Research & Industrial Projects (Third-Party Funding)

  • 2011-2015     PRIMAKE: Private Multi-Party Authentication and Key Exchange
    Funded by: DFG (German Research Foundation)     Role: sole PI
    The project PRIMAKE aims at the design of advanced cryptographic protocols for authentication, key establishment, and secure communication in various networks and applications that in addition to the classical computation of session keys will preserve privacy of their participants. The goal of PRIMAKE is to provide à la carte solutions for privacy-preserving secure communications. PRIMAKE protocols will address several flavors of privacy such as affiliation-hiding, attribute-hiding, and deniability. They will be usable in arbitrary multi-user applications with minimalistic trust requirements and be suitable for resource constraint devices such as smart phones. PRIMAKE protocols will have formal proofs of security and privacy, obtained using standard cryptographic models.

  • 2011-2014     GOS: Group-Oriented Signatures
    Funded by: Horst Görtz Stiftung     Role: sole PI
    Unlike classical digital signatures, group-oriented signatures (GOS) assume that the signature generation process is related to some group or formation of users. GOS schemes come in different flavors, depending on the assumed setting and security requirements. Examples of GOS include multisignatures, aggregate-signatures, threshold signatures, group signatures, ring signatures, etc. This project will extend current GOS models and constructions with new properties driven by practical applications.

  • 2011-2013     UMA: User-Aware Multi-Factor Authentication
    Funded by: DAAD, ATN Programme     Role: sole PI (German side)
    The project UMA with CRYPO and Queensland University of Technology in Australia as partners aims to design and implement practical, efficient, and user-centred cryptographic protocols for user authentication in higher security applications involving multiple authentication secrets – so called multi-factor authentication. Due to the increasing risks of phishing and malware on Internet-connected devices such as personal computers, mobile devices, and public terminals, traditional single-factor authentication (usually performed via passwords) no longer suffices to protect sensitive applications such as online banking, e-government, and corporate remote network access. This project will explore a new approach for user authentication by employing the use of multiple factors and communication channels in a secure and usable manner.

  • 2011 (8m)     Group Signatures: Privacy-Preserving Authentication Methods
    Funded by: BSI (German Federal Office for Information Security)     Role: sole PI
    Group signatures are cryptographic privacy-preserving authentication mechanisms. Potential signers are formed into a group, which is managed by a usually centralized authority (group manager). Each group member being in possession of a (valid) membership certificate can sign documents on behalf of the whole group. In addition to various forms of unforgeability the distinguished privacy property of group signatures is that they do not leak any information about the actual signer, except for the validity of the signer's membership in the group. In case of dispute the group manager can, however, identify the signer and possibly prove this fact to a third-party. The concept of group signatures was introduced in 1991 by Chaum and Van Heyst and many more schemes appeared since then. The goal of the project is to reflect the state-of-the-art in this field by providing a comparative study of existing group signatures, thereby focusing on their security and privacy properties, cryptographic strength, performance, and practical relevance.

    The outcome of the project is the study published by the German Federal Office for Information Security.

  • 2010-2011     POC: Privacy in Online Communications
    Funded by: BMBF, WTZ Australia Programme     Role: sole PI (German side)
    The project POC with CRYPO and Queensland University of Technology in Australia as partners aims at the design of novel cryptographic protocols for secure online communications that go beyond the classical notion of secure channels (e.g. TLS). Given that privacy on the Internet is one of the major concerns today, the next generation of secure channels must be equipped with appropriate mechanisms for preserving privacy of communication participants, yet ensuring the traditional requirements of confidentiality and authenticity. In addition to the development and appropriate security and privacy analysis of new protocols, POC uses modern cryptographic methods to investigate the relationship amongst the different notions of privacy in online communications in a formal way.

  • 2010-2011     PACU: Privacy-Preserving Communication and Authentication with User Attributes
    Funded by: DAAD, ARC Programme     Role: sole PI (German side)
    The project PACU with CRYPO and Royal Holloway, University of London in UK as partners aims at the design and implementation of efficient cryptographic protocols for privacy-preserving communication and authentication amongst users based on their attributes. Due to the increasing popularity of collaborative Internet applications such as online communities (social networks, peer-to-peer systems, instant messaging applications, etc.) there is strong demand to protect personal data from unauthorized access and use. The difficulty is that hiding personal information is problematic from the perspective of authentication, which is needed to ensure that communicating users are indeed those who they pretend to be. The project PACU investigates novel cryptographic approaches where identities of users are replaced with properties (or attributes) that users may possess in order to perform authentication in a privacy-friendly way.

  • 2009-2012     CASED: Center for Advanced Security Research Darmstadt
    Funded by: HMKW, LOEWE-Center     Role: PI in research areas "Secure Data" and "Secure Things"
    An internationally important cluster for IT security research and development is found at Darmstadt. It is here where computer scientists, engineers, physicist, legal experts and experts in business administration of TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt (University of Applied Sciences) develop trend-setting IT security solutions and prepare them in order to be commercially useful. All involved partners, qualify students and scientists for careers in science, business and administration. Headquarters of that cluster is the Center for Advanced Security Research Darmstadt (CASED) which receives funds by the LOEWE program of the Hesse government. The funds of LOEWE cover infrastructure of CASED and cooperative CASED projects of cluster partners, i.e. TU Darmstadt, Fraunhofer SIT and Hochschule Darmstadt. In these projects the cluster develops applicable basic knowledge and IT security solutions. In CASED CRYPO has research projects on communication privacy, authentication, and security in wireless networks. (more information)

  • 2008-2012     ECRYPT II: European Network of Excellence in Cryptology
    Funded by: EU Commission, FP7 Programme     Role: associate partner, MAYA virtual lab
    European research project (NoE-type) with partners from academia and industry aiming to ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in the areas of cryptography and watermarking. Successor of ECRYPT I project (see below). In ECRYPT II CRYPO is involved in the Multi-Party Asymmetric Algorithms Virtual Lab (MAYA). (more information)

  • 2007-2010     ALAWN: Authentication and Legal Access in WiFi Networks
    Funded by: Belgian Région Wallonne, Wist 2 Programme     Role: work package leader
    Interdisciplinary research project aiming at the design of a WiFi network access control architecture allowing a large number of organizations to share their WiFi networks in a secure and law-conform way. The project also aims at the development of incentives and business models to make WiFi roaming attractive to its participants. CRYPO contributes to the design and security evaluation of the architecture for secure WiFi roaming including the specification of its cryptographic protocols. (more information)

  • 2006-2008     UbiSec&Sens: Ubiquitous Sensing and Security in the European Homeland
    Funded by: EU Commission, FP6 Programme     Role: work package sub-area leader
    European research project (STReP-type) with partners from academia and industry aiming to provide a comprehensive architecture for medium and large scale wireless sensor networks (WSNs) with the full level of security. I was responsible for the deliverable on the lightweight authentication for various patterns of WSN communication based on the suitable key management for the establishment of the shared secrets between the involved entities. (more information)

  • 2005 (6m)     VoIPSec: Study on Security of Voice over Internet Protocol
    Funded by: BSI (German Federal Office for Information Security)     Role: independent contributor
    The study is avaiable in German. It lists 19 varieties of attacks on VoIP systems that can lead to different security threats, including identity theft, manipulations during transmission, and malicious software. Additionally it issues recommendations on how to deal with these threats and protect VoIP systems. I contributed to the security analysis and identification of potential threats on the application layer of VoIP systems. (more information)

  • 2004-2008     ECRYPT I: European Network of Excellence in Cryptology
    Funded by: EU Commission, FP6 Programme     Role: core partner, PROVILAB virtual lab
    European research project (NoE-type) with partners from academia and industry aiming to ensure a durable integration of European research in both academia and industry and to maintain and strengthen the European excellence in the areas of cryptography and watermarking. In ECRYPT I I was involved in the Protocols Virtual Lab (PROVILAB) and contributed to its deliverables on secure computation protocols and models. (more information)