Recently, our paper [1] on the Authentication Analysis Framework (AAF) was accepted and published by Elsevier COSE. But what is it all about? User accounts on the Internet usually support different primary and fallback authentication methods. Fallback methods take effect when the primary authentication methods are (temporarily) not available, for example, because the password has […]
Analyzing GDPR Article 15
When the EU General Data Protection Regulation (GDPR) was implemented, I made inquiries to many service providers in accordance with Article 15 (right of access of the data subject) – out of my own interest. In the beginning, the requests had mostly the form of emails. Slowly, more and more service providers integrated functions (forms […]
Different Aspects of IT Security
As I found out, I hadn’t written any posts in the last 12 months. This despite the fact that we had published some interesting papers and three (?) Incidents happened at LastPass. The latter obviously has to do with one of my research topics, identity management. Maybe I’ll write a blog post about it soon. […]
Reference Model for Federated Identity Managmeent
At the end of the month, I’ll be presenting our reference model for federated identity management at EMMSAD 2021. As soon as the paper is online at arxiv.org, I will link it here. But why is it working? There are more and more identities, whether for one person or for an organization. In my password […]
Cyber Taxi
Our Cyber Taxi paper, which was presented at the ESORICS 2020 workshop MSTEC, is also available on arXiv. The lack of guided exercises and practical opportunities to learn about cybersecurity in a practical way makes it difficult for security experts to improve their proficiency. Capture the Flag events and Cyber Ranges are ideal for cybersecurity training. […]