Website on Risk-based Authentication launched

Accompanying the accepted IFIP SEC paper, we launched the website to inform about Risk-based Authentication (RBA) in general. The website presents the RBA state-of-the-art and discloses how eight popular online services use this technology.

Besides the paper and detailed results, the website also provides a video of the Facebook privacy leak which was discovered in the study.

German technology news website gave press coverage on the Facebook privacy leak, including an interview with Stephan Wiefling.

Paper accepted at IFIP SEC 2019

The paper Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild by Stephan Wiefling, Luigi Lo Iacono and Markus Dürmuth was accepted for the 34th IFIP TC-11 International Conference on Information Security and Privacy Protection (IFIP SEC 2019). The conference will take place from June 25th to June 27th in Lisbon, Portugal.

Article published in MDPI Future Internet

The article On the Need for a General REST-Security Framework by Luigi Lo Iacono, Hoai Viet Nguyen and Peter Leo Gorski has been published in the Journal MDPI - Future Internet.

Paper accepted at ACM SAC 2019

The paper “Mind the Cache: Large-Scale Analysis of Web Caching” by Hoai Viet Nguyen, Luigi Lo Iacono and Hannes Federrath has been accepted at the 34rd ACM/SIGAPP Symposium on Applied Computing (SAC). The conference will take place from 8th - 12th April in Limassol, Cyprus.

Project TrUSD started

The research project Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen (TrUSD) has recently started. The project aims to develop so-called Privacy Dashboards for use in companies. These dashboards want to build a bridge between the potential of data analysis and the right of employees to privacy. More information can be found on the website of the TrUSD project.

Talks at RFH IT Security & Forensic Days 2018

Peter Leo Gorski and Stephan Wiefling will give talks at the RFH IT Security & Forensic Days on November 8th, 2018. The talks will be about Usable Security and Risk-based Authentication, respectively. More information can be found in the official program.

Paper published at HAISA 2018

The paper “Warn if Secure or How to Deal with Security by Default in Software Development?” by Peter Leo Gorski, Luigi Lo Iacono, Stephan Wiefling and Sebastian Möller has been published at the 12th International Symposium on Human Aspects of Information Security & Assurance (HAISA). The conference will took place from 29th - 31st August in Dundee, Scotland.

New Cache Testing Tool published

We developed a cache testing tool based on the paper “Systematic Analysis of Web Browser Caches”. This tool allows to analyze the compliance RFC 7240 compliance of web caching systems. More details can be found here.

Paper published at Soups 2018

The paper “Developers Deserve Security Warnings, Too: On the Effect of Integrated Security Advice on Cryptographic API Misuse” by Peter Leo Gorski, Luigi Lo Iacono, Dominik Wermke, Christian Stransky, Sebastian Möller, Yasemin Acar, Sascha Fahl has been published at the 14th Symposium on Usable Privacy and Security (SOUPS). The conference took place from 12th - 14th August in Baltimore, MD, USA.

British technology news website The Register gave press coverage of the paper in the article “Here’s a fab idea: Get crypto libs to warn devs when they screw up”.

Paper accepted at Web Studies 2018

The paper “Systematic Analysis of Web Browser Caches” by Hoai Viet Nguyen, Luigi Lo Iacono and Hannes Federrath will be published at the 2nd edition of the international conference on Web Studies (WS.2). The conference will take place from 3rd - 5th October in Paris, France.