Previous Projects

MoPPa – Modeling the privacy paradox from a psychological and a technical point of view

The aim of this research project is to explore the paradox and the mental models in the context of individual privacy protection in depth. It is planned to create a model by the means of computer science and psychological theories and methods. The diverse reasons for different user groups as well as systemic dependencies for use (or ignoring) of protective measures and following recommendations are to be identified and correlated. Overall one of the main goals is to evaluate how people today make decision about the usage of a service / an application / a security or privacy enhancing technology. This model covers various applications, protection measures and recommendations. We will evaluate this model in several user studies and improve the model based on the results from these user studies. If both – reasons and dependencies - are known, measures to increase the awareness for data protection in general and to increase the motivation for an individual privacy protection can be identified.

Funding body: Federal Ministry of Education and Research (BMBF)

Partners: Prof. Vogt (TU-Darmstadt)

Funding period: 01.11.2015 – 31.10.2017

Contact: Paul Gerber

IT-Seal - Social Engineering Analysis Labs

The project IT-Seal develops a scalable analysis that identifies and evaluates IT security problems that are caused by human behaviour. Based on this data, they provide companies with recommendations on how to decrease the threat of industrial espionage and sabotage.

IT-Seal is the first IT-Security startup of the TU Darmstadt which received the EXIST Business Start-up Grant funded with 125.000€ by the Federal Ministry of Economics and Energy (BMWi) and the European Social Fund. The initiation was a master thesis, written within the research group SECUSO in 2014.

The IT-Seal Analysis quantifies the security related behaviour of employees by simulating external attacks and analysing internal processes. In combination with employee interviews and questionnaires, IT-Seal derives an individual action plan. Thus, reasonable data can be generated and weaknesses can get identified, as a basis for investment decisions. The goal is to improve the security situation in a joint way, employees are included during the whole security process. The results are summarized and handed out in a web application and a detailed report, while the anonymity of the employees is guaranteed.

Funding body: Federal Ministry of Economics and Energy (BMWi) and cofinanced by the European Social Fund

Funding period: 01.04.2016 – 31.03.2017

Contact: Melanie Volkamer, M.Sc. M.Sc. David Kelm, M.Sc. Alex Wyllie, M.Sc. Yannic Ambach

FlexiVote - Decision and configuration system for more secure internet voting with end-to-end encryption and a variety of other cryptographic approaches

The goal of the FlexiVote project is to conceptualise and implement a decision and configuration system, that suggests and realises appropriate internet voting systems for specified requirements on the election, which are considered from social, political, technical and economical contexts. The requirements serve as input, and the appropriate internet voting system will be configured from individual modules, implemented in the system. This system can then be used for conducting internet voting elections. Thus, it is not necessary to develop a new internet voting system each time for different set of requirements. Instead, an appropriate internet voting system can be realised in a quick, simple and cost-effective way from the implemented modules. The realisation of FlexiVote is linked to numerous research questions, that are to be addressed within the project. Such research questions are, for example, “Which cryptographic primitives and protocols exist, and which in which features they differ?”, “What are the interdependencies between modules, that influence the realisation of the requirements?”.

Funded by: LOEWE, Hessische Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz, Hessen ModellProjekte 

Partner: Micromata GmbHPolyas

Funding Period: 01.10.14 - 31.12.16

Contact: Stephan Neumann, Oksana Kulyk

CASED - Center for Advanced Security Research Darmstadt

An internationally important cluster for IT security research and development is established in Darmstadt. It is here where computer scientists, engineers, physicists, legal experts and experts in business administration of TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt (University of Applied Sciences) develop trend-setting IT security solutions and prepare them in order to be commercially useful. All involved partners qualify students and scientists for careers in science, business and administration.
Headquarters of that cluster is the Center for Advanced Security Research Darmstadt (CASED) which receives funds by the LOEWE program of the government of Hessen. The funds of LOEWE cover infrastructure of CASED and cooperative CASED projects of cluster partners, i.e. TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt. In these projects the cluster develops applicable basic knowledge and IT security solutions. Thanks to its broadly-based position in regards to topics and competencies, the cluster and its headquarters CASED can realize especially complex projects efficiently and sustainably.

Within CASED, we primarily focus on the intersection of usability and security in user authentication. We develop and evaluate user authentication schemes for highly critical situations such as in which a shoulder-surfer is present and only untrusted devices are available. We further investigate the usability of personal identification numbers (PIN) and develop solutions aimed at improving the practical security thereof.

Funded by: LOEWE, Hessische Landes-Offensive zur Entwicklung Wissenschaftlich-ökonomischer Exzellenz

Partner: Several groups at TU Darmstadt, Fraunhofer SIT, Hochschule Darmstadt and Kassel University

Period: 1.07.2008 - 30.06.2016

Contact: Andreas Gutmann, Melanie Volkamer

ComVote - Constitutional Compliant Electronic Voting Systems

The goal of this project is to investigate and optimize electronic voting systems with regard to their constitutional compliance. The term voting system refers to voting systems in their entirety, rather than cryptographic and/or security components of these systems. To achieve this goal, several sub-goals need to be achieved throughout the research project: Given the partially contradictory nature of election principles, voting systems cannot unconditionally satisfy constitutional requirements. This fact is taken into account by opening a legal latitude for the implementation of electronic voting. Therefore, in a first step the principles of the legal latitude are studied and modeled. Due to the abstract nature of election principles, more fine-grained evaluation criteria for electronic voting systems have to be determined. To achieve its goal, in a second step, the project takes the technical requirements derived from election principles in the DFG funded ModIWa (Juristisch-informatische Modellierung von Internetwahlen) project as a basis and revises them in order to eliminate overlapping aspects of these requirements. Building upon these requirements, in a third step, well-established voting systems are studied with regard to their satisfaction of the requirements. In a forth step, identified shortcomings with regard to technical requirements are addressed and optimized (or enhanced) systems are developed.

Funded by: Horst Görtz Foundation

Partner: CASED

Funding Period: 15.10.13 - 14.10.16

Contact: Stephan Neumann

ZertApps – Certified security for mobile applications


Today's smartphones contain a host of sensitive data, ranging from contact details to email inboxes.  At the same time, mobile applications allow users to extend the functionality of their smartphones. However, attacks through malicious applications showed that the current security model is insufficient and that users are prone to install suspicious applications. The project ZertApps aims to improve the assessment of mobile applications through innovative analyses and certification processes.  SecUSo's part is to ensure that the results of the complex analyses can be communicated effectively to end users and to security practitioners, enabling an informed decision on whether an application is safe to install or not.

Project site.

Funding body: Federal Ministry of Education and Research (BMBF)

Partners: OTARIS, datenschutz cert, SAP, Fraunhofer SIT, TZI/Universität Bremen

Funding period: 1.1.2014 – 31.12.2015

Contact: Paul Gerber

USeceMail - Usable Secure eMail Communication

The focus of this project is on improving secure email communication with respect to social and usability aspects. The project will address two different areas:

  • Sending / Receiving confidential and authentic emails: This includes the following questions: How can the gap between E2E encryption and solutions like the DE-Mail concept be closed? What are users’ mental models on keys, key pairs, and PKI? What would a more usable PKI concept based on this secure email system look like, such that people are more likely to use and understand it than current solutions?
  • Warnings regarding potentially dangerous attachments and phishing emails: New warnings should be developed that incorporate information about the security, the sender identity and the file type of an attachment. These warnings should support the user more precisely in making his decision about opening or ignoring an attachment.

Funded by: Horst Görtz Foundation

Partner: CASED (particularly Research Area "Secure Data" and Partner Project "Crypto and Society")

Period: 1.09.2011 - 30.08.2015

Contact: Arne Renkema-Padmos

UV-REV - Usable Verifiability in Remote Electronic Voting

Verifiable and in particular End-to-End verifiable electronic voting systems have been discussed at cryptography conferences for many years. As these processes are highly complex, they have so far been rejected as unreasonable for laymen. Instead, "black box voting systems" are used as for example in the Estonian parliamentary election. These are user-friendly but voters cannot verify the reliability and performance of the latter. In this regard, they therefore have to trust developers, operators and administrators.

Since 2009 the situation has started to change: on the one hand because of the ruling of the German Federal Constitutional Court demanding verifiability for voters and on the other hand because of the fact that with the Helios voting system, for the first time, a cryptographic voting protocol has been (prototypically) implemented. This voting system was, for example, tested at two universities and at the IACR election. However, user studies (Weber,2009)  show that for an average voter the Helios system is still not usable.

Additionally, the project will be looking at whether and how already existing e-voting systems can be improved in view of verifiability. Here, the project will focus on Polyas and the Estonian Internet voting system.

Funded by: Micromata GmbH one of CASED - Premium Partners (see also here)

Partner: CASED - Center for Advanced Security Research Darmstadt

Period: 1.01.2011 - 31.12.2013 

Contact: Maina Olembo

InUse - Supporting users’ decision on the trustworthiness of websites

Users can access an astonishing range of services through the web, ranging, for example, from product reviews and online shopping to online banking. However, despite a decade of intensive research in web security, it remains difficult for many end users to use these services securely: A host of threats endanger their privacy or lead to monetary losses. The key reason is that individual security mechanisms to mitigate these threats - such as HTTPS and PKIs - are only suboptimally integrated within the web ecosystem of web pages, web browsers, and end users. As a result, existing mechanisms are imprecise and require a substantial amount of expertise on the part of the end users, who consequently see warnings within the web browser as a nuisance.

In InUse, the expertise of the partners in the fields of usable security (CASED), legal sciences (Universität Kassel), IT auditing (usd), and digital identity (Kobil) enables the project to strive for an integrated approach to mitigate web security threats. The project particularly aims to improve the precision of end-user decision support and warnings, and to increase the effectiveness of the respective communication with end users. Moreover, for a holistic approach, the project also covers the legal aspects that govern the implementation of the mitigations, the technical challenges to protect sensitive personal data related the mitigations, and the auditing of web pages as a basis for risk evaluations.

Funded by: Gefördert durch Bundesministerium der Justiz und für Verbraucherschutz aufgrund eines Beschlusses des Deutschen Bundestages

Partner: CASEDUniversity of Kasselusd and Kobil

Period: 1.02.2012 - 31.01.2015 

Contact: Kristoffer Braun, Project webpage

Board Room Voting - Sichere, robuste, effiziente und flexible, dezentrale Wahlsysteme für spontane Wahlen in Managements

The interest in electronic voting constantly increases and several states started conducting legally-binding elections over the Internet. Generally, Internet voting systems rely on a solid centralized infrastructure, e.g., the setup of mix and tallying servers as well as the distribution of key material among election authorities. The deployment of such infrastructures poses a significant adminstrative effort on the election authorities. Consequently, the use of these voting systems turns out to be inadequate for a number of election scenarios, e.g., votes and elections in board rooms, where decisions often need to be taken spontaneously. Motivated by this fact, the goal of this project is the development of a secure, robust, efficient, flexible, decentralized Internet voting scheme and its prototype implementation on mobile devices. The development and implementation of such a scheme allows a group of board members to participate in an ad-hoc election over their mobile devices, while maintaining the same degree of security as centralized Internet voting systems. Ultimately, the prototype implementation will be evaluated in user studies.

Funded by: Software Campus, Bundesministerium für Bildung und Forschung

Industrial Partner: T-Systems International GmbH

Academic Partner: Melanie Volkamer

Period: 1.02.2013 - 30.11.2014

Contact: Stephan Neumann

ModIWa 2 - Juristisch-informatische Modellierung von Internetwahlen (Formal Modelling of online voting with methods of computer science and legal science)

The aim of this project is to find the legal and technical measures to fulfill the requirements for the Internet-voting schemes, which were defined in the first phase of the ModIWa project. In interdisciplinary collaborations between practical/theoretical Computer Science and Researchers from the legal department, first, concrete technical solutions should be found. These would implement the design recommendations that are established for the main project using the KORA method. For this purpose, the already existing internet protocols based on the criteria derived from KORA and the design recommendations will be evaluated. Other opportunities will also be sought that fulfill the criteria and design recommendations. A particular focus of the Computer Science will consist of the evaluation of cryptographic methods, which have gained importance in secret as well as public elections. Through the continuation project, the work on reference model for the design and evaluation of Internet voting procedures will be completed and deepened. Upon completion of the project, a comprehensive and systematic concept for the legal-and technology-friendly design of Internet voting will be available.

Funded by: DFG, Deutsche Forschungsgemeinschaft

Project manager: Prof. Dr. Johannes Buchmann, Prof. Dr. Rüdiger Grimm, Prof. Dr. Alexander Roßnagel and Prof. Dr. Melanie Volkamer

Partner: Prof. Dr. Rüdiger Grimm, University Koblenz-Landau (link to his project page) and Prof. Dr. Alexander Roßnagel, Kassel University (link to his project page)

Period: 15.10.2011 - 14.10.2013

Contact: Stephan Neumann

UseHelios - User-friendly Individual Verifiable Electronic Voting in the Helios Voting System

The goal of this project is to make the individual verifiability part of End-to-End verifiable voting systems usable for large scale legally binding elections. To do so, individual verifiability mechanisms will be analyzed and improved in regard to usability aspects ideally without decreasing the security. The project focuses on the open source Helios  remote electronic voting system and its individual verifiability mechanisms . The general goal is to further develop the  research on usable security in the context of electronic voting. Thus, the project is strongly related to the Usable Verifiability in Remote Electronic Voting project.

Funded by: DAAD, Deutscher Akademischer Austausch Dienst

Partner: Lorrie Cranor and CUPS

Period: 1.5.2011 - 31.8.2011

Contact: Melanie Volkamer

STIBET Assistenz - Usable Security

The STIBET assistantship supports Arne Renkema-Padmos in the co-supervision of students and delivery of a research methods workshop in the area of usable security. STIBET assistantships are funded by DAAD with financial support from the Foreign Office of Germany (Auswärtiges Amt). Ingenium supports international early career researchers. More information on the STIBET programme is available here.

Funded by: DAAD in cooperation with Ingenium

Period: 15.11.2013 - 14.04.2014

Contact: Arne Renkema-Padmos

VerKonWa 1 + 2 - Verfassungskonforme Umsetzung von elektronischen Wahlen (Constitutional Compliant Electronic Voting)

Electronic voting machines have been in use since 1999 in Germany for parliamentary elections. This electronic election support is indispensable in relation to the very complex local election laws in many areas, as the manual counting of votes is prone to errors, time-consuming, and therefore also very expensive. On March 3rd 2009, the Federal Constitutional Court declared as unconstitutional the electronic voting machines that were previously used as well as the Federal Voting Machine Ordinance, as not all voting machine principles, which are of relevance according to constitutional law, were taken into consideration. In doing so, the Court emphasized that this statement did not apply as a matter of principal to electronic elections. The objective of this project is to ascertain how electronic elections and, in particular, verification procedures can be realized in a constitutionally compliant manner. To enable this, comprehensive legal and technical requirements were defined, formulation proposals for voting machine regulations were created, and a constitutionally compliant voting machine was developed, which, in addition to handling the submission of votes and the calculation of results, could also authenticate voters. An adequate evaluation concept was also drafted to support all of this.  Such a legal and informational foundation for constitutionally compliant electronic parliamentary elections can only be provided if the planned cooperation between jurists and computer scientists is established.

Funded by: DFG, Deutsche Forschungsgemeinschaft

Project manager: Prof. Dr. Johannes Buchmann, Prof. Dr. Alexander Roßnagel and Prof. Dr. Melanie Volkamer

Partner: Prof. Dr. Alexander Roßnagel, Kassel University (link to his project page)

Period: 1.1.2011 - 30.09.2014

Contact: Jurlind Budurushi

VALID - VerifiAble LIquid Democracy

Liquid democracy is a form of government, whereby each voter can either cast the vote herself, or delegate it to someone else (who e.g. is more of an expert in the area of the actual poll). Each voter can also act as a delegate. This approach provides a middle ground between direct and representative democracy. The objectives of this project are: First, literature in the area of liquid democracy will be studied and categorized. Then, technical requirements for a liquid democracy system are deduced. The results will be published either at a research conference or as a technical report. 

Funding body: Polyas

Partner: Polyas

Period: 1.3.2015 - 28.2.2017

Contact: Oksana Kulyk, Karola MarkyMelanie Volkamer

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang