Today, applications collect and analyze a vast quantity of (digital) information to optimize performance and availability. Rarely, the privacy concerns of users concerning confidential information is respected. Within our research we try to improve certain applications by developing new privacy-preserving protocols which have the same functionality but consider the privacy concerns of users.
A common problem is the collaboration between organizations. Each party defines their own set of rules under which they are willing to collaborate, e.g., interact, share and exchange resources or information with others. Typically, these individual policies differ for different parties. Thus, collaboration requires the resolving of differences and reaching a consensus. This process is generally referred to as policy reconciliation. Current solutions for policy reconciliation do not take into account the privacy concerns of reconciliating parties. Within our research we've developed new protocols that meet the privacy requirements of the organizations and allow parties to find a common policy rule which optimizes their individual preferences.
A following challenging task is the secure information exchange between organizations respecting their privacy concerns. The participating parties have an interest in the availability as well as in the confidentiality of information. A solution should respect the privacy concerns and maximize the availability of information. A possible approach to solve this problem is pseudonymization. Within our research we've constructed new privacy-preserving protocols based on restricted linkable pseudonyms solving the conflict between availability and confidentiality of information.
In the last decade mobile devices gained popularity and due to their functionality comparable to recent computers users tend to store their sensitive information on mobile devices rendering them an attractive target for mobile malware writers. As a consequence, mobile malware population increases every single year.
The first area of our research studies the ability of host-based anomaly detection systems to detect mobile malware using low level features such as system calls. Our second focus aims to identify sensor placements in current 3G and 4G backbone networks and detect traffic initiated by mobile malware directly in mobile operators' networks.
Security in Wireless Mesh Networks
In contrast to infrastructure wireless networking, wireless mesh networks employ multi-hop communication. This fact and the different use cases of multi and single provider setup impose new security challenges. Keeping the dynamic nature of these networks in mind, bootstrapping security associations onto the nodes, as well as detection and mitigating malicious behavior is the current focus of our study.
ASMONIA (Attack analysis and Security concepts for MObile Network infrastructures, supported by collaborative Information exchAnge) is a projected funded by the German Federal Ministry of Education and Research. ASMONIA aims to improve the resilience and reliability of current and future mobile networks and their backbone infrastructure.
Recent cyberwar incidents and the iPhone worm demonstrate the need for protection and collaborative early warning concepts tailored to the telecommunication sector. Additionally, threats to mobile networks will increase with the growing use of untrusted and malicious applications on modern mobile devices. Simultaneously, the utilization of mobile networks becomes more multifaceted (e.g., public/private use), and the technical heterogeneity (3G, 4G, non-3G and future generations) and complexity (roaming, interworking) of the overall system grows due to its interconnectedness. This trend will likely continue well into the future, due to the growing number of heterogeneous (e.g., wireless) interfaces on end devices and the increasing use of applications whose integrity cannot be guaranteed a priori.
The overall goal of ASMONIA is the development of a holistic security concept for mobile network infrastructures that satisfies the diverse requirements of modern networks. Integrity protection and attack detection solutions that exploit characteristics of resilient and flexible systems like cloud computing will therefore be integrated. The additional integration of collaborative information exchange mechanisms will improve the security level of modern communication networks.
In this project we work together with: Cassidian Systems, ERNW GmbH, Fraunhofer SIT, Hochschule Augsburg, Nokia Siemens Network (as well as associated partners DTAG, BSI, and BDBOS).
Security and Privacy in WLAN Roaming
Currently, roaming in Wi-Fi networks is cumbersome, or outright impossible. While there are WLAN networks in many locations, these are either not accessible without manual configuration effort, or insecure, or must be run be the same party the user already has an account with. A proper roaming protocol would help to solve these problems. We have developed a novel protocol suite for roaming WLAN devices that supports authentication, key agreement, and secure payment between roaming devices and network operators.
Malware Collection and Botnet Monitoring
The threat that malware imposes on computer networks has grown in past years. A big portion of malware samples includes "botnet" functionality and can thus be controlled by its author. Within our research we try to improve current and develop new methods of acquiring and analysing malware. From the malware samples we extract command & control information and are thus able to monitor the botnet's activity. The overall goal of this research is a more secure and less malicious Internet environment.