News
NoPhish for deaf people (18-03-2024)

In September 2022, the SECUSO research group was awarded the Federal Consumer Protection Prize ("Bundespreis Verbraucherschutz") by the German Foundation for Consumer Protection (DSV) for developing user-friendly and simple concepts and tools that help users of online services, apps and software to protect their privacy. The money will now be used to translate the NoPhish videos into sign language. The rest of the money will be used to evaluate whether these videos can help deaf people to better recognize phishing messages.

More information
SECUSO Paper wins Distinguished Paper Award (15-03-2024)

The paper "Exploring Phishing Threats through QR Codes in Naturalistic Settings" by Filipo Sharevski, Mattia Mossano, Maxime Veit, Gunther Schiefer, and Melanie Volkamer, which was presented at the Symposium on Usable Security (USEC 2024) on February 26, 2024 in San Diego, CA, won the Distinguished Paper Award. The authors explored how people behave around QR codes that might contain phishing links in a naturalistic setting.

Read the paper
SECUSO welcomed guests from Singapore (14-03-2024)

On Wednesday, March 6, 2024, Prof. Lam and Dr. Gondensen from Nanyang Technological University (NTU) in Singapore visited Karlsruhe and also paid a visit to the SECUSO research group. Prof. Lam is Associate Vice President for Strategy and Partnerships at NTU. The focus of the visit was on the KASTEL Engineering Secure Systems - HSF Lab. As part of this, SECUSO demonstrated the various topics (e.g. phishing awareness and authentication with AR/VR) of the research group. These included an interactive table with a digital form of the NoPhish Cardgame, the Phishing Master Shooting Game and a station with devices for authentication in VR or AR, e.g. with the Passglobe graphical password procedure.

Link to Twitter
SECUSO courses in the summer semester (11-03-2024)

On 01.04.2024 the summer semester starts at KIT. The following courses will be organized or co-organized by the SECUSO research group this semester: The lecture "Information Security" (Bachelor), the lab course "Security, Usability, Society" (Bachelor and Master), the seminar "Digital Citizen Science" (Bachelor and Master), the seminar "Team Project Software Development" (Bachelor and Master), and the seminar "E-Voting" (Master). Registration for the courses is now possible.

Overview of all courses
Dagstuhl seminar "Trustworthy Evidence-Based Elections" (08-03-2024)

From October 5 to 10, 2024, the seminar "Trustworthy-Evidence Based Elections" will take place at Schloss Dagstuhl. The seminar is organized by Melanie Volkamer together with Josh Benaloh (Microsoft Corporation), Peter Rønne (University of Luxembourg) and Philip Stark (University of California).

Read more
KIT is hiring: PR for "wir-forschen.digital" platform (06-03-2024)

The Karlsruhe Institute of Technology (KIT) is looking for a committed and creative personality for the position of Project Coordination and Marketing for the platform wir-forschen.digital. The platform offers the opportunity to participate in empirical studies at KIT and currently has around 150 citizens on the panel. The aim of the position is to expand the panel to at least 5,000 participants over the next two years and at the same time increase the number of studies offered under the leadership of KIT researchers to at least 20. As part of this, applicants should, among other things, develop a concept for expanding the panel and plan and implement corresponding concepts for public relations. Further information and qualification requirements can be found in the job advertisement.

Apply here
Results of the Citizen Science Project are now published (28-02-2024)

Our SECUSO NoPhish quiz was available on the wir-forschen.digital platform for several months. The project is now finished and the results can be viewed on the platform by logged-in users. In total, the quiz was accessed more than 4000 times. In the area of fraudulent links, most mistakes were made with typos, e.g. mein-paketsrevice.de instead of mein-paketservice.de. These types of phishing tricks are particularly difficult to recognize, as they are based on the fact that people do not read words letter by letter. You should therefore be particularly careful and check the who area of domains carefully. Wir-forschen.digital is a platform on which digital citizen science projects can be created, described and carried out. Interested citizens can register and participate in exciting projects.

See the results
Paper accepted at CHI 2024 (21-02-2024)

The paper "Better Together: The Interplay Between a Phishing Awareness Video and a Link-centric Phishing Support Tool" by Benjamin Berens, Florian Schaub, Mattia Mossano and Melanie Volkamer has been accepted for publication at the Conference on Human Factors in Computing Systems (CHI 2024), which will take place from May 11 to May 16, 2024 in Honolulu, Hawai'i, USA. The paper describes an online study comparing the effectiveness of the NoPhish video and TORPEDO as well as their combination. The combination of the two shows significantly better results in terms of effectiveness in distinguishing between phishing and legitimate messages.

More information
CfP for WASP 2024 published (19-02-2024)

Current contributions from the area of accessible security and privacy can be submitted to the 1st Workshop on Accessible Security and Privacy (WASP 2024). Submission deadline will be March 15, 2024. The workshop is co-located with the 9th IEEE European Symposium on Security and Privacy (EuroS&P 2024). All papers will be published by IEEE CS and posted on the IEEE digital libraries. WASP 2024 will take place July 12, 2024 in Vienna, Austria. Mattia Mossano and Maxime Veit support the conference as members of the program commitee.

More information
Guest talk of Prof. Florian Schaub (16-02-2024)

Next Thursday, February 29, 2024, we welcome Prof. Florian Schaub from Michigan University for a guest lecture in the SECUSO Research Seminar. Prof. Schaub will talk about "Human-centric Privacy Design and Engineering". Based on the his research, Prof. Schaub will discuss in his talk how and why privacy controls are often misaligned with user needs, how public policy aimed at protecting privacy often falls short, and how a human-centric approach to privacy design and engineering can yield usable and useful privacy protections that more effectively meet users' needs and might also benefit companies. The talk will be held in English and in a hybrid setting. Guests are, as always, very welcome!

More information and link to the talk
CfP for EuroUSEC 2024 published (14-02-2024)

Current contributions from the area of usable security can be submitted to the European Symposium on Usable Security (EuroUSEC) 2024. Contributions have to be registered until May 27, 2024. Submission deadline is May, 31, 2024. As in previous years, EuroUSEC will be an independent event without affiliation to any conference. Accepted contributions will be published as part of the International Conference Proceeding Series (ICPS) by ACM. EuroUSEC 2024 will take place September 30 and October 1, 2024 in Karlstad, Sweden. Anne Hennig supports the conference as member of the program commitee.

More information
Project DiTrRe of the Leibniz ScienceCampus has started (12-02-2024)

As part of the Leibniz ScienceCampus "Digital Transformation in Research" (DiTraRe), FIZ Karlsruhe and KIT are focusing on the "digital transformation" and analysing the interdisciplinary effects of growing digitalization in the scientific field in four research clusters. On January 23, 2024, a second consitutional meeting took place at the Institute for Technology Assessment/ITAS. The aim of the meeting was to discuss and strategically advance important aspects of the digital transformation in research. One point of discussion was the further development of the DiTraRe website, which will not only serve as a platform for presenting research results, but will also be designed as a user-friendly information center for interested parties.

About the project
Passwords in schools - Melanie Volkamer on DLF (07-02-2024)

Secure passwords - even for schoolchildren: Melanie Volkamer spoke to Armin Himmelrath about this topic yesterday, February 7, 2024, on the occasion of the Safer Internet Day in the Campus und Karriere program on Deutschlandfunk (DLF). With increasing digitalization in schools and at home, it is clear that secure passwords are already an issue for elementary school. However, according to Prof. Volkamer, what is missing is not so much the knowledge of what a secure password is, but rather concepts on how to teach the data security in schools and especially in the lower grades. It is important to raise awareness among children to the topic of data security at an early age and to illustrate the topic using concrete usage scenarios for pupils.

Listen to the inverview
CfP for E-Vote ID 2024 published (05-02-2024)

Current contributions from the area of electronic voting can be submitted for E-Vote ID 2024. Contributions for the tracks "Security, Usability, and Technical Issues" and "Governance of E-Voting" can be submitted until May 15, 2024. Contributions for the "Election and Practical Experiences" track, and the PhD Colloquium can be submitted until July 10, 2024. The submission deadline for the "Poster and Demo Session" is September 15, 2024. Accepted contributions will be published either in the Springer LNCS Proceedings or via the Gesellschaft für Informatik (GI) as Open Access. E-Vote-ID 2023 will take place in Tarragona, Spain, in October 2024. Melanie Volkamer supports the conference as General Chair together with David Duenas-Cid, Kozminski University Poland, and Peter Rønne, University of Luxembourg, Luxembourg.

More information
Athene Distinguished Lecture postponed again (02-02-2024)

The Athene Distinguished Lecture on e-voting by Melanie Volkamer on November 28, 2023 had to be postponed again. The lecture will now be held on November 26, 2024 from 2 to 3 pm. The topic of the lecture will be the risks of black box voting systems and the challenges of end-to-end verifiable voting systems. The focus will be on the challenges related to voter behavior and how to address these challenges through a human-centered approach. Attendance is available in person or online by registration.

Register here
Every Year Again: Change Your Password Day on February 1st (01-02-2024)

Changing your passwords regularly is an advice that is often heard. Especially today on "Change Your Password Day" it is on everyone's lips again. The thinking behind it seems understandable: If the password is changed regularly, firstly, it is harder to guess and secondly, a password that has fallen into the wrong hands is only of use to the attacker until the next time it is changed. But science shows us that both are misconceptions: Regularly changed passwords are not harder to guess at all, and regularly changing passwords does not automatically lead to secure passwords. To mark Change Your Password Day, we have re-linked (well-known) background knowledge.

Read more
Digilog workshop at ZKM (30-01-2024)

The Digilog project, which was completed in October, is about to start its second round. A kick-off workshop was held at the University of Tübingen in November, at which research topics for the second project were presented. On February 15, 2024, a second round of discussions will now take place at the Center for Art and Media (Zentrum für Kunst und Medien, ZKM) Karlsruhe with the participation of citizens. The workshop, entitled "Zwischen Risiko und Sicherheit. Wie würden Sie den digitalen Wandel gestalten?" (Between risk and security. How would you shape the digital transformation?) will begin with an introduction at 6 pm. Interested parties are cordially invited to take part in the discussions.

About Digilog
BSI refers to NoPhish in the "Cybersicherheits-Lotse" (30-01-2024)

Since yesterday, Monday, 29.01.2024, the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) has been offering the a cybersecurity guide, the "Cybersicherheits-Lotse", on its website. This is intended to provide guidance for consumers and direct them to suitable players and services in digital consumer protection on specific topics. The NoPhish materials from the SECUSO research group are also represented in the pilot on the subject of phishing.

More information
Paper accepted at Voting'24 (29-01-2024)

The paper "Systematic Analyses of a Second Device based cast-as-intended Verifiability Approach" by Tobias Hilt, Benjamin Berens, Tomasz Truderung, Margarita Udovychenko, Stephan Neumann, and Melanie Volkamer was accepted for presentation at the Workshop on Advances in Secure Electronic Voting (Voting'24). The paper examines the manipulation detection of various manipulation attempts in online elections with the help of a second, independent device with which the cast vote can be checked. Voting'24 takes place in conjunction with Financial Crypto on March 8, 2024 in Willemstad, Curaçao.

About the conference
Update for PFA QR Code Scanner (26-01-2024)

We have released the latest version of the Privacy Friendly QR Code Scanner! We have added several new features and fixed some bugs. You can now zoom in the app and select the camera. In addition, any text can be shared with the app to generate a QR code directly from it. The PFA QR Code Scanner is one of the Privacy Friendly Apps for Android developed by the research group SECUSO. All PFAs are available in the Google Play Store and the FDroid Store.

About the apps
Further paper accepted at USEC 2024 (24-01-2024)

The paper “Exploring Phishing Threats through QR Codes in Naturalistic Settings” by Filipo Sharevski, Mattia Mossano, Maxime Veit, Gunther Schiefer and Melanie Volkamer was also accepted for the Symposium on Usable Security (USEC 2024). This work explores how people behave around QR codes that might contain phishing links in a naturalistic setting. The authors found that 67% of the participants opened the link embedded in the QR code without checking were it leads, and that 52% of participants indicated that the pre-text used (a humanitarian campaign) was the main reason for scanning and accessing the link. USEC 2024 will be held in conjunction with NDSS in San Diego, California.

About USEC
Article on Online voting in the DGRI annual report 2021/2022 (23-01-2024)

Melanie Volkamer spoke at the annual conference of the German Association for Law and Informatics (Deutschen Gesellschaft für Recht und Informatik e.V., DGRI) in November 2021 about the topic of "Online elections and resolutions in corporate law". The corresponding article has now been published in the DGRI Yearbook 2021/2022. In the article "Online elections and digital voting - a classification of current developments", Melanie Volkamer, Andreas Mayer, Stephen Neumann, Bernhard Beckert, Jurlind Budurushi, Armin Grünwald, Robert Krimmer, Oksana Kulyk, Ralf Küsters and Jörn Müller-Quade describe the process of online elections using the example of the CDU Federal Party Conference 2021, online elections at the University of Jena and shareholder elections that took place online during the pandemic.

About DGRI
Guest talk of Florian Moser (19-01-2024)

Next week, Friday, January 26, 2024, we welcome Florian Moser for a guest lecture in the SECUSO Research Seminar. Florian will talk about "Verifying your vote: An experience report from developing and operating an independent second device application". Florian is a PhD student at the Center Inria de l'Université de Lorraine. In his talk, he will present an application that served as second device for online voting in the last election of the Gesellschaft für Informatik e.V. (GI). Florian will present the challenges involved in developing and operating the application and show which issues should be resolved before the next online election. The talk will be held hybrid from 1 to 2 pm and guests are very welcome!

More information and link to the talk
Paper accepted at USEC 2024 (17-01-2024)

The vision paper "Towards Fully Shoulder-Surfing Resistant and Usable Authentication for Virtual Reality" by Tobias Länge, Philipp Matheis, Reyhan Düzgün, Melanie Volkamer, and Peter Mayer was accepted for presentation at the Symposium on Usable Security (USEC 2024). Virtual reality (VR) has recently been used more and more in both the private and commercial sectors. In order to protect data on VR devices, a secure authentication method is required that can also withstand an observation attack (shoulder surfing). The paper presents various authentication methods that are resistant to shoulder surfing and evaluates them in a user study. USEC 2024 takes place on February 26, 2024 in San Diego, California. 

About USEC
Welcome Raphael Morisco (16-01-2024)

We welcome Raphael Morisco as a new PostDoc in the SECUSO team! Raphael received his doctorate last year in December 2023 at the University of Bielefeld on the topic of media literacy and IT security. In parallel, he worked at the KIT at the Center for Media Learning (ZML): here in various projects (DigiMINT; Eucor; MINTernational innovativ). Prior to that, he worked as a technical editor at an international IT company headquartered in Gütersloh, which is part of the Bertelsmann Group, and for several years in corporate security at one of the two largest confectionery producers in Germany. Since 01.01.2024, he is now part of the SECUSO team as a postdoc and is investigating the effects of the increasing digitalization of scientific work at the Leibniz ScienceCampus "Digital Transformation in Research" (DiTraRe).

Mehr Informationen
Christmas greetings from SECUSO (20-12-2023)

2023 marks the end of a very good year for SECUSO with a wide range of research work. A total of 17 scientific publications on email security, online elections and much more were published this year. We completed the three-year INSPECTION project funded by the BMBF. Since this year, all of our privacy-friendly apps have also become even better thanks to the connection to the backup app - we are still looking for app patrons!  There have also been some changes to the SECUSO team and our alumni. We were particularly pleased to welcome our colleague Sanchari Das from the University of Denver in October. We have summarized all the information in our Christmas post. We wish you lots of fun reading!

 

Read the Christmas greetings

Cooperation with the TU Darmstadt (20-12-2023)

As part of the project “Effective Security Awareness at KIT,” the research group will cooperate with the Technical University of Darmstadt in the future. The aim of this cooperation is to develop and evaluate measures to raise awareness among university members in the area of information security.

To the project
Benjamin Berens invited to participate in the Fair patterns for online interfaces workshop (19-12-2023)

The workshop aims to address dark patterns  (e.g. cookie banners) in digital services, deceptive designs that impact decision-making. Focusing on compliance with regulations like the Digital Services Act (DSA), it brings together experts in law, human-computer interaction, and economics. The workshop intends to work on guidelines for implementations, a shared transdisciplinary vocabulary on complex concepts, such as digital fairness, manipulation types and autonomy; and finally, an intersectoral community that collaborates on various activities to spark the field and devise concrete solutions to dark patterns. The workshop takes place from January 29 to February 2 in the Lorentz Center @ Oort.

More information
Article on forwarding URLs in emails for marketing reasons to be published in CR (11-12-2023)

In the current December issue of the magazine Computer und Recht, you can read our article 'Technische und rechtliche Auseinandersetzung mit Weiterleitungs-URLs in E-Mails aus Marketinggründen' by Maxime Veit, Dirk Müllmann and Melanie Volkamer. The issue will be published on 15 December 2023. The article shows how forwarding URLs for marketing reasons can lead to problems with security awareness measures if they are not used correctly. It also discusses the associated legal challenges and provides recommendations for action. The article complements the article on redirect URLs for security reasons already published in DuD in May 2023.

Link
Police journal pvt reports on INSPECTION (28-11-2023)

The current issue of the police journal pvt POLIZEI VERKEHR + TECHNIK (police, traffic, and tech) reports on the INSPECTION project. The INSPECTION project automatically detects website hacking from the outside. This allows the hackers to be identified specifically, those affected to be informed in targeted manner, and prevention to be made tangible using examples. It is possible to detect website hacking from the outside because fraudsters use the good positioning of existing sites to redirect users to abusive offers such as fake stores, ransomware downloads, Bitcoin portals, phishing, pornography and casino sites with manipulated content. The website remains inconspicuous from the user's point of view, i.e. the normal usability of the website is maintained. This is why the hacking goes unnoticed by those affected for months, or even years.

More information
ScienceCampus on the effects of the increasing digitalization of scientific work started (28-11-2023)

Research findings are increasingly associated with digitalization processes. This applies to both research methods and their communication in science and society. In four research clusters, FIZ Karlsruhe – Leibniz Institute for Information Infrastructure and Karlsruhe Institute of Technology (KIT) will now study the effects of increasing digitalization of scientific work across various disciplines and develop concrete solutions. The Senate of the Leibniz Association considers DiTraRe a “project of high relevance and transdisciplinary innovative power.”. As part of the project, SECUSO will focus on the topics of security and privacy in the area of digital transformation.

More information
Article accepted for Computer & Security (28-11-2023)

The paper "Taking 5 Minutes Protects You for 5 Months: Evaluating an Anti-Phishing Awareness Video" by Benjamin Berens, Mattia Mossano and Melanie Volkamer has been accepted for publication in the journal "Computer & Security". Phishing continues to be a widespread problem and phishing awareness videos can help to spread knowledge quickly. However, the question is how long the knowledge lasts. The article describes a study that was able to prove the positive effect of a five-minute video on the recognition of phishing over five months.

Read the article
Article on online federal elections published in CR (21-11-2023)

The article "Online-Bundestagswahlen – Verfassungsrechtliche Grenzen und technische Herausforderungen" (Online federal elections - constitutional limits and technical challenges) by Amina Gutjahr, Indra Spiecker gen. Döhmann, and Melanie Volkamer has been published in the current issue of the journal Computer und Recht (CR 2023). The article takes an interdisciplinary look at the constitutional requirements of the principles of electoral law and the technical challenges of online federal elections and weighs up the opportunities against the risks. Despite some advantages over postal voting, it harbors great potential for danger and some serious security issues that are difficult to close.

More information
Melanie Volkamer in an interview with SWR2 (09-11-2023)

The surprise is immense when money suddenly and inexplicably goes missing from a bank account. Cybercriminals are increasingly using new methods to scam bank customers for their money. Customers are often left alone with the loss. In the interview, Melanie Volkamer explains how to recognize fraud attempts even in times of AI and sophisticated scams. By being aware of what cannot be faked in an email: The web address behind a link. Users should therefore always take the time to check links carefully.

Listen
Project "Decision-Making in Hybrid Adaptive Systems" started (07-11-2023)

Last week the kick-off for the project "Decision-Making in Hybrid Adaptive Systems for Better Work and Life - An Open Science Approach" took place. The project is funded by the KIT Excellence University Funding Future Fields III. The goal of this Future Fields Stage 3 activity is to lay the groundwork for a long-term coordinated research project (DFG collaborative research center application) on decisionmaking in hybrid adaptive systems. The project will investigate how individuals, teams, and organizations interact with adaptive IT systems in the areas of work and life. In particular, the focus will be on working from home and social media usage in daily life.

More information
Dr. Sanchari Das as guest at SECUSO (27-10-2023)

Dr. Sanchari Das was a guest of the SECUSO research group from October 1 to 31, 2023. Sanchari Das is Assistant Professor at the department of Computer Science in the Ritchie School of Engineering and Computer Science at University of Denver. Her research lab - Security and Privacy Research in New-Age Technology (SPRINT) - focuses on computer security, privacy, education, human-computer interaction, social computing, accessibility, and sustainability of new-age technologies. During her time in Karlsruhe, Sanchari Das held two talks, on in the AIFB Colloquium on the topic of "Beyond the Norm: Exploring Authentication Challenges for Older Adults and Non-WEIRD Populations".

More about Sanchari
Brief Study on E-Voting (27-10-2023)

TAB Brief Study No. 5 provides an overview of the advantages and disadvantages of e-voting. The Office of Technology Assessment at the German Bundestag (TAB) advises parliament and its committees on issues of scientific and technological change. TAB is run by the Institute for Technology Assessment and Systems Analysis (ITAS) of KIT. In addition to assessing the status quo in Germany and other countries, the focus of this study is on the social and political implications of the introduction of e-voting. For this purpose, experts in the field of e-voting were interviewed, among them Prof. Melanie Volkamer.

Read the article
Article accepted for Computer & Security (25-10-2023)

The article "Cookie disclaimers: Dark patterns and lack of transparency" by Benjamin Berens, Mark Bohlender, Heike Dietmann, Chiara Krisam, Oksana Kulyk, and Melanie Volkamer has been accepted for publication in the journal "Computer & Security". Informed consent to data collection via cookies is hindered by several factors, e.g. dark patterns or lack of transparency on behalf of the service providers. The article provides recommendations on how to improve the situation for different stakeholders, namely, for developers and policy makers.

Read the article
Updates for PFA apps (24-10-2023)

We have released updates for some SECUSO Privacy Friendly Apps so that they now support backups using the Privacy Friendly Backup App. All apps where a backup is required now have this support. All of our Privacy Friendly Apps are free and do not require permissions that are not essential for their functionality. They also do not contain advertising or user tracking mechanisms. A list of all apps that support back-ups now can be found here: https://github.com/SecUSo/privacy-friendly-backup#integrated-pfas.

More information
Melanie Volkamer supports CHI as AC (24-10-2023)

Melanie Volkamer is Associate Chair (AC) for the conference on Human Factors in Computing Systems (CHI 2024) ‘Privacy & Security’. Associate Chairs match papers and reviewers with the intent that experts review each paper. This matching is made possible through a combination of what the Associate Chair knows about the reviewer – from their sample publication match, and/or from their research profile on the web – and what they know about the paper. CHI will take place on the island of Oʻahu, Hawaiʻi, USA from May 11 to 16, 2024.

More information
Athene Disinguished Lecture postponed (24-10-2023)

The Athene Distinguished Lecture on e-voting by Melanie Volkamer on November 28, 2023 is postponed. The topic of the lecture will be the risks of black box voting systems and the challenges of end-to-end verifiable voting systems. The focus will be on the challenges related to voter behavior and how to address these challenges through a human-centered approach. The lecture will now be held on February 13, 2024 from 2 to 3 pm. Attendance is available in person or online by registration.

More information
KASTEL Distinguished Lecture (13-10-2023)

Next Thursday, October 19, 2023, the next KASTEL Distinguished Lecture will take place. Gast for this talk is Martin Kleppman, Chair of Distributed Systems & Operating Systems at the Technical University of Munich. His talk will be on "Byzantine Fault Tolerance for Peer-to-Peer Collaboration Software", where he will introduce work-in-progress research on making collaboration software robust against malicious (Byzantine) peers. Hint: there are no consensus algorithms and no blockchains involved! The talk will take place at 4pm in the Tulla Hörsaal (CS, Building 11.40) at KIT.

More information
Project with the "Studienstiftung des deutschen Volkes" has ended (12-10-2023)

Under the title "Hello, you've got a security problem!", students at the Natural and Engineering Sciences College, an event organized by the Studienstiftung des deutschen Volkes (German National Academic Foundation), have been working on the topic of identifying vulnerabilities and notifying affected companies over the past two years. The working group examined poorly implemented IT security and data protection mechanisms, as well as the language used by the providers. Affected companies were then notified to find out if they were aware of the problems and what, if anything, was preventing them from fixing the issues. The last phase of the college came to an end in September. Scientific support for the workshop was provided by Prof. Melanie Volkamer and Prof. Dominik Herrmann, University of Bamberg.

More information
INSPECTION Final Meeting in Constance (28-09-2023)

With the Rhine river and Lake Constance in sight, consortium partners and interested parties in the INSPECTION project met on Monday, September 25, 2023, for a preliminary final meeting in Constance. The - partly preliminary - results of all work packages were presented and summarized. In addition, an outlook was given on possible further questions that arose from the project results. Anne Hennig, representing the research group SECUSO, presented the preliminary results of the notification experiment and presented a first version of the second awareness video. For mindup Web & Intelligence GmbH, the project duration ends at the end of September 2023; BDO Wirtschaftsprüfungsgesellschaft and the SECUSO research group will continue to finalize the results until the end of November 2023. The focus will be on the evaluation of the second awareness video and processing information for website owner.

More on the project
Article examines behavioral biometrics (18-09-2023)

Many people already know that social media platforms collect user data. However, the fact that new technologies can now collect behavioral biometric data such as body movements, hand gestures, eye movements, the human voice, or heartbeats and brain activity in addition to the known data is still largely unexplored. The article "Zu Risiken und Anonymisierungen von Verhaltensbiometrie" (On Risks and Anonymizations of Behavioral Biometrics) by Simon Hanisch, Julian Todt, Melanie Volkamer, and Thorsten Strufe examines what information is contained in biometric data and, which privacy settings are necessary to prohibit or at least anonymize the sharing of these data. The article is published in the book series "Privatheit und Selbsbestimmung in der digitalen Welt" (Privacy and self-determination in the digital world) in the volume "Daten-Fairness in einer globalisierten Welt" (Data fairness in a globalized world).

Read the article
ECO News on INSPECTION (13-09-2023)

The Internet Industry Association ECO interviewed Dr. Peter Mayer and Anne Hennig about the INSPECTION research project. Among other things, they clarified the question of what INSPECTION actually is and which questions are being investigated as part of the project. An outlook was also given on how the research results can be used further and which insights for future projects and research approaches result from the project. Anne Hennig will also present the findings gained in the project on September 21, 2023, as part of the Internet Security Days (ISD 2023) at Phantasialand in Brühl.

Read the interview
KD²Lab opens for the public (11-09-2023)

On September 14, 2023, a discovery tour through Karlsruhe will take place as part of the "Tage der Demokratie" (Days of Democracy), where the KD²Lab can also be visited. The purpose of the discovery tour is to explore places in Karlsruhe that enable citizens to participate in research and get involved. During our discovery tour, the participants will get to know the KD²Lab, Karl9 and the Stiftung Forum Recht. The tour is organized by TRIANGEL Open Space. Please register by e-mail.

More infos and registration
Protect your smartphone - Tipps from SECUSO (07-09-2023)

The Trier Volksfreund newspaper presents 11 steps on how to make your smartphone as secure as possible. The first three tips, according to the newspaper, are "install updates," "install only necessary apps," and "avoid jailbreaks." Prof. Melanie Volkamer and Dr. Peter Mayer are quoted in the article. By the way: The SECUSO Privacy Friendly Apps also make it possible to keep control over your devices.

Read the article
Workstreams present results in the BSI (04-09-2023)

On Monday, August 28, 2023, this year's workstreams presented the results of their work in the "Dialog für Cybersicherheit" (Dialogue for Cybersecurity) at the Federal Office for Information Security (BSI) in Bonn. Anne Hennig participated for the research group SECUSO in the workstream "UpSchooling", in which teaching materials and approaches to the topic of cybersecurity were developed and further thought out together with students. In the Dialogue for Cybersecurity - project, various actors from civil society as well as from science, culture and media, business and government work on topics relevant to society as a whole in the field of cybersecurity. The next cycle in the project starts in October with the think tank in Frankfurt/Main.

More information
More paper accepted at EuroUSEC 2023 (30-08-2023)

Two more SECUSO-Paper were accepted for the European Symposium on Usable Security (EuroUSEC 2023). Organisations can only respond effectively to information security incidents when employees know how to identify and report them. In their work "Encouraging Organisational Information Security Incident Reporting" Fabian Lucas Ballreich, Melanie Volkamer, Dirk Müllmann, Benjamin Maximilian Berens, Elena Marie Häußler and Karen V. Renaud developed an information text for employees, evaluated the text with a user study and applied it in practice with a company. The paper “Influence of URL Formatting on Users’ Phishing URL Detection” by Mattia Mossano, Oksana Kulyk, Benjamin Berens, Elena Häuser, and Melanie Volkamer evaluates the effect of URL formatting (aka “domain highlighting”) on the users’ ability to distinguish between phishing URLs and legitimate ones. The results show that URL formatting on its own has a small effect on phishing URL detection, but other factors, such as gender or time spend reading the URL, show a significant influence on it. EuroUSEC 2023 takes place on October 16 and 17, 2023 at the IT University of Copenhagen (ITU) in Copenhagen, Denmark. Registration is open until September 16, 2023.

Register now
Another paper accepted at E-Vote ID 2023 (29-08-2023)

Another SECUSO paper was accepted for E-Vote-ID 2023 in „Track 2: Governance Issues“ and will be published in the Second Proceedings. The paper "Identifying Factors Studied for Voter Trust in E-Voting – A Literature Review“ by Yannick Erb, David Duenas-Cid, and Melanie Volkamer examines which factors potentially influence voter trust in electronic voting (e-voting). Through an analysis of 13 articles from the e-voting field, a total of around 64 potential factors in five categories, ranging from socio-political to technology-related factors, were identified which can influence voter trust either positively, negatively, or in both directions. E-Vote-ID will take place from October 03 to 06, 2023 in Luxembourg City, Luxembourg. Early bird registration is possible until September 10, 2023.

Register now
SECUSO at the 5th "CyberSicherheitsForum" (Cyber-Security-Forum) (24-08-2023)

As already announced, the 5th "CyberSicherheitsForum" will take place on September 15, 2023, at the IHK Region Stuttgart and online. The topic of this year's "CyberSicherheitsForum" is "Cyber Resilience". SECUSO will present STAR as well as further information material on prevention at the CyberSicherheitsForum. The event is organized by the Ministry of the Interior, Digitalization and Municipalities as well as the Ministry of Economics, Labor and Tourism in Baden-Württemberg, the Cyber Security Agency, the State Criminal Police Office and the Office for the Protection of the Constitution in Baden-Württemberg as well as the Stuttgart Region Chamber of Commerce and Industry. The program and registrations are now available on the event website.

More on the event
Paper accepted at E-Vote ID 2023 (23-08-2023)

Two SECUSO papers were accepted in the Practitioners Track of E-Vote ID 2023: The paper "German Social Elections in 2023: An Overview and first Analysis" by Tobias Hilt, Oksana Kulyk, and Melanie Volkamer uses a cognitive walkthrough to examine the first German online election, the Social Election 2023. The authors identified some ambiguities and showed potential for improvement. The paper "Voter Perception of Cast-as-Intended Verifiability in the Estonian i-vote protocol" by Tobias Hilt, Kati Sein, Tanel Mällo, Melanie Volkamer, and Jan Willemson used semi-structured interviews to investigate the perception of individual verifiability in online elections in the aftermath of the 2013 parliamentary election in Estonia. E-Vote-ID will take place from October 03 to 06, 2023 in Luxembourg City, Luxembourg.

E-Vote ID 2023
SECUSO poster wins Poster Award at SOUPS (17-08-2023)

The poster "Beware of website hackers: Developing an awareness video to warn for website hacking" by Anne Hennig, Leoni Schmidt-Enke, Miriam Mutter and Peter Mayer, which was presented at the 19th Symposium on Usable Privacy and Security (SOUPS 2023) last week in Anaheim, CA, has been awarded "Best Poster". The authors describe the development of an awareness video to raise awareness for attacks where hackers place redirects to fake shops in the file system of websites.

The poster
Melanie Volkamer in expert discussion on the topic of usable IT security (27-07-2023)

Melanie Volkamer was invited as an expert to the expert discussion with the topic "Sichere digitale Teilhabe in der hypervernetzten Welt – Benutzbare IT-Sicherheit" (Secure digital participation in the hyperconnected world - Usable IT security). The expert discussion is organized by the Federal Ministry of Education and Research and will take place on Wednesday, September 6, 2023. A central challenge of the increasing digital connectivity is to make this "hyperconnectivity" reliable and secure. Usable IT security is an essential element for this. The aim of the expert discussion with representatives of the scientific community is to identify relevant aspects of future research and development in the area of usable IT security, which can be implemented in the form of a funding program.

Flagshio initiative hyperconnectivity
School workshop in the "Dialogue for Cybersecurity" (25-07-2023)

On Thursday, July 20, 2023, the second participatory school workshop in the workstream "UpSchooling" in the "Dialogue for Cyber Security" took place at the English Institute in Heidelberg. This year, Anne Hennig represents the research group SECUSO at the "Dialogue for Cybersecurity", and participated in this context in the development and implementation of the modules for the workshop at the Heidelberg school. In the "Dialogue for Cyber Security" project, various stakeholders from civil society as well as from science, culture and media, business and government exchange ideas on cyber security topics in workstreams. Two workstreams were selected for the current cycle, "BuntesBugBounty" and "UpSchooling".

About the project
Paper accepted at EuroUSEC 2023 (20-07-2023)

The vision paper "What the hack is going on? A first look at how website owners became aware that their website was hacked" by Anne Hennig, Nhu Thi Thanh Vuong and Peter Mayer was accepted for presentation at the European Symposium on Usable Security (EuroUSEC 2023). To gain insight on how website owners became aware of vulnerabilities on their websites, the authors conducted an online survey with 156 website owners. The paper reports on challenges to reach out to website owners as well as first results on how website owners are informed about third party redirects on their websites. EuroUSEC 2023 takes place on October 16 and 17, 2023 at the IT University of Copenhagen (ITU) in Copenhagen, Denmark.

About the conference
Topics for the SECUSO Lab are published (18-07-2023)

The topics for the "Security, Usability and Society" lab in the winter semester have been published. In the lab, students deal with both programming user-friendly applications in the area of security and privacy, and conducting user studies. Topics this year include, for example, evaluating security advice in ChatGPT, examining the privacy tradeoff in using ChatGPT, or conducting a usability study of mobile authentication for people with rheumatoid arthritis. The registration is possible via the WiWi portal (BA / MA). Topics will be assigned on a first-come, first-served basis until all seats are filled.

More on teaching
Save the date: 5th "CyberSicherheitsForum" (Cyber-Security-Forum) (17-07-2023)

On September 15, 2023, the 5th "CyberSicherheitsForum" will take place at the IHK Region Stuttgart and online. The topic of this year's "CyberSicherheitsForum" is "Cyber Resilience". SECUSO will provide information materials and present STAR at the CyberSicherheitsForum. The event is organized by the Ministries of the Interior, Digitalization and Municipalities as well as the Ministry of Economics, Labor and Tourism in Baden-Württemberg, the Cyber Security Agency, the State Criminal Police Office and the Office for the Protection of the Constitution in Baden-Württemberg as well as the Stuttgart Region Chamber of Commerce and Industry. Registrations will be possible from July 2023 via the event website.

More on the event
Several PFAs got an update (05-07-2023)

Several of our Privacy Friendly Apps (PFAs) have received an update: The apps "Pausing Healthy", "Aktiv Pause to Go" and "Shoppingliste" now support the back-up functionalities of the privacy friendly back-up app. Also, a few minor bugs have been fixed. The new versions of the apps are now available in the Google PlayStore and on FDroid.

The SECUSO PFAs
Mattia Mossano on Phishing in the KIT CyberSec School (27-06-2023)

On Tuesday, Jun 13, 2023, Mattia Mossano hold a talk in the seminar of the CyberSec School of KIT. He presented the results of a Phishing study conducted in partnership with IT University of Copenhagen. The study showed how URL formatting (also known as domain highlighting) has little influence on the phishing detection of participants, but that other factors (e.g., hovering time) do show some significant effects. The KIT Graduate School Cyber Security provides doctoral researchers with state-of-the-art technical, scientific, and interdisciplinary skills, enabling them to respond effectively to present and future security challenges. It alos organizes regular networking events like the CyberSec Seminar and serves as a platform for interdisciplinary work and the exchange of ideas among doctoral, post-doctoral, and senior researchers.

Past CyberSec Seminars
Mattia Mossano will give a guest lecture at the University of Pederborn (26-06-2023)

Mattia Mossano has been invited to give a guest lecture on phishing in the Master's course “Usable Security and Privacy”, organised by Prof. Dr. Patricia Arias Cabarcos. Prof. Cabarcos is head of the Human-Centered IT Security (HITS) group within the department of Computer Science at the University of Paderborn. The lecture will be given on Tuesday, July 4, 2023.

More about the group
Talk accepted for the Internet Security Days 2023 (23-06-2023)

The talk "Cybersecurity on the Net - What to do if my company website has been hacked?" has been accepted for presentation at this year's Internet Security Days (ISD 2023). As part of the BMBF-funded research project INSPECTION, websites are found which have third-party redirects to fake shops. This is an indication that third parties could gain unauthorized access to the file system of a website. In the presentation, this problem will be presented, as well as a way to identify the hacking itself. In addition, tips on how to remediate the problem, and protective measures against future hackings are explained. The Internet Security Days are organized annually by the Internet industry association eco and the heise Academy at Phantasialand Brühl and they will take place this year on September 21 and 22, 2023.

More about the event
Paper accepted at MUC 2023 (20-06-2023)

The paper "Nutzerzentrierter Ansatz zur Vereinfachung des Auffindens von Security Policies“ (User-centered approach to simplify the retrieval of security policies) by Lukas Aldag, Fabian Ballreich, Benjamin Berens, and Melanie Volkamer has been accepted for presentation at Mensch und Computer 2023 (MUC 23). An important factor for the effectiveness of security awareness measures in companies is the awareness and consistency of security policies. In the context of a case study, a user-centered approach was used to iteratively develop a document that provides users with an overview of all relevant individual documents, and a process for publicizing the approach. The process was evaluated and lessons learned were derived. MUC 2023 will take place from September 3 to 6, 2023 in Rapperswill, CH.

More about the conference
Poster accepted at SOUPS'23 (15-06-2023)

The poster "Beware of website hackers: Developing an awareness video to warn for website hacking" by Anne Hennig, Leoni Schmidt-Enke, Miriam Mutter and Peter Mayer has been accepted for presentation at the 19th Symposium on Usable Privacy and Security (SOUPS 2023). The authors describe the development of an awareness video to raise awareness for attacks where hackers place redirects to fake shops in the file system of websites. SOUPS will take place August 6-8, 2023 in Anaheim, CA.

More about the conference
Future of Human Centered Privacy (13-06-2023)

Benjamin Berens was in London from June 5 to 7, 2023 to talk with other researchers about the future of human-centered privacy research. Future challenges and open research questions were discussed with experts from the fields of security, data protection / privacy and Human Computer Interaction (HCI). Topics for this included inclusive privacy, privacy & AI, multi-user privacy, or privacy decisions and communication. In addition, attendees presented their previous research in this area - SECUSO for example presented work in smart home environments and cookie disclaimers.

More about the event
Save the date: Athene Distinguished Lecture on E-Voting (06-06-2023)

Free, secret, universal and equal elections are the core element of democracies. In many cases the default voting channel is the paper one. However, due to the pandemic, more and more election management boards considered using remote electronic voting systems and several decided to actually offer an electronic voting channel. On November 28, 2023 Melanie Volkamer will discuss risks of black box voting systems as well as challenges of end-to-end verifiable voting schemes in the Athene Distinguished Lectures Series. The focus will be voter behaviour related challenges and how these challenges can be addressed when taking a human centred approach.

Learn more
Reminder: Submit to E-Vote ID 2023 (01-06-2023)

Remember to submit your recent contributions in the area of electronic voting to E-Vote-ID 2023. Submission of papers for tracks 1 and 2 at this year's Internation Joint Conference on Electronic Voting (E-Vote-ID) is already closed. But contributions can still be submitted to track 3 "Election and Practical Experiences", as well as the PhD colloquium until July 10, 2023. Submissions for the "Poster and Demo Session" are due September 15, 2023. Accepted contributions will be published in the proceedings. E-Vote-ID 2023 will take place from October 3 to 6, 2023, in Luxembourg, Luxembourg.

Learn more
Further DuD article "Redirect URLs in e-mails" published (30-05-2023)

The article "Redirect URLs in e-mails" by Dirk Müllmann, Maxime Veit, and Melanie Volkamer, was also published in the current issue of "Datenschutz und Datensicherheit" (DuD). For better protection against phishing attacks, links in e-mails can be replaced by "redirect URLs" which, when clicked by the recipient, are checked by a service to see if they point to a known phishing site before the web page is accessed. The paper examines the practical and theoretical, technical and legal implications of such a service.

Learn more
Reminder: Submit to EuroUSEC 2023 (26-05-2023)

Remember to submit your recent contributions in the area of usable security to EuroUSEC 2023. Submission of papers for this year's European Symposium on Usable Security (EuroUSEC) is now open. Contributions for the Research Track - mature work that has been completed - and the Vision Track - work in progress or concrete ideas for work that has yet to begin - must be registered by June 5, 2023. Papers have to be submitted by June 9, 2023. Accepted papers will be published in the ACM Proceedings. EuroUSEC 2023 will take place on October 16 and 17, 2023, in Copenhagen, Denmark.

Submit your paper
DuD article on the use of cookies on websites published (25-05-2023)

The article "Cookie use after the TTDSG" by Mark Bohlender, Heike Dietmann, and Melanie Volkamer, was published in the current issue of "Datenschutz und Datensicherheit" (DuD). The investigation of the data protection conformity of cookie messages on the most used German websites from the beginning of 2021 was repeated and extended in mid 2022 after the Telecommunications Telemedia Data Protection Act (TTDSG) came into force. The replication showed: The design of cookie messages was more privacy-friendly in 2022. But 84% of the websites already set cookies that were not technically necessary when the page was accessed. These cookie disclaimers are, therefore, not legally compliant.

Read the article
Dr. Peter Mayer accepted as KASTEL Security Research Lab Fellow (02-05-2023)

Dr. Peter Mayer, former member of the SECUSO research group, has been accepted as KASTEL Security Research Lab Fellow. Peter Mayer worked for the SECUSO research group until 2022 as a PostDoc at KIT. On January 1, 2023, Dr. Mayer transferred to the Department of Mathematics and Computer Science, Section of Artificial Intelligence, Cybersecurity, and Programming Languages at the University of Southern Denmark (SDU), but remains affiliated with KIT. He currently holds the roles of coordinator and co-speaker of the "Human and Societal Factors" research group in the Helmholtz Association funded subtopic "Engineering Secure Systems".

Learn more
Submission for EuroUSEC 2023 now open (27-04-2023)

Submission of papers for this year's European Symposium on Usable Security (EuroUSEC) is now open. Contributions for the Research Track, mature work that has been completed, and the Vision Track, work in progress or concrete ideas for work that has yet to begin, must be registered by June 5, 2023. Accepted papers will be published in the ACM Proceedings. Oksana Kulyk, IT University of Copenhagen (Denmark) and Farzaneh Karegar, Karlstad University (Sweden), will chair this year's conference. From the SECUSO research group, Anne Hennig will support this year's conference as Publicity Chair, together with Agnieszka Kitkowska, Karlstad University (Sweden), and Ali Farooq, University of Turku (Finland). EuroUSEC 2023 will be held in Copenhagen, Denmark, on October 16-17, 2023.

Learn more
Consumer Protection Agency NRW now refers to TORPEDO (19-04-2023)

The Consumer Protection Agency of North Rhine-Westphalia (NRW) now also refers to TORPEDO in its article on Phishing. TORPEDO is an add-on to help users detect fraudulent emails with dangerous links (often referred to as phishing emails). The add-on displays the information relevant to the check directly by the link in a tooltip(-overlay), so that with TORPEDO it is easier to perform the legitimacy check on e-mails. In addition, TORPEDO distinguishes different risk levels of links and thus shows you when it is important to check the web address behind the link before clicking the link. TORPEDO is based on SECUSO's NoPhish concept or can also be used as a supplement to it.

Read the article
Register for the Girl's Day until April 20 (14-04-2023)

On the occasion of the Girls'Day at KIT on April 27, 2023, SECUSO will present security shallenges on the topic "Internet Security - Protect yourself on the Net". In the workshop, participants will learn in exit room style how to recognize fake news and fake websites, and how to protect personal data. We will also show what mistakes one should avoid when creating PINs and passwords, how to encrypt data and make sure, these can only be read by trustworthy people. So join us, let's learn together and overcome these challenges!

The event
INSPECTION is presented at the HWK conference (12-04-2023)

On May 10, 2023, Joachim Feist, Managing Director of mindUp Web + Intelligence GmbH and consortium partner in the INSPECTION research project, will present the project and the detection of hacked websites at the "Consultant Conference" for the IT security ambassadors of the Chambers of Crafts in Baden-Württemberg. Within the research project INSPECTION, which is funded by the German Federal Ministry of Education and Research (BMBF), websites are found that have redirects to fake shops.

About INSPECTION
Funding for Leibniz Science Campus approved (06-04-2023)

Leibniz Science Campuses have the goal to better integrate university and non-university research. The core element is the cooperation between Leibniz institutes and universities or other non-university institutes. With a focus on "Digital Transformation," FIZ Karlsruhe - Leibniz Institute for Information Infrastructure and the Karlsruhe Institute of Technology (KIT) will investigate the effects of the increasing digitalization of scientific work, and develop concrete solutions in an interdisciplinary approach over the next four years. Melanie Volkamer will support the project with a focus on raising awareness of security issues and, for example, pointing out practicable security solutions that can be used to adequately protect sensitive personal data which are collected during research projects.

Read the press release
Cybersecurity on the Web - Keep your website secure (05-04-2023)

On Wednesday, March 29, 2023, Anne Hennig spoke on the topic of "Cybersecurity on the Web - What to do if my company website has been hacked?" as part of the "Innovationsforum" at the 21st Trade Fair for Electrical Engineering, Energy, Buildings and Industry (eltefa 2023). As part of the BMBF-funded research project INSPECTION, websites are detected which contain redirects to fake shops. This is an indication that third parties were able to gain unauthorized access to the file system via a vulnerability. In the presentation, this problem was presented, as well as a way to identify the hacking itself. In addition, tips for troubleshooting and protective measures against future hacking were explained.

More information
Stakeholder of the INSPECTION project met in Hamburg (29-03-2023)

For the second time the consortium partners and interested parties of the INSPECTION project met in person for a status meeting. This time in the offices of BDO AG Wirtschaftsprüfungsgesellschaft in the Hanseatic City of Hamburg. In the meeting the topic "Hackings with Japanese characters" was presented in the area "Finding", which Mr. Feist from mindup Web & Intelligence GmbH is mainly in charge of. In the area "Treatment", Mr. Halder from BDO AG presented the latest findings from the analysis of log files of hacked websites. Among other things, interesting patterns could be identified how attackers scan websites for vulnerabilities. Anne Hennig from the research group SECUSO presented preliminary results of the notification experiment and gave background information on the development and evaluation of a first awareness video.

Read more
Students develop Digital Citizen Science App (24-03-2023)

This year, the SECUSO research group supervised a project for the lecture "Team Project Software Development". The team project is a joint initiative of the KIT Faculty of Computer Science and the KIT Faculty of Economics to give students of business informatics an understanding of the development process of a software project. In the context of the SECUSO topic, five students have dealt with the topic of "Digital Citizen Science" and developed an app that will allow citizens to contribute to various research projects in a simple way in the future. We are looking forward to more exciting projects in the next winter semester!

More about the lecture
Poster presented at the National Conference on IT security research (21-03-2023)

The poster "Your website has been hacked - Raising awareness for an invisible problem" by Anne Hennig, Peter Mayer, and Melanie Volkamer was selected for presentation at this year's National Conference on IT Security Research. The German Federal Ministry of Education and Research (BMBF) hosted the conference which took place from March 13-15, 2023,  in Berlin. The conference, which was held under the motto "Strengthening the digital society", offered a very diverse program and extensive opportunities for exchange across the entire spectrum of research in the field of IT security.

The event
Girls'Day at KIT: SECUSO invites you (17-03-2023)

On the occasion of the Girls'Day at KIT, which will take place in presence at KIT on April 27, 2023 for the first time since the beginning of the Corona Pandemic, SECUSO will present security shallenges on the topic "Internet Security - Protect yourself on the Net". Here, exciting contents on the topics "Phishing", "PIN security" and "Encryption methods" will be conveyed to the participants in a playful way in order to inspire young, future female researchers for the topic of IT security as early as possible. In this way, we are making our contribution towards a more equal society and trying to break down the role model of the typically male-dominated world of computer science in order to create new perspectives and equal opportunities for all.

The event
Anne Hennig on the topic of "Cybersecurity in the Web" at eltefa 2023 (15-03-2023)

On Wednesday, March 29, 2023, Anne Hennig will talk about "Cybersecurity on the Web - What to do if my company website has been hacked?" at the 21st Trade Fair for Electrical Engineering, Energy, Buildings and Industry (eltefa). As part of the INSPECTION research project, websites are examined for security vulnerabilities and those affected are informed accordingly. In addition, awareness materials are currently being developed to provide those affected with targeted information on how to rectify problems and take protective measures. First materials will be presented and discussed during the talk.

More information
Call for papers: EuroUSEC 2023 (13-03-2023)

The Call for Paper for this year's European Symposium on Usable Security (EuroUSEC) is published: Until June 9, 2023, researcher can submit paper for the Research Track, mature work that has been completed, or the Vision Track, work in progress or concrete ideas for work that has yet to begin (mandatory paper registration until June 5, 2023 for both tracks). EuroUSEC serves as a European forum for research and discussion in the area of human factors in security and privacy. Oksana Kulyk, IT University of Copenhagen (Denmark) und Farzaneh Karegar, Karlstad University (Sweden), are this year's program committee chairs. From the SECUSO research group, again, Anne Hennig will support the conference as a Publicity Chair together with Agnieszka Kitkowska, Karlstad University (Sweden), and Ali Farooq, University of Turku (Finland). EuroUSEC 2023 will take place on October 16 and 17, 2023 in Copenhagen, Denmark.

Read the CfP
Test the Microsoft HoloLens and earn 15€! (10-03-2023)

As part of a study to test an innovative password procedure for the augmented reality glasses Microsoft HoloLens, we are looking for participants. The study will be conducted in the building at Kronenplatz, Kaiserstraße 89 and will take about 30 minutes. Participants will receive an expense allowance of 15€ after successful participation. It is required to read instructions in German. Persons wearing glasses are excluded from participation. However, participation with contact lenses is possible. To register for the study write an e-mail to ar(at)secuso.org or choose an available time-slot from https://terminplaner6.dfn.de/b/7d8a04f2f4ba18be9524e56e86d2a5fb-135831.

More information
Update on the " Dialogue for cyber security" (08-03-2023)

In the "Dialog for Cyber Security" project, various stakeholders from civil society as well as from academia, culture and media, business and government exchange ideas on cyber security topics in workstreams. Two workstreams were selected for the current cycle, "BuntesBugBounty" and "UpSchooling." After an initial planning and research phase, the workstreams are now moving into the planning and implementation phase. Anne Hennig represents the SECUSO research group this year at the Dialogue for Cybersecurity in the workstream "Upschooling", in which a participatory workshop for students on current topics of IT security is to be designed.

To the project website
Benjamin Berens on "IT Security with and for Consumers (07-03-2023)

Last week, on February 28, 2023, Benjamin Berens presented the topic "Effective Security Awareness" at the 1st conference "Digitaler Alltag in Gefahr?" and discussed the topic "Designing IT security with and for consumers" together with Prof. Kerstin Lemke-Rust (Bonn-Rhein-Sieg University of Applied Sciences) and Dr. Frank Pallas (TU Berlin). The conference was organized by the German Federal Office for Information Security (BSI) together with the Institute for Consumer Informatics at the Bonn-Rhein-Sieg University of Applied Sciences and the Consumer Research Competence Center North Rhine-Westphalia of the Verbraucherzentrale NRW e.V..

Read the press release
c't tested PFA password generator (24-02-2023)

The German magazine for computer technology c't reported on one of SECUSO's Privacy Friendly Apps (PFA), the PFA Passwort Generator, in its 2/2023 issue. Inventing secure passwords and still not losing track of them - password generators help with this task. Generator apps, such as the Privacy Friendly Password Generator, support users in finding secure passwords by calculating secure, service-specific passwords. Unlike other generator apps, the PFA Password Generator does not require any permissions and does not store the passwords. Saving generated passwords to the clipboard is also not set by default. In addition, all PFAs do not contain any advertising.

Read the article
HCI @KIT (22-02-2023)

Human-computer interaction (HCI) is an interdisciplinary field that is concerned with the design, evaluation, and implementation of interactive computing systems for human use and the study of major phenomena surrounding them. To get an overview about research groups that engage in HCI research at the Karlsruhe Institute of Technology (KIT), a webpage was established to display the different research groups and their areas of expterise.

The website
Extra time for the INSPECTION project (20-02-2023)

The INSPECTION research project, which was supposed to end at the end of May 2023, is being extended. The end of the project period is now dated for the end of November 2023. The aim of the INSPECTION project is to automatically identify hacked websites from the outside by searching the German-speaking Internet and classifying the pages with artificial intelligence methods. Methods are also being developed to inform affected website owners, repair the damage and reduce the risk of future successful attacks. The aim is to raise awareness of the problems among both those affected and stakeholders in the website environment in general.

The project
Poster accepted at the National Conference on IT security research (17-02-2023)

The poster "Ihre Website wurde gehackt - Awareness schaffen für ein unsichtbares Problem" (Your website was hijacked - Raising awareness for an invisible problem) by Anne Hennig, Peter Mayer, and Melanie Volkamer was accepted for presentation at this year's National Conference on IT security research. The conference is organized by the German Federal Ministry of Education and Research and will take place in Berlin from March 13 - 15, 2023. The conference is held under the motto "Strengthening the digitally networked society" and serves as a platform for exchange across the entire spectrum of research in the field of IT security.

The event
We are searching for study partcipants (15-02-2023)

As part of a study to test an innovative password procedure for the augmented reality glasses Microsoft HoloLens, we are now looking for participants. The study will be conducted in the building at Kronenplatz, Kaiserstraße 89 and will take about 30 minutes. Participants will receive an expense allowance of 15€ after successful participation. It is requiered to read instructions in German. Persons wearing glasses are excluded from participation. However, participation with contact lenses is possible. To register for the study write an e-mail to ar(at)secuso.org.

More information
Call for papers: E-Vote-ID 2023 (13-02-2023)

The Call for Papers for this year's International Conference for Electronic Voting (E-Vote-ID9 is out: Submissions for the tracks "Security, Usability, and Technical Issues" as well as "Governance Issues" are due May 15, 2023. Submissions for the track "Election and Practical Experience" as well as the PhD colloquium are due July 10, 2023. And submission for the poster and demo session are due September 15, 2023. The aim of the conference is to bring together e-voting specialists working in academia, politics, government, and industry in order to discuss various aspects of all forms of electronic voting. Peter Rønne will take over from Robert Krimmer and be general chair together with Melanie Volkamer and David Duenas-Cid. Also, this years conference will take place in Luxembourg for the first time, from October 3 - 6, 2023.

Read the CfP
Melanie Volkamer on "Usable Security - Security 'Warnings' 2.0" (09-02-2023)

On Friday, February 24, 2023, Melanie Volkamer will hold the keynote lecture for the 9th International Conference on Information System Security and Privacy (ICISSP 2023). Prof. Volkamer will talk about issues with existing security interventions. She will also propose a framework to address shortcomings with respect to future security interventions. ICISSP is an event where researchers and practitioners can meet and discuss state-of-the-art research about the technological, social, and regulatory challenges that regard the security, privacy, and trust of modern information systems.

More information
New NoPhish video for today's Safer Internet Day (07-02-2023)

It's that time again: Today, February 7, is Safer Internet Day! Since 2004, this day has been used once a year to raise awareness of emerging online issues and current concerns. We took the day as an opportunity to publish the English version of our third NoPhish video. The video presents scenarios in which fraudsters exploit emotions such as stress, time pressure or excitement to steal user data or spread malware. The German version of the video premiered last year for Safer Internet Day.

Watch the video
Paper accepted at TOCHI (03-02-2023)

The paper "Awareness, Intention, (In)Action: Individuals’ Reactions to Data Breaches" by Peter Mayer, Yixin Zou, Byron M. Lowens, Hunter A. Dyer, Khue Le, Florian Schaub, and Adam J. Aviv was accepted for publication in the journal ACM Transactions on Computer-Human Interaction (TOCHI). The study is a follow-up to the USENIX paper "'Now I'm a bit angry:' Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them" from 2021. The main survey in which the authors presented participants with up to three breaches that affected them, was complemented with a follow-up survey in which the authors investigated whether the main study participants followed through with their intentions to act.

The journal
Change Your Password - Better not too often! (01-02-2023)

Changing your passwords regularly is a frequently encountered piece of advice. Especially today on "Change Your Password Day" it is again on many people's lips. The thought behind it seems understandable: First, if the password is changed regularly, it is harder to guess, and second, a password that has fallen into the wrong hands only benefits the attacker until the next time it is changed. But research shows that both recommendations stem from misconceptions: Regularly changed passwords are not harder to guess at all, and regularly changing passwords does not automatically lead to secure passwords. For "Change Your Password Day", we have summarized (well-known) background information.

Read the article
Peter Mayer presents PFA mentorship program (30-01-2023)

On Thusday, January 26 2023, Dr. Peter Mayer presented the SECUSO Privacy Friendly Apps and the PFA mentorship program at the event "Open Source & Cybersecurity - Celebrating International Data Privacy Day 2023" which was organized by the Legal Hackers Luxembourg. At the end of October, some apps were taken out of the Google Play Store and the FDroid Store because the maintenance effort became too high. With the PFA mentorship program, interested parties can take on sponsorships for one or more apps, e.g. by assuming responsibility for further development or supporting the PFA team with human or financial resources.

To the PFA mentorship program
Kastel Distinguished Lecture on February 9, 2023 (27-01-2023)

KASTEL Distinguished Lecture is back: On Thursday, February 9, 2023, Prof. Dr. Dennis Hofheinz from ETH Zurich will be a guest at the KASTEL Distinguished Lecture in Cyber Security. Prof. Hofheinz will speak about "A Personal Perspective on Cryptography." Prof. Hofheinz has been a professor at the Institute for Theoretical Computer Science at ETH Zurich since 2020. Previously, he was a professor at KIT. Prof. Hofheinz works on the foundations of crypthography, and in particular on the design and analysis of cryptographic buliding blocks such as public-key encryption and digital signatures. The event will take place at 4 pm, both online and in presence.

More infos and registration
Benjamin Berens on "IT Security with and for Consumers" (26-01-2023)

On February 28, Benjamin Berens will discuss the topic "Designing IT security with and for consumers" together with Prof. Kerstin Lemke-Rust (Bonn-Rhein-Sieg University of Applied Sciences) and Dr. Frank Pallas (TU Berlin) at the 1st conference "Digitaler Alltag in Gefahr?". The conference is organized by the German Federal Office for Information Security (BSI) together with the Institute for Consumer Informatics at the Bonn-Rhein-Sieg University of Applied Sciences and the Consumer Research Competence Center North Rhine-Westphalia of the Verbraucherzentrale NRW e.V.. The registration deadline for participation in the conference is February 10.

The program
Congratulations Peter Mayer! (26-01-2023)

Congratulations to Peter Mayer on his new position as Assistant Professor with a focus on Usable Security! As of January 1, 2023, Dr. Mayer moved to the Department of Mathematics and Computer Science, Section of Artificial Intelligence, Cybersecurity, and Programming Languages at the University of Southern Denmark (SDU). Peter Mayer worked as a Research Associate, first at TU Darmstadt and later at KIT, from 2014 to 2019, and as a PostDoc at KIT for the SECUSO research group until 2022. Joint research activities will continue to connect Dr. Mayer with KIT and the research group in the future. 

The department
Melanie Volkamer on User-Centered IT Security Research in the city hall (25-01-2023)

On January 30, 2023, the KIT Center Information - Systems - Technologies (KCIST) will present itself in the Bürgersaal at Karlsruhe City Hall. KCIST addresses current research questions and develops technologies and holistic systems for digitization and application-driven artificial intelligence (AI). For this purpose, KCIST bundles expertise and competencies from computer science, economics, electrical and mechanical engineering, information technology, and social sciences. At the event on January 30, which is coordinated by ZAK, scientists will give all interested parties insights into the research and work of the KIT center. On this occasion, Prof. Melanie Volkamer will also speak about "User-Centered IT Security Research".

The program
Video on research results of the TrusD project (13-01-2022)

Im Projekt TrusD (Trust Indicators in the digital World) haben Prof. Dr. Melanie Volkamer, Prof. Dr. Alexander Mädche und Lukas Aldag erforscht, anhand welcher Indikatoren Menschen beurteilen, ob Informationen und Dienste online vertrauenswürdig sind. Da nach wie vor viele Nutzer:innen Probleme damit haben, zum Beispiel betrügerische Webadressen zu erkennen, gehörten auch Aufklärungsmaßnahmen wie die „Bunte Nacht der Digitalisierung“ zum Projekt. TrusD ist Teil des Forschungsverbunds digilog@bw, für dessen Blog Lukas Aldag in einem fünfminütigen Video die Ergebnisse des Projekts zusammengefasst hat.

Watch the video
Helmholtz Association launches its own Mastodon server (13-01-2023)

Since Elon Musk became Twitter CEO in October, the Mastodon network has been gaining popularity as an alternative. Unlike Twitter, Mastodon is decentralized, so users have to choose between more than 12,000 so-called instances when creating their profile, but can still communicate with the entire network. Since December, the Helmholtz Association has its own instance for institutional science communication: https://helmholtz.social/explore. The SECUSO research group has already had a profile on the Mastodon instance of the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information since February 2022.

Our Mastodon account
Christmas greetings from SECUSO (20-12-2022)

2022 was an eventful year: from strict Corona rules, to many relaxations but at the same time new problems due to the Ukraine war. Nevertheless, we at SECUSO tried to make the best out of the situation and continued to research how to make security measures usable for citizens. In addition to exciting research results, there have also been some changes in the team and among the alumni. We also welcomed interesting guests in our Research Seminar and the KASTEL Distinguished Lecture Series, and presented our research results at various events. We summarized all information in our Christmas greetings. We hope you enjoy reading it!

Read the Christmas greetings
Podcast on simulated phishing campaigns (19-12-2022)

In episode 16 of the Security Awareness Insider podcast Melanie Volkamer discussed at the beginning of the year the sense and nonsense of simulated phishing campaigns with Katja Dörlemann, SWITCH, and Markus Beyer. Simulated phishing campaigns promise to be an all-round carefree solution. But this is a false conclusion and simulated phishing campaigns can even harm companies rather than helping them, explains Melanie Volkamer in the podcast. The podcast is now available online.

Listen to the podcast
Citizen Science on the topic of Phishing (15-12-2022)

Since a few month, the SECUSO NoPhish Quiz can be found on the wir-forschen.digital platform. The quiz has been started at least 1000 times since we launched it on the platform. Wir-forschen.digital is a platform on which Digital Citizen Science projects can be created, described and conducted. The platform is a central result of the project project wir-forschen.digital: Wellbeing@Home, which will come to an end at teh end of the year.

To the quiz
BNN report on PFA (14-12-2022)

The Badische Neustesten Nachrichten (BNN) published an article about the Privacy Friendly Apps earlier this year. The article was written on the occasion of the Digital Autonomy Award, which was given to the research group for the Privacy Friendly Apps and the associated "contribution to increasing individual digital sovereignty". 

Read the article
Project wir.forschen.digital: Wellbeing@Home ends (09-12-2022)

At the end of the year, the Digital Citizen Science project wir-forschen.digital: Wellbeing@Home comes to an end. It was funded by the Excellence Initiative. Over the past two years, various sub-projects have developed tools and methods for Digital Citizen Science with which we want to enable and promote the active and comprehensive involvement of citizens in scientific projects. The central result of the project is the wir-forschen.digital platform, on which Digital Citizen Science projects can be created, described and conducted.

The wir-forschen.digtal platform
Newsletter on PFA topics (08-12-2022)

From now on we have an own newsletter for topics related to our Privacy Friendly Apps (PFAs). The goal is to inform interested parties specifically about updates, new releases or other PFA news. For example, at the end of October, some apps were taken out of the Google Play Store and the FDroid Store because the maintenance effort became too high. The PFA mentorship program was also developed in this context. Interested parties can thus take on sponsorships for one or more apps, e.g. by assuming responsibility for further development or supporting the PFA team with human or financial resources.

Subscribe to the newsletter
SECUSO advent calendar (06-12-22)

Good tidings we bring to you and your kin... For this year's December we created a SECUSO advent calender. Every day we will open a little door and present you some of our awareness and training materials. NoPhish, protection of user accounts with secure passwords or Privacy Friendly Apps - we will talk about a little of everything. Follow us on Twitter or Mastodon, so you won't miss anything!

Read all posts
Video available: INSPECTION at SWSD 2022 (02-12-2022)

On October 27, 2022, Anne Hennig presented the research project INSPECTION at the Swiss Websecurity Day 2022 (SWSD). This one day event covered current security issues for Swiss registrars and webhosters. The goal of the INSPECTION project is to crawl the German-speaking Internet and identify hacked websites through methods of artificial intelligence in an automated fashion. Additionally, measures will be developed that allow informing owners of affected websites, mitigate the damage to the websites, and reduce the risk of further successful attacks. The video of the talk is now available.

Watch the video
Review: SECUSO at HM2022 (25-11-2022)

This year, the research group SECUSO presented part of the materials from the NoPhish concept at the Hannover Messe. Among them were the online game Phishing Master and the NoPhish-Quiz, which was presented by STAR, the Security Teaching & Awareness Robot of the research group. Both methods were presented again in detail by Science Square. Science Square is the Speakers' Corner on research and applied science in the "Research & Technology" area of Hannover Messe. The aim of the initiative is to present exhibits and the latest results from science in a generally understandable dialog.

Watch the video
Guidelines for effective security awareness are now available (24-11-2022)

The results of the first cycle in the project "Dialog für Cybersicherheit" (Dialogue for Cybersecurity) are now also avalilable for workstream 4 on effective IT security awareness measures. Workstream 4 was supported by Melanie Volkamer (SECUSO) and Angela Sasse (Ruhr University Bochum). The goal of this workstream was to develop guidelines for creating effective awareness measures. Within the project, which is organized by the German Federal Office for Information Security (BSI), representatives from society entered the dialogue with different stakeholders from academia, culture and media, economy as well as politics.

Read the guidelines
Guidelines for effective security awareness are now available (24-11-2022)

The results of the first cycle in the project "Dialog für Cybersicherheit" (Dialogue for Cybersecurity) are now also avalilable for workstream 4 on effective IT security awareness measures. Workstream 4 was supported by Melanie Volkamer (SECUSO) and Angela Sasse (Ruhr University Bochum). The goal of this workstream was to develop guidelines for creating effective awareness measures. Within the project, which is organized by the German Federal Office for Information Security (BSI), representatives from society entered the dialogue with different stakeholders from academia, culture and media, economy as well as politics.

Zum Leitfaden
Video available: Melanie Volkamer at Big Techday 22 (21-11-2022)

On July 15, 2022, Prof. Melanie Volkamer spoke about the topic "Usable Security Research @ KIT" at the Big Techday 22. First, Prof. Volkamer presented the Human Centered Security by Design approach to achieve a better or appropriate usability of future security measures. Second, she will present a framework which helps those who provide security measures to create security interventions. The video of the presentation is now available on the YouTube channel of the research group.

Watch the video
Poster accepted at ACSAC 2022 (21-11-2022)

The poster “The Phishing Master Anti-Phishing Game" by Heike Dietmann, Tobias Länge, Philipp Matheis, Aleksandra Pawelek, Benjamin Berens, Mattia Mossano, Maxime Veit, Peter Mayer and Melanie Volkamer was accepted for presentation at the Annual Computer Security Applications Conference (ACSAC 2022). The authors will present a publicly available anti-phishing game. In a first study the authors gathered feedback from participants. In general, the response was uniformly positive which makes the antiphishing game a good alternative to estblished anti-phishing materials. ACSAC 2022 will take place in Austin, Texas, from December 5 to 9, 2022.

Watch the video
SECUSO at the Night of Science (16-11-2022)

On the night of November 18, 2022, it's that time again: lectures and attractions will be presented around the Ehrenhof, in the KD2Lab and in the Triangel Open Space until the early morning hours. The research group SECUSO will participate with the "Phishing Table" in the Triangel at Kronenplatz, where interested people can try out two games: One on password security and one on recognizing phishing messages. The "Night of Science" was first organized in January 2016 by the university group of the same name. There, students from various disciplines volunteer to organize exciting lecture series at the Karlsruhe Institute of Technology.

Have a look
Secure handling of fraudulent e-mails (15-11-2022)

About half of the German companies have already become victims of cyberattacks and also the IT infrastructure of KIT is constantly exposed to cyberattacks of various kinds. In the current November issue of the employee magazine "KITdialog", the project "Effective Security Awareness at KIT" is presented, in which a mandatory online training for KIT employees is developed and evaluated. The research group SECUSO as well as the KIT Information Security Officer (Philipp Bunten) and the SCC, in particular the departments IT Security and Service Management as well as KIT-CERT with the support of the body of IT experts are responsible for the project.

 

Read the article

Melanie Volkamer is ARRTI academy member (15-11-2022)

Melanie Volkamer is acadamy member of the KIT Academy for Responsible Research, Teaching, and Innovation (ARRTI). ARRTI fosters critical reflection among KIT students and researchers on their engineering and scientific practices. The academy's key aim is to transform scientific culture from a purely “can do” approach into a “should do” culture in which critical reflection about responsibility is embedded in scientific teaching, research and innovation.

All academy members
Welcome to SECUSO (09-11-2022)

We welcome Tobias Länge and Philipp Matheis as new research assistants in our SECUSO team! Tobias and Philipp supported the research group SECUSO since May 2022 as student assistants. Tobias was mainly working in the development of the Privacy Friendly Apps (PFA). Philipp mainly supported the group in conducting AR and VR studies. Both graduated with a Master's degree in Computer Science at KIT and are supporting SECUSO since November 1, 2022 in the development of the Privacy Friendly Apps and the development of authentication schemes for VR and AR as well as in further projects.

SECUSO team members
SECUSO nominated for German IT Security Award with SMILE-4-VIP (07-11-2022)

A prerequisite for successful digitization is that protective measures are not only effective, but also barrier-free. SMILE-4-VIP is a protective measure that helps people with severe visual impairments and blindness in particular to recognize phishing e-mails. SMILE-4-VIP applies existing phishing research to the processes of visually impaired people when dealing with emails. The winners of this year's 9th German IT Security Award will be announced on Thursday, November 10, 2022, at the Ruhr University Bochum Event Center.

The 2022 finalists
Dr. Karen Renaud as guest in the SECUSO research group (04-11-2022)

Dr. Karen Renaud will accompany the SECUSO research group as KIT International Fellow until November 30, 2022. The visit was already planned for 2021 and had to be postponed several times. Dr. Karen Renaud is Chancellor's Fellow at the University of Strathclyde in Glasgow. Her research focuses on human-centred security. She is interested in the interplay between users and security in the context of societal and industrial use. Dr. Renaud has has done fundamental work in understanding people’s mental models of security in a variety of applications and contexts.

More on Karen
Anne Hennig presents INSPECTION at SWSD 2022 (03-11-2022)

Last Thursday, October 27, 2022, Anne Hennig presented the research project INSPECTION at the Swiss Websecurity Day 2022 (SWSD). This one day event covered current security issues for Swiss registrars and webhosters. The goal of the INSPECTION project is to crawl the German-speaking Internet and identify hacked websites through methods of artificial intelligence in an automated fashion. Additionally, measures will be developed that allow informing owners of affected websites, mitigate the damage to the websites, and reduce the risk of further successful attacks.

SWSD in the media
Cutting down the number of Privacy Friendly Apps in the Play Store and F-droid (31-10-2022)

The number of our Privacy Friendly Apps has increased significantly over time. At the same time, the effort required to maintain the apps became very high. Unfortunately, the resources of our research group are currently no longer sufficient to keep all apps functional at the same time. In order to be able to provide proper support, we will be removing some apps from the Play Store as well as F-droid in the coming days. These include the following apps: Weather, Pedometer, Net Monitor, WiFi Manager and Werewolf app. The source code of the apps will still be available on GitHub. Interested users can still download the app from GitHub to use them. We are always happy to hear if someone likes to take over the maintenance of the apps as part of a mentorship.

 

Info about the mentorship

Help for hacked websites (27-10-2022)

“Think before U Click” - this is not only true in the current times when online shopping is booming. In the INSPECTION project, which is funded by the German Federal Ministry of Education and Research (BMBF), we and our partners from MindUp Intelligence GmbH and BDO AG are taking a closer look at websites that are manipulated by attackers to advertise fake shops. But what are fake shops and how can I recognize whether cybercriminals are abusing my website? We answer these and other questions - not only for this year's European Cyber Security Month - in our FAQ.

More information
SECUSO nominated for NEO Innovation Award with SMILE-4-VI (25-10-2022)

SMILE-4-VIP was among the five concepts nominated for this year's NEO Innovation Award. The award ceremony took place on October 21, 2022 in the Stadthalle Ettlingen. SMILE-4-VIP helps people with high visual impairment and blindness to detect phishing emails. The program combines phishing research with the working techniques of vision-impaired people in dealing with emails. SMILE-4-VIP is an extension for the most popular email clients and enriches the emails there with hints in case of danger. The NEO Innovation Prize, which is awarded by TechnologieRegion Karlsruhe GmbH, is intended to highlight and reward innovative solutions from various areas of cyber security.

More information
European Cyber Security Month (21-10-2022)

October is the European Cyber Security Month (ECSM) and again, SECUSO participates with various activities at the event. For example, Melanie Volkamer was a guest at Géant yesterday, October 20, 2022, for the webinar "To do or not to do: dangers of simulated phishing campaigns". But SECUSO is also involved in ECSM 2022 with its own actions in line with this year's motto "Think Before U Click!". For example, we taught STAR, our Security Teaching Awareness Robot, how to speak English. Even though October is almost over: All actions are of course still available.

Phishing Awareness with STAR in Englisch
Ending event of the DigiLog project (21-10-2022)

On the 13. of October the DigiLog project came to an end, with an event at the "Zentrum für Kunst und Medien" in Karlsruhe. Several results were presented, with a subsequent discussion. A panel discussion took place, considering the current digital situation in Germany, as well as the problems and perspectives the different studies revealed. We presented our topic TrustD (trust indicators in the digital world) with a video, which will be made available shortly (German only). More information about our topic TrustD or one of the other interesting topics can be found on the official website.

More information (German only)
Peter Mayer as panelist at the Public IT Security (PITS) (18-10-2022)

On October 4th and 5th, the Public IT Security (PITS) conference took place in Berlin as the German expert symposium for IT security and cyber security for state and administration. Peter Mayer participated as panelist in the panel "Der Mensch als Sicherheitslücke – Social Engineering" and shared insights into the topic of social engineering from a research point of view.

More information
E-Vote ID in Bregenz with many highlights (14-10-2022)

The Seventh International Joint Conference on Electronic Voting (E-Vote ID 2022) took place in Bregenz, Austria, from October 4 to 7. With 168 participants from all continents of the world, the number of participants in 2021 could not quite be reached. But the conference itself offered many highlights and great backdrops for photos. The conference was organized by Melanie Volkamer, SECUSO, Robert Krimmer, University of Tartu, Estonia, and David Duenas-Cid, Gdansk University of Technology, Poland. Next year, E-Vote-ID will be held in Luxembourg.

Impressions from E-Vote-ID 2022
Results presentation of digilog@bw (12-10-2022)

On Thursday, October 13, 2022, starting at 7 p.m. at the Center for Art and Media Karlsruhe (ZKM), the final presentation of the research results of the project digilog@bw - Digitalization in Dialogue will take place. The aim of the research project, which was initiated in 2019, was to analyze the effects of digitalization in order to create a basis for the informed design of possible futures. The SECUSO research group, represented by Lukas Aldag, will present the results of “TrustD - Trust Indicators in the Digital World”.

More information
Successful EuroUSEC Conference in Karlsruhe (10-10-2022)

From September 29 to 30, the European Symposium on Usable Security (EuroUSEC 2022) took place in Karlsruhe, Germany. With nearly 40 participants on-site and 15 participants online, this year's conference was characterized by face-to-face exchanges and conversations. The conference was organized by Oksana Kulyk, IT University of Copenhagen, Denmark, and Karen Renaud, University of Strathclyde, UK. Melanie Volkamer and Peter Mayer supported the organization on site. Anne Hennig accompanied the conference as Publicity Co-Chair. Next year EuroUSEC will take place in Copenhagen, Denmark.

Read all paper
Google Fonts Checker (28-09-2022)

According to a judgment by the Munich Regional Court from January 20, 2022, website owners may be liable for damages if they use reloading Google fonts. This is mainly due to the fact that data is sent to the USA without the visitor's consent and technical necessity. SICHER3's Google Fonts Checker checks whether fonts from Google are reloaded when a website is visited. The managing director of SICHER3, Dr. Marco Ghiglieri, worked as a doctoral student and post-doc in the SECUSO research group before becoming self-employed.

The Google Fonts Checker
SECUSO receives Consumer Protection Award (27-09-2022)

The SECUSO research group received the Federal Consumer Protection Award from the German Consumer Protection Foundation (“Deutsche Stiftung Verbraucherschutz”, DSV)! The prize is awarded for the development of user-friendly and simple concepts and tools that help users of online services, apps and software to protect their privacy and data security. The prize is awarded by the foundation of the Federation of German Consumer Organizations to outstanding consumer protection projects. The prize was awarded on Monday, September 26, 2022, in Berlin. Dr. Peter Mayer accepted the award on behalf of the research group.

Read the press release
Melanie Volkamer on Simulated Phishing Campaigns (26-09-2022)

October is cybersecurity month, the European initiative coordinated by ENISA and by the European Commission to raise cyber security awareness in Europe. In the context of GÉANT’s cybersecurity month campaign “CSM22 – A Community of Cyber Heroes”, Melanie Volkamer will talk about simulated phishing campaigns. Her talk “To do or not to do: dangers of simulated phishing campaigns” will take place on October 20, 2022, 4 - 5 pm. The main objective of CSM22 is to increase knowledge and awareness of cybersecurity in the broad international Research and Education community by providing its members and users with targeted and tailor-made content and useful tools in the fight against cyber crime.

Register here
Melanie Volkamer at SSAD and SWSD in Bern (23-09-2022)

On October 26 and 27, 2022, Melanie Volkamer will give a presentation at the SWITCH Security Awareness Day 2022 (SSAD) and the Swiss Website Security Day 2022 (SWSD). At SSAD, the topic “Phishing Training without Phishing Simulation” will be discussed. The SWITCH Security Awareness Day aims at giving some insights into the different possible ways to deal with Security Awareness while pointing out where to get support and what is most crucial for being successful. For the Swiss Website Security Day, Melanie Volkamer will present the INSPECTION project. The one-day event will address current security issues for Swiss registrars and webhosters.

The program
Proceedings for E-Vote ID are published (21-09-2022)

Proceedings are also already published for the Seventh International Joint Conference on Electronic Voting (E-Vote ID 2022). In total, ten conference contributions were published in the conference proceedings. E-Vote ID 2022 will be held as a hybrid event in Bregenz, Austria from October 4 to 7. The conference is organized by Robert Krimmer, University of Tartu, Estonia, Melanie Volkamer, Karlsruhe Institute of Technology, and David Duenas-Cid, Gdansk University of Technology, Poland. 

Read the Proceedings
EuroUSEC 2022: Registration period extended (19-09-2022)

More than 40 participants have already registered for this year's European Symposium on Usable Security (EuroUSEC 2022). In order to give those who decide to attend at short notice the opportunity to participate, the registration period has been extended: Registration for in-person participation is still possible until Thursday, September 22, 2022. Registration for online participation is still possible until one day before the conference starts, Wednesday, September 28, 2022. For all those who want to have a look at the program already: The proceedings for EuroUSEC 2022 are available now!

Register now
Melanie Volkamer as keynote speaker at the Security Days (16-09-2022)

You are an information security officer and it is your task to raise awareness for cybersecurity among your colleagues, who are not familiar with this topic? At the Security Days 2022, Melanie Volkamer talks in her keynote on October 6, 2022 about “Security Awareness - ganz oder gar nicht?” (Security Awareness - all or nothing?). The talk will cover recommendations from science and experience how to plan and design effective security awareness measures. It will also be discussed how useful security awareness is, when the effectiveness is not known - and it is therefore likely that the measures are cost-intense in terms of working hours, but have no (or in the worst case negative) effects on cybersecurity. 

More information
Update of the Google Pixel fixed a flaw in the QR-Scanner (14-09-2022)

We found a security design flaw in the QR scanner on the Google Pixel and were able to communicate it to Google and the BSI. The newest update of the Android system (Android 13) also changed the QR scanner UI and fixed the security breach. The problem, the QR scanner did not present the domain of an URL at a certain length of the link. The earlier representation potentially enabled an attacker to let the user see anything, but the domain, without the possibility to check for the actual domain. Don’t forget to update your Google Pixel, to ensure you have the newest security updates.

For more information you can read a short summary (german only).

“Dialog für Cybersicherheit” is starting again (13-09-2022)

Within the project “Dialog für Cyber-Sicherheit” (Dialogue for cybersecurity), which is organized by the German Federal Office for Information Security (BSI), representatives from society enter the dialogue with different stakeholders from academia, culture and media, economy as well as politics. Within five “workstreams”, different cyber security topics are discussed. Last year, Melanie Volkamer and Angela Sasse supported a workstream on effective IT security awareness measures. This year, Anne Hennig will represent the SECUSO research group. The new project cycle will start on September 19 and 20 in Leipzig, where the topics for the new workstreams are chosen. The exchange of information will last until March 2023.

The project
Congratulations, Jurlind Budurushi! (05-09-2022)

We congratulate Dr. Jurlind Budurushi on his new position as lecturer! Jurlind Budurushi was part of the SECUSO research group from 2012 to 2016. He earned his PhD at TU Darmstadt and worked as a PostDoc for SECUSO until December 2016. He then worked several years in industry. Since August 2022, Jurlind Budurushi is working as lecturer and researcher in the department of Computer Science and Engineering (CSE) at Qatar University in Doha.  

The CST Team
Melanie Volkamer at the TRIALOG (09-09-2022)

On occasion of the International Day of Democracy, the TRIALOG topic on Thursday, September 15, will be “Demokratie - Wege, Irrtümer, Realitäten” (Democracy - ways, fallacies, realities). Melanie Volkamer, Renate Dürr, Franziska Grethe, Uwe Lübbermann and Michael Schmidt-Salomon will discuss this topic from 7 to 9 pm. TRIALOG is a new format at the TRIANGEL Open Space at Kronenplatz, Karlsruhe. The goal of the TRIALOG is to foster exchange and discussion on equal footing. TRIALOG brings together experts from science, economy and society to discuss a topic from different perspectives.

More
Award Ceremony Digital Autonomy Award (07-09-2022)

This year, the SECUSO research group won the Digital Autonomy Award for it’s Privacy Friendly Apps. On the occasion of Mensch und Computer (MUC) 2022 conference in Darmstadt, SECUSO presented the Privacy Friendly Apps (PFA). Guests were able to test the PFA and inform themselves about the apps. At the end of the event, the PFA team was congratulated on their award during the awards ceremony. In 2022, the Digital Autonomy Hub awarded the Digital Autonomy Award for the first time to the SECUSO PFAs to honor their contribution to increase the digital autonomy of users.

More infos on the award
Paper accepted at STAST 2022 (02-09-2022)

The paper “Design and Evaluation of an Anti-Phishing Artifact Based on Useful Transparency" by Christopher Beckmann, Benjamin Berens, Niklas Kühl, Peter Mayer, Mattia Mossano and Melanie Volkamer was accepted for publication at the 12th International Workshop on Socio-Technical Aspects in Security (STAST 2022). In the paper an anti-phishing artifact was developed and then evaluated via a between-subjects study with 109 participants. STAST 2022 will take place in conjunction with the 27th European Symposium on Research in Computer Security (ESORICS 2022) in Copenhagen, Denmark, from September 26 to 30, 2022.

More on STAST
Program for EuroUSEC is published (29-08-2022)

The program for this year's European Symposium on Usable Security (EuroUSEC 2022) has been published. The conference will be held as a hybrid event in Karlsruhe, Germany on September 29 and 30. The conference is organized by Oksana Kulyk, IT University of Copenhagen, Denmark, and Karen Renaud, University of Strathclyde, UK. Melanie Volkamer and Peter Mayer support the program committee as local chairs in Karlsruhe. Anne Hennig supports the conference as Publicity Co-Chair. Registration for EuroUSEC is now open!

Register now
Paper accepted at NordiCHI 2022 (29-08-2022)

The paper “Shoulder-Surfing Resistant Authentication for Augmented Reality” by Reyhan Düzgün, Peter Mayer and Melanie Volkamer was accepted at NordiCHI 2022. The conference will take place in Aarhus, Denmark from 8th-12th of October 2022.

Conference website
Second paper accepted at EIS 2022 (29-08-2022)

The paper “Council of Europe Guidelines on the use of ICT in electoral processes" von Ardita Driza Maurer, Melanie Volkamer und Robert Krimmer was accepted for publication at the 1st International Workshop on Election Infrastructure Security (EIS 2022). The authors report on the development of guidelines by the Council of Europe for election technology. EIS 2022 will take place in conjunction with the 27th European Symposium on Research in Computer Security (ESORICS 2022) in Copenhagen, Denmark, from September 26 to 30, 2022.

More on EIS
Program for E-Vote ID is published (26-08-2022)

The program for this year's E-Vote-ID conference has been published. The conference will be held as a hybrid event in Bregenz, Austria from October 4 to 7. The conference is organized by Robert Krimmer, University of Tartu, Estonia, Melanie Volkamer and David Duenas-Cid, Gdansk University of Technology, Poland. The venue will take place at Schloss Hofen, the prominent Renaissance castle of the Earls of Raitenau. It is situated at the shore of Lake Constance in Lochau, which is right next to the region’s capital Bregenz. Registration is now open!

Register now
Welcome back, Peter! (26-08-2022)

Peter Mayer has returned to Karlsruhe from his research visit at the George Washington University Usable Security and Privacy Lab (GWUSEC), the research group of Prof. Adam J. Aviv at the George Washington University. The research visit was funded by a travel grant of the topic Engineering Secure Systems, subtopic 46.23.01 Methods for Engineering Secure Systems, of the Helmholtz Association (HGF).

More on GWUSEC
Poster accepted at EuroUSEC 2022 (25-08-2022)

The poster “How to best inform website owners about vulnerabilities on their websites" by Anne Hennig, Fabian Neusser, Aleksandra Pawelek, Dominik Herrmann and Peter Mayer was accepted for presentation at the European Symposium on Usable Security (EuroUSEC 2022). The authors interviewed website owners about how they perceived notification about vulnerabilities on their websites. EuroUSEC 2022 will take place in Karlsruhe, Germany, from September 29 to 30, 2022. Registration is now open until September 16.

Got to registration
Paper accepted at EIS 2022 (24-08-2022)

The paper “Why is Online Voting Still Largely a Black Box?" von Michael Kirsten, Melanie Volkamer and Bernhard Becker was accepted for publication at the 1st International Workshop on Election Infrastructure Security (EIS 2022). The authors interviewed experts and stakeholders about why online voting is still a largely an obscure process. EIS 2022 will take place in conjunction with the 27th European Symposium on Research in Computer Security (ESORICS 2022) in Copenhagen, Denmark, from September 26 to 30, 2022.

More on EIS
Tracking-free apps under scrutiny (10-08-2022)

Only a few applications are designed to protect users from tracking and unnecessary data collection. For those who are looking for privacy-friendly apps, our SECUSO Privacy Friendly Apps provide an alternative. Our PFAs are regularly recommended for their privacy friendliness, and were recently awarded with the Digital Autonomy Award. Now, the German computer magazine “PC Magazin” also tested our apps and concluded: In total, most of the apps work reliably and without constraints. But some of our apps fell behind innovation. To compensate for this, we are looking for app godparents. If you want to support our work, you will find more information here.

Read the full article
New summary of the NoPhish concept (05-08-2022)

Our NoPhish concept is growing and growing. Therefore we have created a detailed summary of the concept and its measures. Here we explain the components of the concept and briefly present all 10 measures so far, from the flyer to the humanoid robot (STAR). We also provide insights into which events we have participated in with our material so far in the past. Also some numbers about the current usage of our material can be found in this summary. In addition we list the current research from publications to theses.

Detailed Summary
Protect your smartphone in 11 steps (04-08-2022)

The German newspaper “Aachener Allgemeine Zeitung” published eleven steps how to protect your smartphone. Amongst other experts, Melanie Volkamer and Peter Mayer were cited in the article. Peter Mayer suggests that as a first step, users should take care that the operating system and all apps are regularly updated. Melanie Volkamer further recommends uninstalling apps that are not necessary. It is also recommended to carefully check which apps are installed and which permissions the apps ask for. Furthermore, Melanie Volkamer recommends not to obtain root access. “Rooting” or “Jailbreaking” can prevent critical applications like banking apps from working correctly.

Read the full article
Paper accepted at USENIX 2022 (01-08-2022)

The paper “Why Users (Don't) Use Password Managers at a Large Educational Institution" von Peter Mayer, Collins Munyendo, Michelle Mazurek und Adam J. Aviv was accepted for publication at the 31th USENIX Security Symposium (USENIX 2022). The authors surveyed 277 faculty, staff, and students about their use of password managers. They found that the largest factor encouraging PM adoption is perceived ease-of-use, indicating that communication and institutional campaigns should focus more on usability factors. USENIX Security will take place as a hybride on-site event in Boston, MA, USA, from August 10 to 12, 2022.

More on USENIX
New version of the privacy friendly pain diary is available (26-07-2022)

We updated our privacy friendly pain diary: We fixed some bugs and made the database more robust. We also included the integration in the SECUSO Back-up app. The Privacy Friendly Pain Diary is part of our Privacy Friendly Android applications. The app can help users track and share their pain. It allows them to make daily diary entries recording their condition and the intensity, location, nature and time of the pain they feel. It is also possible to include medication and additional notes.

More on the pain diary
Paper accepted at E-Vote-ID 2022 (26-07-2022)

The paper “Individual Verifiability with Return Codes: Manipulation Detection Efficacy” by Paul Tim Thürwächter, Melanie Volkamer and Oksana Kulyk was accepted for publication in the Lecture Notes in Computer Science (LNCS) proceedings at the 7th International Joint Conference on Electronic Voting (E-Vote-ID 2022). The goal of the study was to find out if the Manipulation Detection Rate during online votings can be increased if the voters watch an information video beforehand. In the video it was explained which steps are necessary for the voting process and individual verifiability. The results indicate that rather than only explaining the voting process, it might be better to raise awareness for verifiability. E-Vote-ID will take place as a hybrid on-site event in Bregenz, Austria, from October 4 to 7, 2022.

More on E-Vote-ID
Golem.de Interview on Privacy Friendly Apps (25-07-2022)

Our Privacy Friendly Apps are open source, contain no advertising and no tracking mechanisms. In an interview with Golem.de, Dr. Peter Mayer and Christopher Beckmann gave insights into the development and philosophy of the Privacy Friendly Apps.

Read the article
Second Poster accepted at SOUPS 2022 (21-07-2022)

The poster “PassSec+ - An add-on that protects your passwords, payment data and privacy” by Maxime Veit and Melanie Volkamer was accepted for presentation at the Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022). To support users in detecting untrustworthy websites more efficient and more effective we developed the PassSec+ concept and a corresponding browser add-on in 2015. We recently revisited this approach and noticed some shortcomings. The poster present how we addressed these shortcomings and how we adopted the logic as well as the user interfaces. SOUPS will take place as a hybride on-site event in Boston, MA, USA, from August 7 to 9, 2022.

More on SOUPS
Melanie Volkamer on “Governance of Digital Futures” (20-07-2022)

Are we drivers of development or driven by it? In 2030 - Will we still have a pacing problem? What needs to be done by the TA-community? Melanie Volkamer, Lars Adolph, Matthias Finger, Armin Grunwald and Sonja Thiel will discuss these and other questions related to challenges and expectations with respect to the governance of digitalization and artificial intelligence (AI) at the “Round Table on the Governance of Digital Futures” as part of the “Fifth European Technology Assessment Conference”. The conference will take place from July 25 to 27, 2022 in the Center for Art and Media (ZKM) in Karlsruhe and online. The panel discussion will take place on July 27, 11 am to 12.30 pm.

To the registration
Colloquium fundamentale on “Politics in Science” (19-07-2022)

On July 21, 2022 the Colloquium Fundamentale will discuss the topic of “Politik in der Wissenschaft. Vom Zweck der Forschung in modernen Gesellschaften“ (Politics in science. The purpose of research in modern societies). The relationship between politics and science is often described as strained. Representatives from the government and the university will discuss how freedom of science has to be understood to guarantee an appropriate relationship between science and politics. This last session of the Colloquium Fundamentale will take place in the foyer of the “Präsidiumsgebäude” at KIT from 6 to 7.30 pm. 

To the event
Welcome to SECUSO (18-07-2022)

We welcome Fabian Ballreich as our new member in the SECUSO team! Maxime Veit was already a Hiwi for the SECUSO research group since 2019. He mainly helped with the organization of the lectures. Fabian Ballreich graduated with a Master’s degree in Business Informatics from KIT and is working as a research assistant for the SECUSO research group since July 15, 2022. Fabian Ballreich will be working in the area of security awareness in bigger organizations. He will support SECUSO in the research project “Effektive Security Awareness Maßnahmen am KIT” (Effective security measures at KIT) which is funded by the “Strategiefonds” at KIT.

The SECUSO team
TORPEDO update is now available (15-07-2022)

TORPEDO (Tooltip-poweRed Phishing Email DetectiOn) is an add-on to help users detect fraudulent emails with dangerous links (often called phishing emails). NEW: We have included a small loader. This is to help ensure that no artifacts are visible while creating tooltips on low performance devices. The update is available for the web extension e.g. for Firefox or Chrome, as well as for the Thunderbird version of TORPEDO. 

More on TORPEDO
Paper accepted at MuC (14-07-2022)

The paper "PassGlobe: Ein Shoulder-Surfing resistentes Authentifizierungsverfahren für Virtual Reality Head-Mounted Displays" by Reyhan Düzgün was accepted at the 8th Usable Security and Privacy Workshop as part of the “Mensch und Computer” (humans and computers) conference (MuC 2022). The paper reports about an authentication method for VR devices, PassGlobe, that helps to prevent Shoulder Surfing attacks while using those devices. The conference will take place in Darmstadt, Germany, from September 4 to 7, 2022.

More on MuC
Poster accepted at SOUPS 2022 (13-07-2022)

The poster “‘Now I'm a bit angry:' Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them" by Peter Mayer, Yixin Zou, Florian Schaub, and Adam J. Aviv was accepted for the presentation at the 18th Symposium on Usable Privacy and Security (SOUPS 2022). In the first known study to ask participants about actual data breaches that impacted them, the researchers found that people were not aware of 74% of the breaches shown to them. The researchers also found that most of those affected by breaches blamed their own personal behaviours for being affected. The full paper describing this study was presented at last year’s USENIX Security Symposium (USENIX 2021). SOUPS will take place as a hybride on-site event in Boston, MA, USA, from August 7 to 9, 2022.

More on SOUPS
NoPhish quiz is now at wir-forschen.digital (08-07-2022)

In February 2021 we published the SECUSO NoPhish quiz on our website. Since then, a record number of 6383 persons completed the quiz. Now the NoPhish quiz is also available on the website of “wir forschen digital”. “Wir forschen digital” (which can be translated to “We do digital research”) is a project within the Digital Citizen Science Initiative at the Karlsruhe Institute of Technology (KIT). This is a forum for citizens where they can actively participate in research projects. With the NoPhish quiz interested persons can take part in the research on phishing awareness.

Go to the quiz
SECUSO receives award from KIT (06-07-2022)

Prof. Hanselka congratulated Prof. Melanie Volkamer, Dr. Peter Mayer and Reyhan Düzgün on receiving a Facebook Research Award. The Research Award was given by Facebook for exploratory research work on the topic "Trust in AR, VR, and Smart Devices". The project submitted by the SECUSO team entitled "Secure and usable authentication for augmented and virtual reality devices" was chosen for the award. Reyhan Düzgün, doctoral student in the SECUSO research group, received the distinction from the president of the Karlsruhe Institute of Technology, Prof. Dr. Hanselka, on behalf of the entire team at the President's Banquet.

More on the topic
Awareness is key (04-07-2022)

In our networked world, digital infrastructures are essential parts of our daily life. But digital infrastructures are also particularly vulnerable. How researchers are looking for ways to identify and remove vulnerabilities is described in a news article by the Helmholtz Association. Just like making digital systems more secure, raising awareness for the potential threats and ensuring the usability of security concepts are vital components in preventing cyber attacks.

To the news article
INSPECTION meeting in Karlsruhe (29-06-2022)

On Tuesday, June 28 2022, nearly two years after the INSPECTION project started with the Kick-off meeting in Karlsruhe, all partners and interested persons met again (partially) in person for the fifth project meeting. Joachim Feist, mindUp Web + Intelligence GmbH, talked about the advantages of a security.txt on websites. Stephan Halder, BDO AG, presented further results from forensic analyses of websites. Dr. Peter Mayer and Anne Hennig, who represent the SECUSO research group in the project, presented first results of a notification experiment, where the effectiveness of several notification texts is compared. In the following months, the focus of the project will be on awareness. Therefore, Prof. Melanie Volkamer presented guidelines on how to develop security awareness materials. 

INSPECTION project
QR Code Scanner 4.0.0 is now available (28-06-2022)

We published the latest version of the Privacy Friendly QR-Code Scanner! We improved the design and fixed bugs. We also included the integration in the SECUSO Back-up app. But the most important new feature: The scanner now recognizes saved pictures! It is also possible to share pictures from other apps with the QR Code Scanner app. BTW: Our other Privacy Friendly Apps are also highly recommendable - seniorweb.ch founds that as well!

QR Code Scanner
Notifications for E-Vote-ID are sent out (28-06-2022)

Notifications for accepted papers to be presented at this year's International Conference for Electronic Voting (E-Vote-ID 2022) were sent out last Friday. Based on the PC members’ reviews and discussion, 19 papers are selected. Roughly half of the papers are accepted for Lecture Notes in Computer Science (LNCS) proceedings and the other ones for publication in the University of Tartu’s proceedings. As a novelty, all papers in E-Vote-ID will be open access, including the ones in Springer LNCS. The conference will take place as a hybrid event from October 4 - 7, 2022 in Bregenz, Austria. Congratulations to all authors!

Register for E-Vote-ID
Project on Online Voting starts in July (27-06-2022)

The project “End-to-end-verifiable and secret online votings at KIT” (Ende-zu-Ende-verifizierbare und geheime Online-Wahlen am KIT)  was selected to be supported by the “Strategiefonds” of the Karlsruhe Institute of Technology (KIT). Bernhard Beckert (KASTEL), Jörn Müller-Quade (KASTEL) und Martin Nußbaumer (SCC) are working together with Melanie Volkamer and the SECUSO research group at this project. The project will last from July 1, 2022 until June 30, 2024.

SECUSO research on electronic voting
SECUSO at the “Bunte Nacht der Digitalisierung” (23-06-2022)

The Karlsruhe “Bunte Nacht der Digitalisierung” (“Digital Night”) will take place on Friday, July 1, 2022. The SECUSO research group will participate in this event with a quiz on phishing URLs. Furthermore, visitors will be able to watch our NoPhish videos and learn more about how to recognize fraudulent messages. All quiz-participants can take part in a raffle: We give away 2 x 50€ and 2 x 30€ in gift cards. So come and meet us on July 1, 2022 in the Triangel Open Space, Kaiserstraße 93, Karlsruhe!

See the program
Melanie Volkamer on Usable Security Research at the Big Techday 22 (22-06-2022)

Melanie Volkamer will talk about “Usable Security Research @ KIT” at the conference “Big Techday 22” on July 15, 2022. The talk will focus on two aspects of usable security research: First, Prof. Volkamer will present the Human Centered Security by Design approach to achieve a better or appropriate usability of future security measures. Second, she will present a framework which helps those who provide security measures to create security interventions. The Big Techday is a one-day conference on science and technology with a focus on IT, organized by the TNG Technology Consulting GmbH.

More information
Digital Self Defense at the Digitaltag 2022 (20-06-2022)

Watch out! Cybercriminlas want to obtain your private data or access your user accounts. At the Digitaltag 2022, the SECUSO research group will introduce you to tipps and tricks of cybercriminals. With our course on Digital Self Defense, we will show you how to detect fraudsters. The workshop will take place online. There is no registration needed for your participation.

More information
Peter Mayer and Anne Hennig represent SECUSO as Publicity Chairs (17-06-2022)

Dr. Peter Mayer and Anne Hennig represent the SECUSO research group at two conferences this year: Anne Hennig, Sanchari Das and Theodor Schnitzler are Publicity Chairs for the European Symposium on Usable Security (EuroUSEC 2022), which will be held as a hybrid event online and in Karlsruhe, Germany, on September 29 and 30, 2022. Peter Mayer, Hamed Okhravi and Xiapu Luo support the Annual Computer Security Applications Conference (ACSAC) als Publicity Chairs. Submissions for ACSAC can be made until June, 29, 2022. The conference takes place December 5 to 9, 2022 in Austin, Texas, USA.

ACSAC CfP
Paper accepted at ARES 2022 (15-06-2022)

The paper “SoK: A Systematic Literature Review of Knowledge-Based Authentication on Augmented Reality Head-Mounted Displays” by Reyhan Düzgün, Naheem Noah, Peter Mayer, Sanchari Das and Melanie Volkamer as well as “Cookie Disclaimers: Impact of Design and Users’ Attitude” by Benjamin Maximilian Berens, Heike Dietmann, Chiara Krisam, Oksana Kulyk and Melanie Volkamer were accepted at the 17th International Conference on Availability, Reliability and Security (ARES 2022). The conference will take place in Vienna from 23th-28th of August 2022.

Conference website
Melanie Volkamer and Peter Mayer part of the program committee for SPOSE and EIS (15-06-2022)

Melanie Volkamer and Peter Mayer are supporting the program committee for the 4th Workshop on Security, Privacy, Organizations, and System Engineering (SPOSE 2022). Submission deadline is June, 24 2022. Melanie Volkamer also supports the program committee of the 1st International Workshop on Election Infrastructure Security (EIS 2022). Submissions can be made until June 30, 2022. Both workshops take place in conjunction with the 27th European Symposium in Research in Computer Security (ESORICS 2022). ESORICS will take place September 26 to 30, 2022 in Copenhagen, Denmark.

The conference
After the Hannover Messe 2022 (13-06-2022)

This year the SECUSO research group was able to exhibit parts of the materials from the NoPhish concept at the Hannover Messe. The exhibits included the NoPhish Quiz, the online game Phishing Master and STAR, the Security Teaching & Awareness Robot of the research group, who welcomed the president of the KIT, Prof. Hanselka, as well as German chancellor Olaf Scholz and his team at the official opening of the Hannover Messe 2022. All materials are designed to train users in recognizing fraudulent messages. Each of the exhibited formats is interactive and targeted to engage different target groups.

STAR at #HM22 (minute 0:23)
Cryptography in school (06-06-2022)

Melanie Volkamer held a class in computer science at the Kant-Gymnasium in Karlsruhe last week. Topic of the lesson was cryptography. The school kids learned about the basic techniques in cryptography and addressed the advantages and disadvantages of symmetric, asymmetric and hybrid cryptography.

More
Call for papers: E-Vote-ID 2022 (10-06-2022)

Submission to the tracks 3 “Election and Practical Experiences” and 5 “PhD Colloquium” can be made until July 10, 2022. Track 3 welcomes reviews of developments in the area of applied electronic voting and reports on experiences with electronic voting or the preparation thereof. Track 5 welcomes research proposals in the form of an extended draft. One of E-Vote-ID’s major objectives is to provide a forum for interdisciplinary and open discussion of all issues related to electronic voting (including, but not limited to, polling stations, kiosks, ballot scanners, and Internet voting). The conference will take place October 4 to 9 in Bregenz, Austria.

Read the CfP
Paper accepted at SOUPS 2022 (08-06-2022)

Two papers from the SECUSO research group were accepted at the 18th Symposium on Usable Privacy and Security (SOUPS 2022): the paper “"I don’t know why I check this..." - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attack” by Peter Mayer, Damian Poddebniak, Konstantin Fischer, Marcus Brinkmann, Juraj Somorovsky, Sebastian Schinzel und Melanie Volkamer as well as the paper “Increasing security without decreasing usability: Comparison of various verifiable voting systems” by Melanie Volkamer, Oksana Kulyk, Jonas Ludwig and Niklas Fuhrberg were accepted. The conference will take place in Boston, MA, USA from August 7 to 9, 2022.

Conference website
Paper accepted at HAISA 2022 (03-06-2022)

The paper “Your Cookie Disclaimer is not in line with the ideas of the GDPR. Why?” by Anne Hennig, Heike Dietmann, Franz Lehr, Miriam Mutter, Melanie Volkamer and Peter Mayer was accepted at the 16th International Symposium on Human Aspects of Information Security & Assurance (HAISA 2022). The paper reports about a study where the data protection officers of 150 German websites were asked about (potential) GDPR non-compliant cookie disclaimers on their websites. The conference will take place in Mytilene, Greece on July 6 and 7, 2022.

Conference website
STAR welcomes German chancellor at #HM22 (30-05-2022)

STAR, the Security Teaching & Awareness Robot of the SECUSO research group, welcomed the president of the KIT, Prof. Hanselka, as well as German chancellor Olaf Scholz and his team at today’s official opening of the Hannover Messe 2022. STAR trains visitors in recognizing fraudulent messages. STAR and further materials from our NoPhish concept can be tested until Thursday, June2, 2022 in the Future Hub, hall 2, Stand B40!

STAR at #HM22
We want YOU! (25-05-2022)

Our SECUSO research team is growing! We are offering a research associate position at the earliest possible date. You will conduct research in the field of Human Factors in Security & Privacy. For our interdisciplinary team we are looking for researchers with a degree in computer science, business informatics, media informatics, industrial engineering, mathematics, communication sciences, psychology, or related areas. Programming experience and experience in conducting qualitative and quantitative studies is an advantage. The position is suitable for PhD candidates as well as PostDocs. Salary category 13 TvÖD is intended.

Read the job offer
DuD article on manipulative designs of cookie disclaimers (24-05-2022)

Franz Lehr (TU Dresden), Heike Dietmann, Chiara Krisam and Melanie Volkamer (SECUSO) published an article about the manipulative design of cookie disclaimers in the current issue of “Datenschutz und Datensicherheit” (data protection and data security, DuD). A recent study analyzed the cookie disclaimers of the most visited websites in Germany. The authors could observe that most cookie disclaimers are not privacy friendly. In this article, we comment on the current legal basis and provide and discuss recommendations for the future of cookie disclaimers. 

Read the article
STAR represents SECUSO at #HM22 (23-05-2022)

STAR, the Security Teaching & Awareness Robot of the SECUSO research group, will accompany us to the Hannover Messe, which will start next week. At the Hannover Messe, the research group will present parts of the NoPhish materials, which were developed by SECUSO. With the help of NoPhish, users can learn to detect fraudulent e-mails and other messages and protect themselves against phishing. Recognizing fraudulent messages can be trained with START this year at the Hannover Messe. Visit us from May 30 to June 2, 2022 in the Future Hub, hall 2, Stand B40!

SECUSO at #HM22
Peter Mayer on passwords in the radio broadcast SWR3 (20-05-2022)

The German broadcast station SWR3 presented in his “hot topic” on May 6, 2022, new but secure authentication methods. With the title “Vergesst vergessene oder unsichere Passwörter” (Don’t mind forgotten or insecure passwords), the authors presented the FIDO procedure. This should be more comfortable to the users and provide an alternative to current authentication methods. The interview with Peter Mayer starts after 1.30 minutes.

Listen to the report
Peter Mayer and Anne Hennig present INSPECTION at the BSI (18-05-2022)

Dr. Peter Mayer and Anne Hennig presented the research project INSPECTION as part of the internal event series “DVS Open” at the Federal Office for Information Security (BSI) on May 17, 2022. “DVS” is the German abbreviation for digital consumer protection (“Digitaler Verbraucherschutz”). Peter Mayer and Anne Hennig presented the goals and current research results of the INSPECTION project. The goal of the project is to identify hacked websites, inform affected website owners about the security vulnerability and raise awareness for the problem to minimize the risk of future attacks.

More on INSPECTION
STAR at the TIL:FESTIVAL (16-05-2022)

The humanoid robot STAR of the SECUSO research group welcomes guests to the Today I Learned (TIL) Festival which will take place 18-21th of May in the Triangle at the Kronenplatz, Karlsruhe. Guests can speak to STAR to learn about phishing messages and spotting dangerous links in fraudulent messages. STAR presents his skills on our Teams’ webpage. STAR is looking forward to the exchange!

Visit STAR
Melanie Volkamer presents results at the "Dialog für Cybersicherheit" (13-05-2022)

On Tuesday, May 10, 2022, Melanie Volkamer presented the results of workstream 4 (effective IT security awareness measures) of the project “Dialog für Cyber-Sicherheit” (Dialogue for cybersecurity). Within the project, which is organized by the German Federal Office for Information Security (BSI), representatives from society entered the dialogue with different stakeholders from academia, culture and media, economy as well as politics. Within five “workstreams”, different topics were discussed. Workstream 4 was supported by Melanie Volkamer (SECUSO) and Angela Sasse (Ruhr University Bochum). The goal of this workstream was to develop guidelines for creating effective awareness measures.

More infos
Cybersecurity Lunch started successfully (11-05-2022)

On Tuesday, May 10, 2022, the first Cybersecurity Lunch took place. Around 20 persons used the event to share ideas and thoughts on security and privacy in an informal atmosphere. From now on, the SECUSO research group invites for a lunch with cybersecurity topics on every second Tuesday of the month. The goal of the event is to have a regular meeting for everyone in Karlsruhe who is working / doing research in security and privacy.

More infos
Benjamin Berens part of the program committee of ARES 2022 (10-05-2022)

Benjamin Berens has joined the program committee of the International Conference on Availability, Reliability and Security (ARES 2022) this year. The conference will be held August 23-26, 2022 in Vienna, Austria. Authors will be notified of accepted papers by May 16, 2022.

See all PC members
Reminder: EuroUSEC deadline for submission is approaching (06-05-2022)

EuroUSEC 2022 is approaching! We invite you to submit a paper and join us at EuroUSEC 2022. Mandatory paper registration deadline is June 6, 2022. The submission deadline for papers is June 10, 2022. Original work describing research, visions, or experiences in all areas of usable security and privacy are welcomed. EuroUSEC 2022 will be held as a hybrid on-site event on September 29 & 30, 2022 in Karlsruhe. Prof. Melanie Volkamer and Dr. Peter Mayer, Steering Committee, and Anne Hennig, Publicity Co-Chair, will represent SECUSO as part of the event.

Read the CfP
SECUSO at the Digitaltag 2022 (04-05-2022)

We will provide another workshop for the Digitaltag 2022. The workshop will be held online on 24.06.2022. The topic will be phishing methods and how to detect phishing emails. 

More information (only in German)
Peter Mayer and Anne Hennig present INSPECTION at the BSI (28-04-2022)

Dr. Peter Mayer and Anne Hennig will present the research project INSPECTION as part of the internal event series “DVS Open” at the Federal Office for Information Security (BSI) on May 17, 2022. “DVS” is the German abbreviation for digital consumer protection (“Digitaler Verbraucherschutz”). Peter Mayer and Anne Hennig will present the goals and current research results of the INSPECTION project. The goal of the project is to identify hacked websites, inform affected website owners about the security vulnerability and raise awareness for the problem to minimize the risk of future attacks.

More on INSPECTION
SECUSO at the Hannover Messe (04-04-2022)

Fraudulent messages come as emails or in other forms. With the help of the NoPhish concept developed by the SECUSO research group of KIT, users can detect them and protect themselves. At the Hannover Messe, the research group will present parts of the NoPhish materials with the help of interactive exhibits. Visit us from May 30 to June 2, 2022 in the Future Hub, hall 2, Stand B40!

Read the announcement
SECUSO invites you: Cybersecurity Lunch (12-04-2022)

The SECUSO research group invites for a lunch with cybersecurity topics on every second Tuesday of the month. The goal of the event is to have a regular meeting for everyone in Karlsruhe who is working / doing research in security and privacy to share ideas and thoughts in a relaxed atmosphere. Due to Corona the event was paused for nearly two years, but now we would like to meet you again: The first Cybersecurity Lunch will take place on Tuesday, May 10, 2022 at 12 pm in the restaurant “Il Caminetto”, Kronenstrasse 5, Karlsruhe!

More infos
BMBF publishes information on Digital Autonomy Award (14-04-2022)

The German Ministry of Education and Research (BMBF) has now published the information that the SECUSO research group has won the Digital Autonomy Award for its Privacy Friendly Apps. The topic was also published in several news media, for example the “Badische Neueste Nachrichten” (BNN), the “Tagesspiegel” (paywall) or the online magazine “Gründermetropole”.

BMBF press release
Peter Mayer on Phishing at "Osthessen Metall" (08-04-2022)

On Monday, May 30, 2022, Peter Mayer from the SECUSO research group will hold a talk on “Digital Self Defense against Phishing with NoPhish” at the Bezirksgruppe Offenbach and Osthessen of “Hessenmetall”. Phishing emails pose a huge security risk in organizations and businesses. In his talk, Peter Mayer will explain different types of phishing attacks and he will give advice, how to protect from phishing emails in the daily life.

More on NoPhish
Cybersecurity course as fundraising event for Ukraine (27-04-2022)

On Thursday, May 5, 2022, the research groups Security-Usability-Society (SECUSO) and IT Security (PS) of the Karlsruhe Institute of Technology will organize a cybersecurity course as fundraising event for Ukraine. The course will be from 7 to 8 pm CEST. It is free of charge, but attendees are asked to make an adequate donation for the Ukraine (e.g. Aktion Deutschland Hilft e.V. DE62 3702 0500 0000 1020 30). The course will cover the detection of phishing emails and other fraudulent messages as well as the detection of fake news, for example in Social Media. The course will be held as an online event.

More information
Don’t miss: Call for Papers E-Vote ID (26-04-2022)

Submission deadline for the tracks “Security, Usability and Technical Issues” and “Governance Issues” is May, 15, 2022. E-Vote-ID is one of the leading events for e-voting experts from all over the world. Prof. Melanie Volkamer is supporting the conference as General Chair. Submissions can be made to five different tracks. Submission deadline for the PhD Colloquium and the track “Election and Practical Experiences” is July, 10. Poster and demos can be submitted until September 15. The conference will take place as a hybrid event from October 4-7, 2022 in Bregenz, Austria.

Submit
Participation campaign "Home office? Challenge accepted!" (21-04-2022)

Many employees and companies will continue to be open to working from home in the future - regardless of the Corona pandemic. In fact, they often prefer it to working in the office. However, working from home brings numerous advantages as well as challenges. The "wir-forschen.digital" initiative of the Karlsruhe Institute of Technology (KIT) invites citizens to submit their personal challenges for which they would like support from science at wir-forschen.digital/home-office/. Proposed solutions are then developed together with researchers and students.

More about the campaign
Heise and Deutschlandfunk on the expert discussion in the Bundestag (19-04-2022)

As part of the public expert discussion "E-voting – alternative forms of voting and how to make them secure", which took place on April 6, 2022 in the German Bundestag, Prof. Volkamer gave a keynote speech on the subject of online voting and took part in the subsequent discussion. Both the speech and the discussion were picked up by Heise online and Deutschlandfunk (both in German). If you would like to listen to the expert discussion yourself, you can do so online.

For the online recording of the technical discussion
Anne Hennig presents INSPECTION project at IHK (06-04-2022)

Anne Hennig, research assistant with the SECUSO research group, and Joachim Feist, mindUp Web and Intelligence GmbH, presented the INSPECTION project to the IT security commissioners of the German Chambers of Commerce and Industry (IHK) on March 29, 2022. The aim of the INSPECTION project is to find hacked websites and effectively notify the website owners about the vulnerability on their website. To design an effective notification process, it is important to raise awareness for the problem among different stakeholders.

More on the project
E-Voting Panel at Sicherheit 2022 (30-03-2022)

The conference “Sicherheit” (“Security”) by the department “Sicherheit - Schutz und Zuverlässigkeit” (“Security - Protection and Reliability”) will begin next Tuesday. Among other interesting talks, the E-Voting Panel will take place on Thursday, April 6, 2022. Melanie Volkamer will discuss the topic “Why are election officials satisfied with blackbox online voting systems?” with Dr. Michael Klein (KASTEL), Prof. Andreas Mayer (KASTEL), Prof. Oksana Kulyk (IT University of Copenhagen), Dr. Sebastian Palm (BSI), Prof. Rüdiger Grimme (Universität Koblenz), Prof. Bernhard Becker (KASTEL) and Jan Wegner (POLYAS GmbH).

More information
Mattia Mossano on security topics at the “Deutsche Flugsicherung” (29-03-2022)

On Thursday March 31, 2022, Mattia Mossano from the SECUSO research group will hold a talk at the “Deutsche Flugsicherung” (DFS) on “Security and Privacy for everyone”. Nowadays we are constantly connected to the rest of the world. However, all this connectivity comes with risks to both the security of our data and our privacy. In his talk, Mattia Mossano will present an overview of some of the current threats and propose ways to protect oneself.

DFS homepage (only in German)
SECUSO wins Digital Autonomy Award 2022 (28-03-2022)

The Privacy Friendly Apps, which were developed by the SECUSO research group, won the Digital Autonomy Award 2022! The apps were praised as easy, fast and practical solutions, which allow the users to regain data sovereignty. The Digital Autonomy Award is funded by the German Ministry for Education and Research in the context of the Digital Autonomy Hub. The Award is realized by the German Informatics Society and AlgorithmWatch. Many thanks to all who voted for the PFAs!

More on the award
Paper accepted at CHI 2022 (25-03-2022)

The paper "Standing out among the daily spam: How to catch website owners attention by means of vulnerability notifications" by Anne Hennig, Fabian Neusser, Aleksandra Pawelek, Dominik Herrmann and Peter Mayer has been accepted for publication at the Conference on Human Factors in Computing Systems (CHI 2022), which will be held April 30 to May 5, 2022 in New Orleans, LA, USA. The paper describes an interview study with German website owners to identify ways to effectively notify them about website vulnerabilities.

Conference program
Melanie Volkamer on E-Voting in the German Bundestag (24-03-2022)

Melanie Volkamer will hold an introduction talk on E-Voting as part of a public discussion in the German Bundestag on April 6, 2022. It will be discussed whether electronic voting can be an alternative election method and how the voting can be secured. The event will be streamed in the German “Parlamentsfernsehen”, where everyone can follow the discussion. Only members or staff of the German Bundestag are allowed to participate in person at the discussion. 

More information
Call for Papers: EuroUSEC 2022 (23-03-2022)

We invite you to submit a paper and join us at EuroUSEC 2022, which will be held as a hybrid on-site event on September 29 & 30, 2022 in Karlsruhe. Original work describing research, visions, or experiences in all areas of usable security and privacy are welcomed. Paper registration deadline is June 6, 2022. Prof. Melanie Volkamer and Dr. Peter Mayer, Steering Committee, and Anne Hennig, Publicity Co-Chair, will represent SECUSO as part of the event.

More information
Helmholtz200-Challenges with SECUSO involvement now online (23-03-2022)

On the occasion of the 200th birthday of its namesake Hermann von Helmholtz, the Helmholtz Association presents 200 great scientific challenges of our time during the year. All challenges with participation of SECUSO / KASTEL are now online. They include solutions for secure online elections (Challenge #65: Secure e-voting), the evaluation of cybersecurity to balance costs and security gains (Challenge #106: Calculate the value of cybersecurity), and the development of user-friendly IT security technologies (Challenge #107: Data security for all Internet users).

More on the challanges
Video of Karen Renaud’s talk is online (21-03-2022)

On November 25, 2021, Dr. Karen Renaud held a talk as part of the KIT International Excellence Talks. The title of her talk was “Moving from ‘Human as Problem’ to ‘Human as Solution’ in Cyber Security”. The video of the talk is now online on the KIT YouTube channel. Dr. Karen Renaud will be a KIT International Fellow 2021 with the SECUSO research group.

Watch the video
Melanie Volkamer is part of the steering committee for ARES 2022 (16-03-22)

Melanie Volkamer has joined the steering committee of the Conference on Availability, Reliability and Security (ARES 2022) this year. The conference will be held August 23-26, 2022 in Vienna, Austria. The deadline for submitting papers was extended. Papers now have to be submitted by March 23, 2022.

Call for Papers
LfDI-BW App now available for Android smartphones (14-03-2022)

With the app of the State Data Protection Officer in Baden-Wurttemberg (LfDI), users can, for example, retrieve content of the office on Mastodon, the LfDI website and on podcasts. The iPhone version of the app was released in September 2021 and is now available for Android smartphones as well. The Android app was developed by the SECUSO research group, after Dr. Stefan Brink got notice of the research group’s Privacy Friendly Apps. Christopher Beckmann and Noah Schlegl were mainly responsible for the development of the Android App.

Press release
Congratulations, Oksana Kulyk! (11-03-2022)

We congratulate Oksana Kulyk on her promotion as Associate Professor! Oksana Kulyk was part of the SECUSO research group from 2013 to 2019. First as a research assistant at TU Darmstadt and from 2018 to 2019 as PostDoc at KIT. She moved to IT university in Copenhagen in 2019, where she became Assistant Professor at the Center for Information Security and Trust. She is still connected to SECUSO as part of joint research paper.  

Oksana’s profile
Melanie Volkamer as guest in the panel discussion on the MWC 2022 (09-03-2022)

Last Wednesday, March 2, 2022, Melanie Volkamer was invited as a guest speaker on the Telekom stage at the Mobile World Congress 2022 in Barcelona. The title of the discussion was “Secure your success - it’s a CXO topic”. Prof. Volkamer discussed together with Naby Diaw, CISO Lufthansa, and Thomas Tschersich, CSO Deutsche Telekom, the current threat situation from a scientific perspective and what the responsibility of the executive level is in protecting the business from cyber risks.

MWC 2022
Reyhan Düzgün as reviewer at KA-IT-Si (08-03-2022)

The Karlsruhe IT-Security Initiative will organize a second literature review on Thursday March 10, 2022. On this evening, literature from all over the world will be reviewed, that deals with the topics data protection or data security. The books can be considered “must-reads” for security experts. Reyhan Düzgün will represent the SECUSO research group at this event. She will review the book “The Hype Machine”. The event will take place online. The talks start at 6 pm. 

More information
PassSec+ update available (04-03-2022)

We have adapted the functionality/logic and the user interfaces of PassSec+ to be inline with those of TORPEDO. This is part of our activities in the Helmholtz topic Engineering Secure Systems. Since we no longer classify an Extended Validation Certificate as low risk (analogous to the decision of the web browser), this means that some pages (especially from banks) are no longer included directly as low risk, but as unknown risk.

More information
Call for Papers: E-Vote-ID 2022 (02-03-2022)

The call for papers for this year’s E-Vote-ID is published. E-Vote-ID is one of the leading events for e-voting experts from all over the world. Prof. Melanie Volkamer is supporting the conference as General Chair. Submissions can be made to five different tracks. Submission deadline for the tracks “Security, Usability and Technical Issues” and “Governance Issues” is May, 15. Submission deadline for the PhD Colloquium and the track “Election and Practical Experiences” is July, 10. Poster and demos can be submitted until September 15. The conference will take place as a hybrid event from October 4-7, 2022 in Bregenz, Austria.

Submit to E-Vote-ID
Melanie Volkamer on simulated phishing campaigns (25-02-2022)

In episode 16 of the Security Awareness Insider podcast is Melanie Volkamer discussing the sense and nonsense of simulated phishing campaigns with Katja Dörlemann, SWITCH, and Markus Beyer. Simulated phishing campaigns promise to be an all-round carefree solution. But this is a false conclusion and simulated phishing campaigns can even harm companies rather than helping them, explains Melanie Volkamer in the podcast.

Listen to the podcast
European Council approved guidelines on ICT in elections (22-02-2022)

The European Council has approved a new instrument on the use of information and communication technologies (ICT) in electoral processes. Melanie Volkamer, Ardita Driza Maurer und Robert Krimmer have contributed to the guidelines as experts. Together with the recommendation on standards for e-voting both documents address the use of ICT in all phases of the electoral cycle – to the exception of e-campaigning. The document is now published.

Read the document
Coffee talk with Melanie Volkamer is online (18-02-2022)

Melanie Volkamer talked to Dirk Arendt, Head of Government & Public at Trend Micro, about IT security in companies at a virtual coffee break on October 7th. The topic of the talk was “Security measures are most effective when everyone is on board - but how to raise awareness for the topic among the employees?”. The talk was recorded and the video is now online.

More information
Afterthoughts on the Safer Internet Day 2022 (16-02-2022)

The SECUSO research group participated with various contributions about a safer Internet at this year’s Safer Internet Day. Besides the successful premiere of our third NoPhish video, Melanie Volkamer and Peter Mayer presented new research on the topic of authentication methods for kids in an expert letter. The topic was published in the “Behörden Spiegel”

Zur Pressemitteilung
Have you voted yet? (14-02-2022)

The Privacy Friendly Apps (PFA) which were developed by the SECUSO research group were nominated for the Digital Autonomy Award. If you also think that our apps should win the race, vote for the Privacy Friendly Apps in the open online voting. Voting is possible until February 18. So, hurry on, open the link and with a view clicks your vote has been casted!

Vote now
Melanie Volkamer in a WDR report (09-02-2022)

Prof. Melanie Volkamer talked in an WDR radio report about passwords. The topic of the report is “Drat that PIN” (“Die verflixte PIN”) and it is explained why we fail to remember PINs so often. Prof. Volkamer explains that it is not always our fault. And she hints at possible solutions: Graphical passwords, for example, which could replace the good old PIN. Or strategies to create mnemonics to better remember PINs or passwords.

Listen to the report
Today is Safer Internet Day 2022 (08-02-2022)

Today is Safer Internet Day 2022! The SECUSO research group is participating in the event with various contributions about a safer Internet: We gathered information on how to find out if your website is hacked in our INSPECTION FAQs. Melanie Volkamer and Peter Mayer present new research on the topic of authentication methods for kids in an expert letter. But above all: Our new NoPhish video will premiere today! 

See all NoPhish videos
AppChecker confirms: PFAs are “clean” (04-02-2022)

The Privacy Friendly Apps (PFA) which were developed by the SECUSO research group were checked for their privacy friendliness by mobilsicher.de: Our apps are truly privacy friendly! If you share this opinion, vote for the Privacy Friendly Apps in the open online voting for the Digital Autonomy Award. Voting is possible until February 18. With the Digital Autonomy Award, digital solutions, products and services are honored, which help people to choose for a self-determined handling of their data.

AppChecker results
Paper accepted at USEC’22 (04-02-2022)

The paper "Phishing awareness and education – When to best remind?" by Benjamin Maximilian Berens, Katerina Dimitrova, Mattia Mossano and Melanie Volkamer was accepted at the Symposium on Usable Security and Privacy (USEC’22). USEC’22 will probably take place April 23, 2022 in San Diego.

Symposium Homepage
Next week is Safer Internet Day 2022 (02-02-2022)

The Safer Internet Day 2022 will take place on February 8. The SECUSO research group will publish a new NoPhish video. Furthermore, it is also a good occasion to raise awareness for the INSPECTION project, which is funded by the German Federal Ministry of Education and Research (BMBF). The aim of the project is to identify hacked websites and find suitable ways to inform website owners about the security issue.

 

Identifying hacked websites
Peter Mayer part of the program committee of SOUPS 2022 (01-02-2022)

Peter Mayer has joined the program committee of the Symposium on Usable Privacy and Security (SOUPS 2022) this year. The conference will be held August 7-9, 2022 in Boston, MA, USA. Papers have to registered for submission by February 11 and submitted by February 17.

Call for Papers
Melanie Volkamer as guest in the panel discussion on the 18th German IT Security Congress (31-01-2022)

The topic of the 18th German IT Security Congress, which is organized by the German Federal Office for Information Security, is “Cyber security is a matter for the bosses!”. The congress will be held online on February 1st and 2nd. During the panel discussion on Wednesday, February 2, Prof. Melanie Volkamer will discuss with Prof. Dr. Alexander Boden, Katharina Korczok, Nadine Nagel and Christian Schmickler about security in the digital world.

The programme
Register now for the third distinguished lecture (28-01-2022)

The registration for the third Distinguished Lecture is now open. On February 11, Prof. Angela Sasse will talk about “Behavioural Science Meets Security: Why a Little Knowledge is a Dangerous Thing”. Prof. Sassel is the chair of Human-Centered Security at the Horst Görtz Institute for IT Security at the Ruhr University in Bochum. Due to the ongoing Covid-19 pandemic the talk will be streamed online only.

Register here
Welcome to the SECUSO Team! (26-01-2022)

Since the beginning of January, Elly Reich and Niklas Kurz are supporting the SECUSO team as student assistants. Elly is studying Industrial Engineering in the Bachelor's program at KIT. Niklas has already finished his Bachelor’s degree in Industrial Engineering at KIT. Both support SECUSO in the subtopic Engineering Secure Systems (ESS). Welcome to the team!

Our team
CCC white paper released on evidence-based elections (25-01-2022)

The Computing Community Consortium (CCC) recently released the “Research Opportunities in Evidence-Based Elections” white paper, written by Josh Benaloh, Philip B. Stark, Vanessa Teague, Melanie Volkamer, and Dan Wallach. This white paper highlights the need for evidence-based elections, which can convince people that the results of elections are accurate, and suggests several technologies that could play a role in this, mostly focused on risk-limiting audits and end-to-end verifiability.

Read the paper
Safer Internet Day on February 8 (21-01-2022)

For the Safer Internet Day on February 8, 2022, the SECUSO research group will publish a new NoPhish video. Currently, we have two NoPhish videos in place as part of the NoPhish concept. In the first video we explain how to recognize dangerous attachments and how to avert attacks. In the second video we explain how to recognize dangerous links and how to avert those attacks respectively. The third video will be published in the context of the Safer Internet Day - stay tuned!

Workshop Homepage
Vote now: SECUSO PFAs for the Digital Autonomy Award (19-01-2022)

The Privacy Friendly Apps (PFA) which were developed by the SECUSO research group were nominated for the Digital Autonomy Award and were chosen for one of the ten best solutions. They will now be part of an open online voting. Until February 18, everyone can vote for the SECUSO PFAs! With the Digital Autonomy Award, digital solutions, products and services are honored, which help people to choose for a self-determined handling of their data.

Vote here
BMBF project INSPECTION starts the new year with project meeting (18-01-2022)

On Friday, 14.01.2022, all partners and interested persons met for a fourth project meeting in the INSPECTION project. Results from forensic analyses of logfiles were presented by BDO AG. The KIT presented the results from qualitative interviews with website owners. The project is funded by the German Federal Ministry of Education and Research (BMBF). The project partners are MindUp Web & Intelligence GmbH and BDO AG Wirtschaftsprüfungsgesellschaft. Dr. Peter Mayer and Anne Hennig, M.A., represent the SECUSO research group in the project.

Workshop Homepage
Opening ceremony for exhibition at ZKM available online (14-01-2022)

On December 18, 2021, the opening of the exhibition “Digiloglounge N°1: Wem können wir vertrauen” (Digiloglounge N°1: Whom to trust) took place in the Center for Art and Media Karlsruhe. The video of the opening ceremony is now available. The exhibition shows the online game “Phishing Master” and the NoPhish quiz. Both materials were developed with or by the SECUSO research group. “Phishing Master” was developed by two students as part of the project digilog@bw, which is funded by the Ministerium für Wissenschaft, Forschung und Kunst (MWK) in Baden-Wuerttemberg.

See the video
Paper accepted at Voting’22 (12-01-2022)

The paper "German voters' attitudes towards voting online with a verifiable system" by Oksana Kulyk, Melanie Volkamer, Niklas Fuhrberg, Benjamin Berens and Robert Krimmer was accepted at the 7th Workshop on Advances in Secure Electronic Voting (Voting'22). Voting’22 will take place as an in-person event on February 18, 2022 in Grenada.

Workshop Homepage
Anne Hennig represents SECUSO as Publicity Chair (05-01-2022)

The SECUSO research group was and will be represented by Anne Hennig as Publicity Chair at two conferences: At EuroUSEC 2021 (October 11 & 12) together with Dr. Peter Mayer, who was Programme Committee Chair and in the upcoming year at the conference “Sicherheit 2022”, which is organized by the group “Sicherheit - Schutz und Zuverlässigkeit (security - protection and reliability) within the German Informatics Society (GI). The conference “Sicherheit 2022” will take place from April 5 to 8, 2022, in Karlsruhe. 

More about the conference
Paper accepted at GI-Sicherheit 2022 (07-01-2022)

Two contributions in collaboration with or by the SECUSO research group were accepted at GI-Sicherheit 2022: The paper “Recent Developments in the Context of Online Elections and Digital Polls in Germany” by Bernhard Becker, Jurlind Budurushi, Armin Grunwald, Robert Krimmer, Oksana Kulyk, Ralf Küsters, Andreas Mayer, Jörn Müller-Quade, Stephan Neumann and Melanie Volkamer was accepted in the Practitioners Track. The dissertation project “Your website has been hijacked: Raising awareness for an invisible problem” by Anne Hennig was accepted as a contribution to the PhD colloquium. The conference will be held in Karlsruhe from April 5 to 8, 2022.

More about the conference
SECUSO end-of-year review: top publications in 2021 (03-01-2022)

Three papers that were written by or with members of the SECUSO research group reached more than 1000 Downloads this year. Among the top 10 are the paper “Phishing-Kampagnen zur Mitarbeiter-Awareness : Analyse aus verschiedenen Blickwinkeln: Security, Recht und Faktor Mensch” by Melanie Volkamer, Angela M. Sasse and Franziska Boehm (2020), the paper “Mental Models: General Introduction and Review of Their Application in Human-Centred Security” (2013) by Melanie Volkamer and Karen Renaud, and “Aktuelle Entwicklungen im Kontext von Online-Wahlen und digitalen Abstimmungen” (2021), which immediately finished up third.

Top 10 SECUSO papers
SECUSO 2021 review (22-12-2021)

We have put together the highlights of 2021. We would like to thank all students and collaborators for 2021 and we look forward to exciting research and teaching in 2022!

See the review
CASA DIstinguished Lecture with Prof. Volkamer: Video is now online (21-12-2021)

On June 7, 2021, Melanie Volkamer was invited as guest speaker for the Distinguished Lecture at CASA - Cyber Security in the Age of Large-Scale Adversaries. CASA is part of the Horst Görtz Institute for IT Security at the Ruhr Universität Bochum. Prof. Volkamer talked about “Usable Verifiable Electronic Voting”. The video of the talk is now online on the CASA YouTube channel.

Watch the video
Article accepted in the Transactions on Human-Computer Interaction (20-12-2021)

The article "Principles for Designing Authentication Mechanisms for Young Children: Lessons Learned from KidzPass" by Karen Renaud, Melanie Volkamer, Peter Mayer, and Rüdiger Grimm was accepted for publication in the Transactions on Human-Computer Interaction (THCI). The article describes and evaluates KidzPass, a configurable graphical authentication framework that leverages the superior pictorial recognition ability of children to offer them a usable way to login to online accounts, even before they learn the alphabet. KidzPass proved efficacious and our younger participants mostly preferred it to text passwords. The article is scheduled to appear in issue 4 of Volume 13 of the THCI.

Journal homepage
New user for the SECUSO NoPhish materials (17-12-2021)

The city of Stuttgart will use the NoPhish quiz, which was developed by the SECUSO research group as part of the NoPhish Concept, to train their staff. We are happy that we could win in total ten new users and supporters over to our NoPhish materials in 2021. Among the newbies are the Federal Office for Information Security (BSI), the consumer advice center (Verbraucherhschutzzentrale) in North Rhine-Westphalia and the German Spy Museum in Berlin as the latest user.

All NoPhish materials
Video of the second KASTEL Distinguished Lecture is now online (16-12-2021)

The second talk of the KASTEL Distinguished Lectures Series took place on November 12, 2021. Prof. Christopher Kruegel talked about “Finding vulnerabilities in Embedded Software” and discussed some of the static and dynamic analysis techniques that he has developed to address the challenges posted by proprietary software, which many devices use. Prof. Kruegel is Professor of Computer Science at UC Santa Barbara. He was also a co-founder of Lastline. The video of the talk is now online.

Watch the video
Melanie Volkamer criticizes online stockholders’ meetings (15-12-2021)

The governing parties in Germany planned in their coalition agreement to allow online stockholders’ meetings permanently. The regulations were changed on an interim basis due to the pandemic to allow socially distanced voting. In a press release, Prof. Volkamer criticizes that current black-box voting systems do not allow verifiability and show in general several vulnerabilities. The press release was shared for example on Zeit Online, the Süddeutschen Zeitung, the Badischen Neuesten Nachrichten, the Merkur, the General-Anzeiger as well as in the RTL News and in several specialised media and online portals (datensicherheit.de, IT-daily, t-online, finanzen.net, u.v.m.).

Read the press release
Exhibition at ZKM shows NoPhish materials (13-12-2021)

The Center for Art and Media Karlsruhe shows in its upcoming exhibition “BioMedien” (bio media) the online game “Phishing Master” and the NoPhish quiz. Both materials are shown in the context of “Whom to trust”. The quiz and the online game were developed with or by the SECUSO research group. “Phishing Master” was developed by two students as part of the project digilog@bw, which is funded by the Ministerium für Wissenschaft, Forschung und Kunst (MWK) in Baden-Wuerttemberg. The exhibition will open on December 18, 2021. Entrance will be free for the entire opening weekend.

More about the exhibition
Position paper on online voting cracks 1000 downloads (10-12-2021)

Since the beginning of the pandemic, a lot of institutions, government agencies, associations and companies have to organize elections and ballot voting without putting the health of voters and poll workers at risk. We are happy to see that our position paper on the actual trends in the context of online voting and digital polls exceeds the number of 1000 downloads since it was published in September. The paper was a joint work of the research group SECUSO, the KIT institutes KASTEL and ITAS, and other researchers.

Read the paper
New team member (08-12-2021)

We welcome Maxime Veit as our new member in the SECUSO team! Maxime Veit was already a Hiwi for the SECUSO research group and was recruited as research assistant. He started his work on December 1, 2021. Maxime Veit graduated with a Master’s degree in Business Informatics from the Karlsruhe Institute of Technology (KIT). He also holds the KASTEL certificate which certifies his specialization in IT security. Maxime Veit will be working for SECUSO in the KASTEL subtopic “Engineering Secure Systems (ESS)”. 

Our SECUSO team
NoPhish in the German Spy Museum Berlin (06-12-2021)

Within the context of cyber espionage, the German Spy Museum in Berlin now also shows the NoPhish videos of the SECUSO research group. Furthermore, we could agree on further cooperation in interesting talks. In the future, the museum will also include the NoPhish Challenge Cards in terms of short games as part of it’s exhibition.

More information and registration
Workshop on IT security and data protection flaws (01-12-2021)

Reports on weak spots and data breaches are omnipresent these days - although companies always tell us that they value our privacy. Prof. Melanie Volkamer and Prof. Dominik Herrmann, University of Bamberg, will lead a workshop of the “Studienstiftung des deutschen Volkes” on security issues and data breaches in companies. Participants will investigate poor IT security and data protection mechanisms and confront the companies with their results. The workshop will take place in Weimar, Germany, from March 20 to 25, 2022.

More information and registration
NoPhish goes UN (22-11-2021)

The SECUSO NoPhish research results were part of an online training on cybercrime at the United Nations African Union Mission in Dafur (UNAMID). In consultation with SECUSO, detective chief superintendent (KHK) Rühl, police department South-Hesse, used the english version of the NoPhish videos to train the staff in dealing with e-mails. Especially international organisations are regularly the target of organized cybercrime attacks. 

NoPhish videos
SECUSO is member of CAST (22-11-2021)

CAST stands for Competence Center for Applied Security Technology. CAST is a competence network, where knowledge about security technologies is communicated for all levels of knowledge. The competence center helps end users with information events, consulting, workshops and tutorials to better assess the use of security technologies. The SECUSO research group is now part of the network.

More information
Cooperation with school in Karlsruhe has started (17-11-2021)

Corona has shown that especially at schools digital processes are lagging behind. In many cases, workarounds were put before security and data protection. We are therefore thrilled to see that the Kant-Gymnasium in Karlsruhe committed themselves to another course: As of now, passwords and user data will be stored securely and user-friendly. Dr. Peter Mayer was invited to speak about password security and the use of password managers at a school meeting last Friday. Together with the teachers, he developed strategies and exchanged ideas about password security and secure password usage.

More information on password security
Prof. Volkamer at the 18th German IT Security Congress (16-11-2021)

Melanie Volkamer is invited to the program committee at the 18th German IT Security Congress which is organized by the German Federal Office for Information Security (BSI). The congress will take place on February 1 and 2, 2022. The event will take place virtually to allow as many participants as possible a platform for exchange on the topics of digitalization. Moderation and talks will take place in person, participants can follow the virtual livestream. The program will be published soon. 

More information
CHIP recommends the SECUSO weather app (12-11-2021)

Free apps are mainly financed through advertisements, tracker and user data. But not our Privacy Friendly Apps: No data are collected and not user profiles are compiled. Chip.de describes in a detailed review the functionalities of the Privacy Friendly Weather App. The bottom line is: The app is straightforward and clever and users are not bothered by location trackers. And the best: It’s free and truly privacy friendly!

Read the full report
DuD-Article on NoPhish-Challenge-Cards (10-11-2021)

Melanie Volkamer, Benjamin Berens, Lukas Aldag and Marie-Claire Thiery, SECUSO, published in cooperation with Milan Burgdorf and Andreas Lorenz an article  about the NoPhish-Challenge-Cards. The article was published as spotlight topic in the current issue of “Datenschutz und Datensicherheit” (data protection and data security, DuD). We studied if the use of challenge cards with different phishing examples can help to increase the interest of participants. The challenge cards were evaluated during the Safer-Internet-Day 2019.

Read the article (German only)
Dr. Karen Renaud in “International Excellence Talk" (09-11-2021)

We are thrilled to announce that Dr. Karen Renaud will present her insights on the topic “Moving from ‘Human as problem’ to ‘Human as Solution’ in Cybersecurity”. Dr. Karen Renaud is a Senior Lecturer at Strathclyde University and was awarded KIT International Excellence Fellow 2021. The talk will be streamed online via Zoom on Thursday, November 25 at 6pm. No registration is needed. 

More information and link to the talk
Registration for the second KASTEL DL is now open (04-11-2021)

The registration for the second KASTEL Distinguished Lecture is now open. On November 12th, Prof. Christopher Kruegel will talk about “Finding vulnerabilities in Embedded Software”. Prof. Kruegel is Professor of Computer Science at UC Santa Barbara. He was also a co-founder of Lastline. In his talk, Prof. Krueger will discuss some of the static and dynamic analysis techniques that he has developed to address the challenges posted by proprietary software, which many of the devices use. The talk will be held in-person and streamed online.

Register now
SECUSO at the “Nacht der Wissenschaft” (02-11-2021)

The “Nacht der Wissenschaft (night of science) will be held this semester in the night of November 26. Many exciting talks from different areas of research are waiting for the visitors. The event will be held online. Mattia Mossano will represent the SECUSO research group with a talk on “Security and Privacy for Everyone”. The talk will be held in English at 9 pm in room 2.

More information
European Cyber Security Month (28-10-2021)

October is the European Cyber Security Month (ECSM). The SECUSO research group was involved with different formats to raise awareness for cybersecurity. We promoted the NoPhish course for citizens, the NoPhish quiz, the Phishing Master online game and the NoPhish workshop which was held within the KIT Science Week. Furthermore, we hinted at the INSPECTION FAQ, a how-to for website owners whose websites were hacked to redirect to a Fake Shop. Even if there are only a few days left in October: All our activities will still be available!

All SECUSO materials for citizens and KMU
Symposium “Sicherheit 2022” takes place in Karlsruhe (27-10-2021)

The German symposium “Sicherheit” (Security) is a periodic event of the division “Sicherheit - Schutz und Zuverlässigkeit” (Security - Protection and Reliability) of the German Informatics Society (GI). The upcoming conference will take place in Karlsruhe from April 5 to 8, 2022. The event is organised by Delphine Reinhardt, Georg-August-Universität Göttingen, and Christian Wressnegger, KASTEL Security Research Labs at KIT. Anne Hennig will represent the SECUSO research group as Publicity Chair.

More infos and registration
KD2-Lab @3sat science documentary (26-10-2021)

The German TV channel 3sat visited the KD2-Lab at the Karlsruhe Institute of Technology to shoot a documentary about auctions and the winner’s curse. The film was aired on Thursday, October 14 at 8:15 pm on the German TV channel 3sat. The segment about the KD2-Lab and the research of Christof Weinhardt and his team starts at minute 16.45. 

Watch the full report
Online Voting - yes, but... (15-10-2021)

In Germany, mainly “black-box voting systems” are used for online voting. But researchers demand for end-to-end verifiable online voting systems. Prof. Melanie Volkamer will talk about the risk of black-box voting systems in the “Mittwochsseminar” (Thursday Seminar) of the Hochschule Ravensburg-Weingarten on November 24, 2021. She will also explain the benefits and current challenges of end-to-end verifiable voting systems.

More infos and registration
SECUSO events were resoundingly successful (13-10-2021)

With E-Vote-ID (October 5 to 8, 2021) and EuroUSEC (October 11 and 12, 2021), the SECUSO research group helped to organize two great conferences. In each conference, more than 200 people participated in interesting discussions on Online Voting (E-Vote-ID) and Usable Security (EuroUSEC). Thanks to ESS (Engineering Secure Systems) and other sponsors, attending and publishing at EuroUSEC 2021 was free. All contributions can be found in the conference proceedings: Springer LNCS (E-Vote-ID) and ACM ICPS (EuroUSEC).

SECUSO event archive
Visions for more cybersecurity (12-10-2021)

Challenges that are related to the digital transformation have to be negotiated with all stakeholders in the society. Within the project “Dialog für Cyber-Sicherheit” (Dialogue for cybersecurity), which is organised by the German Federal Office for Information Security (BSI), representatives from society enter the dialogue with different stakeholders from academia, culture and media, economy as well as politics. Within five “workstreams”, different topics are discussed. The workstream on effective IT security awareness measures is supported by Melanie Volkamer (SECUSO) and Angela Sasse (Ruhr University Bochum). The five workstreams started their discussions in July 2021. The exchange of information will last until March 2022.

Project website
Spotlight topic: Online Voting (11-10-2021)

The German Informatics Society (GI) spotlights online voting in its latest newsletter (GI-Radar 292). The article points out the benefits of online voting, but also mentions the risks: Before online voting can be used for federal elections, the systems have to be end-to-end verifiable. Actual challenges have to be addressed before citizens can make informed decisions about online voting.

Read the full newsletter
Prof. Volkamer in an interview with radioeins (rbb) on online voting (06-10-2021)

Chaos in Berlin during the federal election last Sunday: Invalid ballots, long lines in front of the polling locations and delayed election results. Would online voting be an alternative here? Prof. Melanie Volkamer explains in an interview with radioeins, why this is currently not the case. 

Listen to the interview
KASTEL Distinguished Lecture #2: Finding vulnerabilities in embedded software (04-10-2021)

Second round for the KASTEL Distinguished Lectures Series: On November 12th, Prof. Christopher Kruegel will talk about “Finding vulnerabilities in Embedded Software”. Prof. Kruegel is Professor of Computer Science at UC Santa Barbara. He was also a co-founder of Lastline. In his talk, Prof. Krueger will discuss some of the static and dynamic analysis techniques that he has developed to address the challenges posted by proprietary software, which many of the devices use. The talk will be streamed online and participation is free of charge.

More infos and registration
Human Factors in IT Security (30-09-2021)

Prof. Melanie Volkamer will talk about human factors in IT security as part of the event “Nichts sehen. Nichts hören. Nichts sagen.” from the Karlsruher IT security initiative (KA-IT-Si) on October 21, 2021. In the talk, Prof. Volkamer will discuss which security awareness measurements should be implemented as part of the IT security in companies. She will further explain, why awareness is an important precondition for an effective IT security concept.

More infos and registration
EuroUSEC and E-Vote-ID just around the corner (30-09-2021)

The International Conference for Electronic Voting (E-Vote-ID 2021) will take place from October 5 to 8, 2021. The European Symposium on Usable Security (EuroUSEC) will take place on October 11 and 12. The SECUSO research group will participate in both events with both presentations and organisation. Prof. Melanie Volkamer supports E-Vote-ID 2021 as general chair. Dr. Peter Mayer, Program Co-Chair, and Anne Hennig, Publicity Co-Chair, will support EuroUSEC. Attendance for EuroUSEC is free of charge for everyone this year. However, registration for both events is mandatory.

All SECUSO Events
Prof. Melanie for a coffee with Dirk Arendt (30-09-2021)

Save the date: Melanie Volkamer will talk to Dirk Arendt, Head of Government & Public at Trend Micro, about IT security in companies on October 7th. Security measures are most effective when everyone is on board - but how to raise awareness for the topic among the employees? Registration for the talk called “Espressorunde” on October 7, 2021 from 9 to 9.30 am is mandatory.

Registration for the talk
Wanted: PFA mentors (29-09-2021)

Last Wednesday, September 22, 2021, a new building for the data protection authority of Baden-Württemberg (LfDI) was inaugurated. Melanie Volkamer and Christopher Beckmann seized the moment to present the Privacy Friendly Apps (PFA), which were developed by the SECUSO research group. The idea is to win mentors, who would support the PFA’s - either by taking over responsibility for one or more apps, by supporting the development team with manpower or by sponsoring a HiWi or WiMi position to increase the size of our PFA-team.

Do you want to become a mentor?
Registration is open: SECUSO at the KIT science week (28-09-2021)

Don’t forget: KIT Science Week will take place for the first time from October 5 to 10, 2021. The SECUSO research group will organize a workshop called “Digital Self-Defense - NoPhish”. The workshop will be an in-person event and seats are limited. So register now via the website of the Science Week.

Registration
Melanie Volkamer in “SWR2 Wissen” on E-Voting (27-09-2021)

We have electronic vaccination certificates, online classes and digitized working environments. Why don’t we vote electronically? Prof. Melanie Volkamer talks in the SWR2 Wissen podcast about current discussion on the topic of online voting. Her opinion: If we implement online voting, we need to use verifiable voting systems. Current black-box-systems do not allow verifiability. With those black-box systems it is not even possible to detect and track possible attacks or manipulations.

Listen to the podcast
Expert letter on the challenges of online voting (24-09-2021)

Melanie Volkamer and Jörn Müller-Quade spoke out on the topic of requirements for secure online voting in the context of an KIT expert letter this week. Their claims are based on the latest position paper that deals with current developments in the context of online voting and digital elections. Magazines like “IT-Zoom” and “Elektronik Praxis” took up on this issue.

KIT Experts on current topics
AIFB Thematic Issue 2021 and invitation to the 36th AIK Symposium (24-09-2021)

The current AIFB Thematic Issue 2021 (German) is out! Amongst the latest highlights from the Institute of Applied Informatics and Formal Description Methods (AIFB) you will find the invitation to the 36th AIK Symposium "50 Years of the Institute of Applied Informatics and Formal Description Methods" in this issue. The anniversary symposium will take place on October 22, 2021 and will be organized by the AIK e.V. association (German). If the current Corona regulations permit, the symposium will be held as an in-person event at the ACHAT Hotel Karlsruhe City. Regardless of the situation, all talks will be made available online as livestreams. 

More information and registration
Helmholtz-Challenge #65: Secure E-Voting (22-09-2021)

In celebration of Hermann von Helmholtz’s 200th birthday, the Helmholtz Association is presenting 200 scientific challenges, researchers in the Helmholtz centres are currently working on. Challenge No. 65 is dedicated to the topic of secure E-Voting. With the German federal elections around the corner, more and more people in Germany are supportive of online voting. But urgent research questions are still without answers, such as: How can security of the ballot be ensured? How can the voter’s trust in online voting systems be increased?

Helmholtz Challenge #65
Paper accepted at SPOSE 2021 (20-09-2021)

The paper “SMILE - "SMILE - Smart eMaIl Link domain Extractor" by Mattia Mossano, Benjamin Berens, Philip Heller, Christopher Beckmann, Lukas Aldag, Peter Mayer and Melanie Volkamer was accepted at the 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering (SPOSE 2021). In the paper a scheme for a new security intervention, called SMILE (Smart eMaIl Link domain Extractor) is presented. SMILE aims at supporting email users judging the legitimacy of the messages they receive. It is meant to be used alongside existing SPAM filters and other tools, but it can also work on its own, as it provides the minimum necessary information to distinguish between phishing and legitimate emails.

SPOSE 2021
Whom to trust at Online Voting (20-09-2021)

According to current numbers, two third of the German citizens would consider e-voting at elections. Questions of security and trust are not always asked in these processes. At #meetdigilog, Prof. Volkamer will explain whom citizens and organizers need to trust when holding online elections. She will also explain why current, non-electronic voting will be the future rather than absentee voting via letter or the Internet. #meetdialog will be streamed via the Instagram channel of the Center for Art and Media Karlsruhe (ZKM) on September 23, 2021, 17.30 to 18.00.

ZKM Instagram channel
Enrollment for the SECUSO internship is now enabled (15-09-21)

The internship "Security, Usability and Society" will cover topics both of usable security and privacy programming, and how to conduct user studies. This internship will be only in English. Topics this year will be for example the development of the Notes 2.0 app, programming a Password Manager Enrolment Add-On or a Cookie Consent Manager for websites as well as creating user studies in the area of Phishing Detection. Enrollment for the internship is now enabled. 

More information and registration
Current developments in the context of online elections (13-09-2021)

According to the Bitkom survey for Germany, two thirds of their participants are in favour of online voting in German federal elections. In a recently published paper, the research group SECUSO, the KIT institutes KASTEL and ITAS, together with other researchers, explain why it is much more difficult to secure an online election than, for example, digital shopping. In addition, the paper offers a discussion of some online elections that have been carried out in Germany as well as some explanations of existing requirements catalogues.

Paper (in German)
SECUSO at the KIT science week (07-09-2021)

KIT Science Week will take place for the first time from October 5 to 10, 2021. The SECUSO research group will organize a workshop called “Digital Self-Defense - NoPhish”. The motto of the first KIT Science Week is artificial intelligence and has the title “Der Mensch im Zentrum lernender Systeme” (the human being in the center of learning systems). It will combine a high-ranking international scientific conference with dialog formats for the public.

Read the full programme
Prof. Volkamer on Online Voting at the DGRI annual convention (01-09-2021)

The annual convention of the German Association of Law and Informatics (Deutsche Gesellschaft für Recht und Informatik e.V., DGRI) will take place in Leipzig from November 25-27, 2021. Prof. Melanie Volkmer, head of the SECUSO research group, will talk about online voting and decision-making in the corporations law. The talk will be held in the context of digital challenges for the management. The convention will take place mainly as an in-person event. Registration is mandatory.

Read the programme
Digital voting - Prof. Volkamer in the latest episode of the “Telekom Netz” Podcast (26-08-2021)

Prof. Melanie Volkamer, head of the SECUSO research group, explains in the latest episode of the “Telekom Netz” podcast, why we won’t have electronic voting for the upcoming federal election in Germany. Despite the often cited “digital boost” due to the pandemic, Germany is far away from having secure online voting systems. Currently, mainly “Black-Box” systems are in use, where the users cannot reliably detect manipulations. For secure online voting, end-to-end-verifiable systems are mandatory. 

Listen to the Podcast
Explanatory video on online elections is now available in English (25-08-2021)

Our SECUSO explanatory video on online elections is now also available in English. In the video “Voting over the Internet - Maybe an option you think of … during the pandemic” we explain why easy to use online voting systems are not at all secure. And we suggest using end-to-end verifiable Internet Voting Systems as an alternative.

Have a look
Melanie Volkamer on Usable Security & Privacy at the 10th “Frankfurter IT-Rechtstag” (24-08-2021)

Save the date: Prof. Melanie Volkamer, head of the SECUSO research group, will give a talk on “Usable Security & Privacy: Forschungsansätze - Ergebnisse und Diskussion zur Unterstützung des Rechts” at the 10th Frankfurter IT-Law day. The event will take place as an in-person session from November 19 - 20, 2021 in Frankfurt/Main. Further information will be published soon. The conference is organized by davit, the Information Technology section of the German Association of Lawyers (“Deutscher Anwaltverein”).

More information on the event
Voting the parliament by clicking (13-08-2021)

Melanie Volkamer had an extensive conversation with Adrian Hartschuh from the newspaper "Die Rheinpfalz".
The topic was e-voting and the demand of end-to-end verifiable electronic voting systems.
Find more information about the conversation and e-voting in the article (German only).

Go to Article
EuroUSEC program and registration (12-08-2021)

The program for EuroUSEC 2021 was released. The online symposium will take place on the 11. & 12. of October. The registration is free and already open. You can only participate by registering beforehand!

Registration
Spotlight: Cookies and Cookie Disclaimer (12-08-2021)

The spotlight text is published on the digilog-bw.de website. It is a contribution to the topic of cookies with regard to privacy and data protection. The text highlights the following aspects: the design of cookie disclaimers on popular websites, the current legal situation in this respect and the fields of action in connection with cookies. Users of the websites are invited to write to the data protection officers, the website operators and to contact us. The article was developed as part of the digilog@bw project, which is financed by MWK (Ministerium für Wissenschaft, Forschung und Kunst).

Note: The spotlight is written in German. 

Go to the spotlight
"Phishing Master" at the Triangel (06-08-2021)

On three days (21.07. – 23.07.2021), the entertaining online game “Phishing Master” was made available for students in “Triangel”. In this shooting game, developed by Tobias Länge and Philipp Matheis, users learn to distinguish between fraudulent and legitimate messages. The students were invited via allocation of an appointment and could play “Phishing Master” as one station and could give feedback afterwards. The opportunity to play the game was perceived positively and accessed via the following link if you would like to test it yourself. 

Play the game
Registration for EuroUSEC 2021 is open (03-08-2021)

The registration for EuroUSEC 2021 is now open! Attendance is free of charge for everyone this year. However, registration is mandatory. EuroUSEC will be held online on October 11 & 12, 2021. Since a record number of 62 submissions was received this year, attendees can hope for inspiring research talks from everything about Usable Security and Privacy. Dr. Peter Mayer, Program Co-Chair, and Anne Hennig, Publicity Co-Chair, will represent SECUSO as part of the event.

Proceed to the registration
Spotlight topic: Simulated phishing trainings (30-07-2021)

The German Informatics Society (GI) spotlights Simulated Phishing Trainings in its latest Newsletter (GI-Radar 292). Amongst other aspects, companies have to clarify whether the evaluation of the data is permitted according to workplace and data protection laws. Furthermore, additional security risks might occur, if the company has not yet established procedures to report IT security incidents and employees are not fully informed about the goals of the campaign. The bottom line is that the costs and the potential damage are not compensated by the - so far not even verified - benefits.

Read the full newsletter
Talk as part of PrivacyCon 2021 (26-07-2021)

On Friday, 27th July 2021, the US Federal Trade Commission will host its sixth annual PrivacyCon. PrivacyCon 2021 will bring together representatives from academia, industry, consumer advocates, and government regulators to discuss current trends in consumer privacy and data security. As part of PrivacyCon 2021, SECUSO will present research results stemming from a study on individuals' awareness, perception, and reactions to data breaches that affected them. A paper on these results was also accepted for publication at the USENIX Security Symposium 2021.

PrivacyCon website with agenda
Third project meeting in the BMBF project INSPECTION (23-07-2021)

On Friday, 23.07.2021, all partners and interested persons met for a third project meeting in the INSPECTION project. The results of telephone interviews with businesses as well as the first results from forensic analyses of logfiles were presented. The project is funded by the German Federal Ministry of Education and Research (BMBF). The project partners are MindUp Web & Intelligence GmbH and BDO AG Wirtschaftsprüfungsgesellschaft. Dr. Peter Mayer and Anne Hennig, M.A., represent the SECUSO research group in the project.

More infos on the project
Paper accepted at MuC 2021 (19-07-2021)

Our paper "Evaluation der interaktiven NoPhish Präsenzschulung" from Benjamin Berens, Lukas Aldag, and Melanie Volkamer was accepted at the Mensch und Computer (MuC 2021) workshop.
The paper investigates the long-term effectiveness of our anti-phishing workshop "NoPhish" and extends previous research results. MuC will take place as a hybrid event between the 5. and 8. of September, both virtual and at the Technische Hochschule Ingolstadt.

More information on MuC 2021
Video now online available (16-07-2021)

The video of Melanie Volkamer’s talk on “Usable Verifiable Electronic Voting” held at the sixth edition of the International Cyber Security Summer School (ICSSS 2021) is now available online.

Watch the video
Second paper accepted at EuroUSEC (14-07-2021)

The second paper of the SECUSO research group that was accepted at the European Symposium on Usable Security (EuroUSEC 2021) is about an analysis of YouTube’s most popular videos about password security. In their vision paper “What Johnny learns about Password Security from Videos posted on YouTube”, Mathieu Christmann, Peter Mayer and Melanie Volkamer found that those videos cover only a fraction of what can be considered essential knowledge about password security. The vision paper will be presented at EuroUSEC 2021, which will be held online on October 11 and 12, 2021.

More infos on password security
Paper accepted at EuroUSEC (12-07-2021)

Two papers of the SECUSO research group were accepted at the European Symposium on Usable Security (EuroUSEC 2021) angenommen. The Paper „Dark Patterns in the Wild: Review of Cookie Disclaimer Designs on Top 500 German Websites” by Chiara Krisam, Heike Dietmann, Melanie Volkamer and Oksana Kulyk examines the display of cookie disclaimers on the Top 500 web pages in Germany. The authors could show that more than 95% of the web pages use cookie disclaimer which entrap the users to accept all cookies. EuroUSEC will be held online on October 11 and 12, 2021.

More infos
Paper accepted at E-Vote-ID (09-07-2021)

The paper "Usable Verifiable Secrecy-Preserving E-Voting" by Oksana Kulyk, ITU Center for Information Security and Trust, Reto König, Berner Fachhochschule BFH, Philipp Locher, Jonas Ludwig and Melanie Volkamer, SECUSO research group at Karlsruher Institut für Technologie (KIT), has been accepted at this year's E-Vote-ID conference. The paper describes the design and the evaluation of user friendly interfaces for vote casting and vote verification in a code-based voting system. The conference will be held online from October 5-8, 2021.

More information
Melanie Volkamer is part of the TRK experts network (05-07-2021)

Melanie Volkamer is listed as contact person for digitalisation in the experts network of the TechnologieRegion Karlsruhe (TRK). The network was created to display experts from different areas of expertise, publicitize them trans-regional and national and make it easy to get in touch with a suitable expert.

More information
Paper accepted at WAY 2021 (01-07-2021)

The paper “How to Improve Awareness for Password Security by Shifting to a State-of-the-art Password Policy” by Mathieu Christmann, Peter Mayer and Melanie Volkamer was accepted at the “7th Who are you?! Adventures in Authentication Workshop” (WAY 2021). The workshop will take place as a virtual event on August 8th, 2021.

More information
Prof. Emilia Graß as guest speaker for the SECUSO research seminar (29-06-2021)

We are happy to announce that Prof. Dr. Emilia Graß from Imperial College London will be our guest in the SECUSO research seminar. Prof. Graß will be talking about ways to improve cybersecurity in healthcare.
Especially during the current COVID-19 pandemic, the number of cyberattacks on healthcare has significantly increased. Porf. Graß is researching stochastic models to improve the cyber resilience of a healthcare provider by selecting a set of efficient countermeasures in preparation for upcoming cyber incidents.

More information
Beware of fake shops when shopping online (28-06-2021)

The internet offers a plethora of ways to make money from the pandemic. While it was protective masks at the beginning, later corona tests that were offered via fake websites. Peter Mayer about fake shops, frauds and forgeries in an interview with Stefan Fuchs from the KIT campusradio.

Listen to the full report
KASTEL distinguished lectures series started huge (24-06-2021)

The first KASTEL distinguished lecture took place on June 11, 2021 with a talk from Prof. Johanes Buchmann. Prof. Buchmann talked about “Sustainable Cybersecurity and Privacy”. Prof. Holger Hanselka, president of the KIT, welcomed the audience. More than 170 persons took the chance to learn more about sustainable cybersecurity and to talk with Prof. Buchmann. The video of the event is now online.

Watch the video
Study on data breaches: Most victims are unaware that they are affected (21-06-2021)

In the first known study to ask participants about actual data breaches that impacted them, researchers from SECUSO, the University of Michigan and the George Washington University showed 413 people facts from up to three data breaches that involved their own personal information. The study found that people were not aware of 74% of the breaches shown to them. The researchers also found that most of those affected by breaches blamed their own personal behaviours for being affected. The paper describing this study will be presented at the USENIX Security Symposium. The pre-print is already available.

More info
Paper accepted at TrustCom 2021 (21-06-2021)

The paper “How to Increase Smart Home Security and Privacy Risk Perception” by Reyhan Düzgün, Peter Mayer, Benjamin Berens, Christopher Beckmann, Lukas Aldag, Mattia Mossano, Thorsten Strufe und Melanie Volkamer was accepted at the 20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). The paper presents the development of a smart home privacy and security awareness intervention and its effect on user’s risk perception. The conference will be held online from 18th-20th of August 2021.

TrustCom 2021
Update: Recommendations for CISOs (16-06-2021)

Prof. Melanie Volkamer and Benjamin Bachmann, director for cyber security at EXXETA, developed seven recommendations for information security officers in companies. The guidelines, which are based on scientific research and practical knowledge, were specified with the help of several skilled third parties. Version 1.1 is now available under a new link.

Version 1.1
Prof. Volkamer on opportunities and risks of security awareness measures (14-06-2021)

Cybersecurity is a constant topic for businesses. Which risks for businesses arise from ongoing digitalization processes? How can businesses face cyber attacks? These topics will be discussed in the context of the „Cybersecurity Day“, which is organized by the East Side Fab - network, in a virtual event on June 24th, 2021. Prof. Melanie Volkamer will give a talk on chances and risks of security awareness measures.

More information
How to: Secure passwords (10-06-2021)

Complexity isn’t always the way to go: Prof. Melanie Volkamer and Dr. Peter Mayer talk in an “SWR Landesschau” report about password security and the advantages of password managers. With respect to password security, lengths beats complexity, explains Prof. Volkamer. Longer passwords provide more possible combinations, which make them unappealing for attackers.

See the full report
TORPEDO Update for outlook.live.com (08-06-2021)

TORPEDO (TOoltip-poweRed Phishing Email DetectiOn) helps to detect malicious links in phishing e-mails so that you can expose their attempts to deceive you. NEW: TORPEDO brings support to outlook.live.com and in particular for KIT to owa.kit.edu! The new update is available at the Firefox or at the Chrome store.

More information on TORPEDO
Second edition of textbook about human and computer interaction out (07-06-2021)

The second edition of the German textbook “Sicherheitskritische Mensch-Computer-Interaktion” is published. Melanie Volkamer, Peter Mayer, Benjamin Reinheimer and several former members of the SECUSO research group contributed with a chapter about human factors in security. The chapter provides a general introduction in the topic focussing on end users. The chapter elaborates on the problems about human factors in security and explains common problems by the examples of E-Mail encryption, https and passwords.

Read the book
Paper accepted at HAISA 2021 (02-06-2021)

Paper accepted at HAISA 2021 (02-06-2021)
The paper “A Literature Review on Virtual Reality Authentication” by John M. Jones, Reyhan Düzgün, Peter Mayer, Sanchari Das and Melanie Volkamer was accepted at the IFIP International Symposium on Human Aspects of Information Security & Assurance. The paper investigates the state-of-the-art of authentication schemes for Virtual Reality Head-Mounted-Displays. The workshop will be held online from 7th-9th of July 2021. 

To the symposium
Dr. Brink as guest speaker in the lecture on information security (02-06-2021)

Dr. Peter Mayer and Dr. Marco Ghiglieri deliver this semester's lecture on information security. Again, there will be a guest speaker as part of the lecture. It is a pleasure to welcome Dr. Stefan Brink, commissioner for data privacy and information security in Baden-Wuerttemberg. He will talk about data protection and privacy on July 5, 2021.

More information on the lecture
SECUSO @ SPOSE 2021 (01-06-2021)

Melanie Volkamer has joined this year's program committee of the workshop "Security, Privacy, Organizations, and Systems Engineering (SPOSE)", co-located with ESORICS 2021. The workshop will take place on October 7 or 8, 2021 as a virtual event. Submissions for talk proposals are possible until July 16. 

For more information regarding the submission
Welcome STAR! (01-06-2021)

We’d like to introduce STAR, our new team member! STAR is a humanoid robot, who will assist the SECUSO research group in the field of security awareness. He will assist at several events, for example at the “Night of Digitalisation” in Karlsruhe. His first job will be to present E-Mails to the visitors of the Center for Art and Media Karlsruhe (ZKM). The visitors should then tell whether the E-Mail is fraudulent or not. STAR is the abbreviation for Security Teaching and Awareness Robot.

Welcome STAR!
SECUSO @ Digital day 2021 (01-06-21)

Digitalisation is proceeding, to keep up with digitalisation and to move safely in the digital world the new event “digital day” was created. The goal is to foster participation as digitalisation is a joint task. Many activities are planned on 18.06.21 that examines and discusses the distinct aspects of digitalisation. SECUSO will be part of this event by organizing a workshop about cybersecurity. We hope for a lively exchange with all the participants.

More information (German only)
Pocket-sized exercises (28-05-2021)

Are you suffering from physical inactivity? Try the “Aktivpause to Go”! The Institute of Sports and Sports Sciences at KIT recommends the SECUSO app “Aktivpause to Go”. Within the context of workplace health management, the app helps students and staff to balance the lack of exercise during office work. Physical activity reduces health problems resulting from desk work. Give it a try!

More information (German only)
Melanie Volkamer on “Usable Verifiable Electronic Voting” (26-05-2021)

Melanie Volkamer will talk about “Usable Verifiable Electronic Voting” within the CASA Distinguished Lectures on June 7th. In the talk, we will discuss risks of black box voting systems as well as challenges of end-to-end verifiable voting schemes and how some of these challenges can be address when taking a human centered approach. The talk will be held online, no registration is needed.

More information on the event
Weather 3.0.1 is now available in the Google Play Store and on F-Droid (21-05-2021)

We fundamentally improved and extended our privacy friendly weather app in the last months. Users can now access the actual weather, hourly forecasts for the next two days or forecasts with visualized trends for their selected locations. Furthermore, users can access rain maps, compare their actual weather with other locations in a selected radius or check the weather of four other locations on their home-screen widget. The weather app is available on Google Play and F-Droid.ar.

Check it out
KASTEL Distinguished Lectures series starts in June (19-05-2021)

The KASTEL Distinguished Lectures series will start June 11th with a talk from Prof. Johannes Buchmann. Prof. Buchmann will talk about “Sustainable Cybersecurity and Privacy”. He is a German computer scientist, mathematician and professor emeritus at the department of computer science of the Technische Universität Darmstadt. Buchmann is - amongst other research topics - famous for developing the signature scheme XMSS, which was declared the first international standard for post-quantum signature schemes in 2018.

Read more about the lectures series
Melanie Volkamer on cybersecurity at the IHK IT security conference (17-05-2021)

Business procedures become more and more digitalized and cybersecurity is therefore a prevalent topic in most of the companies. Melanie Volkamer will talk about the human factor in IT security concepts during this year’s IHK IT security conference. The conference is organised by the IHK Reutlingen and will take place as a virtual event on June 29th, 2021. All talks will be held in German.

Register for the event
Cyber Security Summer School 2021 (14-05-2021)

The Cyber Security Summer School 2021 will take place as a virtual event from Jun 14-16, 2021. The focus of this year's Summer School will be on real-world internet voting systems. The Summer school will provide a comprehensive overview on the technological solutions used and their security aspects. Melanie Volkamer will talk about "Human aspects in secure remote electronic voting“ in the course of the event. Master and PhD students as well as researchers or domain experts can apply until May 31, 2021.

Apply now
Melanie Volkamer has joined the program committee of FoPI2021 (12-05-2021)

Melanie Volkamer has joined this year's program committee of the workshop "Future of PI: Challenges and Perspectives of Personal Identification”. The workshop will take place on September 6, 2021 as a virtual event. It is co-located with EuroS&P 2021. Submissions for talk proposals are possible until May 21st.

More about the workshop
Webinar on the experiences, theories and technologies of Online Voting (10-05-2021)

Melanie Volkamer will take part in the next episode of Foresight Democracy - Webinar Series. The topics that will be discussed include Online Voting experiences, theories and technologies. The key objective of the online event is to raise awareness of the benefits and challenges of technology relating to online registration and voting. The webinar is free and will take place as a virtual event on May 20th, 2021.

Register here for free
Computer viruses: Hitting the panic button? (07-05-2021)

“There is no glory in prevention” - but security warnings about compromises in IT systems are inevitable. Felix Schledde, reporter at WDR talked with Melanie Volkamer about how to warn people without spreading panic. Prof. Volkamer said that it is essential to help people understanding security warnings and aligning those warnings with their previous knowledge. 

Listen to the report
SECUSO news on LinkedIn (05-05-2021)

All our news from SECUSO can also be found on our LinkedIn business page:
https://www.linkedin.com/company/secuso-research-group/. Follow us so you don’t miss any updates!

Follow us on LinkedIn
IT security measures for SME - video now online (03-05-2021)

Last week Melanie Volkamer, head of the SECUSO research group, and other IT security researchers talked about “Usable Security in SME”. The video of the webinar is now online and can be watched on YouTube. 

Watch webinar online
Peter Mayer has joined the program committee of WAY (30-04-2021)

Peter Mayer has joined this year's program committee of the "7th Who Are You?! Adventures in Authentication Workshop (WAY 2021)". The workshop will take place on August 8, 2021 as a virtual event. Submissions are possible until May 27th.

 

WAY 2021 Call for Papers
Melanie Volkamer on E-Voting in the podcast “eGovernment” Podcast (28-04-2021)

 

Thorsten Frenzel and Dirk Arendt spoke with Prof. Dr. Melanie Volkamer about electronic voting in the latest episode of the podcast “eGovernment”. Amongst other topics, they talked about different voting systems, how to secure the voting and make the vote count open to scrutiny. Are you considering to conduct an electronic election? Or are you eligible to vote in an electronic election? Then you should listen to this episode of eGovernment!

Click here to listen
Paper accepted at the 30th USENIX Security Symposium (26-04-2021)

The paper "'Now I'm a bit angry:' Individuals' Awareness, Perception, and Responses to Data Breaches that Affected Them" by Peter Mayer, Yixin Zou, Florian Schaub, and Adam J. Aviv has been accepted for publication at the 30th USENIX Security Symposium, which will be held August 11th to 13th as a virtual event. The paper describes a user study in which participants were confronted with data breaches, that according to haveibeenpwned.com exposed their email addresses and other personal information, in order to collect the participants' awareness, perception, and reactions regarding these data breaches.

 

USENIX Security website
Workshop on IT security measures for SME (26-04-2021)

Melanie Volkamer, head of the SECUSO research group, and other IT security researcher will be talking about “Usable Security in SME” on Tuesday, 27.04.2021. The focus of the discussion is on useful security measures for small and medium-sized enterprises and the question how and when it is advisable to take your employees on board. Attendance is free, but registration for the webinar is recommended.

Register for the event
Girl’s Day 2021 - A short introduction into Phishing (23-04-2021)

The SECUSO research group engaged in this year’s Girl’s Day with a short introduction into the topic of Phishing messages. The girls participated in a live quiz where they were asked to tell whether a message was legitimate or fraudulent. We used a quiz similar to the NoPhish quiz on our "SECUSO for citizens page" - have a look!

SECUSO for citizens
Pictures as passwords – the spotlight-topic of the latest GI-Radar (22-04-2021)

The German Informatics Society (GI) spotlighted the SECUSO research on graphical authentication methods in their last newsletter. Several studies showed that people and especially kids can remember pictures better than complex passwords based on alphanumerical strings. Which makes authentication methods using pictures more secure than ht euse of weak passwords. In a study with 44 students on a German elementary school, we wanted to examine, weather the kids could remember pictures. The result was overwhelming: If the pictures are chosen which are close to the kid’s world of experience, those authentication methods are an excellent option.

 

GI-Radar No. 284
Competence in E-Voting @ KIT (19-04-2021)

Several professors are researching different aspects of E-Voting at KIT: Melanie Volkamer, Bernhard Beckert, Jörn Müller-Quade and Armin Grunwald. They bundled their competences to help authorities, who are responsible for the election, make an informed decision regarding which system is adequate for their type of elections. Since it is not always easy to understand the underlying cryptographic processes of E-Voting systems, professional advice is helpful to find suitable election systems and elections procedures.

Read more (only German version)
A New Blog Post about the Online-Game “Phishing Master” (16-04-2021)

The blog post is published on the digilog-bw.de website. First, it provides general information about phishing. If additional knowledge is desired, further links are provided to the SECUSO Website. Two students Tobias Länge and Philipp Matheis developed the entertaining (online phishing) game. It helps users to learn to distinguish between fraudulent and real(legitim) messages. The idea to learn about phishing with a game can catch the interest of new target groups as well. The game was developed as part of the digilog@bw project, which is financed by MWK (Ministerium für Wissenschaft, Forschung und Kunst).
Note: The blog post is written in German. 

Go to Blog
Recommendations for CISOs in the 'Spotlight’ (14-04-2021)

The German journal for cybersecurity “<kes>” picked up on the research of Melanie Volkamer, head of the SECUSO research group, and Benjamin Bachmann, Director Cyber Security at EXXETA. The authors developed seven recommendations. The guidelines are based on scientific research and practical knowledge. In its biweekly “Spotlight”, the journal flags the recommendations for Chief Information Security Officers (CISO) which are designed to help implementing preventive security measures in companies.

Read more (only German version)
New article on the right to informational self-determination (09-04-2021)

Several members of KASTEL, Dr. iur. Anne Steinbrück, Dr. rer. pol. Marcus Wiens, Dr. ing. Pascal Birnstill, Florian Kaiser, Dr. Tim Zander, Prof. (apl.) Dr. Oliver Raabe, Prof. Dr. Frank Schultmann and Prof. Dr. Melanie Volkamer, published a joint article in the German legal journal „Recht auf Datenverarbeitung (RDV 2021, S. 7)“ (Right of information processing). The article analyses the legal arguments of an 2019’s order of the Oberlandesgericht Düsseldorf  (OLG Düsseldorf v. 26.08.2019, Az.: VI Kart 1/19 (V)) from an economical point of view. The order deals with the application of antitrust legislation in the context of violation of privacy rights.

Read more
New research paper on how GDPR has affected users’ reaction to cookie disclaimers (07-04-21)

Did the entry of the EU General Data Protection Regulation (GDPR), which was accompanied by extensive media coverage, change users’ behavior in respect to cookie-disclaimers? Oksana Kulyk, Nina Gerber, Annika Hilt and Melanie Volkamer conducted a follow-up study to their research in 2017 and found that users did not change their attitude towards cookie use in favor of privacy protection. The results rather suggest that users get even more accustomed to the use of cookies and blindly accept them just to get rid of the disclaimer. The authors therefore developed recommendations for customers, developers and policy/law makers to tackle this lack of awareness. 

Read the full paper
Prof. Volkamer on Corona-phishing and phishing awareness (01-04-2021)

Phishing and staff awareness campaigns is one of the main topics in the latest issue of the German journal “Computer und Arbeit”. Prof. Volkamer, head of the SECUSO research group, explains why phishing trainings are not always recommended and which are more effective ways to train your staff. Increasing awareness is essential since the strategies of the cybercriminals become more and more sophisticated. AI systems, for example, are trained to automatically extract information on the targeted persons. This aids cybercriminals, says Prof. Müller-Quade, head of the Institute for Cryptography and Security at KIT.

Read the full text
Interview with Prof. Volkamer (30-03-2021)

Hoxhunt, a Finnish security-company, recently interviewed Prof. Melanie Volkamer, head of the SECUSO research group, about security risks and the future of security trainings – both in the context of phishing. Since phishing E-Mail become more and more sophisticated and more people are working from home, security trainings need to be diverse to meet individual learning preferences. 

Read the interview
SECUSO member Peter Mayer has reprised his role in the organizing committee of the 2021 Annual Computer Security Applications Conference (ACSAC) (26-03-2021)

ACSAC brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, workshops, and professional development and training courses, ACSAC continues its core mission of investigating practical solutions for computer and network security technology. This year's conference will be held from 6-10 December 2021.

ACSAC website
Peter Mayer joined the Program Committee of PETS 2022 and the Editorial Board of the Proceedings on Privacy Enhancing Technologies (PoPETs) (26-03-2021)

Peter Mayer has joined the program committee of PETS 2022 and the editorial board of the Proceedings on privacy enhancing technologies (PoPETs). The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Submitted papers undergo a journal-style reviewing process and accepted papers are published in the journal Proceedings on Privacy Enhancing Technologies (PoPETs). PETS/PoPETs is the premier venue for novel applied and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies.

PETS website
Inspecting Fake Shops: First results in the BMBF-project INSPECTION (26-03-2021)

Last Wednesday, 24.03.2021, all partners met for a second project meeting in the INSPECTION project, which is funded by the German Federal Ministry of Education and Research. The partners from MindUp Web & Intelligence GmbH, BDO AG Wirtschaftsprüfungsgesellschaft and the SECUSO research group presented new research results. Associated partners as well as other interested parties talked about their current projects (amongst others Allianz für Sicherheit in der Wirtschaft (ASW), Baden-Württembergischer Handwerkstag (BWTH), Deutschland sicher im Netz e.V., eco - Verband der Internetwirtschaft, dem Fachverband Elektro- und Informationstechnik Baden Württemberg (FV EIT BW), der Swiss Internet Security Alliance, Watchlist Internet and Verbraucherzentrale Nordrhein-Westfalen). In the research project INSPECTION we are identifying a special type of hacking through Fake Shop owners. Dr. Peter Mayer and Anne Hennig, M.A., from the SECUSO research group are focussing on ways to contact the victims and provide awareness materials. 

More about INSPECTION
Call for Papers: EuroUSEC 2021 (25-03-2021)

We invite you to submit a paper and join us at EuroUSEC 2021, which will be held online on October 11 & 12, 2021. We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches. Dr. Peter Mayer, Program Co-Chair, and Anne Hennig, Publicity Co-Chair, will represent SECUSO as part of the event. From this year on, EuroUSEC 2021 will be an independent event with proceedings published in the ACM ICPS. The attendance at the conference is free. 

Read more
Update on TORPEDO (22-03-2021)

Sending out E-Mails with malicious links is a common practice of scammers. In order to effectively detect phishing emails, it is necessary to carefully check the web address (also called URL) behind the link. TORPEDO (TOoltip-poweRed Phishing Email DetectiOn) helps to expose malicious links in phishing e-mails so that you can expose their attempts to deceive you.
We now updated TORPEDO and added further information in the tutorial and the tooltip-notes. With this: Add on!
Do you want to help us, improve the functions of TORPEDO? We’d love to hear from you via Twitter or E-Mail. We are currently looking for participants in a TORPEDO-related field study. 

Explore TORPEDO
Prof. Volkamer is editorial board member of ACM journal (19-03-2021)

Melanie Volkamer is editorial board member for the Transactions on Privacy and Security (TOPS) journal. The journal is published by the Association for Computing Machinery (ACM). Research results in the fields of information and system security and privacy are welcomed!

All editorial board members
Dr. Peter Mayer on Corona rapid tests and Fake Shops (17-03-2021)

The statement on Corona rapid tests and Fake Shops was published in various media. The press release of the „Deutschen Presseagentur (dpa)“ was taken up in local and national newspapers (e.g. Süddeutsche Zeitung, Frankfurter Rundschau) as well as online media (e.g. Zeit Online, Deutsche Handwerks Zeitung). Broadcasts like N-TV or magazine programs like Galileo published the information as well. HR4 and Stern online as well as the Pro7 show „taff“ and „RTLextra" took the chance to interview Peter Mayer on this topic.

Read more
SOUPS Video available on SECUSO Youtube (15-03-2021)

At last year's SOUPS we presented our paper "An investigation of phishing awareness and education over time: when and how to best remind users". The video of the presentation at SOUPS is now available on our Youtube channel. In the study we observed over 12 months how the knowledge of a in-house training on phishing evolves. To do this we also tested different forms of knowledge reminder measures (short text, longer text, interactive email and video). 

To the Youtube channel
Online Talk with Prof. Melanie Volkamer about cybersecurity (10-03-2021)

With “Digital Dialogue”, the district Marburg-Biedenkopf offers its citizens a series of events to talk about the digital transformation. Within this series, Prof. Volkamer talked on March 9th 2021 about cybersecurity. How can you tell legitimate and fraudulent messages apart? Is it secure to buy in a certain shop? Prof. Volkamer gave insight in the topic, explained risks and threats, and offered tips on how to protect against scammers. More than 50 persons took part in the talk and the discussion.

More information
Better safe than sorry! (08-03-2021)

3 – 2- 1… Sold! But why don’t I receive my delivery? Fake Shops lure customers with cheap offers, when certain products are rare or in high demand. The Federal Institute for Drugs and Medical Devices approved three SARS-CoV-2 rapid tests for self-testing. It is believed that not only the number of vendors of such self-tests will increase but also the number of fraudulent web shops. Keep your eyes open when buying such tests online and put the shops under the microscope.

To buy or not to buy (German only)
New research paper founds Phishing Campaigns for Staff rarely efficient (24-02-2021)

Simulated Phishing Trainings are a popular way of training your staff to detect fraudulent messages and potential phishing attacks. But most companies are not aware that effective security is not just about reducing clickrates for simulated phishing messages. Furthermore, there are security, legal, and trust issues associated with those trainings. Prof. Melanie Volkamer, head of the SECUSO research group at the Karlsruhe Institute of Technology, Prof. Martina Angela Sasse, professor for Human-Centered Security at Ruhr University Bochum, and Prof. Franziska Böhm, professor at the Centre for Applied Legal Studies at the Karlsruhe Institute of Technology, recommend a different approach. Instead of costly and time-consuming Simulated Phishing Trainings the authors conclude that for many organisations, improving technical security measures, introducing and establishing adequate security incident reporting, and increasing staff awareness through other means may be more effective.

Read the full paper
Good advice for information security advisors (19-02-2021)

Major tasks of an information security advisor are raising awareness, implementing trainings and establishing a safety culture in your company. But how and with which priority should these tasks be approached? Prof. Melanie Volkamer, head of the SECUSO research group at the Karlsruhe Institute of Technology, and Benjamin Bachmann, director for cyber security at EXXETA, developed seven recommendations. The guidelines are based on scientific research and practical knowledge and should help security advisors to implement preventive security measures in their companies. Technical measures, like implementing effective backup systems, are as well provided as organizational measures (for example implementing a notification system in case of an attack) and experiences on how to design awareness materials. Did you know that security trainings are most effective, if you meet the needs of your colleagues when you chose awareness materials? 

More information
Reviewing the Safer Internet Day 2021 (17-02-2021)

The SECUSO research group presented several activities on occasion of this year’s Safer Internet Day: A NoPhish Quiz, a shooting game to eliminate fraudulent messages and an FAQ about Fake Shops. Both topics - Phishing and Fake Shops - were taken up by the media as well. Prof. Melanie Volkamer was interviewed by SWR 4 radio station and “Radio Lotte” about Internet Safety. Radio station SWR 3 picked up on a cyberattack in a water treatment facility in Florida to talk with Prof. Volkamer about the security of critical infrastructures in Germany. BadenTV tested the Phishing Master Online Game and had Prof. Volkamer and Dr. Peter Mayer explain the idea. But it’s not over yet: Our activities will be still available!

Explore the NoPhish activities
Safer Internet Day 2021 (09-02-2021)

Together for a better internet – that is the theme of the 18th edition of the Safer Internet Day. The Safer Internet Day (SID) started as an initiative of the European Union (EU) and is now celebrated around the globe. We – the research group SECUSO – takes this day as an occasion to spotlight the topics “Phishing” and “Fake Shops”. We organized various activities, for example a Phishing Shooting Game, a NoPhish-Quiz or an Fake-Shop FAQ.

Tell me more
Online-Game “Phishing Master” (08-02-2021)

Two students Tobias Länge and Philipp Matheis developed an entertaining game called “Phishing Master” as part of the KASTEL internship. In this game, users learn to distinguish between fraudulent and real(legitim) messages. The work was supervised as part of the digilog@bw project, which is financed by MWK. It can be played online from now on and it is one of our contributions to the Safer Internet Day on 09.02.2021.

Go to game
INSPECTION - FAQ: We’ll answer your questions regarding Fake Shops (05-02-2021)

INSPECTION - FAQ: We’ll answer your questions regarding Fake Shops
Safe on the internet – in the current times this is more prevalent than ever since most people order daily products online. In the project INSPECTION, which is funded by the German Federal Ministry of Education and Research, we put Fake Shops under the microscope. We – that is MindUp Intelligence GmbH, BDO AG and the SECUSO research group.
But what are Fake Shops and how can I make sure, criminals are not hijacking my website? Fake Shops are Web-Shops where products are offered which are otherwise expensive or out of stock in other shops. Fake shop owners take advantage of security breaches in existing webpages. The website of a local sports club, for example, can be used to refer to a shop for prescribed drugs. The range and the name of the sport club helps the Fake Shop owners to be ranked higher in search engines.
We used the Safer Internet Day 2021 to answer these and further questions around this topic. Any more questions?

Fake Shop FAQ
Phishing Test: Can you tell the difference? (05-02-2021)

There is an urgent E-Mail from your boss in your inbox: You should immediately transfer a pretty large sum. The URL included in the E-Mail will provide more information. But is this really a legitimate message?
Scammers use various strategies to harm your and/or your business. Sending messages with harmful content is a popular technique that can be harmful in different ways. In the message you can be advised to transfer money, to contact a pay-per-call number or to open harmful URLs and/or attachments. Is the message sent via E-Mail, it is called a Phishing E-Mail.
On the occasion of the Safer Internet Day 2021 we published further NoPhish materials. You can take an easy test to assess whether you can detect fraudulent messages correctly. Check it out!

Phishing Test
The "Human & Societal Factors" research group begins it's work (01-02-2021)

The "Human & Societal Factors" research group has officially begun its work in January 2021. It is a group of researchers in the subtopic "Engineering Secure Systems" of the Research Field Information (Key Technologies) of the Helmholtz Association with a focus on the human and societal factors in IT-security. In detail, the research group currently conducts its reseach in the five areas: IT security awareness measures;  design patterns for usable and effective IT security interventions; aspects of GDPR; adaptive and usable authentication; and explainablity of ML-based security ratings. The focus is thereby to apply the developed solutions in energy, mobility, and production systems.

More infos
President of the BSI praises the NoPhish material (28-01-2021)

The NoPhish concept aims to enable as many citizens as possible to recognize fraudulent messages (including phishing messages) with dangerous links and attachments. For this purpose, we currently provide a training course (for citizens), two videos, several challenge posters, a poster with rules, and an info card. During the BSI in Dialog 2020 event, Arne Schönbohm, President of the BSI, said that he is grateful to the SECUSO research group at KIT for our very good awareness materials protect themselves against fraudsters on the Internet. Many of the materials are available in both German and English.

Go to NoPhish Concept
Paper published in the Journal of Cybersecurity (27-01-2021)

“Has the GDPR hype affected users’ reaction to cookie diesclaimers?” is the title of the newly published paper by Oksana Kulyk (IT University of Copenhagen, Nina Gerber (TU Darmstadt), Annika Hilt und Melanie Volkamer. Two studies, one before and one after introducing GDPR, investigate user attitudes towards the use of cookies.

Go to article
Privacy turns 40 and our privacy-friendly apps are getting more supporters (28-01-2021)

Is your privacy important to you? Then take today as an opportunity and swap one or the other app on your smartphone for one of our privacy-friendly apps and that without having to fear violating your own right to informational self-determination. Therefore, Dr. Stefan Brink, State Commissioner for Data Protection and Freedom of Information (Baden-Württemberg), is supporting SECUSO's initative to develop privacy friendly apps.

Information on Privacy Day, the apps and the supporters
First industrial engineering student receives KASTEL certificate (25-01-2021)

Since 2020 it has been possible for KIT industrial engineering students to receive the KASTEL certificate. Jonas Menesklou is the first one. We warmly congratulate Jonas Menesklou on this. His master's thesis was written in cooperation with the FZI. When asked why he decided to acquire the certificate, he wrote: “In my experience, IT security is often perceived as very technical and theoretical. People are playing an increasingly important role in this area. Interdisciplinary programs - in particular, such as industrial engineering - provide new perspectives and can thus make important contributions to research. I am pleased that the KIT offers the possibility of obtaining a recognized certification in the field of IT security with the KASTEL certificate. "

More information about the certificate (German only)
CyberFibel of the BSI now also includes the NoPhish concept (20-01-2021)

Our NoPhish concept is also recommended in the new CyberFibel of the BSI.
The CyberFibel is for people who work professionally or voluntarily in consumer advice/education. These people can use the CyberFibel in associations, foundations, educational institutions or federations to help others achieve a secure approach to the digital world. The NoPhish concept is intended to help everyone recognize phishing messages and fraudulent messages faster and better.

https://www.cyberfibel.de/webcode/extra-risiken-verstehen-02/
 

Goto Cyberfibel
New Team members (13-01-2021)

We welcome our new team members Andrea Bernhardt, Anne Hennig and Heike Dietmann. They joined the SECUSO Team as Research Assistants on January 1, 2021.
After her studies in computer sciences at the FSU Jena Andrea Bernhardt is now working in the field of Explainable AI at KASTEL. Anne Hennig studied science communication at KIT and is now supporting the INSPECTION project. Heike Dietmann will be responsible for the project digilog@bw. She studied Mathematics at LMU Munich.

See New Team Members
SECUSO particiaptes at the CAST workshop "Security Awareness and Usable Security" (11-01-2021)

The first CAST workshop for the year 2021 will take place on January 14th. The workshop that was canceled due to the pandemic in April 2020 was rescheduled and will be held online on January 14th. In addition to SECUSO/KASTEL@KIT, speakers from the following organizations are invited: Fraunhofer IESE, DHBW Stuttgart, Ruhr University Bochum. Our cooperation partner Dr. Ghiglieri from SICHER3 will also give a presentation. SECUSO's talk is entitled "Effective measures to increase IT security awareness". CAST is the Competence Center for Applied Security Technology in Darmstadt.

Program (German only)
Paper published in the magazine for data protection (11-01-2021)

The article "Employees' obligation to report IT security and data protection incidents" was published in the first edition of 'Zeitschrift für Datenschutz' in 2021 (ZD 2021, 8). The article is the result of a cooperation with Dirk Müllmann as part of KASTEL. Follow-up work is already planned on how to communicate with employees about incident reporting.

Go to the article (with access to Beck-Online)
SECUSO 2020 review (18-12-2020)

We have put together the highlights of 2020. We would like to thank all collaborators for 2020 and we look forward to exciting research and teaching in 2021.

Goto review
Melanie Volkamer as guest in the ZKM's DigilogLounge (14-12-2020)

As part of the diglog project, the ZKM (Center for Art and Media Karlsruhe) created the DigilogLounge. Melanie Volkamer is invited to this new format on December 17th at 5 p.m. The event bears the title "Awareness measures around phishing messages" and is streamed online.

Live Stream (German)
Niklas Kühl was interviewed by Radio Regenbogen (14-12-2020)

Dr. Niklas Kühl (IISM / KSRI) in an interview with Radio Regenbogen about our joint HICSS paper:'“Healthy surveillance”: Designing a concept for privacy-preserving mask recognition AI in the age of pandemics'

Zum Radio-Interview
Poster accepted at SGD-Congress (11-12-2020)

The Poster "Aktivpause to Go – Evaluation einer Privacy Friendly App für Bewegungspausen" by Claudia Hilderbrand, Lena Panter, Marisa Thomann, Melanie Volkamer, Jonathan Diener, Christopher Beckmann, and Alexander Woll was accepted for presentation at the SGD-Congress. The congress took place at the 26/27th of November 2020.
https://www.unisport.uni-kl.de/sgd-derkongress/

SECUSO bei HACS 2020 (01-12-2020)

The Special Session on Humans And Cyber Security Security 2020 (HACS 2020) will be held virtually on December 2nd 2020 as part of the 6th IEEE International Conference on Collaboration and Internet Computing. The special session provides an opportunity for researchers and practitioners interested in humans and cyber security to share latest research and developments. SECUSO team member Peter Mayer participates in HACS 2020 as panelist in the Round Table Discussion on the topic "State-of-the-art research from academic front on 'hacking the human'".

HACS 2020 website with further information
Peter Mayer awarded with the Wissenschaftspreis 2019 for his PhD "Secure and Usable User Authentication" (01-12-2020)

Our team member Peter Mayer was awarded the Research Award 2019 of the KIT-Department of Economics and Management for his dissertation "Secure and Usable User Authentication". The dissertation describes advancements in the area of user authentication. In detail it provides (a) a process for the systematic development of provably effective awareness materials to help users to better defend themselves, (b) the first comparative investigation of shoulder-surfing risks when entering text passwords on constrained input devices such as gamepads, and (c) a technique for the secure and efficient storage of passwords in promising shoulder-surfing resistant alternatives to text passwords.

Information on the Wissenschaftspreis
KASTEL certificate awarded to students at KIT for their skill the area of IT security (25-11-2020)

The KASTEL certificate is awarded to students at Karlsruhe Institute of Technology for their skill in the area of IT security. It can be obtained on both, the MAster's level and when acquiring a PhD. This year, the KASTEL certificate was awarded among others to Katerina Dimitrova during the course of her Master's studies and to Peter Mayer in the course of this PhD.

More information on the KASTEL certificate
Risk contactless debit card (24-11-2020)

Contactless debit cards are widespread and became more important in times of Corona. But what happens if someone is stealing your contactless debit card and misuses the contactless option to pay without having to enter the PIN? In our report "Reporting Insights Gaines into UK Citizens' Perceptions of Contactless Card Risks" we study the perception of the above-mentioned risks and how users perceive it. We discovered that participants perception were not aligned with their actual risks.

You'll find the paper here
New project "Digital Citizen Science @ KD²Ex" (20-11-2020)

As part of the EXU project “KIT Future Fields”, Prof. Weinhardt (IISM), Prof. Mädche (IISM), Prof. Nieken (IBU), Prof. Scheibehenne (IISM), Prof. Szech (ECON), Prof. Volkamer (AIFB) and Prof. Woll (IfSS) get funded for 18 months for the project "Digital Citizen Science @ KD²Ex": Experimental research on well-being, work and education at home ".

Go to project site
SECUSO represented twice at PITS (11-11-2020)

Networking and digitization are central enablers of a crisis-proof society. As a meeting point for IT managers from the federal, state, local authorities, the armed forces, European police authorities,
intelligence services, NATO, security solution providers and science is the
Public IT Security (PITS) has been a key platform for exchanging information on new trends for over ten years. This year SECUSO will take part in two expert panels - on the subject of phishing and on the subject of security awareness.

PITS program
“Healthy surveillance”: Designing a concept for privacy-preserving mask recognition AI in the age of pandemics - Paper online available (06-11-2020)

The trade-off between personal data protection and AI performance is an exciting field of research. In the ongoing fight against the spread of the novel coronavirus COVID-19, many governments have recommended—or even obliged—their citizens to wear masks as an effective countermeasure. In an interdisciplinary, cross-institute (IISM, KSRI and AIFB / KASTEL / SECUSO) work, Niklas Kühl, Dominik Martin, Clemens Wolff, and Melanie Volkamer show what a privacy-friendly mask recognition video system could look like. This paper is an update of the paper with the same title published in summer.

Go to HICSS
Cooperation between KD2Lab and KASTEL institutionalized (06-11-2020)

Melanie Volkamer is now a member of KD2Lab - the Karlsruhe Decision & Design Lab. The KD2Lab offers researchers an excellent infrastructure for economic, neuro- and psycho-physiological experiments. As a result of this membership, KASTEL-related security & privacy research questions are also addressed in the KD2Lab in the future.

KD2Lab
SECUSO research group received the Facebook Research Award (02-11-2020)

Prof. Dr. Melanie Volkamer, Dr. Peter Mayer and Reyhan Düzgün from the research group SECUSO as well as Dr. Sanchari Das from the University of Denver won a Research Award from Facebook for their research on secure and usable authentication methods in Augmented and Virtual Reality technology. AR & VR devices increasingly offer social activities that require secure and usable authentication. SECUSO proposes the ZeTA (Zero-Trust-Authentication) protocol, which enables secure authentication in shared rooms and can be used with the available interaction methods of Head-Mounted Displays. 

To the Facebook Research Award
Sudoku v3.0 released on Google Play and F-Droid (21-10-2020)

In the last semester the Privacy Friendly Sudoku App was enhanced and it now shines with a new version number v3.0 and many new features. The app now provides a dark mode and allows to create custom Sudokus as well as share them with other users. There are also daily Sudokus, that are generated each day and allow for a bit of friendly competition among friends as every user gets the same Sudoku each day. The app is available on Google Play and F-Droid.

See the app page
Christopher Beckmann joins the SECUSO Team (21-10-2020)

Christopher Beckmann is a member of the SECUSO research group since October 01, 2020. He studied IT-Security at the Technical University (TU) of Darmstadt and will be working on the Privacy Friendly Apps and teaching as a research associate.

See his profile
Article: Phishing for Awareness published (20-10-2020)

Melanie Volkamer, Martina Angela Sasse, and Franziska Boehm explain in this article (<kes> issue No. 5, October 2020) why simulated phishing campaigns can have negative effects on the image of security as well as the culture - and that all with limited informative value of the results. <kes> "provides all relevant information about IT security - carefully researched by specialist editors and authors from practice."

Article (German)
Explanatory video for (secure) remote electronic elections (19-10-2020)

In times of pandemics, many are looking for secure alternatives for secret face-to-face polls/ elections. In 2:20 minutes we explain on YouTube what has to be taken into account for remote electronic elections. Many thanks for constructive feedback go to: Prof. Bernhard Beckert and Michael Kirsten from KIT, Prof. Rüdiger Grimm from Fraunhofer SIT, Prof. Robert Krimmer from the University of Tartu, Prof. Oksana Kulyk from the IT University in Copenhagen and Prof. Reto King from the Bern University of Applied Sciences.

To the explanatory video
Free Online Course: Detecting Fraudulent Mail (14-10-2020)

One in four Germans has been a victim of crime on the Internet. The culprits are often fraudulent messages, the so-called "phishing mails" with which cyber criminals extract secret data from their victims or distribute malware. In the context of the European Cyber Security Month, the annual campaign of the European Union, the research group SECUSO offers its NoPhish online course for interested citizens. In twelve modules, the course teaches how criminals operate and how Internet users can recognise different types of fraudulent messages. The acquired knowledge will be deepened in exercises. No previous knowledge is required. Currently the course is only available in German.

To the NoPhish course
Presentation at the Zeek Week 2020 (05-10-2020)

The Zeek Week 2020 will take place online this year from 13 to 15 October. SECUSO and the research group Decentralised Systems and Network Services (DSN) of Prof. Hartenstein present their tool Emojifier and lead a discussion about future research in this area. The Emojifier tool will help the users of Zeek Logs to separate and assign the different messages faster. Our presentation will take place on 14.10 at 21:20.

The Zeek Week
"15th International Conference on Availability, Reliability and Security (ARES)" was successfully held (17-09-2020)

On 28th August 2020 the "15th International Conference on Availability, Reliability and Security (ARES)" took place successfully as an online event. The program committee was chaired by KASTEL-PIs Prof. Melanie Volkamer and Jun-Prof. Christian Wressnegger. With an acceptance rate of 17.65% (for full papers) and 22.22% (incl. short papers) out of 153 submissions, the conference was particularly competitive this year. The accepted papers and their presentations are uploaded to the conference website. 

To the ARES website
New Blog post published on the platform VdZ.org (14-09-2020)

The blog post on " Stress test for administrative staff - Are you considering to achieve security awareness through simulated phishing campaigns? Then better read here first." (in German) by Prof. Dr. Melanie Volkamer, Prof. Dr. Franziska Boehm (KIT, FIZ Karlsruhe) and Prof. Dr. Angela Sasse (University Bochum, Horst-Görtz Institute) was published on the 'Verwaltung der Zukunft' (future of public administration) platform.

Go to article
Paper from SPW published by Springer (24-09-2020)

The paper "Audio CAPTCHA with a few cocktails: it's so noisy I cant hear you" by Benjamin Maximilian Reinheimer, Fairooz Islam and Ilia Shumailov has now been published in the Lecture Notes in Computer Science at Springer together with the transcripts of the discussions from the workshop.

Go to article
E-Vote-ID Digital Conference Program (24-09-2020)

This year's E-Vote-ID conference will be held digital from Oct 7 to Oct 9. The conference is organized by Robert Krimmer and Melanie Volkamer. Bernhard Beckert from KASTEL is one of the track chairs being in charge in deciding which papers to be accepted and published with Springer.  Special Thanks go to David Duenas-Cid for making the digital conference happen. Registration is open still open.

Link
Interview with Melanie Volkamer and Peter Mayer about the problem of fake online shops (24-09-2020)

Several million German citizen have already become victims of fake online shops. Particularly hard to spot are fake online shops, when otherwise legitimate websites have been hacked to link to the fake shops or even have fake shops embedded in them. Especially for private website providers or small and medium sized businesses it is hard to detect such hacks and repair them. In order to ameliorate this situation, the INSPECTION project which SECUSO is a part of and which is funded by the Federal Ministry of Education and Research (BMBF) has been conceived. In this project machine learning is combined with effective communication to website providers, in order to support them to repair their website. On the other hand, additional materials will be created to raise awareness among website providers. In the interview with the campus radio (represented by Stefan Fuchs) Melanie Volkamer und Peter Mayer explain the strategies employed by owners of fake shops, how consumers can protect themselves against these strategies, and how the INSPECTION project helps improve the situation. The interview was broadcast on 8 September 2020 and is available online at: https://publikationen.bibliothek.kit.edu/1000123419

Link
Talk at Cybersecurity Conference 2020 (17-09-2020)

On the 22. and 23.10 this year the Cybersecurity Conference will take place in Mannheim. The aim is to better connect the economy, science and the public. Cyber security has not yet reached the necessary level to make Germany secure, therefore the transfer of knowledge between these partners is especially important. In the context of the conference SECUSO will give a talk on Phishing Awareness and report about our findings regarding the development and implementation of material. 

To conference
Interview with Melanie Volkamer on email encryption (16-09-2020)

The broadcast series "Softwarekatastrophen - wie konnte das nur passieren?" of the Campusradio Karlsruhe takes a look at a variety of topics surrounding IT security and IT safety. In the episode "Mailverschlüsselung is key oder etwa nicht?", Melanie Volkamer will share insights into the subject of email security and its pitfalls. The episode will be broadcast on 29 October 2020 at 10 am on 104.8 FM and will be available thereafter on Spotify: https://open.spotify.com/show/1YjeGM3d42iQZCfOw0yTkY.

Go to article
Blog post published on the platform VdZ.org (25-08-2020)

The blog post on "How to make your employees aware of IT security - seven recommendations for information security officers" (in German) by Prof. Dr. Melanie Volkamer and Benjamin Bachmann (Director Cyber Security at EXXETA AG) was published on the 'Verwaltung der Zukunft' (future of public administration) platform.

Go to article
Article published in the magazine 'Datenschutz und Datensicherheit' (24-08-2020)

The article 'Phishing-Kampagnen zur Steigerung der Mitarbeiter-Awareness: Analyse aus verschiedenen Blickwinkeln – Security, Recht und Faktor Mensch' by Melanie Volkamer, Martina A. Sasse (University of Bochum, Horst Görtz Institute), Franziska Boehm (KIT, FIZ Karlsruhe) has been accepted for publication in the 'Datenschutz und Datensicherheit' magazine (44, pages518–521) and is already available online.

Go to article
SECUSO’s Privacy Friendly Apps (21-08-2020)

The free Android Apps from SECUSO only ask for necessary permissions and do not display any advertisement. The apps have already been installed more than 70,000 times. Very popular are for example the apps Sudoku, Shopping List and Password Generator. The apps for PIN Memorization Strategies and NoPhish Training also received very good ratings. In addition to the Google Play Store, our apps can also be downloaded on F-Droid.

Go to Google Play Store
Blog post published on the digital world webpage (17-08-2020)

The blog post on "Simulierte Phishing-Kampagnen – Ziele, Formen und ihre Probleme" by Melanie Volkamer, Martina A. Sasse (University of Bochum, Horst Görtz Institute), Franziska Boehm (KIT, FIZ Karlsruhe) has been published. This post is based on the freely available article 'Phishing-Kampagnen zur Mitarbeiter-Awareness : Analyse aus verschiedenen Blickwinkeln: Security, Recht und Faktor Mensch' by the authors: https://publikationen.bibliothek.kit.edu/1000119662

Go to article
KIT Future Fields funding for KD²Ex – Karlsruhe Decision & Design Experimentation Ecosystem (14-08-2020)

Prof. Christof Weinhardt (IISM), Prof. Alexander Mädche (IISM), Prof. Petra Nieken (IBU), Prof. Benjamin Scheibehenne (IISM), Prof. Nora Szech (ECON), Melanie Volkamer (AIFB) and Prof. Alexander Woll (IFSS), have jointly received funding for the establishment of the Karlsruhe Decision & Design Experimentation Ecosystem (KD²Ex). Funding is granted within the framework of a KIT Future Fields. The project enables new forms of participatory research: Digital Citizen Science with a focus on the area of "Wellbeing at Home".

Go to article
dpa Interview with Prof. Volkamer on the detection of phishing emails (11-08-2020)

The article 'Vorsicht, Phishing So nimmt man es mit Datenräubern auf' about the interview with Prof. Melanie Volkamer by Philipp Schulte for dpa has been picked up by numerous media channels: die Zeit, ntv and Süddeutsche Zeitung.

Go to article
Update of the NoPhish reference users (05-08-2020)

The number of reference users of our NoPhish materials continues to grow. We now know of 31 organisationsthat use our materials. We are particularly pleased that other universities and applied universities have recently joined the list (Ruhr-Universität Bochum, Universität Duisburg-Essen, Hochschule Koblenz, Universität Würzburg, Technische Universität Braunschweig, Hochschule Konstanz, Fernuniversität Hagen, Hochschule Worms, Universität Bamberg, Universität Mannheim).
 

Go to article
Article accepted for publication in the journal "Datenschutz und Datensicherheit" (28-07-2020)

The article "Erstellung von effektiven Sensibilisierungsmaterialien zur Passwortsicherheit" by Peter Mayer, Fabian Ballreich, Reyhan Düzgün, Christian Schwartz, and Melanie Volkamer was accepted for publication in the journal "Datenschutz und Datensicherheit" and is now available online.

Go to article
Paper accepted at the WAY 2020 Workshop (27-07-2020)

The paper “Towards Secure and Usable Authentication for Augmented and Virtual Reality Head-Mounted Displays” by Reyhan Düzgün, Peter Mayer, Sanchari Das and Melanie Volkamer was accepted at the Who Are You?! Adventures in Authentication (WAY) 2020 workshop. The paper presents the use of the ZeTA authentication protocol by Andreas Gutmann et al. with AR and VR glasses. The workshop will be held online on 7th August 2020, alongside the SOUPS conference.

Go to article
Article "Phishing campaign and its pitfalls" cited several times (08-07-2020)

The KIT press release was picked up by numerous media channels. These include BNN, IDW-Online, Innovations Report, Bochumer Zeitung, Industrie.de, Frankfurt Institute for Risk Management and Regulation, Infopoint-Security and Deutschlandfunk Nova.

Go to article
Updated flyer on our apps “Active Pause” and “Active Pause to Go” available (03-07-2020)

Our updated flyer “Active Pause and Active Pause to Go” provides now information on the app “Active Pause to Go” as well. The app was created in cooperation with the Institute of Sports and Sports Science of the KIT and helps integrating exercise breaks into your daily work. Further information and the link to the Google Play Store can be found in the flyer.

Go to flyer
“Healthy surveillance”: Designing a concept for privacy-preserving mask recognition AI in the age of pandemics - Paper online available (01-07-2020)

The trade-off between personal data protection and AI performance is an exciting field of research. In the ongoing fight against the spread of the novel coronavirus COVID-19, many governments have recommended—or even obliged—their citizens to wear masks as an effective countermeasure. In an interdisciplinary, cross-institute (IISM, KSRI and  AIFB / KASTEL / SECUSO) work, Niklas Kühl, Dominik Martin, Clemens Wolff, and Melanie Volkamer External Link show what a privacy-friendly mask recognition video system could look like.

https://publikationen.bibliothek.kit.edu/1000120631

Paper accepted at EuroUSEC 2020 (23-06-2020)

The paper “Analysis of publicly available anti-phishing webpages: contradicting information, lack of concrete advice, and very narrow attack vector” by Mattia Mossano, Kami Vaniea, Lukas Aldas, Reyhan Düzgün, Peter Mayer and Melanie Volkamer, developed in collaboration with the TULiPS  Research Group from the University of Edinburgh, has been accepted at EuroUSEC 2020.

https://eusec20.cs.uchicago.edu/#submission

 

information security for Wissenschaft-Medien-Kommunikation students (26-06-2020)

Since this semester, students of the study course Wissenschaft-Medien-Kommunikation can also attend our information security lecture. We are pleased that directly in the first semester students took advantage of this offer. The lecture can be introduced e.g. in the major field of computer science. 

https://campus.studium.kit.edu/ev/pt-9APrRRTGLTjGDu7f6Lw/en

 

FMER Research Project INSPECTION started (26-06-2020)

The research project INSPECTION has stated on the 1st June 2020. Its goal is to identify hacked websites through web crawling and notify the owners of the affected websites in an effective manner. The project is funded by the German Federal Ministry of Education and Research within the initiative "KMU-innovativ". For this project, SECUSO partnered with the companies mindUp GmbH and BDO Cybersecurity.
https://web-inspection.de/

Paper accepted at 'Law and Technology' workshop at Informatik 2020 (25-06-2020)

In recent months, the cooperation with the chair of Prof. Indra Spiecker genannt Döhmann (Goethe University Frankfurt am Main / KASTEL PI) has been expanded. The article "Obligation to report IT security and data protection incidents by employees - consideration of possible employment law consequences" by Dirk Müllmann and Melanie Volkamer was accepted at the 'Law and Technology' workshop of Informatik 2020.
https://www.uni-saarland.de/
lehrstuhl/sorge/forschung/workshopskonferenzen/recht-und-technik-2020.html

SECUSO @ Baden TV (26-05-2020)

In the "Baden TV Aktuell" broadcast on May 26th, 2020 Prof. Melanie Volkamer spoke about SECUSO research and especially about the Human Centered Design approach (9:30): https://baden-tv.com/baden-tv-aktuell-dienstag-2/

Paper accepted at the Symposium on Usable Privacy and Security 2020 (27-05-2020)

The paper "An investigation of phishing awareness and education over time: When and how to best remind users" by Benjamin Maximilian Reinheimer, Lukas Aldag, Peter Mayer, Mattia Mossano, Reyhan Düzgün, Bettina Lofthouse, Tatiana von Landesberger and Melanie Volkamer has been accepted for presentation at the Symposium on Usable Privacy and Security 2020 (SOUPS 2020). SOUPS 2020 will be held August 9-11, 2020 in Boston (USA).
https://www.usenix.org/conference/soups2020

Analysis of phishing campaigns conducted in companies published (27-05-2020)

Together with Prof. Franziska Boehm (KIT / ZAR and FIZ Karlsruhe) and Prof. Martina Angela Sasse (RUB / CASA / HGI), an interdisciplinary analysis of phishing campaigns in companies and organisations was carried out. The results of the analysis are particularly important for anyone who is considering phishing campaigns against employees and / or colleagues. You can find the results at: 
https://publikationen.bibliothek.kit.edu/1000119662

TORPEDO Covid-19 Update for web-browser (18-05-2020)

The coronavirus has led to a significant rise of messages with dangerous content (phishing messages). To better support users in identifying such e-mails, we have developed an update for our browser extension TORPEDO which now integrates the blocklist of the Cyber Threat Coalition. This means that our plugin now explicitly warns users of dangerous links that are blacklisted in connection with Corona. Our browser extension can be downloaded for free in the Firefox Store and the Chrome Store.

https://secuso.aifb.kit.edu/TORPEDO.php

Philip Heller and Jannik Dresselhaus new student assistants at SECUSO (11-05-2020)

Philip Heller and Jannik Dresselhaus have joined SECUSO on 15th April 2020 to help out with programming tasks. Philip will help in developing anti-phishing tools in the course of the Google Faculty award SECUSO received in March 2020. Jannik will help in developing tools for studies in the area of user authentication.

SPOSE PC membership (08-05-2020)

Melanie Volkamer supports the SPOSE (Security, Privacy, Organizations, and Systems Engineering) ESORICS workshops as a program committee member.
https://spose-ws.github.io/

Current users of our NoPhish material (05-05-2020)

The number of users of our NoPhish material is increasing.
Currently 20 Organizations/companies use our materials e.g. Berliner Verkehrsbetriebe, HEAG, Polizeipräsidium Einsatz in Baden-Württemberg, Stadt Hamm oder Landesamt für
Geoinformation und Landesvermessung Niedersachsen (LGLN). We are pleased that our material is so well received. And we hope to continue to help other organisations, but also
individuals, to recognise fraudulent messages in the future.
https://secuso.aifb.kit.edu/betruegerische_nachrichten_erkennen.php

 

Peter Mayer holds Workshop at the House of Competence (29-04-2020)

Starting on 9th May 2020, the online workshop "Securing The Digital Life – Eine Praktische Einführung in die Sicherheit von Passwörtern", held by Peter Mayer, will give an overview of the theoretical and practical aspects of password security. To that end, the participants will learn about relevant attacks and the respective defenses. The gained knowledge will then be applied in practical exercises as both, attacker an defender. The workshop will be held completely online.

https://studium.hoc.kit.edu/index.php/Veranstaltung/kontroverse-diskussionen-und-schwierige-gruppen-moderieren-3-2/?instance_id=5134

PC of the MuC Workshop 2020 (21-04-2020)

Benjamin Reinheimer is on the program committee of the 6th Usable Security and Privacy Workshop, MuC 2020, which will take place in the context of the Mensch und Computer from September 6-9 in Magdeburg. https://muc2020.mensch-und-computer.de/eng/​​​​​​​

 

NoPhish Videos in German and English on Youtube (15-04-2020)

Online fraud is booming in times of the corona crisis. We as the research group SECUSO explain in two short videos how to detect fraudulent messages. The first video deals with the topic attachments and the second video with links. Both videos are now available in German and English on our Youtube channel.

https://www.youtube.com/channel/UC67iYdsv5I1DAvlhyPNVgpg/videos

Master of Science in Digital Transformation - HECTOR School, Technology Business School of KIT, with a new compulsory module on security and privacy engineering (15-04-2020)

The new part-time M.Sc. The "Information Systems Engineering and Management (ISEM)" course has started successfully at the HECTOR School of Engineering and Management. The course main focus is the digital transformation of products, services and organizations. Accordingly, there is now also a compulsory module on security and privacy engineering with lectures on information security (Prof. Melanie Volkamer), applied cryptography (Prof. Jörn Müller-Quade), network security (Prof. Thorsten Strufe), data protection regulations (Prof Franziska Böhm) and Emerging Technologies and Critical Information Infrastructures (Prof. Ali Sunyeav). Further information on the course and application can be found on the HECTOR School website.

http://www.hectorschool.kit.edu/ISEM.php

 

TORPEDO updated (08-04-2020)

TORPEDO as a web extension has been updated to a new version and now has some new features. We have now also integrated google redirect. Also the tutorial was adapted to the new version. Additionally we now check for IP addresses or hidden URLs behind submit buttons. Now everyone can add their own short URL services and with the help of the Security and Privacy Mode they can customize TORPEDO to fit their own circumstances even more. 
https://secuso.aifb.kit.edu/english/TORPEDO.php

Courses at SECUSO (03-04-2020)

The new semester is starting soon! To make it easier for you to choose which courses you want to visit, we have prepared an overview of our courses in the summer and winter term. In addition, Industrial Engineering students get some recommendations on how to credit our courses in their studies. PDF

The 5th European Workshop on Usable Security has been rescheduled to 7th September 2020 due to COVID-19

Due to COVID-19, this year's EuroUSEC workshop will not take place as originally scheduled on 15 June 2020, but instead has been moved along with Euro S&P to September 2020. The workshop location remains the same: Genova, Italy. Due to this change in the schedule, this year's workshop has two submission deadlines. The first one was on the original submission date of 16 March 2020. Submissions to that deadline are already under review. The supplemental deadline will be on 5th June 2020 (with mandatory paper registration on 2nd June 2020). You can find all information about the new schedule and the second submission deadline on the EuroUSEC website.
https://eusec20.cs.uchicago.edu/

Information about the qualification for the KASTEL certificate (25-03-2020)

Industrial Engineering and Business Informatics students can receive the KASTEL certificate as well. Therefore, we compiled some information about the qualification for the certificate. You can find a list of creditable courses and recommendations for module combinations here. Here for PDF

Courses by SECUSO for the summer semester 2020 (25-03-2020)

Our courses for the summer semester 2020 are now available at https://secuso.aifb.kit.edu/1121.php

Zeit Article and podcast on IT security with Prof. Volkamer (18-03-2020)

"Everything on the net is hackable. How do we prevent the worst?" is the title of the article and podcast by Lisa Hegemann and Meike Laff. The topic is that people are often mistakenly described as the greatest vulnerability when a computer system has been hacked. Prof. Volkamer puts an end to this false assumption.
https://www.zeit.de/digital/internet/2020-03/it-sicherheit-datenschutz-digitalisierung-internet-digitalpodcast

 

Monthly Security Lunch Changes (03-03-2020)

We decided to change our schedule regarding the monthly security lunch.
It still be we take place every third Tuesday of each month at the restaurant Gold, but from now on from 12:00 – 13:00 o’clock.
See you at the next lunch, 17.03.20 12:00-13:00 o’clock at Gold.

Google Faculty Research Award for Prof. Melanie Volkamer (02-03-2020)

Prof. Melanie Volkamer and Florian Schaub received one of this year's seven Google Faculty Research Awards in the field of security. The award was granted for the project "Link-centric Phishing Warnings for Online Email Clients".  We look forward working with Florian Schaub and the University of Michigan. Also many thanks to our Google advocates Patrick Gage and Alexander de Luca.

https://ai.googleblog.com/2020/02/announcing-2019-google-faculty-research.html

SECUSO at the action day at KIT in the context of the Safer Internet Day (26-02-2020)

During the international Safer Internet Day on February 11th 2020 SECUSO participated in a KIT wide action to raise awareness for fraudulent messages. The event was jointly organized with the Steinbuch Centre for Computing (SCC) and the Information Security Officer (ISB). Many of the materials are now also available in English. Leaflets and materials can be downloaded via the following link:  https://www.isb.kit.edu/english/105.php.

Reyhan Düzgün is now a member of SECUSO (26-02-2020)

Reyhan Düzgün is the newest member of SECUSO since February 1, 2020. She studied Industrial Engineering at the Karlsruhe Institute of Technology and will be working on methodology research in the area of usable security.

Talk at Interconnect event on "Emotet & Co: How to raise security awareness" (13-02-2020)

Technology is an important element for effective IT security - but security awareness is also important. As part of the event on February 13, 2020, Prof. M. Volkamer talks on measures that have been shown to increase security awareness.
https://www.interconnect.de/Veranstaltungen/EmotetCoBewusstseinfuerITSicherheit/​​​​​​​

Paper accepted at Voting 2020 (FC Workshop) (10-02-2020)

The paper "Towards Improving the Efficacy of Code-Based Verification in Internet Voting" by Oksana Kulyk, Melanie Volkamer, Monika Müller and Karen Renaud was accepted at the Financial Crypto Workshop 'Voting 2020'. The workshop will take place on February 14, 2020 in Sabah (Malaysia) for the fifth time.

https://fc20.ifca.ai/voting/program.html

 

SECUSO talk at the CAST Workshop „Security Awareness and Usable Security“ (06-02-2020)

Melanie Volkamer, Benjamin Reinheimer and Peter Mayer will give an overview of the process of developing and evaluating verifiably effective IT security awareness materials in the course of the CAST Workshop “Security Awareness and Usable Security”. The CAST workshop will take place 3rd March 2020 in Darmstadt. The full program and registration can be found on the workshop website.

https://cast-forum.de/workshops/programm/284?ts=1581007323326

Call for papers for the 5th European Workshop on Usable Security published (31-01-2020)

The call for papers for the 5th European Workshop on Usable Security has been published. The PC chairs of this year's workshop are Peter Mayer and Blase Ur. Deadline for submissions is 16th March 2020 (Anywhere on Earth).
https://eusec20.cs.uchicago.edu/

Article in Zeit-online on Emotet with Prof. Volkamer (29-01-2020)

"Kammergericht Berlin: Nur per Telefon, Fax oder Brief zu erreichen"  is the title of the German article by Lisa Hegemann and Meike Laaff. The article analyzes how this could happen and how the risk can be reduced. Experts from Fraunhofer SIT and BSI as well as Melanie Volkamer were also interviewed.
https://www.zeit.de/digital/datenschutz/2020-01/kammergericht-berlin-hack-trojaner-datenverlust/komplettansicht

Mattia Mossano is now a member of SECUSO (28-01-2020)

Mattia Mossano is the newest member of SECUSO since December 1, 2019. He’ll be working on phishing and anti-phishing user training. He studied philosophy at the University of Genoa and Cognitive Science at the University of Edinburgh. https://secuso.aifb.kit.edu/english/Staff_1091.php

SECUSO at the action day at KIT in the context of the Safer Internet Day (22-01-2020)

KIT participates in the Safer Internet Day on February 11, 2020.  This day has been held annually since 2004 and is an international day of action to promote online security and a better Internet. This year, KIT will again focus on the detection of fraudulent messages, in particular, phishing emails, and the safe handling of these messages. Many of the materials are now also available in English. Our action booth: February 11, 2020, 11 a.m. - 2 p.m., Mensa Adenauer-Ring, Campus South. Leaflets and materials at https://s.kit.edu/sid2020​​​​​​​

Paper accepted at AsiaUSEC 2020 (20-01-2020)

The paper "Security and Privacy Awareness in SmartEnvironments – A Cross-Country Investigation" by Oksana Kulyk, Benjamin Maximilian Reinheimer, Lukas Aldag, Nina Gerber, Peter Mayer and Melanie Volkamer has been accepted for presentation at AsiaUSEC 2020. The workshop will be held February 13-15, 2020 in Sabah (Malaysia) conjunctions with Financial Cryptography.

https://easychair.org/cfp/AsiaUSEC20

ARES Conference 2020 - PC Chairs (20-01-2020)

Melanie Volkamer and Christian Wressnegger (also KASTEL PI) are this year's PC Chairs of ARES 2020. The conference will take place in Dublin from August 24-28. The Paper Submission Deadline is March 15th.

https://www.ares-conference.eu/

Peter Mayer talks at GUDialog on the topic "Secure use of passwords" (13-01-2020)

GUDialog is organized by the Institute for Society and Digital at Münster University of Applied Sciences. Peter Mayer is invited to give a talk on January 15, 2020 on the topic "Secure use of passwords". The offer is aimed at both the specialist audience and interested citizens.

https://www.fh-muenster.de/gud/gud/gudialog_Kalendar.php?termin=5294

Emotet & Co: How to raise security awareness - Talk by Prof. Volkamer (13-01-2020)

On Thursday, February 13, 2020, InterConnect will be holding a business lunch in Karlsruhe from 12:00 to 4:30 p.m. on the topic "Emotet & Co: How to create security awareness". Melanie Volkamer talks about which measures have been proven to increase security awareness and what companies should take into account if they want to implement awareness measures themselves.

https://www.interconnect.de/Veranstaltungen/EmotetCoBewusstseinfuerITSicherheit/

EuroUSEC 2020 takes place on 15th June 2020 as part of Euro S&P (20-12-2019)

The fifth European Workshop on Usable Security will be held on 15th June 2020 as pre-conference workshop of the IEEE European Symposium on Security and Privacy in Genova (Italy). The CfP and further information will be made available in the coming weeks.

Melanie Volkamer and Peter Mayer receive commendation for "information security" lecture (19-12-2019)

Melanie Volkamer and Peter Mayer have received a commendation from the department of economics and management for their lecture "information security". This lecture gives an introductory overview of the field of information security and represents a basis for students to attain the KASTEL certificate, a proof of specialization in the fields of IT and information security for students at KIT.
https://campus.kit.edu/live/campus/all/event.asp?objgguid=0x943346DCFDCB475A8830DF434C69D21A&from=vvz&gguid=0x8F646A9D142B4C5FB35D4AC07FCCBC5C&mode=own&tguid=​​​​​​​

Save the Date: AIK symposium on cyber security will take place at October 23, 2020 (17-12-2019)

In the afternoon of October 23rd, 2020 the 36th AIK symposium will take place in Karlsruhe: First the AIK association and the participating institutions Institute AIFB and KASTEL will be introduced. This is followed by four talks: Prof. Buchmann (expert for post-quantum cryptography from TU Darmstadt), Dr. Meletiadou (Head of Privacy Management at Vodafone), Dr. Achenbach (Head of the IT Security Competence Center and the Cyber Defense Team at the FZI), and Dr. Mayer (Usable & secure user authentication expert will introduce research results from SECUSO).

Benjamin Reinheimer as a participant at the USP Day 2020 Workshop(09-12-2019)

On January 10, 2020, the USP Day 2020 will take place in Berlin on the topics of usable security and privacy. The day is jointly organized by Fraunhofer AISEC and Freie Universität Berlin. Benjamin Reinheimer will give a talk on User Studies on Security. 

https://www.eventbrite.com/e/usp-day-2020-workshop-on-usable-security-and-privacy-tickets-82613941523

Hohoho: NoPhish Video „Identifying dangerous attachments“ is now available (06-12-2019)

We are happy to announce that an other awareness NoPhish video is available. The five-minute video explains what dangerous attachments are and how to detect them. The video is a result of scientific evaluation of the effectiveness in regard to recognition of fraudulent messages with dangerous attachments. The video was developed in collaboration with Alex Lehmann.

https://s.kit.edu/it-sicherheit.betrueg-nachrichten.videos

KASTEL certificate now also for industrial engineers and business informatics students (05-12-2019)

The certificate has been extended so that now  business and IT students who are interested in information security can receive the KASTEL certificate. The Competence Center for Applied Security Technology (KASTEL) is one of Germany's three Cybersecurity Competence Centers initiated by the Federal Ministry of Education and Research (BMBF) in March 2011
https://www.kastel.kit.edu/zertifikat.php

No Phish Flyer Update (04-12-2019)

We have updated our Flyer „Fraudulent messages - how to detect fraudulent and phishing mails“. Not only detecting these messages is important, but also an adequate reaction to them. For this we now refer to the BSI (Bundesamt für Sicherheit in der Informationstechnik): if you are unsure whether a message is a fraudulent message or if you have fallen for a fraudulent message, you can ask the BSI for advice.  Soon the leaflet will also be available in English.

https://secuso.aifb.kit.edu/betr-nachrichten-flyer

Peter Mayer graduated as PhD [Dr.-Ing.] (29-11-2019)

Our member Peter Mayer has been graduated as a PhD (Dr.-Ing.) on November 15, 2019 with the thesis entitled "Secure and Usable User Authentication".
 
Congratulations!

Panel discussion at the Federal Office for Security in Information Technology (27-11-2019)

Melanie Volkamer will participate in the panel discussion as part of the project "Institutionalization of Social Dialogue" at the BSI on November 28. It discusses the future of dialogue with our society and how cyber security can be better shaped for society.
https://www.bsi.bund.de/DE/Themen/DigitaleGesellschaft/Digitale_Gesellschaft/IdgD/IdgD_node.html

Jonas Pfrang and Melanie Volkamer interviewed by Campusradio Karlsruhe (19-11-2019)

Criminals often use fraudulent messages with malicious content (e.g. spyware, phising links) to obtain sensitive data of people or blackmail victims. As it is not possible to detect all fraudulent messages by means of technology, users should check incoming e-mails manually in order to detect a potential fraud attempt. In the interview Prof. Dr. Melanie Volkamer and Jonas Pfrang explain potential risiks of fraudulent messages and show how one can identify such messages. The interview was broadcasted on “Radio Regenbogen” on the 19th November 2019 at 7:10 p.m.. The interview can be downloaded via the following link: https://soundcloud.com/karlsruherinstitutfuertechnologie/im-zweifelsfalle-immer-loschen-tipps-zum-umgang-mit-phishing-mails

Melanie Volkamer in an interview with Kai Laufen - SWR Aktuell Netzagent (18-11-2019)

The Internet and other digital technologies pose risks that most users are hardly able to recognize and assess. Be it specific technical problems or possible application errors that could endanger yourself or your employer. The interview is about how to make people better aware of the risk on the internet and how to protect yourself.
https://www.swr.de/swraktuell/radio/netzagent/Sicherheit-will-gelernt-sein,av-o1169873-100.html

Peter Mayer holds Workshop at the House of Competence (13-11-2019)

On 23rd November 2019 the Workshop "Securing The Digital Life – Eine Praktische Einführung in die Sicherheit von Passwörtern", held by Peter Mayer, will take place at the House of Competence. The workshop will give an overview of the theoretical and practical aspects of password security. To that end, the participants will learn about relevant attacks and the respective defenses. The gained knowledge will then be applied in practical exercises as both, attacker an defender.
https://studium.hoc.kit.edu/index.php/Veranstaltung/kontroverse-diskussionen-und-schwierige-gruppen-moderieren-3-2/?instance_id=4123

Heike Obry is a new member of the SECUSO research group (07-11-2019)

Heike Obry is the newest member of the SECUSO research group at the Karlsruhe Institute of Technology (KIT). Heike Obry studied computer science at the University of Karlsruhe (today's KIT) from 1982 - 1987.
In addition to her main activity in the IT area of an automotive company, she now supports the SECUSO research group as a research assistant in the DIGILOG project.

Kick-Off Seminar Security and Privacy Awareness (25-10-2019)

Last week we started our seminar “Security and Privacy Awareness”. This seminar is special, as it is organized by different institutes, which makes this course interdisciplinary. We are working together with the ITZ and the IIWR. Philosophy, law and computer science working together on security and privacy awareness.

Cooperation Police south Hessen and SECUSO (28-10-2019)

In November we got the chance to give two workshops for the police in Darmstadt, Hessen. We are pleased to share our knowledge of phishing with all the interested people.

Peter Mayer gives talk at PasswordsCon 2019 (24-10-2019)

From November 25th to 27th 2019 the PasswordsCon conference will be hel din Stockholm (Sweden). Peter Mayer will participate as speaker and present research results of SECUSO in his talk "Better Password Entry On the Couch".
 https://internetdagarna.se/program/passwordscon-part-1/

New privacy friendly app: „Active break to go!“ (30-10-2019)

Active break of the workplace health management of the Institute of Sports and Sports Science meets SECUO's Privacy Friendly Apps. The new app "Active break to go!" reminds you of your favourite exercises at any time ... Whether on a business trip or at work. And all without your data being collected - simply privacy friendly. Give it a try:
https://secuso.aifb.kit.edu/english/1054.php 
https://www.sport.kit.edu/Wissenstransfer_BetrieblichesGesundheitsmanagement.php

 

Peter Mayer gives talk at the Public IT Security (PITS) (30-08-2019)
On September 2nd and 3rd Public IT Security (PITS) will take place in Berlin as the German expert symposium for IT security and cyber security for state and administration. Peter Mayer will participate as speaker in the panel "SPAM, Phishing and Ransomware" and present the anti-phishing materials developed by SECUSO.
https://www.public-it-security.de/
SECUSO participates in European Cyber Security Month (ECSM) (08-10-2019)

The number of cyber attacks is steadily increasing. Anyone who thinks they are safe from such attacks is mistaken: at work or at home - each of us can become the victims of Internet criminals. In the context of the European Cyber Security Month (ECSM) we inform in two events on how to protect yourself: On October 11 in the context of the 'Bunte Nacht der Digitalisierun' from 15: 00-21:00 on the Campus South of the KIT (building 20.30). On October 23 at Campus North in the Casino from 11: 00-14: 00.
https://cybersecuritymonth.eu/

 

AIFB Thematic Issue 2019 - Invitation to the 35th AIK Symposium (07-10-2019)

In the AIFB Thematic Issue 2019 (German) you will find the invitation to the 35th AIK-Symposium "Blockchain – Proof-of-Worth" and other latest highlights from our Institute AIFB. The symposium will take place on October 25, 2019 and is organized by the AIK e.V.
http://www.aik-ev.de/index.php/veranstaltungen/35-aik-symposium/
 

 

SECUSO hosted the third GHOST project meeting in Karlsruhe (27-09-2019)

We were delighted to host the third EU GHOST project meeting at KIT in Karlsruhe. GHOST aims to deploy a highly usable and effective security framework for smart home residents. The project will apply behavioural design principles for the elaboration of a novel reference architecture for user-centric cyber security in smart home environments. The GHOST consortium discussed the latest stage of the progress and the next steps during two consecutive days of meeting.
https://www.ghost-iot.eu

Participation in the 'Bunte Nacht der Digitalisierung' (26-09-2019)

At this event, on October 11th, SECUSO presents the materials developed and evaluated in the past (including flyers, information cards and posters) in the field of security awareness and education. The event will take place on campus. Citizens will learn how they can detect fraudulent messages such as phishing emails.
https://karlsruhe.digital/bunte-nacht-der-digitalisierung/

 

dialog@bw - Citizens' Forum on 11.9.2019 at the ZKM (09-09-2019)

To kick off the digilog@bw research project funded by the state of Baden-Württemberg, all citizens are invited to submit their questions during this event and thus help to shape the project. In addition to SECUSO, other experts from KIT but also from the University of Mannheim and the University of Tübingen will be represented. A panel discussion will give an insight into the project. Subsequently, questions and suggestions can be addressed to the experts in smaller rounds.
https://digilog-bw.de/events/dialogbw-buergerinnenforum-im-rahmen-des-forschungsprojekts-digilogbw

Paper at E-Vote-ID accepted (10-09-2019)

The paper "GI Elections with POLYAS: A Road to End-to-End Verifiable Elections" was accepted at E-Vote ID 2019. Apart from Melanie Volkamer, other KASTEL PIs (Prof. Beckert and Prof. Müller-Quade) as well as KASTEL PhD students are authors of the paper. The paper describes the activities of the GI Online Elections Working Group. More information will also be published in the next GI Radar.
https://www.e-vote-id.org/
https://gi-radar.de/247-online-wahlen/

SECUSO article in SCC news 2019 (27-08-2019)

During the international Safer Internet Day in February 2019 SECUSO participated in a KIT wide action to raise awareness for fradulent messages. The SCC news published an article to emphasize the success of this day. A lot of positive feedback is the reason for KIT to plan (and SECUSO to support) a second information event in the Cyber Security Month in autumn 2019.
https://www.scc.kit.edu/downloads/oko/SCCnews_01_2019_web.pdf

Melanie Volkamer in the program comittee of SAC 2020 (28-08-2019)

From the 30.03. to the 03.04.2020 takes the Symposium „Computer Security track“ in Brno (Czech Republic) place. Until the 15th of september 2019 papers can be submitted. Prof. Melanie Volkamer will be part oft he program comittee. For more information please follow this link.

Melanie Volkamers interview of the „Computerwoche“ (26-08-2019)

KASTEL-Professor Melanie Volkamer was interviewed for the article „What is Usable Security“ that was published on the 7th of august 2019 on the online platform of the „Computerwoche“. The article is about the human being as the weakest link of the security chain, because he makes mistakes. The question is, what does a user have to know to be secure online and does he have to be involved in the security process. Especially in the last point, Prof. Volkamer advises to pronounce certain design recommendations for developers, which should help the user to recognise the security easier.
https://www.computerwoche.de/a/amp/was-ist-usable-security,3547465

Presentation of our security awareness and education measures at the networking day for knowledge mediators of the BSI (23-08-2019)

On September 9th SECUSO in Berlin presents the security awareness and education materials developed and evaluated in the past (including flyers, cards and posters) in the 'market of possibilities' located in Berlin security awareness and education.
https://www.denkwerkstatt-cybersicherheit.de/vernetzungstag/

Third Security and Privacy Lunch is on the way (16-08-2019)

The next Security and Privacy Lunch at Café Gold is coming up. We would be delighted if we could once again welcome numerous researchers from a wide variety of organizations from Karlsruhe. The next lunch will take place on 20.08. at 13 o'clock. Also for "spontaneous" visits we ask for feedback to Rebekka Golling  so that we can reserve a sufficiently large table.

SECUSO participate at the 29th Cyber Security Day "Networks Protect Networks". (16-08-2019)

Our research group will be on-site at the 29th Cyber Security Day in Berlin on 26.09. We will be present with a booth and present our materials on Security Awareness and Education. In particular, the focus will be on the detection of phishing and other fraudulent messages. Besides, we will give an overview of the implementation of user studies and evaluation of our materials.
https://www.allianz-fuer-cybersicherheit.de/ACS/DE/Angebote/CST/post/CS-Tag29/cst29.html

SECUSO cooperates with Stadtwerke Ettlingen (14-08-2019)

Within the framework of the KASTEL project, the research group cooperates with Stadtwerke Ettlingen. The cooperation aims to analyze the process of IT security mediation of the municipal utilities. Based on the experiences of the research group and the current state analysis, proposals will be developed to help disseminate the current IT security information and measures with defined processes within the company. This improvement will then be evaluated in a study.
https://www.sw-ettlingen.de/
https://www.kastel.kit.edu/

„Society in the Digital Change – Digitalitisation in Dialogue“ (22-07-2019)

The research Group SECUSO represents KASTEL in the project „Digitalisation in Dialogue“ (Digilog). Digitalisation influences humans in many ways. Many questions are asked, e.g. how does Digitalisation influences our personal life and what risks and chances occur. To assure a positive transformation in future the main topics of digitalisation – „autonomy, knowledge and participation“ are discussed by various research institutions in Baden-Württemberg in order to provide scientifically grounded orientation knowledge.
https://mwk.baden-wuerttemberg.de/de/service/presse/pressemitteilung/pid/land-foerdert-zwei-vorhaben-zur-erforschung-der-gesellschaft-im-digitalen-wandel/​​​​​​​

Second Security and Privacy Lunch (17-07-2019)

Also the second "Monthly Security and Privacy Lunch" in the restaurant Gold was well attended. Once again, 20 researchers from various organisations and research groups were on site to discuss current topics. We are happy that the response has been so great and that new people are constantly joining us. The next lunch will take place on 20.08. We ask for feedback to Rebekka Golling until 13.08, so that we can reserve a sufficiently large table. 

Conference SICHERHEIT 2020 in Göttingen organizes Doctoral Forum (14-07-2019)

The conference SICHERHEIT 2020 takes place from the 17th to the 20th March 2020 in Göttingen. Melanie Volkamer is part of the programm committee. SICHERHEIT is a biennial conference. PhD candidates are invited to submit extended abstracts on their research related to any aspects of safety and security of IT systems until the 1st October 2019. More Informations can be found: 
https://www.uni-goettingen.de/en/doktorandenforum+/603166.html

SECUSO now sits in the hallway of 5.20-3A (01-07-2019)

So the move is almost complete and SECUSO has now moved into its new offices. From now on you can find our new offices in building 5.20-3A. There are some boxes and little things left. But soon we got completely used to the new premises and are looking forward to designing the hallway according to our ideas.

Guest lecture risk communication (28-06-2019)

We had the opportunity  to give a guest lecture on the 17.06. for the students of Zinaida Benenson at the Friedrich-Alexander-University of Erlangen-Nürnberg. Lukas Aldag gave a Lecture about risk communication. If you are interested take a look at the slides (unfortunately the slides are only available in German).

Next Security and Privacy Lunch (25-06-2019)

The first "Monthly Security and Privacy Lunch" at Restaurant Gold was a success with 20 researchers from KIT, FZI, Frauenhofer IOSB and Frauenhofer ISI. We hope all participants had as much fun as we did. We would be happy if we could welcome as many people to the next meeting on 16.07.2019. Please contact Rebekka Golling (rebekka.golling@kit.edu) so that we can plan accordingly.

Peter Mayer has joined the program committee of WAY 2019 (18-06-2019)

Peter Mayer has joined this year's program committee of the "5th Who Are You?! Adventures in Authentication Workshop (WAY 2019)". The workshop will take place on August 11, 2019, in Santa Clara, CA, USA. The program is now available at: https://wayworkshop.org/2019/program.html

https://wayworkshop.org/
Poster accepted at SOUPS 2019 (18-06-2019)

The poster "On The Systematic Development and Evaluation Of Password Security Awareness-Raising Materials" by Peter Mayer, Christian Schwartz, and Melanie Volkamer has been accepted for presentation at SOUPS 2018. The conference will be held August 11–13, 2019 in Santa Clara (USA).

https://www.usenix.org/conference/soups2019
Melanie Volkamer comments scobels discussion on „Datenflut und Wissensschatz“(18-06-2019)

Scobels video on 3sat discusses the use of new information technologies and algorithms. Melanie Volkamer talks about the need to create more awareness to what happens with the collected data in the future.

https://www.3sat.de/wissen/scobel/datenflut-und-wissensschatz-100.html
SECUSO Research ends facebook presence on the 15th of June 2019 (18-06-2019)

SECUSO Research used facebook for about five years as a platform to present current news and research results on topics such as data protection and the sensitive issue of the security of information. For some time, there has been negative press about facebooks negligent handling of data. Encrypted data and passwords are very important, so/ that’s why „SECUSO“ wants to set a statement by ending facebook presence.

KASTEL professors in the issue "Hacked - How do we protect ourselves against cyberattacks?" (12-06-2019)

"The invisible army" is the title of the article in the last issue of "Perspektiven", published by the research magazine of the Helmholtz Association. KASTEL spokesman Prof. Jörn Müller-Quade and KASTEL professor Melanie Volkamer commented on the possibilities of hackers and attackers to obtain important information and what users can do against it. The article is about how the increasingly digitalized world is making it easier for attackers to gain access to information and take control. Furthermore, it is discussed how we can make online data safer and how increasing awareness can also protect private users.

https://www.helmholtz.de/fileadmin/user_upload/04_mediathek/perspektiven/epaper-Perspektiven_02_Mai2019_W/index.html#10
SECUSO researcher organizes iPAT 2018 (05-03-2018)

SECUSO researcher Nina Gerber is co-organizing the 1st Interdisciplinary Workshop on Privacy and Trust (iPAT 2018).

The workshop is held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018) in Hamburg, Germany, on August 27th. The aim of this workshop is to bring together researchers from different fields in order to support users in protecting their private data. An interdisciplinary approach is needed to develop privacy enhancing technologies that address not only technical aspect, but also aspects related to usability, psychology, economy, sociology, philosophy, and law. This interdisciplinary workshop thus seeks submissions from a wide range of disciplines (computer science, usability, law, economics, psychology, sociology, philosophy, ethics, …) that cover the various aspects of privacy and trust.

Submissions are due to May 4th.

Link_more
Nina Gerber has joined the program committee for the 5th Usable Security and Privacy Workshop at Mensch & Computer 2019 (23-05-2019)

Until June 7th contributions for the 5th Usable Security and Privacy Workshop at Mensch & Computer 2019 can still be submitted: https://das.th-koeln.de/workshops/usp-muc-2019/

As in previous years, the workshop offers a great opportunity to exchange ideas with researchers and practitioners on topics related to user-centered security and privacy.

https://das.th-koeln.de/workshops/usp-muc-2019/
Paper “Comparing "Challenge-Based" and "Code-Based" Internet Voting Verification Implementations” accepted (23-05-2019)

The paper “Comparing "Challenge-Based" and "Code-Based" Internet Voting Verification Implementations” by Oksana Kulyk, Jan Henzel, Karen Renaud and Melanie Volkamer has been accepted at the INTERACT 2019 conference which will take place on September 2.-6 in  Pathos, Cyprus.

http://interact2019.org/
Melanie Volkamer speaks at the symposium "Information Security" (23-05-2019)

On June 27, 2019, Melanie Volkamer will give a talk at the symposium "Information Security" of Sparkassenverband Baden-Württemberg about sensitization research and how to reach your colleagues (German title: "Sensibilisierungsforschung: Wie erreichen Sie die Kolleginnen und Kollegen?").

https://vp.spk-akademie.de/vp/action?securedGetRequest=l1z44NQcnR0Oe_mLK9S9zkN4cZ80eoz9SpI6NAvuRrc
WI, SPOSE, STAST PC membership (23-05-2019)

As program-committee-member, Melanie Volkamer will support a number of conferences and workshops: "Information Security and Privacy" Track at WI 2020, SPOSE (Security, Privacy, Organizations, and Systems Engineering) and STAST (Socio-Technical Aspects in SecuriTy)) ESORICS workshops as well as Sicherheit 2020.

https://spose-ws.github.io/
http://www.stast.uni.lu/
http://www.sicherheit2020.de/

https://fb-wi.gi.de/veranstaltung/15-internationale-tagung-wirtschaftsinformatik-wi2020/
SECUSO member Peter Mayer has joined the organizing committee of the 2019 Annual Computer Security Applications Conference (ACSAC). (22-05-2019)

ACSAC brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, workshops, and professional development and training courses, ACSAC continues its core mission of investigating practical solutions for computer and network security technology. This year's 35th edition of the conference will be held from 9-13 December 2019 in San Juan, Puerto Rico, USA.

https://www.acsac.org/2019/cfp/papers/
Alireza Zarei is newest member of SECUSO research team (30-04-2019)

Alireza Zarei has graduated from University of Göttingen with a Master degree in Applied Computer Science. Since April 2019, he is part of the GHOST project to develop a user-friendly application to improve security and privacy in Smart Homes.

Link_more
Privacy Friendly Apps Family is growing (18-04-2019)

SECUSO has released two new privacy friendly apps and one update. The Privacy Friendly Apps are a group of Android apps that are optimized regarding privacy. The apps are developed by students who thus gain experience in the privacy-friendly development of mobile applications.

The new apps are:

Food Tracker makes it possible to track daily calorie consumption.

Sketching App lets you create and save simple sketches

The updated app is:

Finance Manager can be used to monitor and manage personal financials.

Privacy Friendly Apps
Paper accepted at EuroUSEC

The paper “Why Johnny Fails to Protect his Privacy” by Nina Gerber, Verena Zimmermann and Melanie Volkamer has been accepted at EuroUSEC 2019.

Link_more
Monika Müller attends Spring E-Voting PhD Seminar (05-04-2019)

Monika Müller studies industrial engineering and works for SECUSO. She is interested in the usability of electronic elections. She will use the colloquium to establish contacts with doctoral students from various European universities and to exchange information on current research topics.

https://evoting-phd.secuso.org/
BMWi appoints Melanie Volkamer to the steering committee of the "IT-Sicherheit in der Wirtschaft" initiative (04-04-2019)

The Federal Ministry of Economics and Energy (BMWi) has appointed Prof. Dr. Melanie Volkamer to the steering committee of the "IT-Sicherheit in der Wirtschaft" initiative. The committee met in Berlin on March 12, 2019 for its constituent meeting. The steering committee consists of IT security experts from business, science and administration. It consults the initiative, provides impetus and supports it in raising awareness and implementing IT security measures.

https://www.it-sicherheit-in-der-wirtschaft.de/ITS/Redaktion/DE/Pressemitteilungen/2019/2019-03-12-bmwi-beruft-it-sicherheitsexperten.html
Paper accepted for publication in the journal Information and Computer Security (18-03-2019)

The paper „Keep on Rating - On the Systematic Rating and Comparison of Authentication Schemes” by Verena Zimmermann, Nina Gerber, Peter Mayer, Marius Kleboth, Alexandra von Preuschen and  Konstantin Schmidt has been accepted for publication in the journal Information and Computer Security.

https://www.emeraldinsight.com/loi/ics
Article accepted for publication in the journal "Datenschutz und Datensicherheit" (18-03-2019)

The article "Sichere Instant Messaging Apps" by Jacqueline Brendel and Nina Gerber was accepted for publication in the journal "Datenschutz und Datensicherheit".

https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
Update for flyer "Betrügerische Nachrichten" (18-03-2019)

We've updated our "Fraudulent Messages" flyer and extended our infocard and a poster.

Now the Infocard and Poster also contain tips for detecting fraudulent attachments. The material currently is only available in German.

https://secuso.aifb.kit.edu/downloads/Flyer/KIT-Faltblatt-Betruegerische-Nachrichten-2.pdf
Talk at the GFFT Technology Race

Melanie Volkamer will report on current research at the GFFT Technology Race "Measurement and Increase of Security Awareness" at Lekkerland in Cologne on April 26th, 2019. The talk will present foundations of sensitisation research and current results from the SECUSO research group.

https://www.gfft-portal.de/veranstaltungen/?cid=my-calendar&format=list&month=4&yr=2019
Neuer Informationsflyer zum Thema Auswahl einer Anmeldeoption

Basierend auf wissenschaftlich evaluierten Informationsmaterialien haben wir einen neuen Informationsflyer entwickelt, der Sie dabei unterstützt, eine passende Anmeldeoption für Dienstleister auszuwählen, die sowohl eine Single-Sign-On, als auch eine manuelle Anmeldeoption anbieten.

Link_more
Oksana Kulyk starting as an assistant professor at the ITU Copenhagen (28-02-2019)

A SECUSO member Oksana Kulyk will start as an assistant professor at the IT University of Copenhagen on the 1st of March. She will continue to collaborate with SECUSO within the GHOST project.

https://www.itu.dk
Lukas Aldag new SECUSO team member (27-02-2019)

Lukas Aldag is the newest member of the research group SECUSO at the Karlsruhe Institute for Technology (KIT). After finishing the master in psychology – human factor engineering, he supports the group in the domain of fraudulent messages and how to detect them.

Do not change your password despite "Change Your Password Day" (01-02-2019)

Despite „Change Your Password Day“, do not change your password for no reason! The security advantage of changing your passwords as a precation is rather small. A better opportunity to use the day would be to set up a password manager or to try out two-factor authentication for particularly sensitive user accounts. More detailed information on the topic of regular password change can be found here, and general information about the protection of user accounts can be found here (both links currently German language only). 

https://secuso.org/passwortsicherheit
Paper accepted at SPW 2019 (26-02-2019)

The paper "Audio CAPTCHA with a few cocktails: it’s so noisy I cant hear you" by Benjamin Maximilian Reinheimer, Fairooz Islam and Ilia Shumailov was accepted for publication at the International Workshop on Security Protocols (SPW). The conference will be held April 10-12th, 2019 in Cambridge (England).

https://www.cl.cam.ac.uk/events/spw/2019/
Paper accepted at PETS 2019 (19-02-2019)

The paper "Investigating People’s Privacy Risk Perception" by Nina Gerber, Benjamin Reinheimer and Melanie Volkamer was accepted for publication at the conference Privacy Enhancing Technologies Symposium (PETS). The conference will be held July 16-20th, 2019 in Stockholm (Sweden).

https://petsymposium.org
Information flyer on PIN management now available in English (18-02-2019)

Our information flyer on PIN management helps users to remember personal identification numbers (PINs) they received (e.g. from banks) by offering memorisation strategies. We have translated this flyer to English, thereby expanding our portfolio of English information flyers. The flyer can be downloaded from our website.

https://secuso.aifb.kit.edu/downloads/Flyer/KIT-Faltblatt_PIN-Management_25.01.2019.pdf
Action day at Safer Internet Day in cafeteria foyer at Campus Süd (05-02-2019)

Under the motto "Protect the IT-infrastructure of the KIT together" we developed new informaiton materials and awareness measures on the topic of cybersecurity together with other central facilities and research groups (SCC, KASTEL, AIFB, ZML). On the occasion of the Safer Internet Day, we present them to the public in the KIT cafeteria and make ourselves available for questions on the topic of cyber-security. 

https://www.scc.kit.edu/ueberuns/12695.php
Article published in the "DuD" Journal (31-01-2019)

The article "Diese Webseite verwendet Cookies: Wahrnehmungen und Reaktionen der Endnutzer auf Cookie-Meldungen" by Oksana Kulyk, Nina Gerber, Melanie Volkamer, Annika Hilt has been published in the February issue of the "DuD" journal.

https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
SECUSO informs about the risks during the Data Privacy Day (28-01-2019)

At todays Data Privacy Day we would like to inform about the different risks considering privacy. To do that we developed some flyer, tools or explanation videos. Visit the following site to get an overview of our recent results.

https://secuso.aifb.kit.edu/642.php
Paper accepted at the Usable Security NDSS Workshop (25-01-2019)

The paper “Does This App Respect My Privacy?  Design and Evaluation of Information Materials Supporting Privacy-Related Decisions of Smartphone Users” by Oksana Kulyk, Paul Gerber, Karola Marky, Christopher Beckmann and Melanie Volkamer has been accepted for publication at the Usable Security NDSS Workshop (USEC 2019), which takes place on 24. February in San Diego, CA.

https://www.ndss-symposium.org/ndss2019/cfp-usec-2019/
Henrik Mucha as new SECUSO researcher (23-01-2019)

Henrik Mucha is a new member of the SECUSO research group. Henrik has studied Industrial Design and Usability Engineering. He has worked for many years on the research questions of human-computer interaction in the context of assistant systems and their interaction design. As his research at SECUSO, Henrik will be working on the topic „Privacy through Interaction Design“.

https://secuso.aifb.kit.edu/Team.php
Article accepted to the journal "Datenschutz und Datensicherheit" (20-12-2018)

The article "Diese Webseite verwendet Cookies: Wahrnehmungen und Reaktionen der Endnutzer auf Cookie-Meldungen" by Oksana Kulyk, Nina Gerber, Melanie Volkamer, Annika Hilt was accepted for publication in the journal "Datenschutz und Datensicherheit".    

https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
Paper accepted at the ACM CHI Conference on Human Factors in Computing Systems (20-12-2018)

The paper “I (don't) see what you typed there! Shoulder-surfing resistant password entry on gamepads” by Peter Mayer, Nina Gerber, Benjamin Reinheimer, Philipp Rack, Kristoffer Braun and Melanie Volkamer has been conditionally accepted for publication at the ACM CHI Conference on Human Factors in Computing Systems, which will be held from 4th to 9th May 2019 in Glasgow, UK.

https://chi2019.acm.org/
SECUSO organises E-Vote-ID 2019 (19-12-2018)

Prof. Melanie Volkamer belongs to the organisers of the E-Vote-ID 2019. The E-Vote-ID conference takes place every year and is one of the leading conferences on the topic of electronic voting. The conference welcomes leading experts in the area of electronic voting from academic research, industry and politics to exchange ideas and discuss various aspects. The E-Vote-ID 2019 will take place on 1.-4. October in Bregenz, Austria.

Call for papers
Paper selected for presentation at the 16th German IT-Security Congress (13-12-2018)

The paper „Erklärvideo “Online-Betrug” – Nach nur fünf Minuten Phishing E-Mails nachweislich signifikant besser erkennen“ by Melanie Volkamer, Karen Renaud, Benjamin Reinheimer, Marco Ghiglieri, Nina Gerber, Peter Mayer, Philipp Rack and Alexandra Kunz was selected for presentation at the 16th German IT security congress, which is organized by the BSI.

https://www.bsi.bund.de/DE/Service/Aktuell/Veranstaltungen/IT-Sicherheitskongress/IT-Sicherheitskongress_node.html
DuD article published (30-11-2018)

The paper "Nutzerwahrnehmung der Ende-zu-Ende-Verschlüsselung in WhatsApp" by Nina Gerber, Verena Zimmermann, Birgit Henhapl, Sinem Emeröz, Melanie Volkamer and Tobias Hilt was published in the November issue of the DuD Journal.

https://www.springerprofessional.de/datenschutz-und-datensicherheit-dud/7466274
SECUSO employees at "Digitalisierung: Läuft!" (28-11-2018)

Our employees were at the start of the 3rd stage of "Digitalisation: Läuft!" in Karlsruhe on 16th November 2018. They represented both the KIT and KASTEL. On site was also Minister of Digitization Thomas Strobl, together with other employees of FZI, CyberForum and EnBW. The motto of the run was "security in the digital age". The stage led from the EnBW innovation campus to the newly launched "Cyberwehr des Landes am Forschungszentrum Informatik (FZI)". The aim of the event was the transfer of knowledge and a general exchange on the subject of digitisation. The new open innovation platform will also be launched within the framework of this event.

https://www.informatik.kit.edu/7009.php/event/35982
New awareness materials online: info card and poster on the topic of phishing (26-11-2018)

Already in the past we published different materials with explanations on how to identify phishing messages, which were usually evaluated in user studies. Now there are new materials available, in form of an pocket-sized info card with a short overview and in form of a poster for the office. The materials are currently only available in German language.

https://secuso.aifb.kit.edu/NoPhish.php
Phishing Workshop at the RFH IT Security & Forensic Days 2018, 8. and 9.11.2018 (31-10-2018)

The RFH Cologne organises the IT Security & Forensic Days for the second time. The aim is to increase the sensitivity for security in IT systems and to raise awareness of the primary topic. The event will include expert lectures, discussions and workshops on the topics of IT security, data protection and IT forensics. Benjamin Reinheimer will also hold a workshop on the subject of phishing and fraudulent messages. The audience, consisting of students, lecturers, alumni and experts from all sectors, will learn the essential rules for detecting phishing interactively and will be provided with support for its implementation in daily life.

https://www.rfh-koeln.de/aktuelles/termine/events_und_vortraege/index_ger.html?record_id=e18893&cur_id=e18893&site=rfh&ct=1540277547048
Three new Privacy-Friendly Apps published (29-10-2018)

Three new apps have been added to our group of Privacy-Friendly Apps. Among these apps are two new games. "2048" is a puzzle game, the goal of which is to reach the number 2048 by sliding the same numbers together. In our mobile version of a classic game "Minesweeper", one has to find all the mines on the playing field without triggering them. The third app “Finance Manager” can be used to monitor personal finances. As with the rest of privacy-friendly apps, the newly added apps are free and do not require any permissions that are not strictly necessary for their functionality. This means, that all of the three apps require no permissions. They furthermore contain no ads or user tracking mechanisms.

https://secuso.org/pfa
E-Vote-ID a success with over 100 participants (08-10-2018)

The International Joint Conference on Electronic Voting (E-Vote-ID) took place for the third time in Schloss Hofen in Bregenz, Austria. The conference hosted over 100 participants from five continents and provided a platform of talks and discussions among a variety of stakeholders, including academic researchers from different disciplines, practitioners and vendors. The pre-conference program included the PhD colloquium and demo session of voting systems.

https://www.e-vote-id.org
New information flyer on choosing iOS apps (08-10-2018)

Just in time for the European Cyber Security Month, we publish a new information flyer that helps you to choose privacy-friendlier apps for your iOS devices. This iOS-specific flyer is based on the flyer for Android devices, which has been evaluated in a user study, and is further developed based on the feedback of end users. The flyer is currently only available in German.

https://secuso.aifb.kit.edu/downloads/Flyer/KIT-Faltblatt-iOS-Apps.pdf
Paper accepted at the 2018 Annual Computer Security Applications Conference (26-09-2018)

The paper “On The Systematic Development and Evaluation Of Password Security Awareness-Raising Materials” by Peter Mayer, Christian Schwartz and Melanie Volkamer has been accepted for publication at the 2018 Annual Computer Security Applications Conference, which will be held December 3rd to 7th 2018 in San Juan, Puerto Rico, USA. The paper describes a process for the systematic development of awareness-raising materials, the application of that process for the creation of an awareness-raising material on the topic "protection of user accounts", as well as the evaluation of this material in three SMEs.

https://www.acsac.org
Benjamin Reinheimer presents at the DsiN MesseCampus@it-sa (26-09-2018)

Already in its 10th year, it-sa is organizing the DsiN MesseCampus@it-sa together with Deutschland sicher im Netz e.V..
The aim is to integrate young talents into the it-sa community and to present the IT security industry as an attractive, forward-looking industry for professional careers.
On the last day of the fair, we invite students from the higher semesters of IT security and related courses to visit the fair.
Benjamin Reinheimer will talk about his reasons for deciding to do research in IT security and his own experiences. Afterwards, the attendees can ask questions to the speakers in an open round.

https://www.it-sa.de/de/events/1/dsin-messecampusit-sa/689641
SECUSO at the European Cyber Security Month (25-09-2018)

The European Cyber Security Month is coordinated by the German Federal Office of Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). SECUSO participates together with KASTEL and SCC with new flyers, video on how to identify and avoid online fraud and new Privacy-Friendly Apps.

https://secuso.org/buerger
Melanie Volkamer organises Dagstuhl Seminar (17-09-2018)

The Dagstuhl seminar on the topic of "Biggest Failures in Security" is organised together with Frederik Armknecht (Universität Mannheim, DE), Ingrid Verbauwhede (KU Leuven, BE) and Moti Yung (Columbia University, US). The seminar takes place on 3.-8. November 2019 in Schloss Dagstuhl.

https://www.dagstuhl.de/de/programm/kalender/semhp/?semnr=19451
New Privacy Friendly Health App (6-09-2018)

Our family of Privacy-Friendly Apps in Health category has grown. In addition to the existing apps (Pedometer, Interval Timer and Circuit Training, Pain Dairy), now there is also a Privacy Friendly Pausing Healthily App (available in Google Play Store and in F-Droid Store).The app has been developed in collaboration with a physiotherapist Eduardo Fontao. Just like the rest of our Privacy Friendly app, the Pausing Healthily only requests permissions that are necessary for its functionality (in this case, no permissions) and does not contain any tracking mechanisms, so that no (user) data is being collected. It is also free and yet does not show any ads. Privacy Friendly Pausing Healthily App makes it easier to structure your work by reminding you to take breaks during work. The app also offers many useful relaxation, mobilisation and stretching exercises that can be combined into individual programs.

https://secuso.org/pfa-aktive-pause
Paper accepted at the 3rd International Workshop on Ubiquitous Personal Assistance (28-08-2018)

The paper “Assistance in Daily Password Generation Tasks” by Karola Marky, Peter Mayer, Nina Gerber, and Verena Zimmermann has been accepted for publication at the 3rd International Workshop on Ubiquitous Personal Assistance (co-located with UbiComp 2018), which will take place on 8th October 2018 in Singapore. The paper describes the concept, implementation and evaluation of the Privacy Friendly Password Generator app, which can be downloaded in Google Play Store. The app aids users in generating and managing their passwords.

https://upa18.weebly.com
Paper accepted at the HICSS-52 conference (18-08-2018)

The paper "A Proxy Voting Scheme Ensuring Participation Privacy and Receipt-Freeness" by Oksana Kulyk and Melanie Volkamer has been accepted for publication at the 52. Hawaii International Conference on System Sciences (HICSS-52), which will take place on 8.-11. January in Grand Wailea, Maui. The conference is A-ranked according to CORE.

http://hicss.hawaii.edu
Benjamin Reinheimer is doing his summer internship at the International Computer Science Institut (ICSI) (15-08-2018)

The International Computer Science Institute (ICSI) is an independent, non-profit institute in the field of computer science (Computer Networking, Brain Networks, Usable Security and Privacy and Cybermanufacturing). The institute is located in Berkeley, CA, and has been affiliated with UC Berkeley since its foundation in 1988.
Benjamin Reinheimer is currently completing a 13-week internship at ICSI. He is a member of Nicholas Weaver's team in the "Networking and Security" working group.

https://www.icsi.berkeley.edu/icsi/groups/networking/members
Paper accepted at the Journal "Datenschutz und Datensicherheit" (20-07-2018)

The paper "Nutzerwahrnehmung der Ende-zu-Ende-Verschlüsselung in WhatsApp" by Nina Gerber, Verena Zimmermann, Birgit Henhapl, Sinem Emeröz, Tobias Hilt and Melanie Volkamer has been accepted for publication at the journal "Datenschutz und Datensicherheit".    

https://link.springer.com/journal/11623
Paper accepted at the E-Vote-ID Conference (22-07-2018)

The paper "Usability is not Enough: Lessons Learned from 'Human Factors in Security' Research for Verifiability" by Oksana Kulyk und Melanie Volkamer has been accepted for publication at  the 3. International Joint Conference on Electronic Voting (E-Vote-ID 2018), which will take place on 2.-5. October in Bregenz, Austria.

https://www.e-vote-id.org/
"Privacy-friendly Cookie Settings" browser extension is available in Chrome Store (31-07-2018)

An extension for Google Chrome, “Privacy-friendly Cookie Settings”, designed to support the users in their cookie configuration, is available for download in Chrome Store. The extension aims to support the lay users by providing explanations for the available cookie settings, enables easier navigation through the settings via an assistant mode and supports fine-grained configuration with the possibility of website-specific settings.

https://secuso.org/privacy-friendly-cookie-settings
Two papers accepted at International Symposium on Human Aspects of Information Security & Assurance 2018 (11-07-2018)

The two papers "Motivating Users To Consider Recommendations On Password Management Strategies" by Peter Mayer, Alexandra Kunz, and Melanie Volkamer as well "The Quest to Replace Passwords Revisited – Rating Authentication Schemes" by Verena Zimmermann, Nina Gerber, Marius Kleboth, Alexandra von Preuschen, Konstantin Schmidt, and Peter Mayer have been accepted for publication at International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018), which will take place on 29.-31. October in Dundee, Scotland.

http://haisa.org
Happy Easter! Online-Fraud-Video is now available in English (31-03-2018)

As a little Easter surprise, we are happy to announce that our educational Video "Online-Fraud - How to identify and avoid dangers" is now also available in English. The popular five-minute video on the topic how to identify and avoid dangers by identifying them through education, is a result of scientific evaluation of the effectiveness in regard to the recognition of fraudulent messages. 

Happy Easter and stay safe, the SECUSO-Research Group

Link_more
Paper accepted at 4. USP Workshop at MUC 2018 (11-07-2018)

The paper "Evaluation der Nutzbarkeit von PGP und S/MIME in Thunderbird" by Nina Gerber, Marco Ghiglieri and Birgit Henhapl was accepted at the 4th Usable Security and Privacy Workshop at the Mensch und Computer 2018, which will be held on September 2 in Dresden, Germany.

Link_more
ACCESS now available to the public (02-02-2018)

ACCESS - Authentication ChoiCE Support System - is a platform that helps developers and decision makers to select appropriate authentication schemes for their application scenarios. It allows specifying the requirements needed for an authentication scheme to be suitable. Then, the platform compares the requirements with the entries of its knowledge base and lists the five most suitable authentication schemes. The knowledge base contains data about a variety of authentication schemes from the scientific literature. ACCESS enables usage of this data by non-experts.

Link_more
Best paper award at SAC 2018

The paper „Helping John to Make Informed Decisions on Using Social Login“ by Farzaneh Karegar, Nina Gerber, Melanie Volkamer and Simone Fischer-Hübner won a best paper award in the theme „System Software and Security” at SAC 2018.

Link_more
SECUSO researcher organizes E-VOTE-ID 2018 (13-03-2018)

Prof. Melanie Volkamer, Professor at the SECUSO research group at Karlsruhe Institute of Technology and Technische Universität Darmstadt is co-organizing the International Conference for Electronic Voting (E-VOTE-ID) 2018.

This conference is one of the leading international events for e-voting experts from all over the world. E-VOTE-ID is an annual meeting formed by merging EVOTE and VoteID. The third joint conference will take place in October 2018.

One of its major objectives is to provide a forum for interdisciplinary and open discussion of all issues relating to electronic voting. Cumulatively, since 2004 more than 750 experts from 35+ countries in six continents have attended this conference to discuss electronic voting and related topics.

The aim of the conference is to bring together e-voting specialists working in academia, politics, government and industry in order to discuss various aspects of all forms of electronic voting (including, but not limited, to polling stations, kiosks, ballot scanners and remote voting by electronic means) in three conference tracks and a PhD colloquium.

The E-Vote-ID 2018 will be held in Bregenz, Austria, on October 2-5, 2018.

Link_more
Human Factors in Security & Privacys in IoT

We are co-guest editing a special issue on human factors in security and privacy in IoT for thei informatics journal. The submission deadline is November 30 2018.

Link_more11.06.2018
SECUSO bei der ZKI Tagung in Konstanz (09-03-2018)

Im Rahmen der Tagung des Unterarbeitskreises "IT-Sicherheit" des Vereins der Zentren für Kommunikationsverarbeitung in Forschung und Lehre (ZKI e.V.) an der Universität Konstanz gibt Dr. Marco Ghiglieri am 14.03.2018 einen Vortrag zum Thema "Wie Sie sich mit effektiven Maßnahmen gegen Phishing und andere gefährliche Nachrichten schützen können".

Materialien zum Thema "Phishing und andere gefährliche Nachrichten" wurden u.a. innerhalb des vom Bundesministerium für Wirtschaft und Energie im Rahmen der Initiative IT-Sicherheit in der Wirtschaft geförderten Projekts KMU AWARE entwickelt.

Research results from the SECUSO research group added to the iX Info-Hub for Security-Awareness-Ressources (26-01-2018)

Especially for small and medium-sized enterprises (SMEs) the provision of IT security awareness-raising and education measures is a problem. To support such SMEs, iX has launched the info hub for security awareness resources.

In the course of the project "KMU AWARE" of the German initiative "IT-Sicherheit in der Wirtschaft" of the Federal Ministry of Economics and Energy, numerous awareness-raising and education measures tailored to SMEs have been developed. These measures are now linked in the iX Info-Hub for Security Awareness Resources and therefore easily accessible to interested parties.

Link_more
The family of Privacy Friendly Apps has grown (29-03-2018)

SECUSO just published five new Privacy Friendly Apps and two updates.The Privacy Friendly Apps are a group of Android apps that are optimized regarding privacy. All apps were developed within SECUSO's usable security and privacy lab by students. The lab aims to teach privacy-aware developed as well as app development.

The new apps are:
* Pain Diary: An app that facilitates recording pain related data like location and intensity of pain.
* Boardgame Clock: An app that supports the time management of boardgames.
* Checkers: A boardgame for one or two players.
* Circuit Training: An app that supports the user in circuit training via time tracking and exercise display.
* WiFi Manager: Automatic switching on an off of the device's WiFi depending on the user's location.

The updated apps are:
* Net Monitor: Monitoring the network traffic of installed apps without permissions.
* Todo-Liste: Managing of todo tasks.

Link_more
Paper accepted at IEEE TrustCom 2018 conference

The paper "A Concept and Evaluation of Usable and Fine-Grained Privacy-Friendly Cookie Settings Interface" by Oksana Kulyk, Peter Mayer, Oliver Käfer and Melanie Volkamer was accepted at the 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (IEEE TrustCom-18), which is A-ranked.

Link_more
2 Workshop papers and 2 posters accepted at SOUPS 2018

Two papers were accepted for publication in workshops which are co-located with SOUPS: The paper "Home Sweet Home? Investigating users’ awareness ofsmart home privacy threats" by Nina Gerber, Benjamin Reinheimer and Melanie Volkamerwill be presented at the workshop An Interactive Workshop on the Human aspects ofSmarthome Security and Privacy (WSSP) and the paper “ACCESSv2: A Collaborative Authentication Research and Decision Support Platform" by Peter Mayer, Philip Stumpf, Thomas Weber and Melanie Volkamer will be presented at the workshop  Who Are You?! Adventures in Authentication 2018 (WAY 2018). Furthermore, the posters "‘This Website Uses Cookies‘: Users' Perceptions and Reactions to the Cookie Disclaimer“ by Oksana Kulyk, Annika Hilt, Nina Gerber and Melanie Volkamer and "Addressing Misconceptions About Password Security Effectively" by Peter Mayer and Melanie Volkamer have been accepted for presentation at SOUPS 2018.

Link_more
Paper accepted at CHI conference (31-01-2018)

The paper "What Did I Really Vote For? - On the Usability of Verifiable E-Voting Schemes" by Karola Marky, Oksana Kulyk, Karen Renaud and Melanie Volkamer was accepted at the Conference on Human Factors in Computing Systems (CHI 2018).

Link_more
Paper accepted at the TrustBus 2018 conference

The paper " Phishing Detection: Developing and Evaluating a Five Minutes Security Awareness Video" by Melanie Volkamer, Karen Renaud, Benjamin Maximilian Reinheimer, Philipp Rack, Marco Ghiglieri, Peter Mayer, Alexandra Kunz, Nina Gerber has been accepted at the TrustBus 2018 (15th International Conference on Trust, Privacy and Security in Digital Business).

Link_more
Privacy Friendly Weather offers more security and enhanced usability (19-03-2018)

Our Privacy Friendly App "Weather" received a big update.

Due to the usage of HTTPs for forecast requests the app offers an enhanced security and privacy. Furthermore, Privacy Friendly Weather's userinterface was redesigned. Besides design improvements, the app now offers a better performance. Forecast data are loaded more efficiently and the app starts faster.

Three configurable widgets form a further highlight.

Link_more
Safer Internet Day - SECUSO informiert, wie Sie sich vor Online-Betrug schützen können (06-02-2018)

Heute findet bereits zum 19. Mal der weltweite Safer Internet Day statt. Auch das AIFB und KASTEL beteiligen sich am Aktionstag: Anlässlich des diesjährigen Tags für mehr Internetsicherheit haben wir unseren NoPhish Flyer erweitert, um Ihnen aufzuzeigen, wie Sie sich vor Online-Betrug im Allgemeinen schützen können.

Viel Spaß beim Nicht-Betrogen werden.

Link zum Flyer

Paper accepted at GI-Sicherheit 2018 (29-01-2018)

The paper "Comparative Usability Evaluation of Cast-as-Intended Verification Approaches in Internet Voting" by Karola Marky, Oksana Kulyk and Melanie Volkamer was accepted at "Sicherheit 2018.

Link_more
Paper accepted at SOUPS 2018

The paper "Replication Study: A Cross-Country Field Observation Study of Real World PIN Usage at ATMs and in Various Electronic Payment Scenarios" by Melanie Volkamer, Andreas Gutmann, Karen Renaud, Paul Gerber, and Peter Mayer was accepted for publication at the USENIX conference Symposium on Usable Privacy and Security (SOUPS), which represents the primary venue for research in usable privacy and usable security. The conference will be held August 12–14, 2018 in Baltimore (USA).

Link_more
Special issue on e-voting published (01-01-2018)

"Special issue on e-voting", Journal of Information Security (JISA) 2017 (editors: Budurushi, J., Neumann, S., Renaud, K., Volkamer, M.) is now available.

Link_more
Paper accepted at ARES 2018

The paper „Finally Johnny Can Encrypt. But Does This Make Him Feel More Secure?” by Nina Gerber, Verena Zimmermann, Birgit Henhapl, Sinem Emeröz and Melanie Volkamer was accepted at the 13th International Conference on Availability, Reliability and Security (ARES), which will be held from August 27 to August 30 at the University of Hamburg, Germany.

Link_more
Paper accepted for EuroUSEC

The paper "This Website Uses Cookies: Users' Perceptions and Reactions to the Cookie Disclaimer" by Oksana Kulyk, Annika Hilt, Nina Gerber, Melanie Volkamer has been accepted at a European Symposium on Security and Privacy (EuroS&P) event, the 3rd European Workshop on Usable Security (EuroUSEC), which will be held at 23. April 2018 in London.

Link_more
SECUSO contributes to a textbook on 'Sicherheitskritische Mensch-Computer-Interaktion' (12-01-2018)

The book 'Sicherheitskritische Mensch-Computer-Interaktion' has been published by Springer. It contains the chapter 'Human Factors in Security' by Paul Gerber, Marco Ghiglieri, Birgit Henhapl, Oksana Kulyk, Karola Marky, Peter Mayer, Benjamin Reinheimer and Melanie Volkamer. Therein, the authors provide an introduction in the topic of human factors in security and present general solutions based on the Human-Centered Security by Design approach.

Link_more
Two articles have been published in the Datenschutz und Datensicherheit journal

The article “Analyse der Sicherheit und Erinnerbarkeit der DsiN-Passwortkarte“ by Peter Mayer, Alexandra Kunz and Melanie Volkamer, as well as the article “Effektiver Schutz vor betrügerischen Nachrichten“ by Stephan Neumann, Benjamin Reinheimer, Melanie Volkamer, Alexandra Kunz and Christian Schwartz were accepted for the journal DuD Datenschutz und Datensicherheit. In the same issue you can find an article from KASTEL colleagues Jürgen Beyerer, Jörn Müller-Quade und Ralf Reussner on the topic of “Karlsruher Thesen zur Digitalen Souveränität Europas”.

Link_more
21st International E-Voting Colloquium at KIT

On April 9th and 10th, Melanie Volkamer and Oksana Kulyk co-organised the 21st E-Voting Colloquium at Karlsruhe Institute of Technology together with the KASTEL professors Prof. Dr. Bernhard Beckert and Prof. Dr. Jörn Müller-Quade. 

Since 2006, the colloquium takes place in order to consider different aspects of E-Voting, such as legal hurdles, identity management, legal and technical aspects, costs and challenges of the verification of elections. In addition to presentations and discussions dedicated to the current state of research of the participating doctoral students, the highlight of this year's colloquium was the demo session of the voting machines from the SECUSO research group. The presented machines included the mechanical voting device 'System Darmstadt' and a NEDAP voting computer, both were used in the past for legally binding elections in Germany, yet are currently not allowed to be used for such elections anymore. Furthermore, the EasyVote system has been presented, which was developed within the SECUSO research group for elections that allow cumulative voting and panachage. 

Link_more
Melanie Volkamer referiert bei der Auftaktveranstaltung zur diesjährigen Wissenschaftsreihe EFFEKTE der Stadt Karlsruhe [German only]

Ein Jahr, zwölf Ausgaben Wissenschaftskommunikation, vier Veranstaltungsorte – ab dem 5. Juni 2018 ist die EFFEKTE-Reihe wieder mit einem abwechslungsreichen Programm der verschiedenen Karlsruher Wissenschaftseinrichtungen an einem Dienstag auf dem Gelände des Alten Schlachthofs zu Gast. Unter dem Motto "Karlsruhe 4.0" finden Sie hier das Programm und alle Themenabende des ersten Veranstaltungshalbjahres. Alle Veranstaltungen sind kostenfrei. Die Auftaktveranstaltung steht unter dem Motto "Digitalisierung: Risiken, Gefahren und Lösungen" und findet am 5. Juni von 19:30 bis 22:00 Uhr im Tollhaus statt. Welche Risiken das sind und wie die neuen Herausforderungen gemeistert werde können, darüber sprechen Dr. Dirk Achenbach vom FZI Forschungszentrum Informatik, Dr. Michael Friedewald vom Fraunhofer-Institut für System- und Innovationsforschung und Prof. Dr. Melanie Volkamer vom Karlsruher Institut für Technologie.

Link_more
Paper accepted for publication in the Computers & Security Journal

The paper „Explaining the Privacy Paradox - A systematic review of literature investigating privacy attitude and behavior” by Nina Gerber, Paul Gerber and Melanie Volkamer was accepted for publication in the Computers & Security Journal.

Link_more