Projects

SENTIMENT - Secure self-disclosure for intimate communication with dialog systems

Duration: 04.2024 – 03.2027

Links:  Federal Ministry of Education and Research

Thanks to large language models, chatbots have recently made considerable leaps in quality. These dialog systems can now generate natural-looking responses to a wide range of queries, respond to follow-up questions and even create longer conversations. This brings interaction with chatbots ever closer to an authentic exchange with a human being. In Germany, more and more users are communicating regularly with chatbots. This often blurs the perceived boundaries between artificial intelligence (AI) and a real communication partner. Companies behind some applications are already deliberately exploiting this gray area and advertising their products with the catchphrase “AI friend”. In such applications, users can activate a romantic relationship mode, for example, which allows them to have emotional (video) conversations with a previously configured artificial person. Chatbots can therefore also simulate intimate interpersonal communication. This includes words of self-disclosure, affirmation, trust and affection. As a result, users place their trust in the systems and reveal intimate, personal details. So far, however, this aspect of digital intimacy has hardly been investigated in the context of privacy research.

The aim of the project “Secure self-disclosure in intimate communication with dialog systems” (SENTIMENT) is to conduct interdisciplinary research into the processes involved in communication with chatbots when people disclose sensitive or intimate information. Researchers from the fields of psychology, computer science, law and art are working together on this. Based on an inventory of intimate self-disclosure in communication situations with chatbots, a risk assessment with regard to data protection and user self-determination will be carried out. From the insights gained, targeted privacy-by-design mechanisms to counteract the previously-identified risks wil be derived and evaluated as part of an empirical study. The project team also plans to involve the public in their work – for example, through an art exhibition on the topic of “Protecting intimate communication”, designed as a dialog forum in which the researchers enter into an exchange with the public and in turn incorporate the knowledge gained into the project.

Pentest-5GSec - Mobile pentesting for secure 5G networks

Duration: 06.2023 – 05.2025

Links:  Federal Office for Information Security

The spread of 5G networks requires a high level of security for the individual components. Particularly with the increasing privatization of the mobile communications sector through campus networks, these must be considered and treated from an information security perspective. As campus networks are to be used for various infrastructures, including critical infrastructures such as healthcare or energy supply, correspondingly high security standards must be in place within the network. In addition, the components used must also be checked, as they ultimately process all network traffic within a network segment or campus network. In the core network in particular, 5G networks rely on web technologies such as HTTPS, Docker, Kubernetes and OpenAPI. These components are constantly changing and must be tested and hardened in addition to the actual hardware. Current audit or pentesting guidelines are not compliant for 5G-enabled communication devices. It is imperative that this knowledge gap is closed as more and more 5G devices are deployed in the real world. In addition, the current threat models need to be constantly updated. Based on these threat models, the products must then be certified accordingly in a laboratory system. There are currently only two NESAS-CCS-GI test centers in Germany, which can hardly cope with the expected number of systems to be tested.

This project is intended to contribute to a diverse audit landscape and make certain aspects of the audit process accessible to a broad public. In particular, the components of pentesting and threat modeling are to be strengthened within the audit process.

DigiFit - Digital Fitness for citizens: realistic risk perception, safe routines

Duration: 09.2022 – 08.2025

Links:  Federal Ministry of Education and Research, https://digifit-sicher.de

The increasing digitalization of society, which has been further accelerated by the Covid-19 pandemic, means that many people carry out professional and private activities from home via the internet. They often do not have the knowledge or know-how to protect themselves against attacks by cyber criminals. The risks associated with digitalization are not realistically assessed and the security measures recommended by experts are only partially followed or not followed at all. It is necessary to equip citizens with the appropriate skills so that they can protect their privacy and act independently online.

The aim of the project “Digital fitness for citizens – realistic risk perception, secure routines (DigiFit)” is to develop a new concept for teaching digital skills in the areas of IT security and privacy protection. The aim is to move away from today’s widespread security awareness campaigns towards communication that goes beyond risk perception and supports users in developing secure routines. The project team aims to develop a simple IT security terminology and pedagogical, psychological and communication science measures that can be used to communicate basic knowledge about threats and secure digital behaviors in a new way. The new approaches will be evaluated with different, mixed-age user groups. Finally, materials and behavioral training will be created and distributed to specific target groups via group training sessions and apps that work in a similar way to fitness or meditation apps.

5G-IoTSec - IoT security in the era of 5G

Duration: 12.2022 – 11.2025

The rate at which (wireless) IoT devices are being manufactured and the rate at which they are being adopted by consumers and businesses is increasing alarmingly. This trend is expected to continue at a similar rate in the coming years. Therefore, there is an urgent need for academic researchers to propose novel testing frameworks that can cope with the plethora of (wireless-based) IoT devices entering the market.The aim of this project is to build the expertise that enables large-scale cybersecurity testing of IoT devices. Such a platform has not yet been described in the scientific literature and would make a new contribution to the state of the art.

To this end, several scientific challenges would need to be overcome. A thorough literature review of existing regulations and standards on the operation of IoT devices according to current and future safety requirements would be conducted. This initial analysis would then be used to derive appropriate test suites for the evaluation of IoT devices. Potential attack vectors (both software and hardware-based) need to be further investigated and used as input for further consolidation of our proposed security tests. In addition, a scientific comparison between existing and new testing approaches will provide further insight into how testing can be made robust and efficient and eventually automated, and the results of the 5G IoTsec project will enable the introduction of innovative testing tools and methods to evaluate IoT systems accordingly so that governments and citizens can adopt them, enabling the growth of a secure IoT network.

Cluster of Excellence: “CASA – Cyber Security in the Age of Large-Scale Adversaries”

Duration: 2019 – 2026

The digital world has become an integral part of daily life for many people. Whether it is private messages, medical records, corporate information, or state secrets, all of this sensitive data is digitized and made accessible worldwide. This makes them an attractive target for cybercriminals who often possess significant financial resources and technical expertise to cause long-term harm. Current security solutions are often inadequate for this challenge.

The outstanding researchers of the Cluster of Excellence “CASA – Cyber Security in the Age of Large-Scale Adversaries” research and develop robust and sustainable countermeasures against powerful cyber attackers, with a focus on nation-state adversaries. The research of CASA is characterized by a strong interdisciplinary approach that not only addresses technical issues but also examines the interplay between human behavior and IT security. Accordingly, the research conducted focuses on the themes “Future Cryptography,” “Embedded Security,” “Secure Systems,” and “Usability.” This unique, holistic approach forms the basis for excellent research in the field of IT security.

The Chair for Security and Privacy of Ubiquitous Systems is involved in the following projects within CASA:
• Fundamental Research Project, „Bridging the Gap: From Privacy by Design to Privacy Implementation“
• Transfer Project with Telefónica, „Leveraging programmable data planes to improve network security and privacy“
• Fundamental Research Project, „Improving IT Security and Privacy for Deaf and Hard-of-Hearing People”

We thank the following organizations for their support: