Content overview

sprungmarken_marker_1495

Welcome to KASTEL Security Research Labs

The Competence Center for Applied Security Technology (KASTEL) is a competence center for cyber security initiated by the German Federal Ministry of Education and Research (BMBF).

Following the motto "Comprehensible security in the networked world“, KASTEL addresses the challenges posed by the increasing interconnection of previously isolated systems. Of particular importance are the consequences of digitalization in the area of critical infrastructures, for example in the energy industry, in networked mobility or in industrial production.

KASTEL bundles the competencies in the field of IT security at the research location Karlsruhe. The goal is to develop a comprehensive approach instead of isolated partial solutions. The focus will be on comprehensive security in specific application areas, such as power grids, smart mobility, or intelligent factories.

To ensure this security, new threats must be modeled, security objectives described and new methods developed. This can only be achieved through collaboration between cryptographers, IT security specialists, software engineers, network experts, jurists, economists and social scientists - as is the case here at KASTEL.

KASTEL started in 2011 with a term of four years. After a successful evaluation in 2014, the term was extended by the BMBF, and after another successful scientific evaluation and a strategic assessment by the Helmholtz Association, it was finally decided to permanently fund KASTEL.

The KASTEL Institute of Information Security and Dependability at KIT, part of the KASTEL Security Research Labs, can be found here.

 

NEWS

Paper "Dos and don'ts of machine learning in IT security" received the "Distinguished Paper Award" at the USENIX Security Symposium 2022

The paper "Dos and don'ts of machine learning in IT security" has received a "Distinguished Paper Award" at the USENIX Security Symposium 2022 and will be presented on Friday, 12 August 2022, in Boston.

Read the Paper
Paper "Dos and don'ts of machine learning in IT security" at the USENIX 2022

Applications in computer security increasingly employ learning-based systems. However, using machine learning correctly and evaluating such systems reliably holds subtle pitfalls and can critically skew the results. In cooperation with the London universities UCL, KCL, and Royal Holloway, as well as the TU Braunschweig and the TU Berlin, KASTEL researchers have systematized ten such sources of error and their prevalence in research publications at the top four computer and system security conferences (IEEE S&P, ACM CCS, USENIX Security, NDSS).

Read the paper
Protection of privacy in processing and analysis of user data

Between the poles of consumer privacy and business interests of operators, it is often desirable to use cryptographic protocols for the protection of privacy. With many proposed solutions, e.g., privacy- protecting electronic payment systems, it will fail because users are given guarantees, while legal regulations and the operators’ interests are often ignored. KASTEL researchers developed a system that protects the privacy of users and offers the operator options for evaluating user data. Possible applications are e.g., the use of differentiated price models and the operation of customized traffic planning. Markus Raiber presented this study at the PETS 2022 in Sydney, Australia, on July 12, 2022.

Read the paper
“Digital Autonomy Award” for the project Privacy Friendly Apps

The winner of the new “Digital Autonomy Awards” is the project Privacy Friendly Apps of the KIT research group SECUSO (Security – Usability – Society). The interdisciplinary jury and the participants of the online voting commended the contribution to increasing individual digital sovereignty. The more than 30 free open source apps from the fields of fitness & health, tools, games, and security developed within the project request only the necessary permissions and do not contain any tracking mechanisms. The prize is awarded by the BMBF-funded competence center and network Digital Autonomy Hub aiming for increasing the digital self-determination of users.

More information
Paper accepted at USENIX 2022

The paper “Why Users (Don't) Use Password Managers at a Large Educational Institution” by Peter Mayer, Collins W. Munyendo, Michelle L. Mazurek, and Adam J. Aviv was accepted for publication at the 31th USENIX Security Symposium (USENIX 2022). The authors surveyed 277 faculty, staff, and students about their use of password managers. They found that the largest factor encouraging PM adoption is perceived ease-of-use, indicating that communication and institutional campaigns should focus more on usability factors. USENIX Security will take place as a hybride on-site event in Boston, MA, USA, from August 10 to 12, 2022.

More information
Ina Schaefer elected chair of the Expert Group on Transformation of the Automotive Industry

Ina Schaefer, holder of the professorship for “Testing, Validation, and Analysis of Software-Intensive Systems” at the Institute for Information Security and Dependability (KASTEL), was elected chair of the expert group on “Transformation of the Automotive Industry” under the aegis of the Federal Ministry of Economic Affairs and Climate Action (BMWK) on June 28, 2022.

More information
KASTEL informs the Consul General of Israel about Cyber ​​Security at KIT

During her visit to Karlsruhe on June 28, 2022, the Consul General of Israel, Carmela Shamir, informed herself about the activities of KIT on the topic of Cyber ​​Security. She was accompanied by the representative of Israel to Baden-Württemberg, Maren Steege, and Mayor Dr Frank Mentrup. KASTEL Fellow Professor Jörn Müller-Quade explained current research activities of the Topic "Engineering Secure Systems" (ESS). Using examples from the energy industry, networked mobility and industrial production, Müller-Quade illustrated the special importance of IT security for the ongoing digitalization in the area of ​​critical infrastructures. The Consul General and her delegation showed great interest in the statements, as the topic is also of great actual relevance in Israel.

Paper on P2P network of Bitcoin on Financial Cryptography and Data Security 2022

The number of participants in Bitcoin's P2P network is difficult to measure. With the help of two students, the DSN research group has developed a method to estimate how many peers are active on the P2P network - regardless of whether those peers are reachable or not. At Financial Cryptography and Data Security 2022, the results of applying this method to data from the DSN research group's long-standing Bitcoin monitoring were published.

To the paper