03-2021)|
The statement on Corona rapid tests and Fake Shops was published in various media. The press release of the „Deutschen Presseagentur (dpa)“ was taken up in local and national newspapers (e.g. Süddeutsche Zeitung, Frankfurter Rundschau) as well as online media (e.g. Zeit Online, Deutsche Handwerks Zeitung). Broadcasts like N-TV or magazine programs like Galileo published the information as well. HR4 and Stern online as well as the Pro7 show „taff“ and „RTLextra" took the chance to interview Peter Mayer on this topic.Read more
|SOUPS Video available on SECUSO Youtube (15-03-2021)|
At last year's SOUPS we presented our paper "An investigation of phishing awareness and education over time: when and how to best remind users". The video of the presentation at SOUPS is now available on our Youtube channel. In the study we observed over 12 months how the knowledge of a in-house training on phishing evolves. To do this we also tested different forms of knowledge reminder measures (short text, longer text, interactive email and video).To the Youtube channel
|Online Talk with Prof. Melanie Volkamer about cybersecurity (10-03-2021)|
With “Digital Dialogue”, the district Marburg-Biedenkopf offers its citizens a series of events to talk about the digital transformation. Within this series, Prof. Volkamer talked on March 9th 2021 about cybersecurity. How can you tell legitimate and fraudulent messages apart? Is it secure to buy in a certain shop? Prof. Volkamer gave insight in the topic, explained risks and threats, and offered tips on how to protect against scammers. More than 50 persons took part in the talk and the discussion.More information
|Better safe than sorry! (08-03-2021)|
3 – 2- 1… Sold! But why don’t I receive my delivery? Fake Shops lure customers with cheap offers, when certain products are rare or in high demand. The Federal Institute for Drugs and Medical Devices approved three SARS-CoV-2 rapid tests for self-testing. It is believed that not only the number of vendors of such self-tests will increase but also the number of fraudulent web shops. Keep your eyes open when buying such tests online and put the shops under the microscope.To buy or not to buy (German only)
|New research paper founds Phishing Campaigns for Staff rarely efficient (24-02-2021)|
Simulated Phishing Trainings are a popular way of training your staff to detect fraudulent messages and potential phishing attacks. But most companies are not aware that effective security is not just about reducing clickrates for simulated phishing messages. Furthermore, there are security, legal, and trust issues associated with those trainings. Prof. Melanie Volkamer, head of the SECUSO research group at the Karlsruhe Institute of Technology, Prof. Martina Angela Sasse, professor for Human-Centered Security at Ruhr University Bochum, and Prof. Franziska Böhm, professor at the Centre for Applied Legal Studies at the Karlsruhe Institute of Technology, recommend a different approach. Instead of costly and time-consuming Simulated Phishing Trainings the authors conclude that for many organisations, improving technical security measures, introducing and establishing adequate security incident reporting, and increasing staff awareness through other means may be more effective.Read the full paper
|Good advice for information security advisors (19-02-2021)|
Major tasks of an information security advisor are raising awareness, implementing trainings and establishing a safety culture in your company. But how and with which priority should these tasks be approached? Prof. Melanie Volkamer, head of the SECUSO research group at the Karlsruhe Institute of Technology, and Benjamin Bachmann, director for cyber security at EXXETA, developed seven recommendations. The guidelines are based on scientific research and practical knowledge and should help security advisors to implement preventive security measures in their companies. Technical measures, like implementing effective backup systems, are as well provided as organizational measures (for example implementing a notification system in case of an attack) and experiences on how to design awareness materials. Did you know that security trainings are most effective, if you meet the needs of your colleagues when you chose awareness materials?More information
|Reviewing the Safer Internet Day 2021 (17-02-2021)|
The SECUSO research group presented several activities on occasion of this year’s Safer Internet Day: A NoPhish Quiz, a shooting game to eliminate fraudulent messages and an FAQ about Fake Shops. Both topics - Phishing and Fake Shops - were taken up by the media as well. Prof. Melanie Volkamer was interviewed by SWR 4 radio station and “Radio Lotte” about Internet Safety. Radio station SWR 3 picked up on a cyberattack in a water treatment facility in Florida to talk with Prof. Volkamer about the security of critical infrastructures in Germany. BadenTV tested the Phishing Master Online Game and had Prof. Volkamer and Dr. Peter Mayer explain the idea. But it’s not over yet: Our activities will be still available!Explore the NoPhish activities
|Safer Internet Day 2021 (09-02-2021)|
Together for a better internet – that is the theme of the 18th edition of the Safer Internet Day. The Safer Internet Day (SID) started as an initiative of the European Union (EU) and is now celebrated around the globe. We – the research group SECUSO – takes this day as an occasion to spotlight the topics “Phishing” and “Fake Shops”. We organized various activities, for example a Phishing Shooting Game, a NoPhish-Quiz or an Fake-Shop FAQ.Tell me more
|Online-Game “Phishing Master” (08-02-2021)|
Two students Tobias Länge and Philipp Matheis developed an entertaining game called “Phishing Master” as part of the KASTEL internship. In this game, users learn to distinguish between fraudulent and real(legitim) messages. The work was supervised as part of the digilog@bw project, which is financed by MWK. It can be played online from now on and it is one of our contributions to the Safer Internet Day on 09.02.2021.Go to game
|INSPECTION - FAQ: We’ll answer your questions regarding Fake Shops (05-02-2021)|
INSPECTION - FAQ: We’ll answer your questions regarding Fake Shops
|Phishing Test: Can you tell the difference? (05-02-2021)|
There is an urgent E-Mail from your boss in your inbox: You should immediately transfer a pretty large sum. The URL included in the E-Mail will provide more information. But is this really a legitimate message?
|The "Human & Societal Factors" research group begins it's work (01-02-2021)|
The "Human & Societal Factors" research group has officially begun its work in January 2021. It is a group of researchers in the subtopic "Engineering Secure Systems" of the Research Field Information (Key Technologies) of the Helmholtz Association with a focus on the human and societal factors in IT-security. In detail, the research group currently conducts its reseach in the five areas: IT security awareness measures; design patterns for usable and effective IT security interventions; aspects of GDPR; adaptive and usable authentication; and explainablity of ML-based security ratings. The focus is thereby to apply the developed solutions in energy, mobility, and production systems.More infos
|President of the BSI praises the NoPhish material (28-01-2021)|
The NoPhish concept aims to enable as many citizens as possible to recognize fraudulent messages (including phishing messages) with dangerous links and attachments. For this purpose, we currently provide a training course (for citizens), two videos, several challenge posters, a poster with rules, and an info card. During the BSI in Dialog 2020 event, Arne Schönbohm, President of the BSI, said that he is grateful to the SECUSO research group at KIT for our very good awareness materials protect themselves against fraudsters on the Internet. Many of the materials are available in both German and English.Go to NoPhish Concept
|Paper published in the Journal of Cybersecurity (27-01-2021)|
|Privacy turns 40 and our privacy-friendly apps are getting more supporters (28-01-2021)|
Is your privacy important to you? Then take today as an opportunity and swap one or the other app on your smartphone for one of our privacy-friendly apps and that without having to fear violating your own right to informational self-determination. Therefore, Dr. Stefan Brink, State Commissioner for Data Protection and Freedom of Information (Baden-Württemberg), is supporting SECUSO's initative to develop privacy friendly apps.Information on Privacy Day, the apps and the supporters
|First industrial engineering student receives KASTEL certificate (25-01-2021)|
Since 2020 it has been possible for KIT industrial engineering students to receive the KASTEL certificate. Jonas Menesklou is the first one. We warmly congratulate Jonas Menesklou on this. His master's thesis was written in cooperation with the FZI. When asked why he decided to acquire the certificate, he wrote: “In my experience, IT security is often perceived as very technical and theoretical. People are playing an increasingly important role in this area. Interdisciplinary programs - in particular, such as industrial engineering - provide new perspectives and can thus make important contributions to research. I am pleased that the KIT offers the possibility of obtaining a recognized certification in the field of IT security with the KASTEL certificate. "More information about the certificate (German only)
|CyberFibel of the BSI now also includes the NoPhish concept (20-01-2021)|
Our NoPhish concept is also recommended in the new CyberFibel of the BSI.
|New Team members (13-01-2021)|
We welcome our new team members Andrea Bernhardt, Anne Hennig and Heike Dietmann. They joined the SECUSO Team as Research Assistants on January 1, 2021.
|SECUSO particiaptes at the CAST workshop "Security Awareness and Usable Security" (11-01-2021)|
The first CAST workshop for the year 2021 will take place on January 14th. The workshop that was canceled due to the pandemic in April 2020 was rescheduled and will be held online on January 14th. In addition to SECUSO/KASTEL@KIT, speakers from the following organizations are invited: Fraunhofer IESE, DHBW Stuttgart, Ruhr University Bochum. Our cooperation partner Dr. Ghiglieri from SICHER3 will also give a presentation. SECUSO's talk is entitled "Effective measures to increase IT security awareness". CAST is the Competence Center for Applied Security Technology in Darmstadt.Program (German only)
|Paper published in the magazine for data protection (11-01-2021)|
The article "Employees' obligation to report IT security and data protection incidents" was published in the first edition of 'Zeitschrift für Datenschutz' in 2021 (ZD 2021, 8). The article is the result of a cooperation with Dirk Müllmann as part of KASTEL. Follow-up work is already planned on how to communicate with employees about incident reporting.Go to the article (with access to Beck-Online)
|SECUSO 2020 review (18-12-2020)|
We have put together the highlights of 2020. We would like to thank all collaborators for 2020 and we look forward to exciting research and teaching in 2021.Goto review
|Melanie Volkamer as guest in the ZKM's DigilogLounge (14-12-2020)|
As part of the diglog project, the ZKM (Center for Art and Media Karlsruhe) created the DigilogLounge. Melanie Volkamer is invited to this new format on December 17th at 5 p.m. The event bears the title "Awareness measures around phishing messages" and is streamed online.Live Stream (German)
|Niklas Kühl was interviewed by Radio Regenbogen (14-12-2020)|
Dr. Niklas Kühl (IISM / KSRI) in an interview with Radio Regenbogen about our joint HICSS paper:'“Healthy surveillance”: Designing a concept for privacy-preserving mask recognition AI in the age of pandemics'Zum Radio-Interview
|Poster accepted at SGD-Congress (11-12-2020)|
The Poster "Aktivpause to Go – Evaluation einer Privacy Friendly App für Bewegungspausen" by Claudia Hilderbrand, Lena Panter, Marisa Thomann, Melanie Volkamer, Jonathan Diener, Christopher Beckmann, and Alexander Woll was accepted for presentation at the SGD-Congress. The congress took place at the 26/27th of November 2020.
|SECUSO bei HACS 2020 (01-12-2020)|
The Special Session on Humans And Cyber Security Security 2020 (HACS 2020) will be held virtually on December 2nd 2020 as part of the 6th IEEE International Conference on Collaboration and Internet Computing. The special session provides an opportunity for researchers and practitioners interested in humans and cyber security to share latest research and developments. SECUSO team member Peter Mayer participates in HACS 2020 as panelist in the Round Table Discussion on the topic "State-of-the-art research from academic front on 'hacking the human'".HACS 2020 website with further information
|Peter Mayer awarded with the Wissenschaftspreis 2019 for his PhD "Secure and Usable User Authentication" (01-12-2020)|
Our team member Peter Mayer was awarded the Research Award 2019 of the KIT-Department of Economics and Management for his dissertation "Secure and Usable User Authentication". The dissertation describes advancements in the area of user authentication. In detail it provides (a) a process for the systematic development of provably effective awareness materials to help users to better defend themselves, (b) the first comparative investigation of shoulder-surfing risks when entering text passwords on constrained input devices such as gamepads, and (c) a technique for the secure and efficient storage of passwords in promising shoulder-surfing resistant alternatives to text passwords.Information on the Wissenschaftspreis
|KASTEL certificate awarded to students at KIT for their skill the area of IT security (25-11-2020)|
The KASTEL certificate is awarded to students at Karlsruhe Institute of Technology for their skill in the area of IT security. It can be obtained on both, the MAster's level and when acquiring a PhD. This year, the KASTEL certificate was awarded among others to Katerina Dimitrova during the course of her Master's studies and to Peter Mayer in the course of this PhD.More information on the KASTEL certificate
|Risk contactless debit card (24-11-2020)|
Contactless debit cards are widespread and became more important in times of Corona. But what happens if someone is stealing your contactless debit card and misuses the contactless option to pay without having to enter the PIN? In our report "Reporting Insights Gaines into UK Citizens' Perceptions of Contactless Card Risks" we study the perception of the above-mentioned risks and how users perceive it. We discovered that participants perception were not aligned with their actual risks.You'll find the paper here
|New project "Digital Citizen Science @ KD²Ex" (20-11-2020)|
As part of the EXU project “KIT Future Fields”, Prof. Weinhardt (IISM), Prof. Mädche (IISM), Prof. Nieken (IBU), Prof. Scheibehenne (IISM), Prof. Szech (ECON), Prof. Volkamer (AIFB) and Prof. Woll (IfSS) get funded for 18 months for the project "Digital Citizen Science @ KD²Ex": Experimental research on well-being, work and education at home ".Go to project site
|SECUSO represented twice at PITS (11-11-2020)|
Networking and digitization are central enablers of a crisis-proof society. As a meeting point for IT managers from the federal, state, local authorities, the armed forces, European police authorities,
|“Healthy surveillance”: Designing a concept for privacy-preserving mask recognition AI in the age of pandemics - Paper online available (06-11-2020)|
The trade-off between personal data protection and AI performance is an exciting field of research. In the ongoing fight against the spread of the novel coronavirus COVID-19, many governments have recommended—or even obliged—their citizens to wear masks as an effective countermeasure. In an interdisciplinary, cross-institute (IISM, KSRI and AIFB / KASTEL / SECUSO) work, Niklas Kühl, Dominik Martin, Clemens Wolff, and Melanie Volkamer show what a privacy-friendly mask recognition video system could look like. This paper is an update of the paper with the same title published in summer.Go to HICSS
|Cooperation between KD2Lab and KASTEL institutionalized (06-11-2020)|
Melanie Volkamer is now a member of KD2Lab - the Karlsruhe Decision & Design Lab. The KD2Lab offers researchers an excellent infrastructure for economic, neuro- and psycho-physiological experiments. As a result of this membership, KASTEL-related security & privacy research questions are also addressed in the KD2Lab in the future.KD2Lab
|SECUSO research group received the Facebook Research Award (02-11-2020)|
Prof. Dr. Melanie Volkamer, Dr. Peter Mayer and Reyhan Düzgün from the research group SECUSO as well as Dr. Sanchari Das from the University of Denver won a Research Award from Facebook for their research on secure and usable authentication methods in Augmented and Virtual Reality technology. AR & VR devices increasingly offer social activities that require secure and usable authentication. SECUSO proposes the ZeTA (Zero-Trust-Authentication) protocol, which enables secure authentication in shared rooms and can be used with the available interaction methods of Head-Mounted Displays.To the Facebook Research Award
|Sudoku v3.0 released on Google Play and F-Droid (21-10-2020)|
In the last semester the Privacy Friendly Sudoku App was enhanced and it now shines with a new version number v3.0 and many new features. The app now provides a dark mode and allows to create custom Sudokus as well as share them with other users. There are also daily Sudokus, that are generated each day and allow for a bit of friendly competition among friends as every user gets the same Sudoku each day. The app is available on Google Play and F-Droid.See the app page
|Christopher Beckmann joins the SECUSO Team (21-10-2020)|
Melanie Volkamer, Martina Angela Sasse, and Franziska Boehm explain in this article (<kes> issue No. 5, October 2020) why simulated phishing campaigns can have negative effects on the image of security as well as the culture - and that all with limited informative value of the results. <kes> "provides all relevant information about IT security - carefully researched by specialist editors and authors from practice."Article (German)
|Explanatory video for (secure) remote electronic elections (19-10-2020)|
In times of pandemics, many are looking for secure alternatives for secret face-to-face polls/ elections. In 2:20 minutes we explain on YouTube what has to be taken into account for remote electronic elections. Many thanks for constructive feedback go to: Prof. Bernhard Beckert and Michael Kirsten from KIT, Prof. Rüdiger Grimm from Fraunhofer SIT, Prof. Robert Krimmer from the University of Tartu, Prof. Oksana Kulyk from the IT University in Copenhagen and Prof. Reto King from the Bern University of Applied Sciences.To the explanatory video
|Free Online Course: Detecting Fraudulent Mail (14-10-2020)|
One in four Germans has been a victim of crime on the Internet. The culprits are often fraudulent messages, the so-called "phishing mails" with which cyber criminals extract secret data from their victims or distribute malware. In the context of the European Cyber Security Month, the annual campaign of the European Union, the research group SECUSO offers its NoPhish online course for interested citizens. In twelve modules, the course teaches how criminals operate and how Internet users can recognise different types of fraudulent messages. The acquired knowledge will be deepened in exercises. No previous knowledge is required. Currently the course is only available in German.To the NoPhish course
|Presentation at the Zeek Week 2020 (05-10-2020)|
The Zeek Week 2020 will take place online this year from 13 to 15 October. SECUSO and the research group Decentralised Systems and Network Services (DSN) of Prof. Hartenstein present their tool Emojifier and lead a discussion about future research in this area. The Emojifier tool will help the users of Zeek Logs to separate and assign the different messages faster. Our presentation will take place on 14.10 at 21:20.The Zeek Week
|Paper from SPW published by Springer (24-09-2020)|
The paper "Audio CAPTCHA with a few cocktails: it's so noisy I cant hear you" by Benjamin Maximilian Reinheimer, Fairooz Islam and Ilia Shumailov has now been published in the Lecture Notes in Computer Science at Springer together with the transcripts of the discussions from the workshop.Go to article
|E-Vote-ID Digital Conference Program (24-09-2020)|
This year's E-Vote-ID conference will be held digital from Oct 7 to Oct 9. The conference is organized by Robert Krimmer and Melanie Volkamer. Bernhard Beckert from KASTEL is one of the track chairs being in charge in deciding which papers to be accepted and published with Springer. Special Thanks go to David Duenas-Cid for making the digital conference happen. Registration is open still open.Link
|Interview with Melanie Volkamer and Peter Mayer about the problem of fake online shops (24-09-2020)|
Several million German citizen have already become victims of fake online shops. Particularly hard to spot are fake online shops, when otherwise legitimate websites have been hacked to link to the fake shops or even have fake shops embedded in them. Especially for private website providers or small and medium sized businesses it is hard to detect such hacks and repair them. In order to ameliorate this situation, the INSPECTION project which SECUSO is a part of and which is funded by the Federal Ministry of Education and Research (BMBF) has been conceived. In this project machine learning is combined with effective communication to website providers, in order to support them to repair their website. On the other hand, additional materials will be created to raise awareness among website providers. In the interview with the campus radio (represented by Stefan Fuchs) Melanie Volkamer und Peter Mayer explain the strategies employed by owners of fake shops, how consumers can protect themselves against these strategies, and how the INSPECTION project helps improve the situation. The interview was broadcast on 8 September 2020 and is available online at: https://publikationen.bibliothek.kit.edu/1000123419Link
|"15th International Conference on Availability, Reliability and Security (ARES)" was successfully held (17-09-2020)|
On 28th August 2020 the "15th International Conference on Availability, Reliability and Security (ARES)" took place successfully as an online event. The program committee was chaired by KASTEL-PIs Prof. Melanie Volkamer and Jun-Prof. Christian Wressnegger. With an acceptance rate of 17.65% (for full papers) and 22.22% (incl. short papers) out of 153 submissions, the conference was particularly competitive this year. The accepted papers and their presentations are uploaded to the conference website.To the ARES website
|Talk at Cybersecurity Conference 2020 (17-09-2020)|
On the 22. and 23.10 this year the Cybersecurity Conference will take place in Mannheim. The aim is to better connect the economy, science and the public. Cyber security has not yet reached the necessary level to make Germany secure, therefore the transfer of knowledge between these partners is especially important. In the context of the conference SECUSO will give a talk on Phishing Awareness and report about our findings regarding the development and implementation of material.To conference
|New Blog post published on the platform VdZ.org (14-09-2020)|
The blog post on " Stress test for administrative staff - Are you considering to achieve security awareness through simulated phishing campaigns? Then better read here first." (in German) by Prof. Dr. Melanie Volkamer, Prof. Dr. Franziska Boehm (KIT, FIZ Karlsruhe) and Prof. Dr. Angela Sasse (University Bochum, Horst-Görtz Institute) was published on the 'Verwaltung der Zukunft' (future of public administration) platform.Go to article
|Interview with Melanie Volkamer on email encryption (16-09-2020)|
The broadcast series "Softwarekatastrophen - wie konnte das nur passieren?" of the Campusradio Karlsruhe takes a look at a variety of topics surrounding IT security and IT safety. In the episode "Mailverschlüsselung is key oder etwa nicht?", Melanie Volkamer will share insights into the subject of email security and its pitfalls. The episode will be broadcast on 29 October 2020 at 10 am on 104.8 FM and will be available thereafter on Spotify: https://open.spotify.com/show/1YjeGM3d42iQZCfOw0yTkY.Go to article
|Blog post published on the platform VdZ.org (25-08-2020)|
The blog post on "How to make your employees aware of IT security - seven recommendations for information security officers" (in German) by Prof. Dr. Melanie Volkamer and Benjamin Bachmann (Director Cyber Security at EXXETA AG) was published on the 'Verwaltung der Zukunft' (future of public administration) platform.Go to article
|Article published in the magazine 'Datenschutz und Datensicherheit' (24-08-2020)|
The article 'Phishing-Kampagnen zur Steigerung der Mitarbeiter-Awareness: Analyse aus verschiedenen Blickwinkeln – Security, Recht und Faktor Mensch' by Melanie Volkamer, Martina A. Sasse (University of Bochum, Horst Görtz Institute), Franziska Boehm (KIT, FIZ Karlsruhe) has been accepted for publication in the 'Datenschutz und Datensicherheit' magazine (44, pages518–521) and is already available online.Go to article
|SECUSO’s Privacy Friendly Apps (21-08-2020)|
The free Android Apps from SECUSO only ask for necessary permissions and do not display any advertisement. The apps have already been installed more than 70,000 times. Very popular are for example the apps Sudoku, Shopping List and Password Generator. The apps for PIN Memorization Strategies and NoPhish Training also received very good ratings. In addition to the Google Play Store, our apps can also be downloaded on F-Droid.Go to Google Play Store
|Blog post published on the digital world webpage (17-08-2020)|
The blog post on "Simulierte Phishing-Kampagnen – Ziele, Formen und ihre Probleme" by Melanie Volkamer, Martina A. Sasse (University of Bochum, Horst Görtz Institute), Franziska Boehm (KIT, FIZ Karlsruhe) has been published. This post is based on the freely available article 'Phishing-Kampagnen zur Mitarbeiter-Awareness : Analyse aus verschiedenen Blickwinkeln: Security, Recht und Faktor Mensch' by the authors: https://publikationen.bibliothek.kit.edu/1000119662Go to article
|KIT Future Fields funding for KD²Ex – Karlsruhe Decision & Design Experimentation Ecosystem (14-08-2020)|
Prof. Christof Weinhardt (IISM), Prof. Alexander Mädche (IISM), Prof. Petra Nieken (IBU), Prof. Benjamin Scheibehenne (IISM), Prof. Nora Szech (ECON), Melanie Volkamer (AIFB) and Prof. Alexander Woll (IFSS), have jointly received funding for the establishment of the Karlsruhe Decision & Design Experimentation Ecosystem (KD²Ex). Funding is granted within the framework of a KIT Future Fields. The project enables new forms of participatory research: Digital Citizen Science with a focus on the area of "Wellbeing at Home".Go to article
|dpa Interview with Prof. Volkamer on the detection of phishing emails (11-08-2020)|
The article 'Vorsicht, Phishing So nimmt man es mit Datenräubern auf' about the interview with Prof. Melanie Volkamer by Philipp Schulte for dpa has been picked up by numerous media channels: die Zeit, ntv and Süddeutsche Zeitung.Go to article
|Update of the NoPhish reference users (05-08-2020)|
The number of reference users of our NoPhish materials continues to grow. We now know of 31 organisationsthat use our materials. We are particularly pleased that other universities and applied universities have recently joined the list (Ruhr-Universität Bochum, Universität Duisburg-Essen, Hochschule Koblenz, Universität Würzburg, Technische Universität Braunschweig, Hochschule Konstanz, Fernuniversität Hagen, Hochschule Worms, Universität Bamberg, Universität Mannheim).
|Article accepted for publication in the journal "Datenschutz und Datensicherheit" (28-07-2020)|
The article "Erstellung von effektiven Sensibilisierungsmaterialien zur Passwortsicherheit" by Peter Mayer, Fabian Ballreich, Reyhan Düzgün, Christian Schwartz, and Melanie Volkamer was accepted for publication in the journal "Datenschutz und Datensicherheit" and is now available online.Go to article
|Paper accepted at the WAY 2020 Workshop (27-07-2020)|
The paper “Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays” by Reyhan Düzgün, Peter Mayer, Sanchari Das and Melanie Volkamer was accepted at the Who Are You?! Adventures in Authentication (WAY) 2020 workshop. The paper presents the use of the ZeTA authentication protocol by Andreas Gutmann et al. with AR and VR glasses. The workshop will be held online on 7th August 2020, alongside the SOUPS conference.Go to article
|Article "Phishing campaign and its pitfalls" cited several times (08-07-2020)|
The KIT press release was picked up by numerous media channels. These include BNN, IDW-Online, Innovations Report, Bochumer Zeitung, Industrie.de, Frankfurt Institute for Risk Management and Regulation, Infopoint-Security and Deutschlandfunk Nova.Go to article
|Updated flyer on our apps “Active Pause” and “Active Pause to Go” available (03-07-2020)|
Our updated flyer “Active Pause and Active Pause to Go” provides now information on the app “Active Pause to Go” as well. The app was created in cooperation with the Institute of Sports and Sports Science of the KIT and helps integrating exercise breaks into your daily work. Further information and the link to the Google Play Store can be found in the flyer.Go to flyer
|“Healthy surveillance”: Designing a concept for privacy-preserving mask recognition AI in the age of pandemics - Paper online available (01-07-2020)|
The trade-off between personal data protection and AI performance is an exciting field of research. In the ongoing fight against the spread of the novel coronavirus COVID-19, many governments have recommended—or even obliged—their citizens to wear masks as an effective countermeasure. In an interdisciplinary, cross-institute (IISM, KSRI and AIFB / KASTEL / SECUSO) work, Niklas Kühl, Dominik Martin, Clemens Wolff, and Melanie Volkamer External Link show what a privacy-friendly mask recognition video system could look like.
|Paper accepted at EuroUSEC 2020 (23-06-2020)|
The paper “Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice, and very narrow attack vector” by Mattia Mossano, Kami Vaniea, Lukas Aldas, Reyhan Düzgün, Peter Mayer and Melanie Volkamer, developed in collaboration with the TULiPS Research Group from the University of Edinburgh, has been accepted at EuroUSEC 2020.
|information security for Wissenschaft-Medien-Kommunikation students (26-06-2020)|
Since this semester, students of the study course Wissenschaft-Medien-Kommunikation can also attend our information security lecture. We are pleased that directly in the first semester students took advantage of this offer. The lecture can be introduced e.g. in the major field of computer science.
|FMER Research Project INSPECTION started (26-06-2020)|
The research project INSPECTION has stated on the 1st June 2020. Its goal is to identify hacked websites through web crawling and notify the owners of the affected websites in an effective manner. The project is funded by the German Federal Ministry of Education and Research within the initiative "KMU-innovativ". For this project, SECUSO partnered with the companies mindUp GmbH and BDO Cybersecurity.
|Paper accepted at 'Law and Technology' workshop at Informatik 2020 (25-06-2020)|
In recent months, the cooperation with the chair of Prof. Indra Spiecker genannt Döhmann (Goethe University Frankfurt am Main / KASTEL PI) has been expanded. The article "Obligation to report IT security and data protection incidents by employees - consideration of possible employment law consequences" by Dirk Müllmann and Melanie Volkamer was accepted at the 'Law and Technology' workshop of Informatik 2020.
|Paper accepted at the Symposium on Usable Privacy and Security 2020 (27-05-2020)|
The paper "An investigation of phishing awareness and education over time: When and how to best remind users" by Benjamin Maximilian Reinheimer, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Düzgün, Bettina Lofthouse, Tatiana von Landesberger and Melanie Volkamer has been accepted for presentation at the Symposium on Usable Privacy and Security 2020 (SOUPS 2020). SOUPS 2020 will be held August 9-11, 2020 in Boston (USA).
|Analysis of phishing campaigns conducted in companies published (27-05-2020)|
Together with Prof. Franziska Boehm (KIT / ZAR and FIZ Karlsruhe) and Prof. Martina Angela Sasse (RUB / CASA / HGI), an interdisciplinary analysis of phishing campaigns in companies and organisations was carried out. The results of the analysis are particularly important for anyone who is considering phishing campaigns against employees and / or colleagues. You can find the results at:
|SECUSO @ Baden TV (26-05-2020)|
In the "Baden TV Aktuell" broadcast on May 26th, 2020 Prof. Melanie Volkamer spoke about SECUSO research and especially about the Human Centered Design approach (9:30): https://baden-tv.com/baden-tv-aktuell-dienstag-2/
|TORPEDO Covid-19 Update for web-browser (18-05-2020)|
The coronavirus has led to a significant rise of messages with dangerous content (phishing messages). To better support users in identifying such e-mails, we have developed an update for our browser extension TORPEDO which now integrates the blocklist of the Cyber Threat Coalition. This means that our plugin now explicitly warns users of dangerous links that are blacklisted in connection with Corona. Our browser extension can be downloaded for free in the Firefox Store and the Chrome Store.
|Philip Heller and Jannik Dresselhaus new student assistants at SECUSO (11-05-2020)|
Philip Heller and Jannik Dresselhaus have joined SECUSO on 15th April 2020 to help out with programming tasks. Philip will help in developing anti-phishing tools in the course of the Google Faculty award SECUSO received in March 2020. Jannik will help in developing tools for studies in the area of user authentication.
|SPOSE PC membership (08-05-2020)|
Melanie Volkamer supports the SPOSE (Security, Privacy, Organizations, and Systems Engineering) ESORICS workshops as a program committee member.
|Current users of our NoPhish material (05-05-2020)|
The number of users of our NoPhish material is increasing.
|Peter Mayer holds Workshop at the House of Competence (29-04-2020)|
Starting on 9th May 2020, the online workshop "Securing The Digital Life – Eine Praktische Einführung in die Sicherheit von Passwörtern", held by Peter Mayer, will give an overview of the theoretical and practical aspects of password security. To that end, the participants will learn about relevant attacks and the respective defenses. The gained knowledge will then be applied in practical exercises as both, attacker an defender. The workshop will be held completely online.
|PC of the MuC Workshop 2020 (21-04-2020)|
Benjamin Reinheimer is on the program committee of the 6th Usable Security and Privacy Workshop, MuC 2020, which will take place in the context of the Mensch und Computer from September 6-9 in Magdeburg. https://muc2020.mensch-und-computer.de/eng/
|NoPhish Videos in German and English on Youtube (15-04-2020)|
Online fraud is booming in times of the corona crisis. We as the research group SECUSO explain in two short videos how to detect fraudulent messages. The first video deals with the topic attachments and the second video with links. Both videos are now available in German and English on our Youtube channel.
|Master of Science in Digital Transformation - HECTOR School, Technology Business School of KIT, with a new compulsory module on security and privacy engineering (15-04-2020)|
The new part-time M.Sc. The "Information Systems Engineering and Management (ISEM)" course has started successfully at the HECTOR School of Engineering and Management. The course main focus is the digital transformation of products, services and organizations. Accordingly, there is now also a compulsory module on security and privacy engineering with lectures on information security (Prof. Melanie Volkamer), applied cryptography (Prof. Jörn Müller-Quade), network security (Prof. Thorsten Strufe), data protection regulations (Prof Franziska Böhm) and Emerging Technologies and Critical Information Infrastructures (Prof. Ali Sunyeav). Further information on the course and application can be found on the HECTOR School website.
|TORPEDO updated (08-04-2020)|
TORPEDO as a web extension has been updated to a new version and now has some new features. We have now also integrated google redirect. Also the tutorial was adapted to the new version. Additionally we now check for IP addresses or hidden URLs behind submit buttons. Now everyone can add their own short URL services and with the help of the Security and Privacy Mode they can customize TORPEDO to fit their own circumstances even more.
|Courses at SECUSO (03-04-2020)|
The new semester is starting soon! To make it easier for you to choose which courses you want to visit, we have prepared an overview of our courses in the summer and winter term. In addition, Industrial Engineering students get some recommendations on how to credit our courses in their studies. PDF
|The 5th European Workshop on Usable Security has been rescheduled to 7th September 2020 due to COVID-19|
Due to COVID-19, this year's EuroUSEC workshop will not take place as originally scheduled on 15 June 2020, but instead has been moved along with Euro S&P to September 2020. The workshop location remains the same: Genova, Italy. Due to this change in the schedule, this year's workshop has two submission deadlines. The first one was on the original submission date of 16 March 2020. Submissions to that deadline are already under review. The supplemental deadline will be on 5th June 2020 (with mandatory paper registration on 2nd June 2020). You can find all information about the new schedule and the second submission deadline on the EuroUSEC website.
|Information about the qualification for the KASTEL certificate (25-03-2020)|
Industrial Engineering and Business Informatics students can receive the KASTEL certificate as well. Therefore, we compiled some information about the qualification for the certificate. You can find a list of creditable courses and recommendations for module combinations here. Here for PDF
|Courses by SECUSO for the summer semester 2020 (25-03-2020)|
Our courses for the summer semester 2020 are now available at https://secuso.aifb.kit.edu/1121.php
|Zeit Article and podcast on IT security with Prof. Volkamer (18-03-2020)|
"Everything on the net is hackable. How do we prevent the worst?" is the title of the article and podcast by Lisa Hegemann and Meike Laff. The topic is that people are often mistakenly described as the greatest vulnerability when a computer system has been hacked. Prof. Volkamer puts an end to this false assumption.
|Monthly Security Lunch Changes (03-03-2020)|
We decided to change our schedule regarding the monthly security lunch.
|Google Faculty Research Award for Prof. Melanie Volkamer (02-03-2020)|
Prof. Melanie Volkamer and Florian Schaub received one of this year's seven Google Faculty Research Awards in the field of security. The award was granted for the project "Link-centric Phishing Warnings for Online Email Clients". We look forward working with Florian Schaub and the University of Michigan. Also many thanks to our Google advocates Patrick Gage and Alexander de Luca.
|SECUSO at the action day at KIT in the context of the Safer Internet Day (26-02-2020)|
During the international Safer Internet Day on February 11th 2020 SECUSO participated in a KIT wide action to raise awareness for fraudulent messages. The event was jointly organized with the Steinbuch Centre for Computing (SCC) and the Information Security Officer (ISB). Many of the materials are now also available in English. Leaflets and materials can be downloaded via the following link: https://www.isb.kit.edu/english/105.php.
|Reyhan Düzgün is now a member of SECUSO (26-02-2020)|
Reyhan Düzgün is the newest member of SECUSO since February 1, 2020. She studied Industrial Engineering at the Karlsruhe Institute of Technology and will be working on methodology research in the area of usable security.
|Talk at Interconnect event on "Emotet & Co: How to raise security awareness" (13-02-2020)|
Technology is an important element for effective IT security - but security awareness is also important. As part of the event on February 13, 2020, Prof. M. Volkamer talks on measures that have been shown to increase security awareness.
|Paper accepted at Voting 2020 (FC Workshop) (10-02-2020)|
The paper "Towards Improving the Efficacy of Code-Based Verification in Internet Voting" by Oksana Kulyk, Melanie Volkamer, Monika Müller and Karen Renaud was accepted at the Financial Crypto Workshop 'Voting 2020'. The workshop will take place on February 14, 2020 in Sabah (Malaysia) for the fifth time.
|SECUSO talk at the CAST Workshop „Security Awareness and Usable Security“ (06-02-2020)|
Melanie Volkamer, Benjamin Reinheimer and Peter Mayer will give an overview of the process of developing and evaluating verifiably effective IT security awareness materials in the course of the CAST Workshop “Security Awareness and Usable Security”. The CAST workshop will take place 3rd March 2020 in Darmstadt. The full program and registration can be found on the workshop website.
|Call for papers for the 5th European Workshop on Usable Security published (31-01-2020)|
The call for papers for the 5th European Workshop on Usable Security has been published. The PC chairs of this year's workshop are Peter Mayer and Blase Ur. Deadline for submissions is 16th March 2020 (Anywhere on Earth).
|Article in Zeit-online on Emotet with Prof. Volkamer (29-01-2020)|
"Kammergericht Berlin: Nur per Telefon, Fax oder Brief zu erreichen" is the title of the German article by Lisa Hegemann and Meike Laaff. The article analyzes how this could happen and how the risk can be reduced. Experts from Fraunhofer SIT and BSI as well as Melanie Volkamer were also interviewed.
|Mattia Mossano is now a member of SECUSO (28-01-2020)|
Mattia Mossano is the newest member of SECUSO since December 1, 2019. He’ll be working on phishing and anti-phishing user training. He studied philosophy at the University of Genoa and Cognitive Science at the University of Edinburgh. https://secuso.aifb.kit.edu/english/Staff_1091.php
|SECUSO at the action day at KIT in the context of the Safer Internet Day (22-01-2020)|
KIT participates in the Safer Internet Day on February 11, 2020. This day has been held annually since 2004 and is an international day of action to promote online security and a better Internet. This year, KIT will again focus on the detection of fraudulent messages, in particular, phishing emails, and the safe handling of these messages. Many of the materials are now also available in English. Our action booth: February 11, 2020, 11 a.m. - 2 p.m., Mensa Adenauer-Ring, Campus South. Leaflets and materials at https://s.kit.edu/sid2020
|Paper accepted at AsiaUSEC 2020 (20-01-2020)|
The paper "Security and Privacy Awareness in SmartEnvironments – A Cross-Country Investigation" by Oksana Kulyk, Benjamin Maximilian Reinheimer, Lukas Aldag, Nina Gerber, Peter Mayer and Melanie Volkamer has been accepted for presentation at AsiaUSEC 2020. The workshop will be held February 13-15, 2020 in Sabah (Malaysia) conjunctions with Financial Cryptography.
|ARES Conference 2020 - PC Chairs (20-01-2020)|
Melanie Volkamer and Christian Wressnegger (also KASTEL PI) are this year's PC Chairs of ARES 2020. The conference will take place in Dublin from August 24-28. The Paper Submission Deadline is March 15th.
|Peter Mayer talks at GUDialog on the topic "Secure use of passwords" (13-01-2020)|
GUDialog is organized by the Institute for Society and Digital at Münster University of Applied Sciences. Peter Mayer is invited to give a talk on January 15, 2020 on the topic "Secure use of passwords". The offer is aimed at both the specialist audience and interested citizens.
|Emotet & Co: How to raise security awareness - Talk by Prof. Volkamer (13-01-2020)|
On Thursday, February 13, 2020, InterConnect will be holding a business lunch in Karlsruhe from 12:00 to 4:30 p.m. on the topic "Emotet & Co: How to create security awareness". Melanie Volkamer talks about which measures have been proven to increase security awareness and what companies should take into account if they want to implement awareness measures themselves.
|EuroUSEC 2020 takes place on 15th June 2020 as part of Euro S&P (20-12-2019)|
The fifth European Workshop on Usable Security will be held on 15th June 2020 as pre-conference workshop of the IEEE European Symposium on Security and Privacy in Genova (Italy). The CfP and further information will be made available in the coming weeks.
|Melanie Volkamer and Peter Mayer receive commendation for "information security" lecture (19-12-2019)|
Melanie Volkamer and Peter Mayer have received a commendation from the department of economics and management for their lecture "information security". This lecture gives an introductory overview of the field of information security and represents a basis for students to attain the KASTEL certificate, a proof of specialization in the fields of IT and information security for students at KIT.
|Save the Date: AIK symposium on cyber security will take place at October 23, 2020 (17-12-2019)|
In the afternoon of October 23rd, 2020 the 36th AIK symposium will take place in Karlsruhe: First the AIK association and the participating institutions Institute AIFB and KASTEL will be introduced. This is followed by four talks: Prof. Buchmann (expert for post-quantum cryptography from TU Darmstadt), Dr. Meletiadou (Head of Privacy Management at Vodafone), Dr. Achenbach (Head of the IT Security Competence Center and the Cyber Defense Team at the FZI), and Dr. Mayer (Usable & secure user authentication expert will introduce research results from SECUSO).
|Benjamin Reinheimer as a participant at the USP Day 2020 Workshop(09-12-2019)|
On January 10, 2020, the USP Day 2020 will take place in Berlin on the topics of usable security and privacy. The day is jointly organized by Fraunhofer AISEC and Freie Universität Berlin. Benjamin Reinheimer will give a talk on User Studies on Security.
|Hohoho: NoPhish Video „Identifying dangerous attachments“ is now available (06-12-2019)|
We are happy to announce that an other awareness NoPhish video is
|KASTEL certificate now also for industrial engineers and business informatics students (05-12-2019)|
The certificate has been extended so that now business and IT students who are interested in information security can receive the KASTEL certificate. The Competence Center for Applied Security Technology (KASTEL) is one of Germany's three Cybersecurity Competence Centers initiated by the Federal Ministry of Education and Research (BMBF) in March 2011
|No Phish Flyer Update (04-12-2019)|
We have updated our Flyer „Fraudulent messages - how to detect
|Peter Mayer graduated as PhD [Dr.-Ing.] (29-11-2019)|
Our member Peter Mayer has been graduated as a PhD (Dr.-Ing.) on November 15, 2019 with the thesis entitled "Secure and Usable User Authentication".
|Panel discussion at the Federal Office for Security in Information Technology (27-11-2019)|
Melanie Volkamer will participate in the panel discussion as part of the project "Institutionalization of Social Dialogue" at the BSI on November 28. It discusses the future of dialogue with our society and how cyber security can be better shaped for society.
|Jonas Pfrang and Melanie Volkamer interviewed by Campusradio Karlsruhe (19-11-2019)|
Criminals often use fraudulent messages with malicious content (e.g. spyware, phising links) to obtain sensitive data of people or blackmail victims. As it is not possible to detect all fraudulent messages by means of technology, users should check incoming e-mails manually in order to detect a potential fraud attempt. In the interview Prof. Dr. Melanie Volkamer and Jonas Pfrang explain potential risiks of fraudulent messages and show how one can identify such messages. The interview was broadcasted on “Radio Regenbogen” on the 19th November 2019 at 7:10 p.m.. The interview can be downloaded via the following link: https://soundcloud.com/karlsruherinstitutfuertechnologie/im-zweifelsfalle-immer-loschen-tipps-zum-umgang-mit-phishing-mails
|Melanie Volkamer in an interview with Kai Laufen - SWR Aktuell Netzagent (18-11-2019)|
The Internet and other digital technologies pose risks that most users are hardly able to recognize and assess. Be it specific technical problems or possible application errors that could endanger yourself or your employer. The interview is about how to make people better aware of the risk on the internet and how to protect yourself.
|Peter Mayer holds Workshop at the House of Competence (13-11-2019)|
On 23rd November 2019 the Workshop "Securing The Digital Life – Eine Praktische Einführung in die Sicherheit von Passwörtern", held by Peter Mayer, will take place at the House of Competence. The workshop will give an overview of the theoretical and practical aspects of password security. To that end, the participants will learn about relevant attacks and the respective defenses. The gained knowledge will then be applied in practical exercises as both, attacker an defender.
|Heike Obry is a new member of the SECUSO research group (07-11-2019)|
Heike Obry is the newest member of the SECUSO research group at the Karlsruhe Institute of Technology (KIT). Heike Obry studied computer science at the University of Karlsruhe (today's KIT) from 1982 - 1987.
|Kick-Off Seminar Security and Privacy Awareness (25-10-2019)|
Last week we started our seminar “Security and Privacy Awareness”. This seminar is special, as it is organized by different institutes, which makes this course interdisciplinary. We are working together with the ITZ and the IIWR. Philosophy, law and computer science working together on security and privacy awareness.
|Cooperation Police south Hessen and SECUSO (28-10-2019)|
In November we got the chance to give two workshops for the police in Darmstadt, Hessen. We are pleased to share our knowledge of phishing with all the interested people.
|Peter Mayer gives talk at PasswordsCon 2019 (24-10-2019)|
From November 25th to 27th 2019 the PasswordsCon conference will be hel din Stockholm (Sweden). Peter Mayer will participate as speaker and present research results of SECUSO in his talk "Better Password Entry On the Couch".
|New privacy friendly app: „Active break to go!“ (30-10-2019)|
Active break of the workplace health management of the Institute of Sports and Sports Science meets SECUO's Privacy Friendly Apps. The new app "Active break to go!" reminds you of your favourite exercises at any time ... Whether on a business trip or at work. And all without your data being collected - simply privacy friendly. Give it a try:
|SECUSO participates in European Cyber Security Month (ECSM) (08-10-2019)|
The number of cyber attacks is steadily increasing. Anyone who thinks they are safe from such attacks is mistaken: at work or at home - each of us can become the victims of Internet criminals. In the context of the European Cyber Security Month (ECSM) we inform in two events on how to protect yourself: On October 11 in the context of the 'Bunte Nacht der Digitalisierun' from 15: 00-21:00 on the Campus South of the KIT (building 20.30). On October 23 at Campus North in the Casino from 11: 00-14: 00.
|AIFB Thematic Issue 2019 - Invitation to the 35th AIK Symposium (07-10-2019)|
In the AIFB Thematic Issue 2019 (German) you will find the invitation to the 35th AIK-Symposium "Blockchain – Proof-of-Worth" and other latest highlights from our Institute AIFB. The symposium will take place on October 25, 2019 and is organized by the AIK e.V.
|SECUSO hosted the third GHOST project meeting in Karlsruhe (27-09-2019)|
We were delighted to host the third EU GHOST project meeting at KIT in Karlsruhe. GHOST aims to deploy a highly usable and effective security framework for smart home residents. The project will apply behavioural design principles for the elaboration of a novel reference architecture for user-centric cyber security in smart home environments. The GHOST consortium discussed the latest stage of the progress and the next steps during two consecutive days of meeting.
|Participation in the 'Bunte Nacht der Digitalisierung' (26-09-2019)|
At this event, on October 11th, SECUSO presents the materials developed and evaluated in the past (including flyers, information cards and posters) in the field of security awareness and education. The event will take place on campus. Citizens will learn how they can detect fraudulent messages such as phishing emails.
|dialog@bw - Citizens' Forum on 11.9.2019 at the ZKM (09-09-2019)|
To kick off the digilog@bw research project funded by the state of Baden-Württemberg, all citizens are invited to submit their questions during this event and thus help to shape the project. In addition to SECUSO, other experts from KIT but also from the University of Mannheim and the University of Tübingen will be represented. A panel discussion will give an insight into the project. Subsequently, questions and suggestions can be addressed to the experts in smaller rounds.
|Paper at E-Vote-ID accepted (10-09-2019)|
The paper "GI Elections with POLYAS: A Road to End-to-End Verifiable Elections" was accepted at E-Vote ID 2019. Apart from Melanie Volkamer, other KASTEL PIs (Prof. Beckert and Prof. Müller-Quade) as well as KASTEL PhD students are authors of the paper. The paper describes the activities of the GI Online Elections Working Group. More information will also be published in the next GI Radar.
|Peter Mayer gives talk at the Public IT Security (PITS) (30-08-2019)|
On September 2nd and 3rd Public IT Security (PITS) will take place in Berlin as the German expert symposium for IT security and cyber security for state and administration. Peter Mayer will participate as speaker in the panel "SPAM, Phishing and Ransomware" and present the anti-phishing materials developed by SECUSO.
|SECUSO article in SCC news 2019 (27-08-2019)|
During the international Safer Internet Day in February 2019 SECUSO participated in a KIT wide action to raise awareness for fradulent messages. The SCC news published an article to emphasize the success of this day. A lot of positive feedback is the reason for KIT to plan (and SECUSO to support) a second information event in the Cyber Security Month in autumn 2019.
|Melanie Volkamer in the program comittee of SAC 2020 (28-08-2019)|
From the 30.03. to the 03.04.2020 takes the Symposium „Computer Security track“ in Brno (Czech Republic) place. Until the 15th of september 2019 papers can be submitted. Prof. Melanie Volkamer will be part oft he program comittee. For more information please follow this link.
|Melanie Volkamers interview of the „Computerwoche“ (26-08-2019)|
KASTEL-Professor Melanie Volkamer was interviewed for the article „What is Usable Security“ that was published on the 7th of august 2019 on the online platform of the „Computerwoche“. The article is about the human being as the weakest link of the security chain, because he makes mistakes. The question is, what does a user have to know to be secure online and does he have to be involved in the security process. Especially in the last point, Prof. Volkamer advises to pronounce certain design recommendations for developers, which should help the user to recognise the security easier.
|Presentation of our security awareness and education measures at the networking day for knowledge mediators of the BSI (23-08-2019)|
On September 9th SECUSO in Berlin presents the security awareness and education materials developed and evaluated in the past (including flyers, cards and posters) in the 'market of possibilities' located in Berlin security awareness and education.
|Third Security and Privacy Lunch is on the way (16-08-2019)|
The next Security and Privacy Lunch at Café Gold is coming up. We would be delighted if we could once again welcome numerous researchers from a wide variety of organizations from Karlsruhe. The next lunch will take place on 20.08. at 13 o'clock. Also for "spontaneous" visits we ask for feedback to Rebekka Golling so that we can reserve a sufficiently large table.
|SECUSO participate at the 29th Cyber Security Day "Networks Protect Networks". (16-08-2019)|
Our research group will be on-site at the 29th Cyber Security Day in Berlin on 26.09. We will be present with a booth and present our materials on Security Awareness and Education. In particular, the focus will be on the detection of phishing and other fraudulent messages. Besides, we will give an overview of the implementation of user studies and evaluation of our materials.
|SECUSO cooperates with Stadtwerke Ettlingen (14-08-2019)|
Within the framework of the KASTEL project, the research group cooperates with Stadtwerke Ettlingen. The cooperation aims to analyze the process of IT security mediation of the municipal utilities. Based on the experiences of the research group and the current state analysis, proposals will be developed to help disseminate the current IT security information and measures with defined processes within the company. This improvement will then be evaluated in a study.
|„Society in the Digital Change – Digitalitisation in Dialogue“ (22-07-2019)|
The research Group SECUSO represents KASTEL in the project „Digitalisation in Dialogue“ (Digilog). Digitalisation influences humans in many ways. Many questions are asked, e.g. how does Digitalisation influences our personal life and what risks and chances occur. To assure a positive transformation in future the main topics of digitalisation – „autonomy, knowledge and participation“ are discussed by various research institutions in Baden-Württemberg in order to provide scientifically grounded orientation knowledge.
|Second Security and Privacy Lunch (17-07-2019)|
Also the second "Monthly Security and Privacy Lunch" in the restaurant Gold was well attended. Once again, 20 researchers from various organisations and research groups were on site to discuss current topics. We are happy that the response has been so great and that new people are constantly joining us. The next lunch will take place on 20.08. We ask for feedback to Rebekka Golling until 13.08, so that we can reserve a sufficiently large table.
|Conference SICHERHEIT 2020 in Göttingen organizes Doctoral Forum (14-07-2019)|
The conference SICHERHEIT 2020 takes place from the 17th to the 20th March 2020 in Göttingen. Melanie Volkamer is part of the programm committee. SICHERHEIT is a biennial conference. PhD candidates are invited to submit extended abstracts on their research related to any aspects of safety and security of IT systems until the 1st October 2019. More Informations can be found:
|SECUSO now sits in the hallway of 5.20-3A (01-07-2019)|
So the move is almost complete and SECUSO has now moved into its new offices. From now on you can find our new offices in building 5.20-3A. There are some boxes and little things left. But soon we got completely used to the new premises and are looking forward to designing the hallway according to our ideas.
|Guest lecture risk communication (28-06-2019)|
We had the opportunity to give a guest lecture on the 17.06. for the students of Zinaida Benenson at the Friedrich-Alexander-University of Erlangen-Nürnberg. Lukas Aldag gave a Lecture about risk communication. If you are interested take a look at the slides (unfortunately the slides are only available in German).
|Next Security and Privacy Lunch (25-06-2019)|
The first "Monthly Security and Privacy Lunch" at Restaurant Gold was a success with 20 researchers from KIT, FZI, Frauenhofer IOSB and Frauenhofer ISI. We hope all participants had as much fun as we did. We would be happy if we could welcome as many people to the next meeting on 16.07.2019. Please contact Rebekka Golling (email@example.com) so that we can plan accordingly.
|Peter Mayer has joined the program committee of WAY 2019 (18-06-2019)|
Peter Mayer has joined this year's program committee of the "5th Who Are You?! Adventures in Authentication Workshop (WAY 2019)". The workshop will take place on August 11, 2019, in Santa Clara, CA, USA. The program is now available at: https://wayworkshop.org/2019/program.htmlhttps://wayworkshop.org/
|Poster accepted at SOUPS 2019 (18-06-2019)|
The poster "On The Systematic Development and Evaluation Of Password Security Awareness-Raising Materials" by Peter Mayer, Christian Schwartz, and Melanie Volkamer has been accepted for presentation at SOUPS 2018. The conference will be held August 11–13, 2019 in Santa Clara (USA).https://www.usenix.org/conference/soups2019
|Melanie Volkamer comments scobels discussion on „Datenflut und Wissensschatz“(18-06-2019)|
Scobels video on 3sat discusses the use of new information technologies and algorithms. Melanie Volkamer talks about the need to create more awareness to what happens with the collected data in the future.https://www.3sat.de/wissen/scobel/datenflut-und-wissensschatz-100.html
|SECUSO Research ends facebook presence on the 15th of June 2019 (18-06-2019)|
SECUSO Research used facebook for about five years as a platform to present current news and research results on topics such as data protection and the sensitive issue of the security of information. For some time, there has been negative press about facebooks negligent handling of data. Encrypted data and passwords are very important, so/ that’s why „SECUSO“ wants to set a statement by ending facebook presence.
|KASTEL professors in the issue "Hacked - How do we protect ourselves against cyberattacks?" (12-06-2019)|
"The invisible army" is the title of the article in the last issue of "Perspektiven", published by the research magazine of the Helmholtz Association. KASTEL spokesman Prof. Jörn Müller-Quade and KASTEL professor Melanie Volkamer commented on the possibilities of hackers and attackers to obtain important information and what users can do against it. The article is about how the increasingly digitalized world is making it easier for attackers to gain access to information and take control. Furthermore, it is discussed how we can make online data safer and how increasing awareness can also protect private users.https://www.helmholtz.de/fileadmin/user_upload/04_mediathek/perspektiven/epaper-Perspektiven_02_Mai2019_W/index.html#10
|Nina Gerber has joined the program committee for the 5th Usable Security and Privacy Workshop at Mensch & Computer 2019 (23-05-2019)|
Until June 7th contributions for the 5th Usable Security and Privacy Workshop at Mensch & Computer 2019 can still be submitted: https://das.th-koeln.de/workshops/usp-muc-2019/
As in previous years, the workshop offers a great opportunity to exchange ideas with researchers and practitioners on topics related to user-centered security and privacy.
|Paper “Comparing "Challenge-Based" and "Code-Based" Internet Voting Verification Implementations” accepted (23-05-2019)|
The paper “Comparing "Challenge-Based" and "Code-Based" Internet Voting Verification Implementations” by Oksana Kulyk, Jan Henzel, Karen Renaud and Melanie Volkamer has been accepted at the INTERACT 2019 conference which will take place on September 2.-6 in Pathos, Cyprus.http://interact2019.org/
|Melanie Volkamer speaks at the symposium "Information Security" (23-05-2019)|
On June 27, 2019, Melanie Volkamer will give a talk at the symposium "Information Security" of Sparkassenverband Baden-Württemberg about sensitization research and how to reach your colleagues (German title: "Sensibilisierungsforschung: Wie erreichen Sie die Kolleginnen und Kollegen?").https://vp.spk-akademie.de/vp/action?securedGetRequest=l1z44NQcnR0Oe_mLK9S9zkN4cZ80eoz9SpI6NAvuRrc
|WI, SPOSE, STAST PC membership (23-05-2019)|
As program-committee-member, Melanie Volkamer will support a number of conferences and workshops: "Information Security and Privacy" Track at WI 2020, SPOSE (Security, Privacy, Organizations, and Systems Engineering) and STAST (Socio-Technical Aspects in SecuriTy)) ESORICS workshops as well as Sicherheit 2020.https://fb-wi.gi.de/veranstaltung/15-internationale-tagung-wirtschaftsinformatik-wi2020/
|SECUSO member Peter Mayer has joined the organizing committee of the 2019 Annual Computer Security Applications Conference (ACSAC). (22-05-2019)|
ACSAC brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, workshops, and professional development and training courses, ACSAC continues its core mission of investigating practical solutions for computer and network security technology. This year's 35th edition of the conference will be held from 9-13 December 2019 in San Juan, Puerto Rico, USA.https://www.acsac.org/2019/cfp/papers/
|Alireza Zarei is newest member of SECUSO research team (30-04-2019)|
Alireza Zarei has graduated from University of Göttingen with a Master degree in Applied Computer Science. Since April 2019, he is part of the GHOST project to develop a user-friendly application to improve security and privacy in Smart Homes.Link_more
|Privacy Friendly Apps Family is growing (18-04-2019)|
SECUSO has released two new privacy friendly apps and one update. The Privacy Friendly Apps are a group of Android apps that are optimized regarding privacy. The apps are developed by students who thus gain experience in the privacy-friendly development of mobile applications.
The new apps are:
Food Tracker makes it possible to track daily calorie consumption.
Sketching App lets you create and save simple sketches
The updated app is:
Finance Manager can be used to monitor and manage personal financials.Privacy Friendly Apps
|Paper accepted at EuroUSEC|
The paper “Why Johnny Fails to Protect his Privacy” by Nina Gerber, Verena Zimmermann and Melanie Volkamer has been accepted at EuroUSEC 2019.Link_more
|Monika Müller attends Spring E-Voting PhD Seminar (05-04-2019)|
Monika Müller studies industrial engineering and works for SECUSO. She is interested in the usability of electronic elections. She will use the colloquium to establish contacts with doctoral students from various European universities and to exchange information on current research topics.https://evoting-phd.secuso.org/
|BMWi appoints Melanie Volkamer to the steering committee of the "IT-Sicherheit in der Wirtschaft" initiative (04-04-2019)|
The Federal Ministry of Economics and Energy (BMWi) has appointed Prof. Dr. Melanie Volkamer to the steering committee of the "IT-Sicherheit in der Wirtschaft" initiative. The committee met in Berlin on March 12, 2019 for its constituent meeting. The steering committee consists of IT security experts from business, science and administration. It consults the initiative, provides impetus and supports it in raising awareness and implementing IT security measures.https://www.it-sicherheit-in-der-wirtschaft.de/ITS/Redaktion/DE/Pressemitteilungen/2019/2019-03-12-bmwi-beruft-it-sicherheitsexperten.html
|Paper accepted for publication in the journal Information and Computer Security (18-03-2019)|
The paper „Keep on Rating - On the Systematic Rating and Comparison of Authentication Schemes” by Verena Zimmermann, Nina Gerber, Peter Mayer, Marius Kleboth, Alexandra von Preuschen and Konstantin Schmidt has been accepted for publication in the journal Information and Computer Security.https://www.emeraldinsight.com/loi/ics
|Article accepted for publication in the journal "Datenschutz und Datensicherheit" (18-03-2019)|
The article "Sichere Instant Messaging Apps" by Jacqueline Brendel and Nina Gerber was accepted for publication in the journal "Datenschutz und Datensicherheit".https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
|Update for flyer "Betrügerische Nachrichten" (18-03-2019)|
We've updated our "Fraudulent Messages" flyer and extended our infocard and a poster.
Now the Infocard and Poster also contain tips for detecting fraudulent attachments. The material currently is only available in German.https://secuso.aifb.kit.edu/downloads/Flyer/KIT-Faltblatt-Betruegerische-Nachrichten-2.pdf
|Talk at the GFFT Technology Race|
Melanie Volkamer will report on current research at the GFFT Technology Race "Measurement and Increase of Security Awareness" at Lekkerland in Cologne on April 26th, 2019. The talk will present foundations of sensitisation research and current results from the SECUSO research group.https://www.gfft-portal.de/veranstaltungen/?cid=my-calendar&format=list&month=4&yr=2019
|Neuer Informationsflyer zum Thema Auswahl einer Anmeldeoption|
Basierend auf wissenschaftlich evaluierten Informationsmaterialien haben wir einen neuen Informationsflyer entwickelt, der Sie dabei unterstützt, eine passende Anmeldeoption für Dienstleister auszuwählen, die sowohl eine Single-Sign-On, als auch eine manuelle Anmeldeoption anbieten.Link_more
|Oksana Kulyk starting as an assistant professor at the ITU Copenhagen (28-02-2019)|
A SECUSO member Oksana Kulyk will start as an assistant professor at the IT University of Copenhagen on the 1st of March. She will continue to collaborate with SECUSO within the GHOST project.https://www.itu.dk
|Lukas Aldag new SECUSO team member (27-02-2019)|
Lukas Aldag is the newest member of the research group SECUSO at the Karlsruhe Institute for Technology (KIT). After finishing the master in psychology – human factor engineering, he supports the group in the domain of fraudulent messages and how to detect them.
|Paper accepted at SPW 2019 (26-02-2019)|
The paper "Audio CAPTCHA with a few cocktails: it’s so noisy I cant hear you" by Benjamin Maximilian Reinheimer, Fairooz Islam and Ilia Shumailov was accepted for publication at the International Workshop on Security Protocols (SPW). The conference will be held April 10-12th, 2019 in Cambridge (England).https://www.cl.cam.ac.uk/events/spw/2019/
|Paper accepted at PETS 2019 (19-02-2019)|
The paper "Investigating People’s Privacy Risk Perception" by Nina Gerber, Benjamin Reinheimer and Melanie Volkamer was accepted for publication at the conference Privacy Enhancing Technologies Symposium (PETS). The conference will be held July 16-20th, 2019 in Stockholm (Sweden).https://petsymposium.org
|Information flyer on PIN management now available in English (18-02-2019)|
Our information flyer on PIN management helps users to remember personal identification numbers (PINs) they received (e.g. from banks) by offering memorisation strategies. We have translated this flyer to English, thereby expanding our portfolio of English information flyers. The flyer can be downloaded from our website.https://secuso.aifb.kit.edu/downloads/Flyer/KIT-Faltblatt_PIN-Management_25.01.2019.pdf
|Action day at Safer Internet Day in cafeteria foyer at Campus Süd (05-02-2019)|
Under the motto "Protect the IT-infrastructure of the KIT together" we developed new informaiton materials and awareness measures on the topic of cybersecurity together with other central facilities and research groups (SCC, KASTEL, AIFB, ZML). On the occasion of the Safer Internet Day, we present them to the public in the KIT cafeteria and make ourselves available for questions on the topic of cyber-security.https://www.scc.kit.edu/ueberuns/12695.php
|Do not change your password despite "Change Your Password Day" (01-02-2019)|
Despite „Change Your Password Day“, do not change your password for no reason! The security advantage of changing your passwords as a precation is rather small. A better opportunity to use the day would be to set up a password manager or to try out two-factor authentication for particularly sensitive user accounts. More detailed information on the topic of regular password change can be found here, and general information about the protection of user accounts can be found here (both links currently German language only).https://secuso.org/passwortsicherheit
|Article published in the "DuD" Journal (31-01-2019)|
The article "Diese Webseite verwendet Cookies: Wahrnehmungen und Reaktionen der Endnutzer auf Cookie-Meldungen" by Oksana Kulyk, Nina Gerber, Melanie Volkamer, Annika Hilt has been published in the February issue of the "DuD" journal.https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
|SECUSO informs about the risks during the Data Privacy Day (28-01-2019)|
At todays Data Privacy Day we would like to inform about the different risks considering privacy. To do that we developed some flyer, tools or explanation videos. Visit the following site to get an overview of our recent results.https://secuso.aifb.kit.edu/642.php
|Paper accepted at the Usable Security NDSS Workshop (25-01-2019)|
The paper “Does This App Respect My Privacy? Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users” by Oksana Kulyk, Paul Gerber, Karola Marky, Christopher Beckmann and Melanie Volkamer has been accepted for publication at the Usable Security NDSS Workshop (USEC 2019), which takes place on 24. February in San Diego, CA.https://www.ndss-symposium.org/ndss2019/cfp-usec-2019/
|Henrik Mucha as new SECUSO researcher (23-01-2019)|
Henrik Mucha is a new member of the SECUSO research group. Henrik has studied Industrial Design and Usability Engineering. He has worked for many years on the research questions of human-computer interaction in the context of assistant systems and their interaction design. As his research at SECUSO, Henrik will be working on the topic „Privacy through Interaction Design“.https://secuso.aifb.kit.edu/Team.php
|Article accepted to the journal "Datenschutz und Datensicherheit" (20-12-2018)|
The article "Diese Webseite verwendet Cookies: Wahrnehmungen und Reaktionen der Endnutzer auf Cookie-Meldungen" by Oksana Kulyk, Nina Gerber, Melanie Volkamer, Annika Hilt was accepted for publication in the journal "Datenschutz und Datensicherheit".https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
|Paper accepted at the ACM CHI Conference on Human Factors in Computing Systems (20-12-2018)|
The paper “I (don't) see what you typed there! Shoulder-surfing resistant password entry on gamepads” by Peter Mayer, Nina Gerber, Benjamin Reinheimer, Philipp Rack, Kristoffer Braun and Melanie Volkamer has been conditionally accepted for publication at the ACM CHI Conference on Human Factors in Computing Systems, which will be held from 4th to 9th May 2019 in Glasgow, UK.https://chi2019.acm.org/
|SECUSO organises E-Vote-ID 2019 (19-12-2018)|
Prof. Melanie Volkamer belongs to the organisers of the E-Vote-ID 2019. The E-Vote-ID conference takes place every year and is one of the leading conferences on the topic of electronic voting. The conference welcomes leading experts in the area of electronic voting from academic research, industry and politics to exchange ideas and discuss various aspects. The E-Vote-ID 2019 will take place on 1.-4. October in Bregenz, Austria.Call for papers
|Paper selected for presentation at the 16th German IT-Security Congress (13-12-2018)|
The paper „Erklärvideo “Online-Betrug” – Nach nur fünf Minuten Phishing E-Mails nachweislich signifikant besser erkennen“ by Melanie Volkamer, Karen Renaud, Benjamin Reinheimer, Marco Ghiglieri, Nina Gerber, Peter Mayer, Philipp Rack and Alexandra Kunz was selected for presentation at the 16th German IT security congress, which is organized by the BSI.https://www.bsi.bund.de/DE/Service/Aktuell/Veranstaltungen/IT-Sicherheitskongress/IT-Sicherheitskongress_node.html
|DuD article published (30-11-2018)|
The paper "Nutzerwahrnehmung der Ende-zu-Ende-Verschlüsselung in WhatsApp" by Nina Gerber, Verena Zimmermann, Birgit Henhapl, Sinem Emeröz, Melanie Volkamer and Tobias Hilt was published in the November issue of the DuD Journal.https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
|SECUSO employees at "Digitalisierung: Läuft!" (28-11-2018)|
Our employees were at the start of the 3rd stage of "Digitalisation: Läuft!" in Karlsruhe on 16th November 2018. They represented both the KIT and KASTEL. On site was also Minister of Digitization Thomas Strobl, together with other employees of FZI, CyberForum and EnBW. The motto of the run was "security in the digital age". The stage led from the EnBW innovation campus to the newly launched "Cyberwehr des Landes am Forschungszentrum Informatik (FZI)". The aim of the event was the transfer of knowledge and a general exchange on the subject of digitisation. The new open innovation platform will also be launched within the framework of this event.https://www.informatik.kit.edu/7009.php/event/35982
|New awareness materials online: info card and poster on the topic of phishing (26-11-2018)|
Already in the past we published different materials with explanations on how to identify phishing messages, which were usually evaluated in user studies. Now there are new materials available, in form of an pocket-sized info card with a short overview and in form of a poster for the office. The materials are currently only available in German language.https://secuso.aifb.kit.edu/NoPhish.php
|Phishing Workshop at the RFH IT Security & Forensic Days 2018, 8. and 9.11.2018 (31-10-2018)|
The RFH Cologne organises the IT Security & Forensic Days for the second time. The aim is to increase the sensitivity for security in IT systems and to raise awareness of the primary topic. The event will include expert lectures, discussions and workshops on the topics of IT security, data protection and IT forensics. Benjamin Reinheimer will also hold a workshop on the subject of phishing and fraudulent messages. The audience, consisting of students, lecturers, alumni and experts from all sectors, will learn the essential rules for detecting phishing interactively and will be provided with support for its implementation in daily life.https://www.rfh-koeln.de/aktuelles/termine/events_und_vortraege/index_ger.html?record_id=e18893&cur_id=e18893&site=rfh&ct=1540277547048
|Three new Privacy-Friendly Apps published (29-10-2018)|
Three new apps have been added to our group of Privacy-Friendly Apps. Among these apps are two new games. "2048" is a puzzle game, the goal of which is to reach the number 2048 by sliding the same numbers together. In our mobile version of a classic game "Minesweeper", one has to find all the mines on the playing field without triggering them. The third app “Finance Manager” can be used to monitor personal finances. As with the rest of privacy-friendly apps, the newly added apps are free and do not require any permissions that are not strictly necessary for their functionality. This means, that all of the three apps require no permissions. They furthermore contain no ads or user tracking mechanisms.https://secuso.org/pfa
|E-Vote-ID a success with over 100 participants (08-10-2018)|
The International Joint Conference on Electronic Voting (E-Vote-ID) took place for the third time in Schloss Hofen in Bregenz, Austria. The conference hosted over 100 participants from five continents and provided a platform of talks and discussions among a variety of stakeholders, including academic researchers from different disciplines, practitioners and vendors. The pre-conference program included the PhD colloquium and demo session of voting systems.https://www.e-vote-id.org
|New information flyer on choosing iOS apps (08-10-2018)|
Just in time for the European Cyber Security Month, we publish a new information flyer that helps you to choose privacy-friendlier apps for your iOS devices. This iOS-specific flyer is based on the flyer for Android devices, which has been evaluated in a user study, and is further developed based on the feedback of end users. The flyer is currently only available in German.https://secuso.aifb.kit.edu/downloads/Flyer/KIT-Faltblatt-iOS-Apps.pdf
|Paper accepted at the 2018 Annual Computer Security Applications Conference (26-09-2018)|
The paper “On The Systematic Development and Evaluation Of Password Security Awareness-Raising Materials” by Peter Mayer, Christian Schwartz and Melanie Volkamer has been accepted for publication at the 2018 Annual Computer Security Applications Conference, which will be held December 3rd to 7th 2018 in San Juan, Puerto Rico, USA. The paper describes a process for the systematic development of awareness-raising materials, the application of that process for the creation of an awareness-raising material on the topic "protection of user accounts", as well as the evaluation of this material in three SMEs.https://www.acsac.org
|Benjamin Reinheimer presents at the DsiN MesseCampus@it-sa (26-09-2018)|
Already in its 10th year, it-sa is organizing the DsiN MesseCampus@it-sa together with Deutschland sicher im Netz e.V..
|SECUSO at the European Cyber Security Month (25-09-2018)|
The European Cyber Security Month is coordinated by the German Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). SECUSO participates together with KASTEL and SCC with new flyers, video on how to identify and avoid online fraud and new Privacy-Friendly Apps.https://secuso.org/buerger
|Melanie Volkamer organises Dagstuhl Seminar (17-09-2018)|
The Dagstuhl seminar on the topic of "Biggest Failures in Security" is organised together with Frederik Armknecht (Universität Mannheim, DE), Ingrid Verbauwhede (KU Leuven, BE) and Moti Yung (Columbia University, US). The seminar takes place on 3.-8. November 2019 in Schloss Dagstuhl.https://www.dagstuhl.de/de/programm/kalender/semhp/?semnr=19451
|New Privacy Friendly Health App (6-09-2018)|
Our family of Privacy-Friendly Apps in Health category has grown. In addition to the existing apps (Pedometer, Interval Timer and Circuit Training, Pain Dairy), now there is also a Privacy Friendly Pausing Healthily App (available in Google Play Store and in F-Droid Store).The app has been developed in collaboration with a physiotherapist Eduardo Fontao. Just like the rest of our Privacy Friendly app, the Pausing Healthily only requests permissions that are necessary for its functionality (in this case, no permissions) and does not contain any tracking mechanisms, so that no (user) data is being collected. It is also free and yet does not show any ads. Privacy Friendly Pausing Healthily App makes it easier to structure your work by reminding you to take breaks during work. The app also offers many useful relaxation, mobilisation and stretching exercises that can be combined into individual programs.https://secuso.org/pfa-aktive-pause
|Paper accepted at the 3rd International Workshop on Ubiquitous Personal Assistance (28-08-2018)|
The paper “Assistance in Daily Password Generation Tasks” by Karola Marky, Peter Mayer, Nina Gerber, and Verena Zimmermann has been accepted for publication at the 3rd International Workshop on Ubiquitous Personal Assistance (co-located with UbiComp 2018), which will take place on 8th October 2018 in Singapore. The paper describes the concept, implementation and evaluation of the Privacy Friendly Password Generator app, which can be downloaded in Google Play Store. The app aids users in generating and managing their passwords.https://upa18.weebly.com
|Paper accepted at the HICSS-52 conference (18-08-2018)|
The paper "A Proxy Voting Scheme Ensuring Participation Privacy and Receipt-Freeness" by Oksana Kulyk and Melanie Volkamer has been accepted for publication at the 52. Hawaii International Conference on System Sciences (HICSS-52), which will take place on 8.-11. January in Grand Wailea, Maui. The conference is A-ranked according to CORE.http://hicss.hawaii.edu
|Benjamin Reinheimer is doing his summer internship at the International Computer Science Institut (ICSI) (15-08-2018)|
The International Computer Science Institute (ICSI) is an independent, non-profit institute in the field of computer science (Computer Networking, Brain Networks, Usable Security and Privacy and Cybermanufacturing). The institute is located in Berkeley, CA, and has been affiliated with UC Berkeley since its foundation in 1988.
|"Privacy-friendly Cookie Settings" browser extension is available in Chrome Store (31-07-2018)|
An extension for Google Chrome, “Privacy-friendly Cookie Settings”, designed to support the users in their cookie configuration, is available for download in Chrome Store. The extension aims to support the lay users by providing explanations for the available cookie settings, enables easier navigation through the settings via an assistant mode and supports fine-grained configuration with the possibility of website-specific settings.https://secuso.org/privacy-friendly-cookie-settings
|Paper accepted at the E-Vote-ID Conference (22-07-2018)|
The paper "Usability is not Enough: Lessons Learned from 'Human Factors in Security' Research for Verifiability" by Oksana Kulyk und Melanie Volkamer has been accepted for publication at the 3. International Joint Conference on Electronic Voting (E-Vote-ID 2018), which will take place on 2.-5. October in Bregenz, Austria.https://www.e-vote-id.org/
|Paper accepted at the Journal "Datenschutz und Datensicherheit" (20-07-2018)|
The paper "Nutzerwahrnehmung der Ende-zu-Ende-Verschlüsselung in WhatsApp" by Nina Gerber, Verena Zimmermann, Birgit Henhapl, Sinem Emeröz, Tobias Hilt and Melanie Volkamer has been accepted for publication at the journal "Datenschutz und Datensicherheit".https://link.springer.com/journal/11623
|Two papers accepted at International Symposium on Human Aspects of Information Security & Assurance 2018 (11-07-2018)|
The two papers "Motivating Users To Consider Recommendations On Password Management Strategies" by Peter Mayer, Alexandra Kunz, and Melanie Volkamer as well "The Quest to Replace Passwords Revisited – Rating Authentication Schemes" by Verena Zimmermann, Nina Gerber, Marius Kleboth, Alexandra von Preuschen, Konstantin Schmidt, and Peter Mayer have been accepted for publication at International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018), which will take place on 29.-31. October in Dundee, Scotland.http://haisa.org
|Paper accepted at 4. USP Workshop at MUC 2018 (11-07-2018)|
The paper "Evaluation der Nutzbarkeit von PGP und S/MIME in Thunderbird" by Nina Gerber, Marco Ghiglieri and Birgit Henhapl was accepted at the 4th Usable Security and Privacy Workshop at the Mensch und Computer 2018, which will be held on September 2 in Dresden, Germany.Link_more
|Human Factors in Security & Privacys in IoT|
We are co-guest editing a special issue on human factors in security and privacy in IoT for thei informatics journal. The submission deadline is November 30 2018.Link_more11.06.2018
|2 Workshop papers and 2 posters accepted at SOUPS 2018|
|Paper accepted at SOUPS 2018|
The paper "Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios" by Melanie Volkamer, Andreas Gutmann, Karen Renaud, Paul Gerber, and Peter Mayer was accepted for publication at the USENIX conference Symposium on Usable Privacy and Security (SOUPS), which represents the primary venue for research in usable privacy and usable security. The conference will be held August 12–14, 2018 in Baltimore (USA).Link_more
|Paper accepted at ARES 2018|
The paper „Finally Johnny Can Encrypt. But Does This Make Him Feel More Secure?” by Nina Gerber, Verena Zimmermann, Birgit Henhapl, Sinem Emeröz and Melanie Volkamer was accepted at the 13th International Conference on Availability, Reliability and Security (ARES), which will be held from August 27 to August 30 at the University of Hamburg, Germany.Link_more
|Paper accepted at the TrustBus 2018 conference|
The paper " Phishing Detection: Developing and Evaluating a Five Minutes Security Awareness Video" by Melanie Volkamer, Karen Renaud, Benjamin Maximilian Reinheimer, Philipp Rack, Marco Ghiglieri, Peter Mayer, Alexandra Kunz, Nina Gerber has been accepted at the TrustBus 2018 (15th International Conference on Trust, Privacy and Security in Digital Business).Link_more
|Melanie Volkamer referiert bei der Auftaktveranstaltung zur diesjährigen Wissenschaftsreihe EFFEKTE der Stadt Karlsruhe [German only]|
Ein Jahr, zwölf Ausgaben Wissenschaftskommunikation, vier Veranstaltungsorte – ab dem 5. Juni 2018 ist die EFFEKTE-Reihe wieder mit einem abwechslungsreichen Programm der verschiedenen Karlsruher Wissenschaftseinrichtungen an einem Dienstag auf dem Gelände des Alten Schlachthofs zu Gast. Unter dem Motto "Karlsruhe 4.0" finden Sie hier das Programm und alle Themenabende des ersten Veranstaltungshalbjahres. Alle Veranstaltungen sind kostenfrei. Die Auftaktveranstaltung steht unter dem Motto "Digitalisierung: Risiken, Gefahren und Lösungen" und findet am 5. Juni von 19:30 bis 22:00 Uhr im Tollhaus statt. Welche Risiken das sind und wie die neuen Herausforderungen gemeistert werde können, darüber sprechen Dr. Dirk Achenbach vom FZI Forschungszentrum Informatik, Dr. Michael Friedewald vom Fraunhofer-Institut für System- und Innovationsforschung und Prof. Dr. Melanie Volkamer vom Karlsruher Institut für Technologie.Link_more
|Paper accepted at IEEE TrustCom 2018 conference|
The paper "A Concept and Evaluation of Usable and Fine-Grained Privacy-Friendly Cookie Settings Interface" by Oksana Kulyk, Peter Mayer, Oliver Käfer and Melanie Volkamer was accepted at the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom-18), which is A-ranked.Link_more
|Best paper award at SAC 2018|
The paper „Helping John to Make Informed Decisions on Using Social Login“ by Farzaneh Karegar, Nina Gerber, Melanie Volkamer and Simone Fischer-Hübner won a best paper award in the theme „System Software and Security” at SAC 2018.Link_more
|21st International E-Voting Colloquium at KIT|
On April 9th and 10th, Melanie Volkamer and Oksana Kulyk co-organised the 21st E-Voting Colloquium at Karlsruhe Institute of Technology together with the KASTEL professors Prof. Dr. Bernhard Beckert and Prof. Dr. Jörn Müller-Quade.
Since 2006, the colloquium takes place in order to consider different aspects of E-Voting, such as legal hurdles, identity management, legal and technical aspects, costs and challenges of the verification of elections. In addition to presentations and discussions dedicated to the current state of research of the participating doctoral students, the highlight of this year's colloquium was the demo session of the voting machines from the SECUSO research group. The presented machines included the mechanical voting device 'System Darmstadt' and a NEDAP voting computer, both were used in the past for legally binding elections in Germany, yet are currently not allowed to be used for such elections anymore. Furthermore, the EasyVote system has been presented, which was developed within the SECUSO research group for elections that allow cumulative voting and panachage.Link_more
|Paper accepted for EuroUSEC|
|Paper accepted for publication in the Computers & Security Journal|
The paper „Explaining the Privacy Paradox - A systematic review of literature investigating privacy attitude and behavior” by Nina Gerber, Paul Gerber and Melanie Volkamer was accepted for publication in the Computers & Security Journal.Link_more
|Two articles have been published in the Datenschutz und Datensicherheit journal|
The article “Analyse der Sicherheit und Erinnerbarkeit der DsiN-Passwortkarte“ by Peter Mayer, Alexandra Kunz and Melanie Volkamer, as well as the article “Effektiver Schutz vor betrügerischen Nachrichten“ by Stephan Neumann, Benjamin Reinheimer, Melanie Volkamer, Alexandra Kunz and Christian Schwartz were accepted for the journal DuD Datenschutz und Datensicherheit. In the same issue you can find an article from KASTEL colleagues Jürgen Beyerer, Jörn Müller-Quade und Ralf Reussner on the topic of “Karlsruher Thesen zur Digitalen Souveränität Europas”.Link_more
|Happy Easter! Online-Fraud-Video is now available in English (31-03-2018)|
As a little Easter surprise, we are happy to announce that our educational Video "Online-Fraud - How to identify and avoid dangers" is now also available in English. The popular five-minute video on the topic how to identify and avoid dangers by identifying them through education, is a result of scientific evaluation of the effectiveness in regard to the recognition of fraudulent messages.
Happy Easter and stay safe, the SECUSO-Research GroupLink_more
|The family of Privacy Friendly Apps has grown (29-03-2018)|
SECUSO just published five new Privacy Friendly Apps and two updates.The Privacy Friendly Apps are a group of Android apps that are optimized regarding privacy. All apps were developed within SECUSO's usable security and privacy lab by students. The lab aims to teach privacy-aware developed as well as app development.
The new apps are:
The updated apps are:
|SECUSO researcher organizes E-VOTE-ID 2018 (13-03-2018)|
Prof. Melanie Volkamer, Professor at the SECUSO research group at Karlsruhe Institute of Technology and Technische Universität Darmstadt is co-organizing the International Conference for Electronic Voting (E-VOTE-ID) 2018.
This conference is one of the leading international events for e-voting experts from all over the world. E-VOTE-ID is an annual meeting formed by merging EVOTE and VoteID. The third joint conference will take place in October 2018.
One of its major objectives is to provide a forum for interdisciplinary and open discussion of all issues relating to electronic voting. Cumulatively, since 2004 more than 750 experts from 35+ countries in six continents have attended this conference to discuss electronic voting and related topics.
The aim of the conference is to bring together e-voting specialists working in academia, politics, government and industry in order to discuss various aspects of all forms of electronic voting (including, but not limited, to polling stations, kiosks, ballot scanners and remote voting by electronic means) in three conference tracks and a PhD colloquium.
The E-Vote-ID 2018 will be held in Bregenz, Austria, on October 2-5, 2018.Link_more
|Privacy Friendly Weather offers more security and enhanced usability (19-03-2018)|
Our Privacy Friendly App "Weather" received a big update.
Due to the usage of HTTPs for forecast requests the app offers an enhanced security and privacy. Furthermore, Privacy Friendly Weather's userinterface was redesigned. Besides design improvements, the app now offers a better performance. Forecast data are loaded more efficiently and the app starts faster.
Three configurable widgets form a further highlight.Link_more
|SECUSO bei der ZKI Tagung in Konstanz (09-03-2018)|
Im Rahmen der Tagung des Unterarbeitskreises "IT-Sicherheit" des Vereins der Zentren für Kommunikationsverarbeitung in Forschung und Lehre (ZKI e.V.) an der Universität Konstanz gibt Dr. Marco Ghiglieri am 14.03.2018 einen Vortrag zum Thema "Wie Sie sich mit effektiven Maßnahmen gegen Phishing und andere gefährliche Nachrichten schützen können".
Materialien zum Thema "Phishing und andere gefährliche Nachrichten" wurden u.a. innerhalb des vom Bundesministerium für Wirtschaft und Energie im Rahmen der Initiative IT-Sicherheit in der Wirtschaft geförderten Projekts KMU AWARE entwickelt.
|SECUSO researcher organizes iPAT 2018 (05-03-2018)|
SECUSO researcher Nina Gerber is co-organizing the 1st Interdisciplinary Workshop on Privacy and Trust (iPAT 2018).
The workshop is held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018) in Hamburg, Germany, on August 27th. The aim of this workshop is to bring together researchers from different fields in order to support users in protecting their private data. An interdisciplinary approach is needed to develop privacy enhancing technologies that address not only technical aspect, but also aspects related to usability, psychology, economy, sociology, philosophy, and law. This interdisciplinary workshop thus seeks submissions from a wide range of disciplines (computer science, usability, law, economics, psychology, sociology, philosophy, ethics, …) that cover the various aspects of privacy and trust.
Submissions are due to May 4th.Link_more
|Safer Internet Day - SECUSO informiert, wie Sie sich vor Online-Betrug schützen können (06-02-2018)|
Heute findet bereits zum 19. Mal der weltweite Safer Internet Day statt. Auch das AIFB und KASTEL beteiligen sich am Aktionstag: Anlässlich des diesjährigen Tags für mehr Internetsicherheit haben wir unseren NoPhish Flyer erweitert, um Ihnen aufzuzeigen, wie Sie sich vor Online-Betrug im Allgemeinen schützen können.
Viel Spaß beim Nicht-Betrogen werden.
|ACCESS now available to the public (02-02-2018)|
ACCESS - Authentication ChoiCE Support System - is a platform that helps developers and decision makers to select appropriate authentication schemes for their application scenarios. It allows specifying the requirements needed for an authentication scheme to be suitable. Then, the platform compares the requirements with the entries of its knowledge base and lists the five most suitable authentication schemes. The knowledge base contains data about a variety of authentication schemes from the scientific literature. ACCESS enables usage of this data by non-experts.Link_more
|Paper accepted at CHI conference (31-01-2018)|
The paper "What Did I Really Vote For? - On the Usability of Verifiable E-Voting Schemes" by Karola Marky, Oksana Kulyk, Karen Renaud and Melanie Volkamer was accepted at the Conference on Human Factors in Computing Systems (CHI 2018).Link_more
|Paper accepted at GI-Sicherheit 2018 (29-01-2018)|
The paper "Comparative Usability Evaluation of Cast-as-Intended Verification Approaches in Internet Voting" by Karola Marky, Oksana Kulyk and Melanie Volkamer was accepted at "Sicherheit 2018.Link_more
|Research results from the SECUSO research group added to the iX Info-Hub for Security-Awareness-Ressources (26-01-2018)|
Especially for small and medium-sized enterprises (SMEs) the provision of IT security awareness-raising and education measures is a problem. To support such SMEs, iX has launched the info hub for security awareness resources.
In the course of the project "KMU AWARE" of the German initiative "IT-Sicherheit in der Wirtschaft" of the Federal Ministry of Economics and Energy, numerous awareness-raising and education measures tailored to SMEs have been developed. These measures are now linked in the iX Info-Hub for Security Awareness Resources and therefore easily accessible to interested parties.Link_more
|SECUSO contributes to a textbook on 'Sicherheitskritische Mensch-Computer-Interaktion' (12-01-2018)|
The book 'Sicherheitskritische Mensch-Computer-Interaktion' has been published by Springer. It contains the chapter 'Human Factors in Security' by Paul Gerber, Marco Ghiglieri, Birgit Henhapl, Oksana Kulyk, Karola Marky, Peter Mayer, Benjamin Reinheimer and Melanie Volkamer. Therein, the authors provide an introduction in the topic of human factors in security and present general solutions based on the Human-Centered Security by Design approach.Link_more
|Special issue on e-voting published (01-01-2018)|
"Special issue on e-voting", Journal of Information Security (JISA) 2017 (editors: Budurushi, J., Neumann, S., Renaud, K., Volkamer, M.) is now available.Link_more