Knowledge Transfer

A special concern of the Applied Information Security group is to inform and educate interested citizens and the public in general in questions of information security.

IT-security, or more general information security, affects many people’s everyday life. In some cases this is plainly noticeable, in others far less obvious but no less important. Be it entering the PIN-number at the ATM, the encrypted Wi-Fi at home, the HTTPS connection for online banking or the log-in to a social network, no one wants their personal data to fall into the wrong hands. Despite the obvious importance of information security, it has seldom been a topic with the general public. It is often argued as being too annoying and questions like “Why does my password have to be that long?” or “Why do I have to enter long numbers into my devices to use the Wi-Fi?” come up. Only in the year 2013 information security received broader attention from the public, when Edward Snowden revealed documents about extensive spy-programs by US intelligence agencies targeting the global communication infrastructure. Despite these revelations and assured by press articles trivializing the matter, there are still many people who believe that, since they “have nothing to hide”, they are not at all affected. Our group actively works on changing such attitudes and furthering the awareness towards information security issues. In addition, we work on making existing security protocols easier to use and therefore more accessible for non-experts.

To increase information security awareness, the group provides talks and information material for several topics on this website, which can be downloaded and used freely.

Schülerkrypto

Several times a year, the group organizes the "Schülerkrypto". This is a workshop for students introducing them to cryptography and especially secret messages in a fun and easy way. "Schülerkrypto" aims to show to the students the importance of cryptography in everyday life and that the mathematics behind it is no magic at all. The overall goal is to increase the security awareness of young people and to motivate them to pursue studies in the field of STEM (science, technology, engineering, mathematics).

Secure E-mail

FreeDigitalPhotos.net

An important topic, about which Prof. Arno Wacker has given several public talks, is "Secure E-mail". He explains, why sending unencrypted and unsigned e-mails can be harmful, even though one has "nothing to hide". In addition to that he shows, how secure e-mail can easily be set up and used by anyone.

AIS Heartbleed Challenge

Heartbleed logo

The "heartbleed bug" was a major security vulnerability in the year 2014 concerning the well known OpenSSL library. A manipulated data packet in the Transport-Layer-Security-Protocol (TLS) could provoke a buffer overflow, so that webservers using OpenSSL sent out data potentially containing private information. This way an attacker could gain access to certificates and private keys. Using the Heartbleed-Webserver of our group, interested parties can exploit the bug and run such an attack. The server is of course isolated from the rest of our network and contains no private data. The goal is for people to learn how easy even modern security protocols can be circumvented by implementation errors without the need to attack an actual production server and potentially causing harm.

Invited Talks

Prof. Arno Wacker has held multiple talks in industry and the private sector about information security topics.