This file was created by the TYPO3 extension publications --- Timezone: CEST Creation date: 2025-09-19 Creation time: 09:03:53 --- Number of references 118 misc 2025 Englisch 978-3-031-79007-2 0302-9743 10.1007/978-3-031-79007-2 Secure IT Systems 29th Nordic Conference, NordSec 2024 Karlstad, Sweden, November 6–7, 2024 Proceedings Springer Cham 447-466 Alperen Aksoy Do?an Kesdo?an inproceedings epub76735 This paper presents a privacy-enhancing protocol for digital advertising that uses temporary pseudonyms to safeguard users' behavioral profiles from pervasive online tracking. By integrating well-established anonymity techniques such as Tor and blind signature, the protocol generates robust, verifiable online identities that enhance security against ad fraud while ensuring personal data remains unlinkable to individuals. For behavioral targeting, the ad ecosystem is limited to ephemeral profile data. A key advantage of this privacy-friendly approach is its seamless integration with the existing advertising pipeline, fulfilling industry needs for retargeting and ad attribution, while maintaining low computational complexity on the user side. 2025 ICT Systems Security and Privacy Protection, 40th IFIP International Conference, SEC 2025, Proceedings, Part II 746 Springer

Cham

IFIP Advances in Information and Communication Technology (IFIPAICT) Lili Nemec Zlatolas and Kai Rannenberg and Tatjana Welzer and Joaquin Garcia-Alfaro 18—33 Online targeting, Identity management, Anonymity, Privacy https://epub.uni-regensburg.de/76735/ Maximilian Wittig Do?an Kesdo?an conference 2024 2024 9th International Conference on Computer Science and Engineering (UBMK) Alperen Aksoy Do?an Kesdo?an inbook 2024 978-3-031-76370-0 0302-9743 https://doi.org/10.1007/978-3-031-76371-7 Security and Trust Management Springer Cham 21-35 Alperen Aksoy Do?an Kesdo?an conference 2024 2024 17th International Conference on Information Security and Cryptology (ISCTürkiye) Alperen Aksoy Do?an Kesdo?an unpublished epub58521 2024 The 3rd Workshop on Privacy Threat Modeling (WPTM) https://epub.uni-regensburg.de/58521/ Maximilian Wittig Do?an Kesdo?an inproceedings 10.1007/978-3-031-47748-5_6 While anonymization systems like mix networks can provide privacy to their users by, e.g., hiding their communication relationships, several traffic analysis attacks can deanonymize them. In this work, we examine Statistical Disclosure Attacks and introduce a new implementation called the Smart Noise Statistical Disclosure Attack. This attack can improve results by examining how often other users send together with the attacker's target to better filter out the noise caused by them. We evaluate this attack by comparing it to previous variants in various simulations and thus show how it can improve upon them. Further, we demonstrate how other implementations can be improved by combing them with our approach to noise calculation. Finally, we critically review used evaluation metrics to determine their significance. 2024 978-3-031-47748-5 Secure IT Systems Springer Nature Switzerland

Cham

Fritsch, Lothar and Hassan, Ismail and Paintsil, Ebenezer 87—103 Marc Ro?berger Do?an Kesdo?an incollection epub51452 Nowadays Vehicle-to-Vehicle communication (V2V) plays an increasingly important role, not only in terms of safety, but also in other areas of Intelligent Transport Systems (ITS). However, privacy is often underestimated in this context. In this paper we describe an extended version of our Harmonized Group Mix (HGM). HGM has the objective of enabling the privacy-friendly data exchange between vehicles in an ITS without neglecting other requirements such as integrity. In contrast to other approaches a complex organizational structure is not required and HGM is thus easily applicable. Rather, the idea of a Mix system is transferred to ITS communication, but the ITS-specific real-time requirements can still be met. The simultaneous use of group signatures can ensure a high degree of k-anonymity and prevent the tracking of participants. A distributed knowledge approach provides trust but at the same times allows revealing fraudsters. In addition to a detailed security analysis, this paper evaluates the approach using the simulation framework Veins and focuses on the exact vehicle movements and the groups formation respectively changes over time and their influence on each other. 2022 Information Systems Security and Privacy - 6th International Conference, ICISSP 2020, Valletta, Malta, February 25?27, 2020, Revised Selected Papers 1545 Springer

Cham

Communications in Computer and Information Science (CCIS) Steven Furnell and Paolo Mori and Edgar Weippl and Olivier Camp V2V communication, Mix, Privacy, k-Anonymity, ITS https://epub.uni-regensburg.de/51452/ Mirja Nitschke Christian Roth Christian Hoyer Dogan Kesdogan inproceedings 9647811 2021 10.1109/PST52912.2021.9647811 2021 18th International Conference on Privacy, Security and Trust (PST) 1-10 Data privacy;Privacy;Runtime;Operating systems;Urban areas;Sensors;Trajectory;privacy leakage;location inference;route inference;smartphone sensors;mobile security;side-channel attack Christian Roth Ngoc Thanh Dinh Marc Ro?berger Dogan Kesdogan misc misc 2021 978-3-88579-708-1 10.18420/informatik2021-069 Gesellschaft für Informatik, Bonn INFORMATIK 2021 807—818 Marc Ro?berger Alperen Aksoy Dogan Kesdogan incollection epub49239 Vehicle-to-everything (V2X) interconnects participants in vehicular environments to exchange information. This enables a broad range of new opportunities. For instance, crowdsourced information from vehicles can be used as input for self-learning systems. In this paper, we propose iTLM-Q based on our previous work iTLM to optimize traffic light management in a privacy-friendly manner. We aim to reduce the overall waiting time and contribute to a smoother traffic flow and travel experience. iTLM-Q uses Q-learning and is constraint-based in such a way that no manual traffic light cycles need to be defined in advance, hence, being able to always find an optimal solution. Our simulation-based on real-world data shows that it can quickly adapt to changing traffic situations and vastly decrease waiting time at traffic lights eventually reducing CO2 emissions. A privacy analysis shows that our approach provides a significant level of k-anonymity even in low traffic scenarios. 2021 Data Management Technologies and Applications 1446 Springer

Cham

Communications in Computer and Information Science Slimane Hammoudi and Christoph Quix and Jorge Bernardino 56—79 Traffic light, V2X, Privacy, Reinforcement learning, Q-learning https://epub.uni-regensburg.de/49239/ Christian Roth Lukas St?ger Mirja Nitschke Matthias H?rmann Dogan Kesdogan inproceedings epub49240 Complete and up-to-date map data plays a critical role in many contemporary and future applications such as autonomous driving level 3+. In terms of crowdsourcing, a data basis can be created that meets these stringent requirements without dedicating additional resources. With ROADR, we present a holistic platform to gather knowledge about a road network and its properties to further enhance either semantic or syntactic information. The privacy-by-design platform uses a smartphone application to collect crowdsourced data and performs local machine learning. Only less sensitive data is forwarded to a centralized platform that aggregates and processes information from the crowd to provide value-added information found in a vehicle's trajectory. Also, the paper provides a thorough analysis of the respective Floating Phone Data indicating two exemplary events, namely traffic light and traffic circles. Our evaluation shows that the recognition is done in real-time but in a resource-efficient way. 2021 International Conference on Distributed Sensing and Intelligent Systems (ICDSIS) https://epub.uni-regensburg.de/49240/ Christian Roth Thanh-Dinh Ngoc Markus Hornsteiner Verena Schr?ppel Marc Ro?berger Dogan Kesdogan inproceedings 9732577 2021 10.1109/FMEC54266.2021.9732577 2021 Sixth International Conference on Fog and Mobile Edge Computing (FMEC) 1-6 Privacy;Multi-access edge computing;Navigation;Soft sensors;Microscopy;Transportation;Real-time systems;Intelligent Transportation System;Privacy By Design;Traffic Reporting Infrastructure;Vehicle-To-Anything Christian Roth Marc Ro?berger Christoph Schreyer Dogan Kesdogan inproceedings epub43694 Ubiquitous computing has fundamentally redefined many existing business models. The collected sensor data has great potential, which is being recognized by more and more industries, including car insurance companies with Usage-Based Insurance (UBI). However, most of these business models are very privacy-invasive and must be constructed with care. For a data processor, the integrity of the data is particularly important. With kUBI, we present a framework that takes into account the interests of the providers as well as the privacy of the users, using the example of Android. It is fully integrated into the Android system architecture. It uses hybrid data processing in both stakeholder domains. Protected enclaves, whose function can be transparently traced by a user at any time, protect company secrets in the hostile environment, i.e. a user?s smartphone. The framework is theoretically outlined and its integration into Android is shown. An evaluation shows that the user in the exemplary use case UBI can be protected by kUBI. 2020 9 Interdisciplinary Workshop on Trust, Identity, Privacy, and Security in the Digital Economy (DETIPS 2020) Privacy Enhancing Technology,Transparency Enhancing Technology,Sensor Data,Smartphone,Privacy Framework https://epub.uni-regensburg.de/43694/ Christian Roth Mario Saur Dogan Kesdogan inproceedings epub44292 Crowdsourcing can be seen as an opportunity to provide important information for Intelligent Transportation Systems to improve the service quality of various applications in this domain. Autonomous or assisted vehicles need the most accurate map data possible to adjust the respective assistants to it. In this work, we present CrowdAbout, a system that uses the crowd as mobile sensors to collect data from smartphone sensors during trips. The system recognizes special traffic events like roundabouts with the help of machine learning. These findings are used to automatically correct OpenStreetMap data and adapt them to a changing road network. An evaluation of different machine learning algorithms using self-collected real-world data of over 200 roundabouts shows that the recognition of roundabouts including exit and radius is possible with high accuracy. 2020 International Workshop on Data Science Engineering and its Applications (DSEA) International Workshop on Data Science Engineering and its Applications (DSEA) Machine Learning, Smartphone, Road Network, Pattern Recognition, OpenStreetMap, ITS https://epub.uni-regensburg.de/44292/ Christian Roth Thanh-Dinh Ngoc Dogan Kesdogan incollection epub40574 Vehicle-to-Vehicle (V2V) communication is crucial for almost all future applications in the context of smart traffic, such as autonomous driving. However, while current standards like WAVE provide a technical platform for communication and management, they lack aspects of privacy for their participants. In this paper, we introduce a Harmonized Group Mix (HGM), an architecture suited to exchange information in ITS, compatible with current standards. HGM does not rely on expensive Road-Side-Units (RSUs) or complex organizational relationships to introduce a trust anchor but is built on the concept of peer-to-peer networks. Hence, our proposal does not require any changes to current environments and is eventually easy to deploy in the real world. Our proposed method provides k-anonymity using group signatures and splits trust between multiple parties. At the same time, the integrity of the system is preserved. We evaluate our approach using the simulation framework Veins. Our experiments show that HGM is feasible from a performance and privacy perspective in the given context. 2020 Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP SciTePress

Valetta, Malta

152—163 V2V Communication, Mix, Privacy, k-Anonymity, ITS https://epub.uni-regensburg.de/40574/ Mirja Nitschke Christian Roth Christian Hoyer Dogan Kesdogan article epub43466 Vehicle-to-everything (V2X) interconnects participants in vehicular environments to exchange information. This enables a broad range of new opportunities. We propose a self learning traffic light system which uses crowdsoured information from vehicles in a privacy friendly manner to optimize the overall traffic flow. Our simulation, based on real world data, shows that the information gain vastly decreases waiting time at traffic lights eventually reducing CO2 emissions. A privacy analysis shows that our approach provides a significant level of k-anonymity even in low traffic scenarios. 2020 Proceedings of the 9th International Conference on Data Science, Technology and Applications (DATA 2020) 1 SciTePress 252—259 Traffic Light, V2X, Privacy, Attribute-Based-Credentials, Privacy-ABC System, Reinforcement Learning, Privacy-by-design https://epub.uni-regensburg.de/43466/ Christian Roth Mirja Nitschke Matthias H?rmann Dogan Kesdogan incollection epub40728 Smartwatches are small but powerful devices which make daily life easier and are without a doubt desirable objects for thieves. In this paper, we present a first machine learning based theft detection approach running in a user's domain, relying solely on data of his smartwatch and thus not violating privacy. Hence, we collect data from multiple persons to first prove that there is an exploitable structure within data provided by a smartwatch's inertial sensors and perform user identification on the basis of that data. Then we will present and thoroughly evaluate our robust, efficient and fast (within seconds) theft detection algorithm which has both a low false rejection rate and an even lower false acceptance rate. 2019 11 Secure IT Systems. NordSec 2019 11875 Springer, Cham Lecture Notes in Computer Science Alan Askarov and René Rydhof Hansen and Willard Rafnsson 171—187 User recognition;Smartwatch;Clustering;Privacy. https://epub.uni-regensburg.de/40728/ Christian Roth Mirja Nitschke Christian Hutzler Maximilian Koller Rolf Küffner Marc Ro?berger Dogan Kesdogan article epub38056 The digitization of our road and traffic systems enables evermore advanced location based services to support us in our everyday tasks with prominent examples being navigation applications like Google Maps or speed camera directories like TomTom Speed Cameras. The information collection that lies at the base of these applications however is often either done behind closed doors, or relies on the goodwill and time investment of voluntary community members providing such information as best they can. In this paper we present a new crowdsourcing architecture for voluntary road and traffic system data collection, that on the one hand values and protects the privacy of the participating community members and on the other hand significantly eases their manual workload by detecting and inferring applicable information through the sensors of their mobile phones using a self-created Android application. Our approach shows reliable results for the road system properties we defined. We propose an enhancement for the route navigation process by including the acquired road information. 2018 11 IEEE 11th Conference on Service-Oriented Computing and Applications (SOCA) IEEE 17—24 Privacy, Crowdsourcing, Navigation, Data Mining, Smartphone https://epub.uni-regensburg.de/38056/ Conference 20-22 Nov. 2018 Paris, France, France Christian Roth Dogan Kesdogan incollection epub38306 Mobile device tracking has become ever so pervasive in our world of location-based services and prying eyes. While users can somewhat restrict the flow of information towards the services they consciously use, this is not as easily possible for the mobile network they are connected to. Here, they can be tracked with relative ease by whoever controls the access points they connect to, or even by anyone that is able to monitor the air interface. Trends towards smaller cells and dynamic access point ownership within the scope of 5G only exacerbate this issue. In this paper, we present a new mix zone approach, called MixMesh, based on device-to-device communication, intended to hinder mobile network tracking through enabling secure and privacy-friendly pseudonym changes, aligned with the requirements resulting from the aforementioned trends. Our evaluation shows that our MixMesh approach is able to deliver better anonymity at an unchanged level of service quality compared to existing mix zone techniques, all the while being configurable to a desired level of anonymity in order to adapt to different scenarios. 2018 11 Secure IT Systems. NordSec 2018 11252 Springer, Cham

Cham (Switzerland)

Lecture Notes in Computer Science Nils Gruschka 38—53 3 Anonymisation, Pseudonyms, Mix zone, Mesh network, Device-to-device, Privacy https://epub.uni-regensburg.de/38306/ Mirja Nitschke Philipp Holler Lukas Hartmann Dogan Kesdogan inproceedings epub36335 2017 11 Forum Privatheit: Die Fortentwicklung des Datenschutzes https://epub.uni-regensburg.de/36335/ Lukas Hartmann Matthias Marx Eva Schedel Christian Roth Dogan Kesdogan incollection epub36324 To ensure privacy for route planning applications and other location based services (LBS), the service provider must be prevented from tracking a user?s path during navigation on the application level. However, the navigation functionality must be preserved. We introduce the algorithm PARTS to split route requests into route parts which will be submitted to an LBS in an unlinkable way. Equipped with the usage of dummy requests and time shifting, our approach can achieve better privacy. We will show that our algorithm protects privacy in the presence of a realistic adversary model while maintaining the service quality. 2017 11 Secure IT Systems (NordSec 2017) 10674 Springer

Cham (Switzerland)

Lecture Notes in Computer Science Helger Lipmaa and Aikaterini Mitrokotsa and Raimundas Matulevi\v cius 86—101 Routing; Location privacy; Anonymity https://epub.uni-regensburg.de/36324/ Christian Roth Lukas Hartmann Dogan Kesdogan misc epub36336 Um Privacy bei Location Based Services (LBS) zu gew?hrleisten, muss auf Anwendungsebene verhindert werden, dass der Service Provider bei Navigationsabfragen die Pfade des Nutzers nachverfolgen kann. Gleichzeitig muss die Funktionsf?higkeit des Service erhalten bleiben. Durch Stückelung der Route und anonyme Abfrage der Teilrouten l?sst sich ein Privacy Enhanced Routing unter Einschr?nkung der Genauigkeit realisieren. 2016 9 Anonymit?t, Navigation, Graphen, l-Diversity https://epub.uni-regensburg.de/36336/ Christian Roth Lukas Hartmann Katharina Issel Dogan Kesdogan techreport epub36346 The AN.ON-Next project aims to integrate privacy-enhancing technologies into the internet?s infrastructure and establish them in the consumer mass market. The technologies in focus include a basis protection at internet service provider level, an improved overlay network-based protection and a concept for privacy protection in the emerging 5G mobile network. A crucial success factor will be the viable adjustment and development of standards, business models and pricing strategies for those new technologies. Projektbericht 2016 https://epub.uni-regensburg.de/36346/ David Harborth Dominik Herrmann Stefan K?psell Sebastian Pape Christian Roth Hannes Federrath Dogan Kesdogan Kai Rannenberg article epub60881 Current approaches for service composition consider security as either a single Quality of Service (QoS) attribute or as several mutually independent quality properties. This view is, however, not adequate, as security objectives are no singletons but are subject to interdependence. Another drawback of these approaches is that partial fulfillment of security objectives, either due to technical or organizational constraints cannot be captured. Formal methods on the other hand are usually limited to a fixed set of security objectives. To bridge this gap, we present an approach to assess the quality of service compositions with regards to interdependent security objectives. Our approach utilizes the notion of structural decomposition which estimates the impact of single quality attributes on a security goal. This allows for the definition of domain models for an arbitrary set of security objectives. As the fulfillment of each security objective is individually measured by a utility value, interdependencies between security objectives can be expressed by a single measure. Furthermore, it allows to express partial fulfillment of security objectives. As each security objective is modeled as a utility function on its own, the model resembles a Multi-Objective Optimization (MOO) problem. We present first evaluation results of transforming domain models into MOO problems and tackling them with state-of-the-art genetic algorithms. Furthermore, we give an overview of a support tool for our approach. (C) 2014 Elsevier B.V. All rights reserved. 2015 Science of Computer Programming 97 ELSEVIER SCIENCE BV

AMSTERDAM

183—201 GENETIC ALGORITHM; OPTIMIZATION; CHALLENGES; FRAMEWORK; SELECTION; Service-oriented computing; QoS-aware service composition; Multi-Objective Optimization; Interdependent protection goals; IT security https://epub.uni-regensburg.de/60881/ Fatih Karatas Lars Fischer Dogan Kesdogan incollection epub28425 Current Quality of Service (QoS) models for service compositions are considering security either as a single QoS attribute (measured in abstract units of security) or as a number of independent attributes such as uptime probability. In the face of numerous interdependent protection goals, either general or domain-dependent, this approach is insufficient to capture most real-world scenarios adequately. To cope with this limitation, we introduce in this paper our approach of modeling protection goals as interdependent utility functions over QoS attributes. Furthermore, we present a prototypical tool which supports domain experts in defining QoS- and domain models of any complexity as well as decision makers in finding near-optimal service compositions based on these models. 2013 Proceedings of the ACM Symposium on Applied Computing, (2013 05 27) ACM Digital Library 1919—1926 https://epub.uni-regensburg.de/28425/ Fatih Karatas Dogan Kesdogan incollection epub28424 2013 Proc. of: 10th International Conference on Information Technology : New Generations (ITNG 2013) IEEE https://epub.uni-regensburg.de/28424/ Fatih Karatas Marcel Heupel Mohamed Bourimi Dogan Kesdogan Sophie Wrobel incollection epub28253 2013 Proceedings of the 15th International Conference on Human-Computer Interaction (HCI International) Springer

Berlin

https://epub.uni-regensburg.de/28253/ Mohamed Bourimi Dogan Kesdogan incollection epub28427 2013 Proc. of: 10th International Conference on Information Technology : New Generations (ITNG 2013) IEEE https://epub.uni-regensburg.de/28427/ Philipp Schwarte Mohamed Bourimi Marcel Heupel Dogan Kesdogan Rafa Gimenez Sophie Wrobel Simon Thiel article epub28087 2013 Journal of Universal Computer Science Springer https://epub.uni-regensburg.de/28087/ Special Issue: Interaction Design in Educational Environments Mohamed Bourimi Dogan Kesdogan Marcel Heupel Dhiah Abou-Tair Niki Lambropoulos incollection epub28271 Recommender systems depend on the amount of available and processable information for a given purpose. Trends towards decentralized online social networks (OSNs), promising more user control by means of privacy preserving mechanisms, lead to new challenges for (social) recommender systems. Information, recommender algorithms rely on, is no longer available, (i.e. central user registries, friends of friends), thus shared data is reduced and centralized processing becomes difficult. In this paper we address such drawbacks based on identified needs in the decentralized OSN di.me and present concepts overcoming those for selected functionalities. Besides this, we tackle the support of privacy advisory, warning the user of risks when sharing data. 2013 MSM '13 Proceedings of the 4th International Workshop on Modeling Social Media ACM

New York

privacy and security, linking data, online social networks, decentralized social networks, di.me https://epub.uni-regensburg.de/28271/ Marcel Heupel Mohamed Bourimi Simon Scerri Dogan Kesdogan incollection epub28255 2013 Proceedings of the 15th International Conference on Human-Computer Interaction (HCI International) Springer

Berlin

https://epub.uni-regensburg.de/28255/ Fatih Karatas Mohamed Bourimi Dogan Kesdogan incollection epub28254 2013 Proceedings of the 15th International Conference on Human-Computer Interaction (HCI International) Springer

Berlin

https://epub.uni-regensburg.de/28254/ Marcel Heupel Mohamed Bourimi Dogan Kesdogan article epub28272 2013 RTI Magzine (Sao Paulo, Brazil) Aranda Editora 82—89 1/2013 https://epub.uni-regensburg.de/28272/ Fatih Karatas Thomas Barth Dogan Kesdogan Habib M. Fardoun Pedro G. Villanueva incollection epub28428 Current Quality of Service (QoS) models for service compositions are considering security either as a single QoS attribute (measured in abstract units of security) or as a number of independent attributes such as uptime probability. In the face of numerous interdependent protection goals, either general or domain-dependent, this approach is insufficient to capture most real-world scenarios adequately. To cope with this limitation, we introduce in this paper our approach of modeling protection goals as interdependent utility functions over QoS attributes. Furthermore, we present a prototypical tool which supports domain experts in defining QoS- and domain models of any complexity as well as decision makers in finding near-optimal service compositions based on these models. 2012 Proceedings of: IGCT 2012. International Conference on Future Generation Communication Technologies IEEE 202—207 https://epub.uni-regensburg.de/28428/ Dhiah Abou-Tair Mohamed Bourimi Ricardo Tesoriero Dogan Kesdogan Marcel Heupel incollection epub28465 Trust calculation to inform privacy recommendations based on context information involvement (e.g. location information, nearby people) is an increasing need in pervasive environments. In this paper we present a multidimensional trust metric designed for access control decisions in scenarios of the EU funded digital.me project. Thereby each involved context information could represent a separate trust dimension. In the focus is the correctness of the suggested trust metric towards meaningful privacy recommendations and improvement of access control decisions for our scenarios. The suggested metric could help to avoid manipulations and attacks based on fundamental requirements for situational trust. Our proposed trust calculation considers a presence history of persons at locations, to increase the accuracy of our base trust value. We present our approach after explaining the fundamental requirements, the underlying ontology framework and architecture. 2012 5th International Conference on New Technologies, Mobility and Security (NTMS), Istanbul, 7-10 May 2012 IEEE 1—6 https://epub.uni-regensburg.de/28465/ Marcel Heupel Lars Fischer Mohamed Bourimi Dogan Kesdogan Simon Scerri Fabian Hermann Rafael Gimenez incollection epub28453 In this paper we present our approach for a flexible proxy layer, allowing the parallel use of anonymous and direct network communication depending on specific scenarios or user preferences. The requirements are derived from scenarios from the european research project di. me, targeting to support end users in keeping control of their personal data and digital footprints. In the targeted scenarios, the use of anonymous network communication is an essential prerequisite for certain use cases (e.g. like pseudonymous communication), because of the special architecture, where each user has its own server holding his private data. Especially, the presented approach solves linkability which could arise when using SSL certificates/x.509 certificates and addresses various potential attacks. A detailed specification is given and important implementation details are addressed. 2012 2012 International Conference on Future Generation Communication Technology (FGCT), London, 12-14 Dec. 2012 IEEE 126—132 https://epub.uni-regensburg.de/28453/ Lars Fischer Marcel Heupel Mohamed Bourimi Dogan Kesdogan Rafael Gimenez incollection epub28437 Resource access control is at the heart of many collabora- tion platforms. Thus the usability of used techniques is cru- cial for projects with high expectations to response times in the collaboration process. The special case described in this paper is using the anonymous credential system Idemix in a such a project basing in its turn on distributed user interfaces (DUIs) to enhance decision making in disaster situations. We show the potential of using Idemix to enhance the usability of decision making in crisis related social interaction by using DUIs. Idemix and proof-based credential systems in general could ease transparently performing authorization, e.g. with- out any user intervention at the level of the user interface. We present this exemplary with means of a developed prototypic mobile application for supporting collaborative scenarios for the BMBF RescueIT and projects along with the WallShare System. Further, we present the IdeREST implementation of Idemix in order to support non-Java devices such as Windows Phone 7 used for the developed prototype. 2012 Proc. of the 2nd Workshop on Distributed User Interfaces: DUI 2012, in conjunction with 2012 CHI conf. ISE Research Group, University of Castilla-La Mancha, Spain Ricardo Tesoriero 23—26 distributed user interface; access control; anonymous credentials, Idemix, WallShare, IdeREST https://epub.uni-regensburg.de/28437/ URL ist ganzes Buch Marcel Heupel Mohamed Bourimi Dogan Kesdogan Thomas Barth Philipp Schwarte Pedro G. Villanueva inproceedings epub28464 2012 MKWI 2012, Teilkonferenz "Kommunikations- und Kooperationssysteme, Track "Digitale Netzwerke in unsicheren Umwelten" https://epub.uni-regensburg.de/28464/ J. Gulden T. Barth Fatih Karatas Dogan Kesdogan incollection epub28463 One of the key challenges to the practical realisation of the Smart Grid are the privacy implications of fine-grained Smart Metering data. We review the German BSI's Protection Profile for the Gateway of a Smart Metering System, a state of the art approach to practical Smart Metering privacy in Germany. Our analysis reveals several issues that can reduce the achieved anonymity and pseudonymity. Specifically, we investigate churning attacks which exploit processes inherent to the use of pseudonymised meter data and we quantify the attacks' effect. In addition, we introduce GridPriv an enhanced architecture that includes a non-trusted k-anonymity service and that addresses the challenges identified with the BSI's approach in a scalable, secure, and privacy-preserving way. 2012 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Liverpool, 25-27 June 2012 IEEE 419—426 https://epub.uni-regensburg.de/28463/ Mark Stegelmann Dogan Kesdogan incollection epub28451 Vehicle-to-grid research explores the possibility of centrally coordinating the charging behaviour of electric-drive vehicles and of employing such vehicles as a distributed grid resource. As such, they could be used both to improve the power grid's reliability and to store excess renewable energy. The information observable by the central coordination instance, however, can be a threat to the privacy of vehicle owners. In this work, we investigate when the observed information allows for vehicles to be distinguished and traced between stops and when not so that vehicles will mix with each other. Specifically, we analyse the role of battery information and reveal how it can influence vehicle mixing. Furthermore, we consider information minimisation, suppression, and generalisation and discuss their effects both on vehicle mixing and on service functionality. Lastly, we show that parking lots and garages naturally provide the conditions necessary for vehicle mixing and give an evaluation of mixing for this context. 2012 Ninth International Conference on Information Technology: New Generations (ITNG 2012) : Las Vegas, Nevada, USA, 16 - 18 April 2012 IEEE

Piscataway, NJ

373—378 https://epub.uni-regensburg.de/28451/ Mark Stegelmann Dogan Kesdogan incollection epub28509 In this paper we investigate the impact of missing replay protection as well as missing integrity protection concerning a local attacker in AN.ON. AN.ON is a low latency anonymity network mostly used to anonymize web traffic. We demonstrate that both protection mechanisms are important by presenting two attacks that become feasible as soon as the mechanisms are missing. We mount both attacks on the AN.ON network which neither implements replay protection nor integrity protection yet. 2012 Financial Cryptography and Data Security. 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers 7035 Springer

Berlin

Lecture Notes in Computer Science 62—76 https://epub.uni-regensburg.de/28509/ B. Westermann Dogan Kesdogan incollection epub28466 Cloud computing as a facility for outsourcing IT related tasks is a growing trend. Customer-driven application deployment in public clouds has to be secure and flexible by means of easing security configuration as well as by avoiding the vendor lock-in problem. In this paper we present an approach intending to meet these needs by (1) easing security configuration(s), (2) automating the consideration of security best practices and adding/enabling anonymity components at-runtime, and (3) by using Open Virtualization Format (OVF) in order to overcome the vendor lock-in problem. The requirements gathering is based on the needs of three projects from different business domains, the EU FP7 digital.me project, the multidisciplinary iFishWatcher/iAngle combined project and the joint german-french research and development project ReSCUe IT. All projects require empowering lay as well as experienced customers to (re-)deploy their own applications and migrate them easily by considering security thereby. Supporting tailorability of the deployed environment by adding anonymity components at-runtime without downtimes is a specific requirement in these projects. We present first results and discuss experiences and future work directions. 2012 International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), Lugano, 19-23 March 2012 IEEE 124—130 https://epub.uni-regensburg.de/28466/ Fatih Karatas Mohamed Bourimi Thomas Barth Dogan Kesdogan Rafael Gimenez Widura Schwittek Marc Planaguma incollection epub28430 The increasing tendency of using user-controlled servers for supporting different scenarios from leisure and professional life raises new security challenges. Especially when those servers are used to support collaborative scenarios (e.g., communication and sharing with others), the requirement for anonymity at the network level should be supported in an efficient way. In this paper we present a specific communication scenario that could lead to link ability even though anonymous networks are used. The requirements gathering is based on realistic requirements from the EU FP7 di.me project requiring to empower lay end-users to collaborate with their contacts. Thereby anonymity at the network level also needs to be considered in order to disguise the physical location of the users and also of their server(s). We present an approach satisfying these anonymity requirements by means of a Tor based software component in order to overcome such privacy problems. First results are presented and the portability of the suggested solution for similar settings as well as future work directions are discussed. 2012 Ninth International Conference on Information Technology: New Generations (ITNG 2012) : Las Vegas, Nevada, USA, 16 - 18 April 2012 IEEE

Piscataway, NJ

102—108 https://epub.uni-regensburg.de/28430/ Mohamed Bourimi Marcel Heupel B. Westermann Dogan Kesdogan Rafa Gimenez M. Planaguma F. Karatas F. Schwarte incollection epub28483 Access rights management is in the middle of many collaboration forms such as group formation or sharing of information in different kinds of scenarios. There are some strong mechanisms to achieve this, like anonymous credential systems. However in general their usage is not very intuitive for lay users. In this paper we show the potential of using proof-based credential systems like Idemix to enhance the usability of privacy-respecting social interaction in different collaborative settings. For instance transparently performing authorization without any user intervention at the level of the user interface becomes possible. In order to improve the usability, we complement this by introducing a mental model for intuitive management of digital identities. The approach should also empower users to define their own access restrictions when sharing data, by building custom proof specifications on the fly. We show this exemplary with a developed prototype application for supporting collaborative scenarios on a mobile device. We also present first evaluation results of an early prototype and address current as well as future work. 2012 Open Problems in Network Security: IFIP WG 11.4 International Workshop, iNetSec 2011, Lucerne, Switzerland, June 9, 2011, Revised Selected Papers 1039 Springer

Berlin

Lecture Notes in Computer Science Jan Camenisch and Dogan Kesdogan 15—27 https://epub.uni-regensburg.de/28483/ Marcel Heupel Dogan Kesdogan article epub28429 In complex, ad hoc constituted situations, people with different intentions, experiences, and expertise need or want to cooperate to cope with the domain-specific challenges they face. These situations can occur in both a professional and a leisure-life context. Cooperative systems providing enhanced interaction facilities in the user interface (e.g., direct manipulation techniques) could substantially support cooperation especially for geographically distributed cooperating participants. In many cases, sensitive information has to be shared in a common workspace requiring different handling procedures according to the different types of participants involved in these ad hoc processes. This article proposes the use of a common, multilaterally secure distributed user interface to support collaboration for distributed groups of process participants. The system combines a collaborative multipointer system with an anonymous credential security system to provide users with an easy way to share and access information securely, ensuring the privacy of sensitive information communicated in the course of ad hoc processes. Various scenarios representing contrary use cases from three different projects are introduced to derive typical requirements and to show the generality of the proposed system and its core components. 2012 International Journal of Human-Computer Interaction 28 Taylor & Francis 748—753 https://epub.uni-regensburg.de/28429/ Special Issue: Distributed User Interfaces Dhiah Abou-Tair Mohamed Bourimi Thomas Barth Dogan Kesdogan Fabian Hermann incollection epub28438 In case of incidents in information technology (IT) systems of a supply chain participant, crisis teams need to quickly take steps in order to keep IT systems and therefore the supply chain running. Deploying an IT infrastructure partly or completely on cloud infrastructure is a viable solution, e.g. as in the face of technical failures and cyber attacks. Currently there is poor support of tools, which allow lay users for cloud deploying applications in a provider independent fashion and with respect to their individual security requirements. For this task we presented and discussed ESCAVISION. In this paper we propose an approach based on distributed user interfaces in order to evaluate the usability of ESCAVISION and the process of decision making in crisis teams. Furthermore the respective interaction design as well as the WallShare based infrastructure are described. We also discuss the approach and future directions. 2012 Proc. of the 2nd Workshop on Distributed User Interfaces: DUI 2012, in conjunction with 2012 CHI conf. ISE Research Group, University of Castilla-La Mancha, Spain Ricardo Tesoriero 17—22 Distributed user interfaces, cloud deployment, cloud security, decision making, mission-critical situations https://epub.uni-regensburg.de/28438/ URL ist ganzes Buch Fatih Karatas Thomas Barth Dogan Kesdogan Habib M. Fardoun Pedro G. Villanueva incollection epub28484 The Minimal-Hitting-Set attack[10] (HS-attack) is a well-known passive intersection attack against Mix-based anonymity systems, applicable in cases where communication behaviour is non-uniform and unknown. The attack allows an observer to identify uniquely the fixed set of communication partners of a particular user by observing the messages of all senders and receivers using a Mix. Whilst the attack makes use of a provably minimal number of observations, it also requires solving an NP-complete problem. No prior research, to our knowledge, analyses the average complexity of this attack as opposed to its worst case. We choose to explore the HS-attack, as opposed to statistical attacks, to provide a baseline metric and a practical attack for unambiguously identifying anonymous users. We show that the average complexity of the HS-attack can vary between a worst-case exponential complexity and a linear-time complexity according to the Mix parameters. We provide a closed formula for this relationship, giving a precise measure of the resistance of Mixes against the HS-attack in practice, and allowing adjustment of their parameters to reach a desired level of strength. 2011 Computer Security ? ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14,2011. Proceedings 6879 Springer

Berlin

Lecture Notes in Computer Science 508—527 https://epub.uni-regensburg.de/28484/ Dang Vinh Pham Joss Wright Dogan Kesdogan incollection epub28471 An established way to analyze shoppers' behavior at the point of sale consists of identifying their paths through the store as well as their approach behavior towards different shelves. Such proceeding allows e.g. for optimizing product placements or in-store advertising and guidance. Since there is a technological challenge in doing this inside the respective locations, there is a need for better localization methods than those using RFIDs or similar localization technologies (e.g. indoor GPS, CCTV, and different photo sensors) or by basing on human-based observations; at least due to privacy concerns. In this paper we introduce a multi-method approach for identifying shopper paths in the stores based on a combination of built-in sensors' capabilities of the end-users' mobile devices as well as a mobile product scanner application. Our approach allows for more privacy-preserving evaluation since the users could decide to provide accumulated paths data when paying at the point of sale. We also describe our prototypic implementation extending the Red pin system for iPhones, explain the architecture allowing also for anonymously sharing customers' paths in real-time, and address potential improvements for future work. 2011 Eighth International Conference on Information Technology: New Generations (ITNG), Las Vegas, NV, 11-13 April 2011 IEEE 139—144 https://epub.uni-regensburg.de/28471/ Mohamed Bourimi G. Mau S. Steinmann D. Klein S. Templin Dogan Kesdogan H. Schramm-Klein misc epub28469 Authentication and authorization are an essential part of any system allowing for information sharing and social interaction. Especially in such social settings where mobile devices with restricted capabilities and new possibilities (e.g. screen size, ease of localization) are used, there is an increasing need for providing privacy-respecting integrity and access permission mechanisms by considering trade-o?s related to usability aspects. In this paper we show how the usability of authentication and authorization related interaction can be enhanced in mobile social settings. This is carried out in our case by using proof-based anonymous credential systems such as Idemix. The requirements analysis is based on various case studies in building collaborative systems and oriented to the needs of the upcoming EU FP7 funded project di.me. We also present the prototypic implementation and future work directions. 2011 Univ. Siegen Identity management; idemix; authentication and authorization; security vs. usability; social interaction https://epub.uni-regensburg.de/28469/ Scientific research paper Mohamed Bourimi Marcel Heupel Dogan Kesdogan Thomas Fielenbach inproceedings epub28474 As "online social networks" (OSN) are much about publishing personal data, it seems contrary to talk about privacy \ensuremath| at ?rst. Unless it is realized, that only protection from unintended disclosure allows to join in and share data intentionally. We discuss how OSN may be improved to introduce privacy more similar to normal social structures. We discuss the principle of separation, and argue in favour of short trust path. This leads to the conclusion that OSN have to be organised in a distributed manner. 2011 Federated Social Web Summit Europe 2011 https://epub.uni-regensburg.de/28474/ Lars Fischer Dogan Kesdogan Laura Dorfer inproceedings epub28508 2011 6th World Recreational Fishing Conference (WRFC) https://epub.uni-regensburg.de/28508/ Bernd Uebersch?r Widura Schwittek Stefan Eicker Mohamed Bourimi Marcel Heupel Dogan Kesdogan incollection epub28468 2011 Distributed User Interfaces : Designing Interfaces for the Distributed Ecosystem Springer London

London

Human-Computer Interaction Series José A. Gallud 177—184 https://epub.uni-regensburg.de/28468/ DOI = ganzes Buch Thomas Barth Thomas Fielenbach Mohamed Bourimi Dogan Kesdogan Pedro G. Villanueva inproceedings epub28485 2011 40. EMAC International Conference, New Technologies and E-Marketing Track https://epub.uni-regensburg.de/28485/ S. Steinmann G. Mau Mohamed Bourimi H. Schramm-Klein Dogan Kesdogan incollection epub28534 Nowadays, various user-centered and participatory design methodologies with different degree of agility are followed when building sophisticated socio-technical systems. Even when applying these methods, non-functional requirements (NFRs) are often considered too late in the development process and tension that may arise between users? and developers? needs remains mostly neglected. Furthermore, there is a conceptual lack of guidance and support for efficiently fulfilling NFRs in terms of software architecture in general. This paper aims at introducing the AFFINE framework simultaneously addressing these needs with (1) conceptually considering NFRs early in the development process, (2) explicitly balancing end-users? with developers? needs, and (3) a reference architecture providing support for NFRs. Constitutive requirements for AFFINE were gathered based on experiences from various projects on designing and implementing groupware systems. 2010 Human-Centred Software Engineering. Third International Conference, HCSE 2010, Reykjavik, Iceland, October 14-15, 2010. Proceedings 6409 Springer

Berlin

Lecture Notes in Computer Science 182—189 https://epub.uni-regensburg.de/28534/ Mohamed Bourimi Thomas Barth J. M. Haake Bernd Uebersch?r Dogan Kesdogan incollection epub28537 Distributed collaborative applications for supporting complex use cases in mobile environments have to provide contextual information (e.g. presence and group awareness) via their user interface. Social interaction and data sharing - being essential aspects of distributed collaborative applications - typically result in conflicting goals, primarily awareness vs. privacy. Preserving the end users' privacy especially in mobile collaborative settings is the most often-cited point of critique of mobile and ubiquitous computing. Since usability is a prerequisite for privacy and awareness mechanisms especially for mobile applications, we report in this paper on how to balance usability, privacy, and awareness trade-offs when building mobile collaborative applications. This is complemented by new approaches for preserving privacy tailored to the needs of respective communities in the domain of decentralized group-centric solutions. The requirements were gathered through an analysis of user's needs as well as first evaluations of prototypes. Those were built for different case studies focusing on privacy, trust, and identity management in real-life communities. We report on the outcomes of our work and show this exemplary with the help of a mobile prototype application to support an Angling Community with privacy and collaboration needs related to location-based services. 2010 International Conference on Information Society (i-Society), London, 28-30 June 2010 IEEE https://epub.uni-regensburg.de/28537/ Mohamed Bourimi Bernd Uebersch?r E. Ganglbauer Dogan Kesdogan Thomas Barth J. Dax Marcel Heupel incollection epub28554 This work presents a cryptographic analysis of AN.ON?s anonymization protocols. We have discovered three flaws of differing severity. The first is caused by the fact that the freshness of the session key was not checked by the mix. This flaw leads to a situation where an external attacker is able to perform a replay attack against AN.ON. A second, more severe, error was found in the encryption scheme of AN.ON. An internal attacker controlling the first mix in a cascade of length two is able to de-anonymize users with high probability. The third flaw results from the lack of checks to ensure that a message belongs to the current session. This enables an attacker to impersonate the last mix in a cascade. The flaws we discovered represent errors that, unfortunately, still occur quite often and show the importance of either using standardized crytpographic protocols or performing detailed security analyses. 2010 Financial Cryptography and Data Security. 14th International Conference, FC 2010, Tenerife, Canary Islands, January 25-28, 2010, Revised Selected Papers 6052 Springer

Berlin

Lecture Notes in Computer Science 114—128 https://epub.uni-regensburg.de/28554/ Benedikt Westermann R. Wendolsky L. Pimenidis Dogan Kesdogan incollection epub28538 2010 Sichere Mobilit?t und Dienstnutzung in künftigen Netzen. 4 . Essener Workshop ? Neue Herausforderungen in der Netzsicherheit ?, 15. /16. April 2010. Abstracts Univ. Duisburg-Essen 22—23 https://epub.uni-regensburg.de/28538/ pdf = alle Tagungsabstracts J. Dax Marcel Heupel Mohamed Bourimi Dogan Kesdogan article epub28535 2010 International Journal for Infonomics 3 Infonomics Society 563—572 4 https://epub.uni-regensburg.de/28535/ Mohamed Bourimi J. M. Haake Marcel Heupel Bernd Uebersch?r Dogan Kesdogan Thomas Barth incollection epub28536 In the current information technology age, the demand of tools that meet social interaction needs, e.g. SocialTV and Internet-based media advertisement, is gaining in importance. Thus privacy becomes a matter of concern in this respect. Social interactions comprises privacy risks and threats that may enable abuse, e.g., man-in-the-middle attacks based on profile analysis at the server-side. Since in the area of SocialTV current software as well as hardware solutions are mostly server-centric, one cannot fully eliminate accidental or intentional risks and threats even by the reconstruction of users' personal information and their interdependencies. In this paper, we report on results of an evaluation of the potentials of SocialTV by considering end-users' privacy based on lab and field trials. In these trials we enabled eighteen people of various ages and expertise to use centralized as well as decentralized (group-centric) solutions for SocialTV by means of a Web-based software prototype. Further, we describe the followed methodology used by the evaluation in order to allow porting it for future evaluations in other social contexts. 2010 IEEE Second International Conference on Social Computing (SocialCom), Minneapolis, MN, 20-22 Aug. 2010 IEEE https://epub.uni-regensburg.de/28536/ Mohamed Bourimi Dogan Kesdogan Thomas Barth K. H?fke Dhiah Abou-Tair incollection epub28556 In this paper we discuss AN.ON?s need to provide perfect forward secrecy and show by an estimation of the channel build up time that the straight forward solution is not a practical solution. In the remaining paper we propose an improvement which enables AN.ON to provide perfect forward secrecy with respect to their current attacker model. Finally, we show that the delay, caused by our improvement, does not decrease the performance significantly. 2010 Networked Services and Applications - Engineering, Control and Management. 16th EUNICE/IFIP WG 6.6 Workshop, EUNICE 2010, Trondheim, Norway, June 28-30, 2010. Proceedings 6164 Springer

Berlin

Lecture Notes in Computer Science 132—142 https://epub.uni-regensburg.de/28556/ Benedikt Westermann Dogan Kesdogan incollection epub28558 A number of papers are suggested with the goal to measure the quality of anonymity of a given anonymity system. Most of them use the anonymity set as the basis for developing, reasoning about and applying measure. In this paper we argue that these approaches are premature. In this work we suggest to use the so called hypothesis set ? a term derived from possibilistic information flow theory. Investigating the hypothesis set, it is possible to make the ?protection structure? explicit and also define well known terms from measurement theory like scale and metric. We demonstrate our approach by evaluating the hypothesis set of the classical Chaumian Mix. 2009 Information Security and Privacy. 14th Australasian Conference, ACISP 2009 Brisbane, Australia, July 1-3, 2009 Proceedings 5594 Springer

Berlin

Lecture Notes in Computer Science 26—43 https://epub.uni-regensburg.de/28558/ Dang Vinh Pham Dogan Kesdogan book epub28546 2009 309 Springer

Berlin

IFIP Advances in Information and Communication Technology Jan Camenisch and Dogan Kesdogan https://epub.uni-regensburg.de/28546/ Jan Camenisch Dogan Kesdogan incollection epub28544 Nowadays, collaboration and social interaction among people become everyday activities in our evolving information age. In many learning platforms, collaborative platforms in the educational and industrial field or social networks like LinkedIn or Xing, users have to disclose private information and reveal their identities. Working with those systems allows them to create user profiles which could reveal more information about the user, than he wants to give. Furthermore, such environments may construct profiles about users? interaction, which may be used for attacks; thus preserving privacy is an essential component of such environments. In this paper, a decentralized group-centric approach for tailoring collaboration according privacy needs is introduced. The main idea of our approach lays in its construction. In contrast to traditional collaboration environments with central hosting, our approach gives each group the whole responsibility of hosting the collaboration environment by using their own technical means. The feasibility of our approach is demonstrated through a lightweight ubiquitous collaboration platform. The experiences gathered are discussed. 2009 Groupware: Design, Implementation, and Use: 15th International Workshop, CRIWG 2009, Peso da Régua, Douro, Portugal, September 13-17, 2009. Proceedings 5784 Springer

Berlin

Lecture Notes in Computer Science 100—125 https://epub.uni-regensburg.de/28544/ Mohamed Bourimi Falk Kühnel J. M. Haake Dhiah Abou-Tair Dogan Kesdogan incollection epub28541 The Internet is accepted as the de facto information support system in most areas of our professional and leisure life. Nowadays, a shift from single-user-centered usage to support multi-user needs can be observed either in professional life (e.g. when participating in collaborative business processes) and in leisure life activities (e.g. when participating in non-profit communities). The needed environment is provided through collaborative systems and social software (e.g. wikis, blogs, etc.). These environments provide e.g. shared workspaces, where collaborative processes and activities like document sharing, group formation, coordination and communication activities, etc. can take place. For this, collaborative settings need some degree of user?s information disclosure (e.g. partial or full identity revelation). Depending on the actual context and a users sensitivity to a (partial) loss of privacy in a given context a users trust in a system handling privacy is crucial for its acceptance and overall success. Many end-user expectations are covered by functional requirements (FRs), most end-user preferences (e.g. usability, response time) and concerns (e.g. privacy, security) are non-functional requirements (NFRs). Considering current approaches, nonfunctional requirements in general and being of special relevance in this context privacy requirements are not considered adequately in the development process and will become one key issue in future software development processes. In this short paper, we present four requirements derived from a case study in collaborative system design and implementation (CURE, s. [1] for details). A framework for adequate (i.e. earlier) consideration of NFR (e.g. privacy) is outlined. 2009 Intelligent Interactive Assistance and Mobile Multimedia Computing: International Conference, IMC 2009, Rostock-Warnemünde, Germany, November 9-11, 2009. Proceedings 53 Springer

Berlin

Communications in Computer and Information Science 341—342 https://epub.uni-regensburg.de/28541/ Mohamed Bourimi Thomas Barth Bernd Uebersch?r Dogan Kesdogan inproceedings epub28595 2008 Sicherheit 2008: Tagung der Fachgruppe Sicherheit, Schutz und Zuverl?ssigkeit in der Gesellschaft für Informatik https://epub.uni-regensburg.de/28595/ Dogan Kesdogan Dang Vinh Pham L. Pimenidis incollection epub30460 2008 Sicherheit 2008: Sicherheit, Schutz und Zuverl?ssigkeit. Konferenzband der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI) ; 2. - 4. April 2008 im Saarbrücker Schloss 128 Ges. f. Informatik

Bonn

GI-Edition : Proceedings LNI Ammar Alkassar 17 — 30 https://epub.uni-regensburg.de/30460/ Dang Vinh Pham Dogan Kesdogan Lexi Pimenidis inproceedings epub30466 2008 13th Nordic Conference in Secure IT Systems https://epub.uni-regensburg.de/30466/ Vinh Pham Dogan Kesdogan Lexi Pimenidis incollection epub28626 2007 Proceedings of 12th Nordic Workshop on Secure IT-Systems, Reykjavik, Iceland, 11-12 October 2007 https://epub.uni-regensburg.de/28626/ Dogan Kesdogan Vinh Pham L. Pimenidis incollection epub28641 The MIX technique forms the basis of many popular services that offer anonymity of communication in open and shared networks such as the Internet. In this paper, fundamental limits on the anonymity provided by the MIX technique are found by considering two different settings. First, we consider an information theoretic setting to determine the extent of information inherent in observations of the traffic passing through the MIX. We show that if the size of sender anonymity sets is less than the total user population, the information contained in traffic observations is sufficient to deduce all communication relationships between senders and receivers using the MIX. More importantly, we show that even if every user sends a message in each communication round, it is possible to compromise the anonymity significantly. We precisely characterize the extent of compromised anonymity in each case. In the second setting, we assume that the attacker has unlimited computational resources and is free to choose any attack algorithm. We derive tight upper and lower bounds on the minimum number of observations required to deduce all recipient peer-partners of a targeted user. The analysis done in these two settings reveals many discrete mathematical structures inherent in anonymity sets, and the intuition gained from these structures can be used when designing or using a MIX based anonymity technique. 2006 Symposium on Security and Privacy, 21-24 May 2006, Berkeley/Oakland, CA, USA IEEE 14—99 https://epub.uni-regensburg.de/28641/ Dogan Kesdogan Dakshi Agrawal Vinh Pham Dieter Rautenbach incollection epub28660 2006 Sicherheit 2006 : Otto-von-Guericke-Univ, Magdeburg, 20. - 22. Feb. 2006 77 Ges. f. Informatik

Bonn

GI-Edition : Proceedings Jana Dittmann 188—191 https://epub.uni-regensburg.de/28660/ Sebastian Clau? Dogan Kesdogan Tobias K?lsch L. Pimenidis Stefan Schiffner Sandra Steinbrecher incollection epub28663 In the past, different intersection attacks on Chaum Mixes have been proposed and shown to work well in simulation environments. In this work we describe intersection attacks that have been performed on data from anonymized proxy log files. This approach creates all new problems that arise in real systems, where real-world users do not behave like those in the idealized model. E.g. the attack algorithm has to cope with a fixed number of observations. From the performed first experiments on the ?dirty? real world data we get valuable insight into theory and practice of real anonymizers. 2006 Quality of Protection. Security Measurements and Metrics 23 Springer

Berlin

Advances in Information Security 159—171 https://epub.uni-regensburg.de/28663/ First Workshop on Quality of Protection, Milan, Italy. September 2005 Dogan Kesdogan Tobias K?lsch Lexi Pimenidis incollection epub28643 2006 ARCS '06, 19th International Conference on Architecture of Computing Systems : March 16, 2006, Frankfurt am Main. Workshop proceedings 81 Ges. f. Informatik

Bonn

GI-Edition : Proceedings 56—65 https://epub.uni-regensburg.de/28643/ Zinaida Benenson Felix C. Freiling Thorsten Holz Dogan Kesdogan Lucia Draque Penso article epub28637 The Internet promises an ever-increasing variety of services available anytime, almost anywhere, to anyone of just about any experience level. Thus, in many respects, the virtual world has become a viable alternative to our real world, where we can buy anything from a dishwasher to personal services, or publish any information we choose on a personal web site. With all of the convenience and freely available information that this virtual world provides, it has one major problem: in the real world people can nearly always exert some control over their privacy. If they choose, they can study in absolute solitude or meet with others in private rooms, or they can anonymously buy a magazine. However, on the Internet, users have few controls, if any, over the privacy of their actions. Each communication leaves trails here or there and there is always someone who can follow these trails back to the user. Thus, should we just forget about having privacy in the Internet as others have proclaimed? The one path towards enabling true network privacy is to provide anonymity. Anonymity services can allow users to carry out their activities anonymously and unobservably on the Internet. In this work, we investigate the following technical questions: what is network anonymity, what are the various techniques for reliably achieving anonymity, and what are their associated impacts on network performance and user experience. Our emphasis is on deployable systems for the Internet that provide strong anonymity against a strong attacker model. We present the network anonymity techniques (algorithms) suggested in the past and the ones currently in use, and then we discuss possible anonymity techniques of the future. We present the accepted terminology for discussing anonymity, and the definition and different measures of anonymity. However, throughout our discussions we pay particular attention to the analysis of network performance in the presence of anonymity mechanisms. 2006 Computer Communications 29 Elsevier 306—324 3 https://epub.uni-regensburg.de/28637/ Dogan Kesdogan C. Palmer incollection epub28664 During the last years a couple of attacks on generic anonymity protocols emerged, like e.g. the hitting-set attack. These attacks make use of informations gained by passively monitoring anonymizing networks to disclose the communication profile of the users. 2006 Quality of Protection. Security Measurements and Metrics 23 Springer

Berlin

Advances in Information Security 145—158 https://epub.uni-regensburg.de/28664/ First Workshop on Quality of Protection, Milan, Italy. September 2005 Dogan Kesdogan Lexi Pimenidis incollection epub28639 We study the problem of Secure Multi-party Computation (SMC) in a model where individual processes contain a tamper-proof security module, and introduce the TrustedPals framework, an efficient smart card based implementation of SMC for any number of participating entities in such a model. Security modules can be trusted by other processes and can establish secure channels between each other. However, their availability is restricted by their host, that is, a corrupted party can stop the computation of its own security module as well as drop any message sent by or to its security module. We show that in this model SMC can be implemented by reducing it to a fault-tolerance problem at the level of security modules. Since the critical part of the computation can be executed locally on the smart card, we can compute any function securely with a protocol complexity which is polynomial only in the number of processes (that is, the complexity does not depend on the function which is computed), in contrast to previous approaches. 2006 Computer Security ? ESORICS 2006. 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006. Proceedings 4189 Springer

Berlin

Lecture Notes in Computer Science 34—48 https://epub.uni-regensburg.de/28639/ Milan Fort Felix Freiling Lucia Draque Penso Zinaida Benenson Dogan Kesdogan incollection epub28674 If the data collected within a sensor network is valuable or should be kept confidential then security measures should protect the access to this data. We first determine security issues in the context of access control in sensor networks especially focusing on the problem of node capture, i.e., the possibility that an attacker can completely take over some of the sensor nodes. We then introduce the notion of t-robust sensor networks which can withstand capture of up to t nodes and consider three basic security concepts for such networks: (1) t-robust storage, a mechanism to securely store data within a set of sensors such that capture of any t sensors does not reveal that data to the adversary; (2) n-authentication which ensures that authentication is achieved with every uncompromised sensor in the broadcast range of a client (n denotes the number of nodes in that broadcast range); and (3) n-authorization, an authorization primitive with similar properties like n-authentication. We present a generic t-robust protocol for implementing access control using these primitives. 2005 Proceeedings of the 2nd European Workshop on Wireless Sensor Networks (EWSN 2005) IEEE 158—165 https://epub.uni-regensburg.de/28674/ Zinaida Benenson Felix G?rtner Dogan Kesdogan incollection epub28665 n dieser Arbeit stellen wir eine Architektur und ein Protokoll für ortsbezogene Dienste vor, die die Privatsph?re der Benutzer schützen und den Verwaltungsaufwand zur Einrichtung eines Dienstes erheblich reduzieren. Dazu f?hren wir einen Ortsdatenvermittler ein, der Aufgaben der Ortsdatenverarbeitung übernimmt und so den Dienstanbieter von der Ortsdatenquelle trennt. Ein Gro?teil der Autorisierung und der Datenverwaltung wird dabei durch ein System zur automatischen Identit?tsverwaltung geleistet. In dieser Arbeit betrachten wir passive Dienste, welche Datenschutzrechtlich problematischer sind, da die Benutzerposition bei ihnen über einen l?ngeren Zeitraum verfolgt wird. 2005 Ortsbezogene Anwendungen und Dienste : 2. GI/ITG KuVS Fachgespr?ch, Stuttgart 2005.06.16-17 324 FernUniversit?t, Fachbereich Informatik

Hagen

Informatik-Berichte J?rg Roth 58—62 https://epub.uni-regensburg.de/28665/ Lothar Fritsch Tobias K?lsch Markulf Kohlweiss Dogan Kesdogan incollection epub28661 User centric identity management will be necessary to protect user's privacy in an electronic society. However, designing such systems is a complex task, as the expectations of the different parties involved in electronic transactions have to be met. In this work we give an overview on the actual situation in user centric identity management and point out problems encountered there. Especially we present the current state of research and mechanisms useful to protect the user's privacy. Additionally we show security problems that have to be borne in mind while designing such a system and point out possible solutions. Thereby, we concentrate on attacks on linkability and identifiability, and possible protection methods. 2005 DIM '05. Proceedings of the 2005 ACM Workshop on Digital Identity Management, Nov. 11, George Mason University, Fairfax, VA, USA ACM

New York

84—93 https://epub.uni-regensburg.de/28661/ Sebastian Clau? Dogan Kesdogan Tobias K?lsch L. Pimenidis Stefan Schiffner Sandra Steinbrecher incollection epub28673 Location based services (LBS) are distributed multi-party infrastructures with the opportunity to generate profitable m-business applications. Also, LBS pose a great risk for their users? privacy, as they have access to private information about a person?s whereabouts in a particular context. As location data is the essential input for LBS, protection of privacy in LBS is not a problem of providing anonymity by supressing data release, but a problem of identity management and control over information handling. In this paper we show a solution that ensures a LBS user?s control over location information with managed identities. At the same time, our solution enables profitable business models, e.g. for mobile telephony operators. Additionally, we provide fine-grained consent management for the LBS user. 2005 Security in Pervasive Computing. 2nd Internat. Conf., SPC 2005, Boppard, Germany, April 6-8, 2005. Proceedings 3450 Springer

Berlin

Lecture Notes in Computer Science 164—178 https://epub.uni-regensburg.de/28673/ Tobias K?lsch Lothar Fritsch Markulf Kohlweiss Dogan Kesdogan incollection epub28672 2005 Sicherheit 2005: Beitr?ge der 2. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI); 5.-8. April 2005 in Regensburg P-62 K?llen

Bonn

Lecture Notes in Informatics P Hannes Federrath https://epub.uni-regensburg.de/28672/ Zinaida Benenson Felix G?rtner Dogan Kesdogan incollection epub28671 2005 Sicherheit 2005: Beitr?ge der 2. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI); 5.-8. April 2005 in Regensburg P-62 K?llen

Bonn

Lecture Notes in Informatics P Hannes Federrath https://epub.uni-regensburg.de/28671/ Dogan Kesdogan O. Rattay incollection epub28677 A passive attacker can compromise a generic anonymity protocol by applying the so called disclosure attack, i.e. a special traffic analysis attack. In this work we present a more efficient way to accomplish this goal, i.e. we need less observations by looking for unique minimal hitting sets. We call this the hitting set attack or just HS-attack. In general, solving the minimal hitting set problem is NP-hard. Therefore, we use frequency analysis to enhance the applicability of our attack. It is possible to apply highly efficient backtracking search algorithms. We call this approach the statistical hitting set attack or SHS-attack. However, the statistical hitting set attack is prone to wrong solutions with a given small probability. We use here duality checking algorithms to resolve this problem. We call this final exact attack the HS*-attack. 2005 Information Hiding. 6th Internat. Workshop, IH 2004, Toronto, Canada, May 23-25, 2004, Revised Selected Papers 3200 Springer

Berlin

Lecture Notes in Computer Science 326—339 https://epub.uni-regensburg.de/28677/ Dogan Kesdogan Lexi Pimenidis incollection epub28675 2004 Informatik 2004 : Informatik verbindet : Beitra?ge der 34. Jahrestagung der Gesellschaft fu?r Informatik e.V. (GI), Ulm, 20. - 24. September 2004 50-51 Ges. f. Informatik

Bonn

GI-Edition: Lecture notes in informatics (LNI). Proceedings Peter Daman https://epub.uni-regensburg.de/28675/ Zinaida Benenson Felix G?rtner Dogan Kesdogan incollection epub28679 A user is only anonymous within a set of other users. Hence, the core functionality of an anonymity providing technique is to establish an anonymity set. In open environments, such as the Internet, the established anonymity sets in the whole are observable and change with every anonymous communication. We use this fact of changing anonymity sets and present a model where we can determine the protection limit of an anonymity technique, i.e. the number of observations required for an attacker to ?break? uniquely a given anonymity technique. In this paper, we use the popular MIX method to demonstrate our attack. The MIX method forms the basis of most of the today?s deployments of anonymity services (e.g. Freedom, Onion Routing, Webmix). We note that our approach is general and can be applied equally well to other anonymity providing techniques. 2003 Information Hiding. 5th Internat. Workshop, IH 2002 Noordwijkerhout, The Netherlands, Oct. 7-9, 2002 Revised Papers 2578 Springer

Berlin

Lecture Notes in Computer Science 53—69 https://epub.uni-regensburg.de/28679/ Dogan Kesdogan Dakshi Agrawal Stefan Penz article epub28680 The goal of anonymity providing techniques is to preserve the privacy of users, who has communicated with whom, for how long, and from which location, by hiding traffic information. This is accomplished by organizing additional traffic to conceal particular communication relationships and by embedding the sender and receiver of a message in their respective anonymity sets. If the number of overall participants is greater than the size of the anonymity set and if the anonymity set changes with time due to unsynchronized participants, then the anonymity technique becomes prone to traffic analysis attacks. We are interested in the statistical properties of the disclosure attack, a newly suggested traffic analysis attack on the MIXes. Our goal is to provide analytical estimates of the number of observations required by the disclosure attack and to identify fundamental (but avoidable) 'weak operational modes' of the MIXes and thus to protect users against a traffic analysis by the disclosure attack. 2003 IEEE security & privacy 1 IEEE 27—34 6 https://epub.uni-regensburg.de/28680/ Dakshi Agrawal Dogan Kesdogan incollection epub28678 The goal of anonymity providing techniques is to preserve the privacy of users, who has communicated with whom, for how long, and from which location, by hiding traffic information. This is accomplished by organizing additional traffic to conceal particular communication relationships and by embedding the sender and receiver of a message in their respective anonymity sets. If the number of overall participants is greater than the size of the anonymity set and if the anonymity set changes with time due to unsynchronized participants, then the anonymity technique becomes prone to traffic analysis attacks. We are interested in the statistical properties of the disclosure attack, a newly suggested traffic analysis attack on the MIXes. Our goal is to provide analytical estimates of the number of observations required by the disclosure attack and to identify fundamental (but avoidable) 'weak operational modes' of the MIXes and thus to protect users against a traffic analysis by the disclosure attack. 2003 SP '03 : Proceedings of the 2003 IEEE Symposium on Security and Privacy, 11-14 May 2003, Oakland, CA, USA IEEE CS Press

Washington, DC

16—27 https://epub.uni-regensburg.de/28678/ Dakshi Agrawal Dogan Kesdogan Stefan Penz incollection epub28681 The technique "Private Information Retrieval" (PIR) perfectly protects a user?s access pattern to a database. An attacker cannot observe (or determine) which data element is requested by a user and so cannot deduce the interest of the user. We discuss the application of PIR on the World Wide Web and compare it to the MIX approach. We demonstrate particularly that in this context the method does not provide perfect security, and we give a mathematical model for the amount of information an attacker could obtain. We provide an extension of the method under which perfect security can still be achieved. 2003 Privacy Enhancing Technologies : 2nd Internat. Worksh., PET 2002, San Francisco, CA, USA, April 14?15, 2002. Revised Papers 2482 Springer

Berlin

Lecture Notes in Computer Science 224—238 https://epub.uni-regensburg.de/28681/ Dogan Kesdogan Max Borning Michael Schmeink article epub28700 Durch seine vielf?ltigen M?glichkeiten spielt das Internet in immer mehr Bereichen des privaten und ?ffentlichen Lebens eine zunehmende Rolle. Ein spezieller Bereich ist der E-Commerce, der den elektronischen Handel im Allgemeinen und die wirtschaftlichen Beziehungen zwischen Anbietern, Kunden und anderen Akteuren im Speziellen bezeichnet. 百利宫_百利宫娱乐平台￥官网e gestiegene Bedeutung des Internets in vielen Bereichen des Lebens steigert auch das Interesse seitens Dritter, durch Beobachtung m?glichst viel über einzelne Personen, ihre Interessen und Neigungen mittels des Internets in Erfahrung zu bringen. In diesem Artikel werden daher verschiedene Verfahren vorgestellt, die einen gewissen Schutz vor solchen Angriffen bieten. With its broad variety of potential uses the Internet is becoming more and more important in many areas of both private and public life. This holds particularly for Electronic Commerce, i.e., electronic transactions between businesses, consumers, and potentially other actors. With the increasing importance of the Internet especially in this domain, third parties may want to illegally obtain as much information as possible about the acting parties through espionage. This article discusses some methods that offer protection against such attacks. 2001 Information technology : it 43 Oldenbourg 254—263 4 https://epub.uni-regensburg.de/28700/ Mark Borning Dogan Kesdogan Otto Spaniol incollection epub28699 2001 Verl?ssliche IT-Systeme : Sicherheit in komplexen IT-Infrastrukturen Vieweg

Wiesbaden

37—54 https://epub.uni-regensburg.de/28699/ Dogan Kesdogan Mark Borning Michael Schmeink incollection epub28545 Considering trust and privacy requirements for online and collaborative distance learning environments, this paper discusses potential extensions of SOA based applications to simultaneously support authentication and authorization services, and offering mutual trust to both learners and service providers. This study shows that the security mechanisms integrated in the SOA platform can be effectively extended and correlated with a trust model. 2001 Systems and Virtualization Management. Standards and the Cloud Third International DMTF Academic Alliance Workshop, SVM 2009, Wuhan, China, September 22-23, 2009. Revised Selected Papers 71 Springer

Berlin

Communications in Computer and Information Science 94—102 https://epub.uni-regensburg.de/28545/ Latifa Boursas Mohamed Bourimi Wolfgang Hommel Dogan Kesdogan incollection epub28698 2001 Proceedings / LCN 2001, 26th Annual IEEE Conference on Local Computer Networks : 14 - 16 November 2001, Tampa, Florida IEEE CS Press

Los Alamitos, Calif.

https://epub.uni-regensburg.de/28698/ Dogan Kesdogan incollection epub28684 2001 4th Int. Conf. on Electronic Commerce Research (ICECR-4), Dallas, TX, USA, Nov. 8-11, 2001 Southern Methodist Univ.

Dallas, TX, USA

529—240 https://epub.uni-regensburg.de/28684/ Kathy Bohrer Xuan Liu Dogan Kesdogan Edith Schonberg Muninder Singh incollection epub28683 2001 4th Int. Conf. on Electronic Commerce Research (ICECR-4), Dallas, TX, USA, Nov. 8-11, 2001 Southern Methodist Univ.

Dallas, TX, USA

https://epub.uni-regensburg.de/28683/ Kathy Bohrer Xuan Liu Dogan Kesdogan Edith Schonberg Moninder Singh Susan L. Spraragen inproceedings epub28696 2001 International Conference on Multimedia Internet, Video Technologies (MIV'01),World Scientific and Engineering Society (WSES) https://epub.uni-regensburg.de/28696/ Mark Borning Dogan Kesdogan book epub28708 2000 Braunschweig

Vieweg

https://epub.uni-regensburg.de/28708/ Zugl.: Aachen, Techn. Hochsch., Diss., 1999 Dogan Kesdogan incollection epub28707 2000 7. Workshop Sicherheit in Vernetzten Systemen : 8. und 9. M?rz 2000, Hamburg ( DFN-CERT) 90 Verein zur F?rderung eines Deutschen Forschungsnetzes

Berlin

DFN-Bericht https://epub.uni-regensburg.de/28707/ Dogan Kesdogan M. Sch?ffter inproceedings epub28712 1999 Proceedings of the 4th Nordic Workshop on Secure IT systems (NordSec?99) https://epub.uni-regensburg.de/28712/ Roland Büschkes Tobias Haustein Dogan Kesdogan incollection epub28709 Mit der fortschreitenden Vernetzung von Rechner- und Kommunikationssystemen gewinnen datenschutzfreundliche Technologien zunehmend an Bedeutung. In der aktuellen Literatur werden verschiedene Techniken diskutiert, die insbesondere auch die Anonymisierung der Nutzer erm?glichen und deren Unbeobachtbarkeit sicherstellen. Für den Nutzer, der solche Techniken anwenden will, ist es wichtig, die verschiedenen vorgeschlagenen Techniken im Hinblick auf ihre Sicherheit und Leistungsf?higkeit bewerten und vergleichen zu k?nnen. In dieser Arbeit wird die bisher auf dem Gebiet existierende modelltheoretische Welt erweitert und Klassifizierungsgr??en vorgeschlagen, welche die geforderte Einordnung der Techniken erm?glichen. Die exemplarische Anwendung dieser Gr??en auf aktuell diskutierte Anonymisierungstechniken wird dazu genutzt, einen ?berblick über den aktuellen Forschungsstand auf dem Gebiet zu geben. 1999 Sicherheitsinfrastrukturen : Grundlagen, Realisierungen, rechtliche Aspekte, Anwendungen Vieweg

Braunschweig

331—332 https://epub.uni-regensburg.de/28709/ Dogan Kesdogan Roland Büschkes incollection epub28713 1999 Multilateral security in communications : [basis of the International Conference on Multilateral Security in Communications, to be held on the 16th and 17th of July 1999 in Stuttgart]. Vol. 3 Addison-Wesley

München

https://epub.uni-regensburg.de/28713/ Roland Büschkes Dogan Kesdogan incollection epub28714 1999 Multilateral security in communications : [basis of the International Conference on Multilateral Security in Communications, to be held on the 16th and 17th of July 1999 in Stuttgart]. Vol. 3 Addison-Wesley

München

https://epub.uni-regensburg.de/28714/ Dogan Kesdogan Roland Büschkes Otto Spaniol incollection epub28710 Location Management of mobile users in a cellular network covers tracking and paging (searching) functionality. In this paper a sequential search strategy is proposed which reduces the signaling on the air interface and also considers the user?s privacy using implicit addresses. After introducing some related work on paging and reducing the costs of paging, the basic idea of the search strategy is described. The used paging methods are crucial for the effectiveness of this strategy. For that, three different paging methods are proposed using fixed and variable segment sizes. The methods are evaluated according to their costs in terms of delay, bandwidth and paging steps. For that the model is described we used for our simulations. Metrics are defined to evaluate the strategies before presenting our results using an event-driven simulation. 1999 Kommunikation in Verteilten Systemen (KiVS): 11. ITG/GI-Fachtagung. Darmstadt, 2.-5. M?rz 1999 Springer

Berlin

488—499 https://epub.uni-regensburg.de/28710/ Dogan Kesdogan A. Trofimov D. Trossen incollection epub28711 The increasing complexity of both tele and data communication networks yields new demands concerning network security. Especially the task of detecting, repulsing and preventing abuse by in- and outsiders is becoming more and more difficult. This paper deals with a new technique that appears to be suitable for solving these issues, i.e. anomaly detection based on the specification of transactions. The traditional transaction and serialization concepts are discussed, and a new model of anomaly detection, based on the concept of transactions, is introduced. Applying this model to known attacks gives a first insight concerning the feasibility of our approach. 1999 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, USA. Prodeedings www.usenix.org 129—134 https://epub.uni-regensburg.de/28711/ Roland Büschkes Mark Borning Dogan Kesdogan incollection epub28715 One of the major security aspects in mobile communication networks concerns information about the localization of the (mobile) network user. This information may be protected by establishing a trusted third party that is responsible for creating suitable pseudonyms for the user identity. Distributing the maintenance of pseudonyms among n independent trusted parties allows to increase further the security of location information. In this paper, a method is proposed that guarantees security as long as at least one of the n parties may definitely be trusted whereas the other parties may turn out to be corrupt. The pseudonym collision probability is derived analytically before a detailed OPNET simulation evaluates the cost of the new approach compared to standard GSM. 1998 Computer Security — ESORICS 98 : 5th Europ. Symp. on Research in Computer Security, Louvain-la-Neuve, Belgium, Sept. 16?18, 1998. Proceedings 1485 Springer

Berlin

Lecture Notes in Computer Science 295—312 https://epub.uni-regensburg.de/28715/ Dogan Kesdogan Peter Reichl Klaus Jungh?rtchen incollection epub28717 The increasing complexity of cellular radio networks yields new demands concerning network security. Especially the task of detecting, repulsing and preventing abuse both by in- and outsiders becomes more and more difficult. This paper deals with a relatively new technique that appears to be suitable for solving these issues, i.e. anomaly detection based on profiling mobile users. Mobility pattern generation and behavior prediction are discussed in depth, before a new model of anomaly detection that is based on the Bayes decision rule is introduced. Applying this model to mobile user profiles proves the feasibility of our approach. Finally, a special emphasis is put on discussing privacy aspects of anomaly detection. 1998 14th Annual Computer Security Applications Conference, Phoenix, AZ, 07-11 Dec 1998; Proceedings IEEE 3—12 https://epub.uni-regensburg.de/28717/ Roland Büschkes Dogan Kesdogan Peter Reichl inproceedings epub28716 1998 International Symposium on Recent Advances in intrusion Detection 1998 (RAID 98) https://epub.uni-regensburg.de/28716/ Roland Büschkes Dogan Kesdogan incollection epub28719 The information about the location of a mobile user belongs to the most sensitive data within mobile communication networks. One possibility to protect it especially against curious insiders with access to the network consists of storing the actual information in so-called ?home trusted devices? and using temporary pseudonyms for user registration in the network databases. This paper presents a detailed OPNET simulation and evaluation of the signalling cost of this approach compared to standard GSM. 1998 Computer Performance Evaluation. Modelling Techniques and Tools, 10th International Conference, Tools?98 Palma de Mallorca, Spain, September 14?18, 1998 Proceedings 1469 Springer

Berlin

Lecture Notes in Computer Science 105—116 https://epub.uni-regensburg.de/28719/ Peter Reichl Dogan Kesdogan Klaus Jungh?rtchen Marko Schuba incollection epub28718 Currently known basic anonymity techniques depend on identity verification. If verification of user identities is not possible due to the related management overhead or a general lack of information (e.g. on the Internet), an adversary can participate several times in a communication relationship and observe the honest users. In this paper we focus on the problem of providing anonymity without identity verification. The notion of probabilistic anonymity is introduced. Probabilistic anonymity is based on a publicly known security parameter, which determines the security of the protocol. For probabilistic anonymity the insecurity, expressed as the probability of having only one honest participant, approaches 0 at an exponential rate as the security parameter is changed linearly. Based on our security model we propose a new MIX variant called ?Stop-and-Go-MIX? (SG-MIX) which provides anonymity without identity verification, and prove that it is probabilistically secure. 1998 Information Hiding. 2nd Internat.l Workshop, IH?98, Portland, Oregon, USA, April 14?17, 1998. Proceedings 1525 Springer

Berlin

Lecture Notes in Computer Science 83—98 https://epub.uni-regensburg.de/28718/ Dogan Kesdogan Jan Egner Roland Büschkes incollection epub7410 1997 Mehrseitige Sicherheit in der Kommunikationstechnik. 2 B?nde Addison-Wesley-Longman

Bonn

Reihe Informationssicherheit Günter Müller and Andreas Pfitzmann 325—357 Security in general (overviews/surveys) https://epub.uni-regensburg.de/7410/ Reiner Sailer Hannes Federrath Anja Jerichow Dogan Kesdogan Andreas Pfitzmann inproceedings epub7401 1997 IEEE 47th Annual International Vehicular Technology Conference (VTC) Mobile communication https://epub.uni-regensburg.de/7401/ erschienen in: Technology in motion / 1997 IEEE 47th Vehicular Technology Conference. 3 B?nde. Piscataway, NJ: IEEE Service Center, 1997. ISBN 0-7803-3659-3; 0-7803-3660-7; 0-7803-4075-2; 0-7803-3661-5. Hannes Federrath Anja Jerichow Dogan Kesdogan Andreas Pfitzmann Dirk Trossen incollection epub7408 1997 Mehrseitige Sicherheit in der Kommunikationstechnik. 2 B?nde Addison-Wesley-Longman

Bonn

Reihe Informationssicherheit Günter Müller and Andreas Pfitzmann 169—180 Mobile communication https://epub.uni-regensburg.de/7408/ Nachdruck des in it+ti 38/4 (1996) erschienenen Artikels Hannes Federrath Anja Jerichow Dogan Kesdogan Andreas Pfitzmann Otto Spaniol inproceedings epub28723 1996 Fourth International Conference on Telecommunication Systems 96, Modelling and Analysis https://epub.uni-regensburg.de/28723/ Andreas Fasbender Dogan Kesdogan Olaf Kubitz inproceedings epub7414 1996 IFIP SEC, International Information Security Conference; 12 39—48 Mobile communication https://epub.uni-regensburg.de/7414/ Titel der proceedings: Katsikas, Sokratis K. (Hrsg.): Information systems security: facing the information society of the 21st century/ IFIP SEC '96 Conference. London: Chapman & Hall, 1996. ISBN 0-412-78120-4 Dogan Kesdogan Hannes Federrath Anja Jerichow Andreas Pfitzmann incollection epub28721 1996 Proc. of the 2nd Workshop on Personal Wireless Communications, Frankfurt a.M., Germany, 1Dec 10-11 1996 (IFIP TC 6) Univ.

Frankfurt am Main

63—74 https://epub.uni-regensburg.de/28721/ Dogan Kesdogan Margarethe Zywiecki Klaus Beulen article epub7416 1996 Informationstechnik und technische Informatik: it + ti 38 Oldenbourg 24—29 4 Mobile communication https://epub.uni-regensburg.de/7416/ Hannes Federrath Anja Jerichow Dogan Kesdogan Andreas Pfitzmann Otto Spaniol incollection epub28724 1996 Communications and multimedia security II : Proc. of the IFIP TC6/TC11 Internat. Conf. on Communications and Multimedia Security, Essen, Germany, 23rd-24th Sept. 1996 Chapman &Hall

London

https://epub.uni-regensburg.de/28724/ Simon Hoff Kai Jakobs Dogan Kesdogan incollection epub28722 The amount of mobile and nomadic computing is expected to increase dramatically in the near future. Hand in hand with this ubiquitous mobile computing security and privacy problems show up, which have not been dealt with sufficiently up to now. The main problems are traffic analysis and the easy access to location information, for example in the popular Internet just by looking at the address headers of messages. The need for security and privacy supporting networks is discussed. We present the nondisclosure method (NDM) as a way to provide the user with variable and scalable security and privacy. We exemplarily demonstrate the applicability of NDM in an existing network by presenting an upward compatible protocol extension to the Internet protocol (IP), the secure IP in IP protocol. Its main design goal is the untraceability of network connections in mobile environments 1996 Mobile Technology for the Human Race. IEEE 46th Vehicular Technology Conference, Atlanta, GA, USA, 28 Apr 1996-01 May 1996. Vol. 2 IEEE 963—967 https://epub.uni-regensburg.de/28722/ Andreas Fasbender Dogan Kesdogan Olaf Kubitz article epub7418 1995 Praxis der Informationsverarbeitung und Kommunikation: PIK 18 Saur 231—234 3 Security in general (overviews/surveys) https://epub.uni-regensburg.de/7418/ Andreas Bertsch Herbert Damker Hannes Federrath Dogan Kesdogan Michael Schneider