The graduate research group has addressed various topics in the field of IT security, including the security of medical applications, emails, web conferences, and IT security in schools. Through intensive research, numerous vulnerabilities have been identified and resolved. The group continues its efforts to develop methods that achieve higher security standards in the aforementioned areas.
MedMax: The MedMax tandem focuses on investigating cyber-attacks on medical facilities such as hospitals. The main focus is on researching appropriate detection and countermeasures. The use of artificial intelligence in incident response has been explored to automate forensic analyses in the future. Additionally, vulnerabilities in medical IT have been uncovered and addressed as part of the project [1,2]. Research continues on the security of networked medical technology to better protect medical facilities against cyber-attacks.
MoViSec: During the COVID-19 pandemic, video conferencing systems like Zoom and Microsoft Teams saw widespread use, raising concerns about their security. The MoViSec research team (Analysis of Modern Video Conferencing Systems and their Security) aims to examine the security aspects of open-source systems like BigBlueButton and Jitsi. Initial analyses have already revealed security deficiencies in these systems [3]. The research team plans to conduct further investigations to identify more vulnerabilities and develop measures to improve the security of these systems.
SEAN: The SEAN tandem (Secure Email for All Users) investigates the security of end-to-end encrypted emails and the encrypted communication between email applications and email servers. Vulnerabilities have been found in email applications that allowed third parties to decrypt encrypted emails [4]. Additionally, servers were found to have weaknesses in the encryption of communication, allowing all messages to be decrypted [5]. These vulnerabilities have been reported and addressed. The tandem plans further security analyses, particularly focusing on the security of cryptographic procedures and encrypted communication.
SCOUT: The SCOUT tandem (Secure Online Navigation) researches how to sensitize students from the lower secondary level to the dangers of interacting with IT systems (e.g., cyberbullying or malware) and promote safe online behavior. The handling of online threats by students, teachers, and parents has been empirically researched through a large study that highlights the mutual influence of these groups on each other [6]. Additionally, a teaching unit on cryptography has been developed specifically for this age group. In the future, digital learning offerings on IT security are to be developed and made available for use in student laboratories, schools, and teacher training [7].
SES: The SES research tandem (Strong Email Security) investigates the security of emails in the browser, including popular webmail providers such as Gmail, GMX, and Web.de. Several security vulnerabilities have already been discovered, reported, and resolved, which allowed attackers to access others’ emails [8]. Additionally, the tandem is researching new defensive measures to bring the strong security properties of instant messaging systems like WhatsApp to the email ecosystem. A prototype is planned to enable users to encrypt emails in webmail applications directly in the browser without significant additional effort.