privacySFB Sonderforschungsbereich 1223 Tue, 18 Apr 2017 09:39:02 +0000 en-US hourly 1 privacySFB 32 32 Testkursnews Tue, 18 Apr 2017 09:39:02 +0000 CeBIT 2017: CISPA Exhibits 7 Selected Research Projects Wed, 05 Apr 2017 14:22:32 +0000 Continue reading CeBIT 2017: CISPA Exhibits 7 Selected Research Projects ]]> CISPA presented a selection of their research projects at this year’s CeBIT. Due to the continuing growth of the Saarbruecken Center for IT-Security, the projects could be presented at their own stall.

Privacy in Smart Homes
Prof. Christoph Sorge and his team analyzed for example the information an adversary can deduce from tapping wireless building automation systems and the effectiveness of protection mechanisms concluding that current mechanisms in place do not at all suffice as protection. Metadata such as the type of the device or the amount of data exchanged allow for detailed conclusions on the absence or presence of the residents. Sorges research aims at developing solutions that enable privacy-preserving encrypted wireless communication of building automation systems, while still preserving a reasonable battery lifetime. Read the press release by Saarland University on this project.

AUTOGRAM and tribble – Massive Automated Security Testing

Prof. Andreas Zeller’s group developed two tools for security testing. Given a set of program runs with inputs our “AUTOGRAM” tool automatically produces a so-called “context-free grammar”. The result is very accurate and readable, facilitates understanding the input structure, and can be used by a computer to parse, decompose, and analyze other inputs, and, most importantly, serve as input for massive systematic security testing. Their “tribble” tool uses a grammar to automatically produce millions of random yet valid inputs to a software system, which makes it infinitely more powerful than any traditional fuzzing system. With both tools security testing becomes fully automatic. Read the press release on Prof. Zeller’s projects.

Adversarial Learning
This project is presented by Prof. Michael Backes, director of CISPA and head of the Information Security & Cryptography Group at Saarland University, and his team. Since Machine Learning relies on different aspects than human perception, small perturbations of the input may already lead to critical changes in computation. ML and Data Mining were not designed for a context in which an adversary tampers with the data. Due to their increased usage security aspects have become crucial. Backes’ ongoing research on adversarial learning for the android malware classifier shows that consequences can be serious: Adding carefully selected permissions to a malware application, the intelligent malware classifier suddenly classifies this App as benign. Their research aims at methods to detect and prevent such malignant perturbations, e.g. by training the machine learning algorithm itself to identify such perturbed inputs in the future.

Android Middleware Security Testing
Dr. Sven Bugiel’s project focuses on smart devices like smartphones or tablets. To protect private data on these devices, robust security and and privacy mechanisms are required that both perform correct access controls against malicious applications and prevent attacks from escalating their privileges on the device. Thorough security testing of the software stack’s code base is needed to ensure these properties. Classical testing techniques quickly reach their limits considering the high complexity and size of mobile software stacks. Thus, Bugiel presented the Android Middleware Fuzzer, an ongoing research project, to discover security-critical bugs using a unique approach through targeted graybox fuzz testing.

Genetic Privacy – Towards Health Data Privacy
Prof. Backes’s team around Pascal Berrang and Mathias Humbert demonstrate in their research that there are significant risks for the privacy of patients in epigenetics. They are developing technical solutions to reduce this risk when publishing epigenetic data for research purposes.
Read the press release by Saarland University on this project.

Early Warning System for DDoS Attacks Against Critical Infrastructure
Mass attacks on the Internet that aim at blocking a particular service called “Distributed Denial of Service (DDoS) Attack” are easy to implement and therefore widespread. Prof. Christian Rossow’s team has developed honeypots, systems especially prepared to be attacked to subsequently monitor the attacker’s actions, for distributed attacks. With their global sensor network, they have managed to document more than 1.5 million attacks, identify the different phases of these attacks to develop an early warning system, and also derive clues about the attackers’ identity using a special fingerprinting method.

vatiCAN – Vetted, Authenticated CAN Bus
Car manufacturers use a so-called CAN bus to facilitate communication between devices and units inside a car. However, this comes at a price: Once an attacker controls a device connected to the bus, he can pretend to be a different component and manipulate messages. Stefan Nürnberger and Prof. Rossow developed a system that enables components to trust both the source and contenct of messages on the CAN bus. The software called “vatiCAN” only enables real and honest senders to attach the required authentication codes to messages, allowing for a security check. Additional computations introduces by the software only slow down the communication by two milliseconds, acceptable even while active steering, when immediate actions are required.

Andreas Zeller receives ERC Proof of Concept Grant Tue, 04 Apr 2017 10:37:00 +0000 Continue reading Andreas Zeller receives ERC Proof of Concept Grant ]]> CISPA Researcher and ACM Fellow Prof. Andreas Zeller has been awarded his second ERC Grant. After receiving the ERC Advanced Grant in 2011, the ERC Proof of Concept Grant will no enable him and his team to explore the commercial potential of BOXMATE and to develop a market-ready product by cooperating with one of CISPA’s spin-offs “Backes SRT”.

ERC grants are awarded on a regular basis by the European Research Council and are considered the most important and prestigious awards for research in Europe.

Strong media reaction after spying doll “Cayla” has been forbidden due to privacy concerns raised by S. Hessel (CISPA) Wed, 01 Mar 2017 15:17:38 +0000 Continue reading Strong media reaction after spying doll “Cayla” has been forbidden due to privacy concerns raised by S. Hessel (CISPA) ]]> Stefan Hessel, a student of CISPA researcher Prof. Sorge, has expressed legal concerns on the children’s doll “My friend Cayla” in his article (in German)
claiming Cayla should be considered a “concealed transmitting device”, illegal according to the German law. He alerted the German Federal Network Agency (Bundesnetzagentur) issuing a warning and finally forbidding its import, distribution, and even ownership. While Cayla looks like a regular doll, the smart toy can connect to the internet to communicate interactively. If the doll is hacked, hackers can listen and even speak to the child playing with the doll via a bluetooth device inside the toy that lacks any security features. Via its microphone, communication can be transmitted to third-parties, while it is not even obvious when the toy is actually listening and transmitting.

Saarland University has published a Press Release .

fltr: Prof. Christoph Sorge, Stefan Hessel, Photo: Ehrlich

List of selected articles/news:

The Guardian
Sky News
Frankfurter Rundschau (German)
Sueddeutsche Zeitung
Saarbrücker Zeitung

CISPA’s Parliamentary Evening in Berlin Mon, 20 Feb 2017 20:02:29 +0000 Continue reading CISPA’s Parliamentary Evening in Berlin ]]> On February 13, 2017, CISPA organized a Parliamentary Evening on “Autonomous Systems” in Berlin.

More than 150 people accepted CISPA’s invitation to “Landesvertretung des Saarlandes”.
After a welcome speech by the Prime Minister of Saarland, Ms. Annegret Kramp-Karrenbauer, Prof. Michael Backes, director of CISPA, gave a speech on “Autonomous Systems of the Future”, followed by a Panel Discussion.


Panel(ltr): Michael Hankel, Nadine Schön (MdB), Federal Minister of Education and Research Prof. Johanna Wanka, Prime Minister of Saarland Annegret Kramp-Karrenbauer, Prof. Michael Backes, Reinhard Karger

Talk and Panel Discussion: Cyber Security and civil Liberties (Timothy H. Edgar) Wed, 15 Feb 2017 13:41:59 +0000 Continue reading Talk and Panel Discussion: Cyber Security and civil Liberties (Timothy H. Edgar) ]]> 10:30 – Cybersecurity and civil liberties – how the new U.S. government will approach cyber threats
  • Timothy H. Edgar
    Senior Fellow at the Watson Institute of Brown University

Timothy H. Edgar is the author of Beyond Snowden: Privacy, Mass Surveillance and the Struggle to Reform the NSA (forthcoming 2017).
He served under President Obama from 2009 to 2010 as the first director of privacy and civil liberties for the White House National Security Staff, focusing on cyber security, open government, and data privacy initiatives.
From 2006 to 2009, he was the first deputy for civil liberties for the director of national intelligence, reviewing new surveillance authorities, the terrorist watchlist, and other sensitive programs.

He holds a JD from Harvard Law School, where he served on the Harvard Law Review, and an AB from Dartmouth College.

Mr Edgar’s talk is made possible through the support of the Embassy of the United States of America and the Deutsch-Amerikanisches Institut Saarbrücken.

For further information visit his Personal Website .

11:30 – Panel Discussion: State of the net: Weaponized information, manipulated elections – How can IT security safeguard civil liberties & political independence?

  • Timothy H. Edgar
    Senior Fellow at the Watson Institute of Brown University
  • Prof. Dr. Michael Backes
    Director of CISPA, Head of the Information Security & Cryptography Group
  • Prof. Dr. Christian Rossow
    Head of the System Security Research Group, CISPA
  • Mathias Gisch
    Head of Division International Data Protection, Data Protection Authority of Saarland
  • Ninja Marnau
    Senior Researcher, CISPA
CISPA Director Michael Backes receives “CNIL-Inria Award for Privacy Protection 2016” Wed, 25 Jan 2017 17:00:18 +0000 Continue reading CISPA Director Michael Backes receives “CNIL-Inria Award for Privacy Protection 2016” ]]> Prof. Michael Backes and his co-authors were awarded the CNIL-Inria Award for Privacy Protection for his paper “ADSNARK: nearly practical and privacy-preserving proofs on authenticated data” (Co-authors: Manuel Barbosa, Dario Fiore, and Raphael M. Reischuk). The award ceremony took place in Brussels as part of the CPDP Conference on January 25, 2017. Michael. Backes gave a short presentation of the paper during the ceremony.

Picture: CISPA

APP STORE 2.0: From Crowd Information to Actionable Feedback in Mobile Ecosystems Mon, 16 Jan 2017 10:04:39 +0000 Continue reading APP STORE 2.0: From Crowd Information to Actionable Feedback in Mobile Ecosystems ]]> Maria Gomez Lacruz


Title : APP STORE 2.0: From Crowd Information to Actionable Feedback in Mobile Ecosystems

Building: E9 1 (CISPA), Room 0.01


Given the increasing competition in mobile app markets, improving the experience of users has become a major goal for app vendors. Previous studies have demonstrated that app users who encounter issues (e.g., crashes, unresponsive apps) frequently uninstall apps and move to alternative apps. Hence, quickly detecting and preventing issues is crucial for staying competitive in the market. This presentation introduces a visionary app store, called APP STORE 2.0, which exploits crowdsourced information about apps, devices and users to increase the overall quality of the delivered mobile apps. The APP STORE 2.0 contributes to the delivery of actionable feedbacks to deal with potential errors and threats that affect mobile apps prior to publication or even when the apps are in the hands of end-users. These feedbacks span over risk reports to support the decision process of app store moderators, reproducible scenarios to support the reproduction task of app developers, performance reports for app developers, and app patches for app users. We have prototyped these systems in the context of the Android ecosystem.


I am a postdoctoral researcher at Inria Lille - Nord Europe research center working with the SPIRALS team. I have recently obtained the International PhD in Computer Science, supervised by Prof. Romain Rouvoy and Prof. Lionel Seinturier at Inria Lille and the University of Lille. My research focuses on the automatic detection, reproduction, and repair of bugs in mobile applications in the wild by using crowdsourcing. My area of research includes Software Engineering, Mobile Computing, App Store Analysis and Crowdsourcing. During my PhD I had the pleasure to collaborate with internationally recognized researchers. In 2015 I obtained a Mitacs Globalink Research Award and I spent three months working with Dr. Bram Adams in the MCISgroup at Polytechnique Montréal (Montreal, Canada). In 2016, I spent four months working with Prof. Walid Maalej in the MAST group at the University of Hamburg (Hamburg, Germany).

CISPA researchers publish 5 papers at NDSS 2017 Thu, 22 Dec 2016 08:33:07 +0000 Continue reading CISPA researchers publish 5 papers at NDSS 2017 ]]> CISPA is contributing 5 papers to next year's "Network and Distributed System Security Symposium" (NDSS 2017).

NDSS is one of the top-tier conferences in the area of IT security, with the major goal to "encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies".

CISPA researchers will present their papers at the conference venue in San Diego, CA, USA from 26 Feb - 01 Mar 2017.

CISPA Publications

Conference Program

IEEE LCN Best Paper Award for CISPA Researchers Fri, 25 Nov 2016 15:56:10 +0000 Continue reading IEEE LCN Best Paper Award for CISPA Researchers ]]>