Research

An internationally important cluster for IT security research and development is established in Darmstadt. It is here where computer scientists, engineers, physicists, legal experts and experts in business administration of TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt (University of Applied Sciences) develop trend-setting IT security solutions and prepare them in order to be commercially useful. All involved partners qualify students and scientists for careers in science, business and administration. Headquarters of that cluster is the  Center for Advanced Security Research Darmstadt (CASED) which receives funds by the LOEWE program of the government of Hessen. The funds of LOEWE cover infrastructure of CASED and cooperative CASED projects of cluster partners, i.e. TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt. In these projects the cluster develops applicable basic knowledge and IT security solutions. Thanks to its broadly-based position in regards to topics and competencies, the cluster and its headquarters CASED can realize especially complex projects efficiently and sustainably. The Security Engineering group is involved in projects on data privacy and the security of future Internet services.

Funded by: LOEWE, Hessische Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz

Partner: Several groups at TU Darmstadt, Fraunhofer SIT, Hochschule Darmstadt and Kassel University

Period: 1.7.2008 - 30.6.2014

Contact: Melanie Volkamer

Users can access an astonishing range of services through the web, ranging, for example, from product reviews and online shopping to online banking. However, despite a decade of intensive research in web security, it remains difficult for many end users to use these services securely: A host of threats endanger their privacy or lead to monetary losses. The key reason is that individual security mechanisms to mitigate these threats - such as HTTPS and PKIs - are only suboptimally integrated within the web ecosystem of web pages, web browsers, and end users. As a result, existing mechanisms are imprecise and require a substantial amount of expertise on the part of the end users, who consequently see warnings within the web browser as a nuisance.

In InUse, the expertise of the partners in the fields of usable security (CASED), legal sciences (Universität Kassel), IT auditing (usd), and digital identity (Kobil) enables the project to strive for an integrated approach to mitigate web security threats. The project particularly aims to improve the precision of end-user decision support and warnings, and to increase the effectiveness of the respective communication with end users. Moreover, for a holistic approach, the project also covers the legal aspects that govern the implementation of the mitigations, the technical challenges to protect sensitive personal data related the mitigations, and the auditing of web pages as a basis for risk evaluations.

Funded by: Gefördert durch Bundesministerium für Ernährung, Landwirtschaft und Verbraucherschutz aufgrund eines Beschlusses des Deutschen Bundestages

Partner:  CASED,  University of Kassel,  usd and  Kobil

Period: 1.02.2012 - 31.01.2015 

Contact: Steffen Bartsch, Project webpage

The aim of this project is to find the legal and technical measures to fulfill the requirements for the Internet-voting schemes, which were defined in the first phase of the ModIWa project. In interdisciplinary collaborations between practical/theoretical Computer Science and Researchers from the legal department, first, concrete technical solutions should be found. These would implement the design recommendations that are established for the main project using the KORA method. For this purpose, the already existing internet protocols based on the criteria derived from KORA and the design recommendations will be evaluated. Other opportunities will also be sought that fulfill the criteria and design recommendations. A particular focus of the Computer Science will consist of the evaluation of cryptographic methods, which have gained importance in secret as well as public elections. Through the continuation project, the work on reference model for the design and evaluation of Internet voting procedures will be completed and deepened. Upon completion of the project, a comprehensive and systematic concept for the legal-and technology-friendly design of Internet voting will be available.

Funded by: DFG, Deutsche Forschungsgemeinschaft

Project manager: Prof. Dr. Johannes Buchmann, Prof. Dr. Rüdiger Grimm, Prof. Dr. Alexander Roßnagel and Dr. Melanie Volkamer

Partner: Prof. Dr. Rüdiger Grimm, University Koblenz-Landau ( link to his project page) and Prof. Dr. Alexander Roßnagel, Kassel University ( link to his project page)

Period: Two years

Contact: Melanie Volkamer

Electronic voting machines have been in use since 1999 in Germany for parliamentary elections. This electronic election support is indispensable in relation to the very complex local election laws in many areas, as the manual counting of votes is prone to errors, time-consuming, and therefore also very expensive. On March 3rd 2009, the Federal Constitutional Court declared as unconstitutional the electronic voting machines that were previously used as well as the Federal Voting Machine Ordinance, as not all voting machine principles, which are of relevance according to constitutional law, were taken into consideration. In doing so, the Court emphasized that this statement did not apply as a matter of principal to electronic elections. The objective of this project is to ascertain how electronic elections and, in particular, verification procedures can be realized in a constitutionally compliant manner. To enable this, comprehensive legal and technical requirements were defined, formulation proposals for voting machine regulations were created, and a constitutionally compliant voting machine was developed, which, in addition to handling the submission of votes and the calculation of results, could also authenticate voters. An adequate evaluation concept was also drafted to support all of this.  Such a legal and informational foundation for constitutionally compliant electronic parliamentary elections can only be provided if the planned cooperation between jurists and computer scientists is established.

Funded by: DFG, Deutsche Forschungsgemeinschaft

Project manager: Prof. Dr. Johannes Buchmann, Prof. Dr. Alexander Roßnagel and Dr. Melanie Volkamer

Partner: Prof. Dr. Alexander Roßnagel, Kassel University ( link to his project page)

Period: 1.1.2011 - 31.12.2012

Contact: Melanie Volkamer and Jurlind BudurushiDenise Demirel