Henning Pridöhl scite author profile

et al. 2017

Website owners make conscious and unconscious decisions that affect their users, potentially exposing them to privacy and security risks in the process. In this paper we introduce PrivacyScore, an automated website scanning portal that allows anyone to benchmark security and privacy features of multiple websites. In contrast to existing projects, the checks implemented in PrivacyScore cover a wider range of potential privacy and security issues. Furthermore, users can control the ranking and analysis methodology. Therefore, PrivacyScore can also be used by data protection authorities to perform regularly scheduled compliance checks. In the long term we hope that the transparency resulting from the published assessments creates an incentive for website owners to improve their sites. The public availability of a first version of PrivacyScore was announced at the ENISA Annual Privacy Forum in June 2017.

Klinische Register im 21. Jahrhundert

Behrendt

Schaar

et al. 2017

Chirurg

In the light of big data applications in modern medicine, the various forms of registries becoming increasingly more important. To meet the changing requirements in the field of digital healthcare, the European Commission proposed a comprehensive reform of data protection rules in the European Union (EU). After a transition phase the novel regulations will come into force from 25 May 2018 and then replace the existing Federal Data Protection Act. To conscientiously deal with this subject is of utmost importance before implementing registry-based projects in medical research or quality improvement. To protect patient rights in times of technical progress and increasing amounts of data, appropriate data protection strategies are needed. This article gives an overview on the background and developments in European data privacy law. It further aims to illustrate solutions to overcome new challenges associated with medical register projects.

Basic Concepts and Models of Cybersecurity

Herrmann

2020

This introductory chapter reviews the fundamental concepts of cybersecurity. It begins with common threats to information and systems to illustrate how matters of security can be addressed with methods from risk management. In the following, typical attack strategies and principles for defence are reviewed, followed by cryptographic techniques, malware and two common weaknesses in software: buffer overflows and SQL injections. Subsequently, selected topics from network security, namely reconnaissance, firewalls, Denial of Service attacks, and Network Intrusion Detection Systems, are analysed. Finally, the chapter reviews techniques for continuous testing, stressing the need for a free distribution of dualuse tools. Although introductory in nature, this chapter already addresses a number of ethical issues. For instance, well-intended security mechanisms may have undesired side effects such as leaking sensitive information to attackers. As asymmetries and externalities are at the core of many security problems, devising effective security solutions that are adopted in practice is a challenge.

How Private is Android’s Private DNS Setting? Identifying Apps by Encrypted DNS Traffic

Mühlhauser

Herrmann

2021

DNS over TLS (DoT) and DNS over HTTPS (DoH) promise to improve privacy and security of DNS by encrypting DNS messages, especially when messages are padded to a uniform size. Firstly, to demonstrate the limitations of recommended padding approaches, we present Segram, a novel app fingerprinting attack that allows adversaries to infer which mobile apps are executed on a device. Secondly, we record traffic traces of 118 Android apps using 10 differnet DoT/DoH resolvers to study the effectiveness of Segram under different conditions. According to our results, Segram identifies apps with accuracies of up to 72 % with padding in a controlled closed world setting. The effectiveness of Segram is comparable with state-of-the-art techniques but Segram requires less computational effort. We release our datasets and code. Thirdly, we study the prevalence of padding among privacy-focused DoT/DoH resolvers, finding that up to 81 % of our sample fail to enable padding. Our results suggest that recommended padding approaches are less effective than expected and that resolver operators are not sufficiently aware about this feature. CCS CONCEPTS• Security and privacy → Mobile and wireless security; • Networks → Network privacy and anonymity.

Best Practices for Notification Studiesfor Security and Privacy Issues on the Internet

Maaß

Pridöhl²,

Herrmann³

et al. 2021