Research and Development

The chair NDS is focuses on the fields cryptographic protocols, Internet security and practical cryptography. Our know-how made major contributions to the discovery of security flaws like DROWN, ROBOT and EFAIL. We systematically analyze these vulnerabilities and develop processes and testing tools to identify and fix them.

Cryptographic Protocols

Cryptographic protocols form the basis of many security solutions, from well-known Internet standards like SSL to little-known broadcast encryption techniques für blue ray disks. We try to prove the security of these protocols in a model that is as close as possible to reality. An especially challengig area is group based cryptography, becasue here we have to model concurrency, participation in different groups, and malicious group members.

Browser Based Protocols

Browser based protocols (secure cookies, Pharming, SSL client certificates and CRLs, Human-Server-Interaction, AJAX), e-mail (XMaiL, header protection for OpenPGP and S/MIME) and group communication (key agreement for IP multicast) are key Internet research areas.In der Internetsicherheit liegen die Forschungsschwerpunkte in den Bereichen Browser-basierte Protokolle (Secure Cookies, Pharming, SSL Client Certificates, SSL CRLs, Human-Server-Interaction, AJAX, beweisbare Sicherheit), E-Mail (XMail, Header Protection with OpenPGP/SMime) und Gruppenkommunikation (beweisbar sichere Gruppenschlüsselvereinbarung für IP Multicast).

XML Data Format

XML as the futire ubiquitous data format offers many new possibilities, but also security risks:

  • XML signature can sign many (even overlapping) parts of a document, but the signature wrapping attacks described in 2005 show that more research is needed.

  • XML Encryption enables platform independent encryption of data, and is much more felxible than PKCS#7.

  • WS-Trust has the potential to unify incompatible islands of trust (OpenPGP, X.509, Kerberos, Username/Password).

  • For all important standards, open source libraries are available.