In the emerging computing era, traditional security mechanisms such as the firewall, antivirus, and file encryption, are becoming more and more inadequate for protecting the sensitive data, from the perspective of either an individual or an organization. In many application scenarios, users need to outsource their data to third-party partners, and are therefore involuntarily forced to trust their partners to protect their data.
The research of data security aims at investigating new mechanisms, such as new algorithms and protocols, for securing private data in the new computing era. Unlike traditional approaches, our mechanisms will be data-centric and enable data owners to directly specify and enforce their own privacy policies. The specific topics of interest include (but are not limited to) search on encrypted data, proxy re-encryption, and other forms of privacy-preserving operations on sensitive data.
The DIES group looks at novel approaches to ensure the security and privacy of communication processes in wired and wireless networks.
One aspect is work on reactive security mechanisms like next-generation Intrusion Detection Systems but also the design of new forms of security and privacy protection mechanisms in future dynamic and ad-hoc networks. Applications in inter-vehicle communications and critical infrastructures IT systems (SCADA) serve to exemplify this work.
DIES is also addressing security and privacy in embedded and resource-constraint communication systems. The results are applied to Wireless Sensor Networks or embedded in-vehicle networks.
Protection of privacy in ubiquitous communication systems is a third concern that DIES is addressing. We achieve this goal by implementing new forms of data sharing that allow hiding of personal data or building remote trust and enforcing privacy policies. We also work on security analysis of communication systems, identification of new vulnerabilities, and their mitigation.
The old saying "opportunity makes the thief" applies to the physical as well as the digital world. In the physical world, crime rates can be reduced by changing the opportunity structure. For example the introduction of steering column locks dramatically reduced car theft. The scientific discipline of crime science investigates this opportunity structure of crime. We apply the same idea to the digital world, designing and evaluating effective prevention mechanisms and policies against popular forms of cyber crime. In particular, this part of our research focuses on measuring scientifically the effectiveness of adaptations in the digital world that aim at reducing cyber crime. We aim to prove, for example, that a new cryptographic protocol is more effective at preventing Internet banking fraud than the old protocol.
Measuring cyber crime opportunities is closely related to information risk management. Risk management consists of identifying, assessing, and prioritizing risks to the security of information and information systems. This is followed by the coordinated application of resources to minimize, monitor, and control the probability and/or impact of security events. We develop and test (by means of case studies) new model-based techniques specifically tailored for the assessment and control of risks to specific information security properties, such as confidentiality, integrity and availability (CIA). These techniques deliver more precise results than traditional ad-hoc approaches. Our techniques can be used in combination with standard risk assessment methodologies.
Both in prioritizing risks and in controlling them, results from crime science can be applied. We combine cyber crime science and risk management to enable effective cyber crime prevention. This is a multidisciplinary field, and we work together with for example governance studies and philosophy to achieve our goals.