The research group "Applied Information Security” under the lead of Prof. A. Wacker focuses on the analysis and development of secure information systems. A special focus is on security mechanisms for distributed systems. The research of the group is divided into four different research areas:

The four different research areas of the group "AIS"
The four research areas of the group Applied Information Security

Security in Self- * Systems

Here, the group researches security mechanisms, in particular for the detection and prevention of malicious behavior in distributed systems without having a dedicated central instance (e.g. peer-to-peer systems, ad-hoc networks, grid systems or sensor networks). One application for this are so-called cyber-physical systems. Such systems monitor the real world using sensors and manipulate it using actuators. An example of such a system is a house (physical) that is monitored by a (cyber) system. At this, sensors are cameras; actuators are switches to control lights that illuminate the surrounding areas. By eliminating the central instance in such systems, multiple challenges arise, in particular in the field of IT security. Another application is distributed and decentralized volunteer computing. Here, users participate with their computing resources on a voluntary basis to help work on a very computationally intensive task. In volunteer computing, it must be made sure that individuals cannot distort or manipulate the overall result.

Projects: CYPHOC, Secure Volunteer Computing Cloud

Privacy Supporting Mechanisms

In this research area, the group researches methods and algorithms, which are intended to strengthen the privacy of each individual. One important subject here is the "Deleting on the Internet". Since May 2014, the public debate has taken a new turn as Google was sentenced by court to remove certain links from their search results. Right now, there is no lack of criticism of the Article 17 of the EU wide data protection act due to difficulties with its technical implementation. However, currently no concrete solution proposals for the technical implementation are known. In this context, the group researches a system to give both internet users and service providers alike the technical means to implement the requirements from Article 17. Another research project in this area is Social Link (Solin). In this project, the group studies communication rules for the Internet age allowing people to get a better work-life balance. In particular, the group examines necessary technical security mechanisms to protect personal data and the privacy of individuals. In addition, the continuously increasing number of sensors in our everyday environment must be considered. All these information sources can be used to collect data about individuals. This project aims to develop technical solutions to prevent the transfer of personal data and its use for data profiling.

Projets: „Deleting on the Internet“, Social Link

Increasing IT Security Awareness


Another research area is the field of "data self-protection". This includes training and educating the general public about what they can do to protect their own (private) data on the Internet. The group also develops methods and tools for increasing security awareness in the development and usage of software tools. The open source e-learning project CrypTool 2 is an important part of this effort. With this software different cryptographic and cryptanalytic primitives and protocols are presented visually and in an easily understandable manner. CrypTool 2 is also used in lectures or training courses. Another approach for increasing security awareness is the MysteryTwister C3 project. Here the group offers cryptographic puzzles for everyone to solve. By actively breaking such puzzles, participants can significantly increase their knowledge about the security or insecurity of a particular method. Furthermore, raising awareness for the necessity of secure e-mail (regular courses for "the citizen") as well as active development of fitting software tools are also pursued by the group.   For example, as addition to encrypting e-mail messages via PGP or S/MIME, the group develops an easily usable and secure method for encrypting e-mails using passwords.

Projekte: CrypTool 2, MysteryTwister C3, Schülerkrypto, Secure E-Mail

Cryptanalysis of Classic Ciphers

This research area provides new insights and results that are not just interesting for computer scientists. In the "cryptanalysis of classic ciphers" the group examines the field of classical encryption methods (M-209, single and double columnar transposition, Chaocipher, ADFGVX, and more) using modern (meta-) heuristic methods, such as hill-climbing. The validity of the analyses as well as the security of the algorithms are examined. Especially by "breaking" historic cipher texts historians gain valuable new insights that would otherwise have been impossible. Additionally, the results, methods and algorithms that the group develops all benefit the CrypTool 2 project.

Project: Analysis of Classical Ciphers by Using Modern (meta-) Heuristic Methods
Colloquium: European Historic Ciphers Colloquium