My current research focus is in the area of security and privacy with a particular interest in a holistic view on the examined systems. In particular, my research interests include, but are not limited to (naturally there will be an overlap between some of the topics):
Usability and Human behaviorIt is important to design usable systems since otherwise improved security or privacy features won't be accepted by the users. On the other hand, usability is not the only factor deciding if a user accepts a certain system. I investigate how much certain factors influence the users' acceptance of privacy enhancing technologies and security measures.
Serious Games and GamificationI aim to enable users to detect and defend social engineering attacks and privacy violations, to regard security considerations and to understand privacy implications. For that purpose, I develop and evaluate Serious Games and gamify processes and systems to improve user engagement and productivity.
Privacy-Enhancing TechnologiesI investigate the development of secure and privacy-friendly architectures and practical solutions, such as anonymous e-commerce or the application of privacy patterns within fog and cloud computing environments. In particular, one of the re-occurring challenges is to make use of Privacy-Enhancing Technologies without degrading performance or usability.
Modeling & Measuring Privacy and Security
Applied CrytographyI am also interested in applied cryptography for security and privacy purposes and the development of (crytographic) attacker models to get further insights about the chances of attackers to successfully break crytographic systems.
- Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym. In Proceedings on Privacy Enhancing Technologies (PoPETs), 2020 (2): 111-128, 2020.
- LiSRA: Lightweight Security Risk Assessment for Decision Support in Information Security. In Computers & Security, 90, 2020.
- How Nostalgic Feelings Impact Pokémon Go Players - Integrating Childhood Brand Nostalgia into the Technology Acceptance Theory. In Behaviour & Information Technology, 0 (0): 1-21, 2019.
- Applying Privacy Patterns to the Internet of Things' (IoT) Architecture. In Mobile Networks and Applications (MONET) -- The Journal of SPECIAL ISSUES on Mobility of Systems, Users, Data and Computing, 24 (3): 925-933, 2019.
- Exploring the Hype: Investigating Technology Acceptance Factors of Pokémon Go. In 2017 IEEE International Symposium on Mixed and Augmented Reality, ISMAR 2017, Nantes, France, October 9-13, 2017, pages 155-168, 2017, Acceptance rate: (17)/99 = 17.2 %.
- Social engineering defence mechanisms and counteracting training strategies. In Information and Computer Security, 25 (2): 206-222, 2017.
- A Serious Game for Eliciting Social Engineering Security Requirements. In Proceedings of the 24th IEEE International Conference on Requirements Engineering, IEEE Computer Society, RE '16 , 2016, Acceptance Rate: 22/79 = 27.8%.
- STAGE -- A Software Tool for Automatic Grading of Testing Exercises -- Case Study Paper. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, Austin, TX, USA, May 14-22, 2016 - Companion Volume, pages 491-500, 2016, Acceptance rate: (22+4)/64 = (34.4 + 6.3) %.
- Authentication in Insecure Environments -- Using Visual Cryptography and Non-Transferable Credentials in Practise. Springer Vieweg, Research , 2014.
- Sample or Random Security - A Security Model for Segment-Based Visual Cryptography. In Financial Cryptography and Data Security - 18th International Conference, FC 2014, Christ Church, Barbados, March 3-7, 2014, Revised Selected Papers, pages 291-303, 2014, Acceptance rate: 31 / 138 = 22.5%.
- Defining the Cloud Battlefield -- Supporting Security Assessments by Cloud Customers. In Proceedings of IEEE International Conference on Cloud Engineering (IC2E), pages 78-87, 2013, Acceptance rate: 22 / 107 = 20.6%.
- June 9th, 2020:The article Asset-centric analysis and visualisation of attack trees with Christopher and Andre was accepted for presentation at Gramsec 2020.
- May 6th, 2020:The article Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach with Federica, Jan and Fabio was accepted for publication at Information.
- April 19th, 2020: Joint Statement on Contact Tracing