Content overview


Welcome to KASTEL Security Research Labs

The Competence Center for Applied Security Technology (KASTEL) is a competence center for cyber security initiated by the German Federal Ministry of Education and Research (BMBF).

Following the motto "Comprehensible security in the networked world“, KASTEL addresses the challenges posed by the increasing interconnection of previously isolated systems. Of particular importance are the consequences of digitalization in the area of critical infrastructures, for example in the energy industry, in networked mobility or in industrial production.

KASTEL bundles the competencies in the field of IT security at the research location Karlsruhe. The goal is to develop a comprehensive approach instead of isolated partial solutions. The focus will be on comprehensive security in specific application areas, such as power grids, smart mobility, or intelligent factories.

To ensure this security, new threats must be modeled, security objectives described and new methods developed. This can only be achieved through collaboration between cryptographers, IT security specialists, software engineers, network experts, jurists, economists and social scientists - as is the case here at KASTEL.

KASTEL started in 2011 with a term of four years. After a successful evaluation in 2014, the term was extended by the BMBF, and after another successful scientific evaluation and a strategic assessment by the Helmholtz Association, it was finally decided to permanently fund KASTEL.

The KASTEL Institute of Information Security and Dependability at KIT, part of the KASTEL Security Research Labs, can be found here.



SECUSO receives Consumer Protection Award

The SECUSO research group received the Federal Consumer Protection Award from the German Consumer Protection Foundation (“Deutsche Stiftung Verbraucherschutz”, DSV)! The prize is awarded for the development of user-friendly and simple concepts and tools that help users of online services, apps and software to protect their privacy and data security. The prize is awarded by the foundation of the Federation of German Consumer Organizations to outstanding consumer protection projects. The prize was awarded on Monday, September 26, 2022, in Berlin. Dr. Peter Mayer accepted the award on behalf of the research group.

More information (German)
Update of the Google Pixel fixed a flaw in the QR-Scanner

The Research Group Security – Usability – Society (SECUSO) found a security design flaw in the QR scanner on the Google Pixel and was able to communicate it to Google and the BSI. The newest update of the Android system (Android 13) also changed the QR scanner UI and fixed the security breach. The problem was that the QR scanner did not present the domain of an URL at a certain length of the link. The earlier representation potentially enabled an attacker to let the user see anything, but the domain, without the possibility to check for the actual domain. Don’t forget to update your Google Pixel, to ensure you have the newest security updates.

New book chapter on “token economy” published

The chapter „Finding the Right Balance: Technical and Political Decentralization in the Token Economy“ by Michelle Pfister, Niclas Kannengießer, and Ali Sunyaev was published in the book „Blockchains and the Token Economy: Theory and Practice“: Distributed ledger technology (DLT) systems can enable decentralized assets ownership management in token economy instances. The increase of network effects requires interoperability between token economy instances, thus between DLT systems. Cross-ledger interoperability (CLI) affects the decentralization of token economy instances. The authors describe patterns for the implementation of CLI systems, present their notion of political decentralization in token economy instances using CLI, and examine potential implications of CLI patterns and governance mechanisms. On this basis, balancing centralization and decentralization in token economy instances that comprise multiple DLT and CLI systems are discussed.

Read the Chapter
Use of distributed ledger technology for decentralized “mobility-as-a-service” ticket systems

“Mobility-as-a-Service” (MaaS) is a concept for combining different modes of transport and diverse mobility services while facilitating use through strong customer orientation (e.g., pay-as-you-go tariffs, uniform interfaces). Mobility providers depend on decisions of system providers, which can cause discrimination of competitors in MaaS ticket systems and limit flexibility for customers. On June 23, 2022, KASTEL researchers presented a preliminary system design and implementation of a decentralized MaaS ticket system at the 14th Science Forum on Mobility in Duisburg, Germany.  The MaaS ticket system is built on a distributed ledger technology (DLT) and trusted execution environments (TEEs). It was shown that the scalability of the decentralized MaaS ticket system could be sufficient for real-world use cases.

More information
Paper “Dos and don'ts of machine learning in IT security” received the “Distinguished Paper Award” at the USENIX Security Symposium 2022

The paper “Dos and don'ts of machine learning in IT security” has received a “Distinguished Paper Award” at the USENIX Security Symposium 2022 and will be presented on Friday, August 12, 2022, in Boston.

Read the Paper
Paper “Dos and don'ts of machine learning in IT security” at the USENIX 2022

Applications in computer security increasingly employ learning-based systems. However, using machine learning correctly and evaluating such systems reliably holds subtle pitfalls and can critically skew the results. In cooperation with the London universities UCL, KCL, and Royal Holloway, as well as the TU Braunschweig and the TU Berlin, KASTEL researchers have systematized ten such sources of error and their prevalence in research publications at the top four computer and system security conferences (IEEE S&P, ACM CCS, USENIX Security, NDSS).

Read the paper