Welcome to KASTEL

The Competence Center for Applied Security Technology (KASTEL) is one of three competence centers for cyber security in Germany, which were initiated by the Federal Ministry of Education and Research (BMBF) in March 2011.

Following the motto “Comprehensible security in the networked world”, KASTEL is meeting the challenges posed by the increasing interconnection of previously isolated systems.

Of particular importance are the consequences of digitalization in the area of critical infrastructures, for example in the energy economy, in industrial production or networked mobility, but also in "intelligent" environments.

KASTEL bundles the competencies in the field of IT security at the research location Karlsruhe. The goal is to develop a widespread approach instead of isolated partial solutions. The focus will be on comprehensive security in specific application areas, such as power grids or intelligent factories.

To ensure this security, new threats need to be modeled, security objectives need to be described and new methods have to be developed.

This can only be achieved through the cooperation of cryptographers, IT-security specialists, software-engineers, network experts, jurists, economics and social scientists – like here at KASTEL.

 

KASTEL started in 2011 with a provisional term of four years. The goal was to conduct interdisciplinary research and answer questions about IT security that were to be put to practical use on the basis of prototypes and scenarios. This section, known as Phase 1, was completed in autumn of 2015. After a successful evaluation, the BMBF extended the duration of the competence centers and KASTEL started the second phase with newly defined research fields and projects.

Blog post published on the platform VdZ.org

The blog post on "How to make your employees aware of IT security - seven recommendations for information security officers" (in German) by Prof. Dr. Melanie Volkamer and Benjamin Bachmann (Director Cyber Security at EXXETA AG) was published on the 'Verwaltung der Zukunft' (future of public administration) platform.

To the post
Article published in the magazine “Datenschutz und Datensicherheit”

The article “Phishing-Kampagnen zur Steigerung der Mitarbeiter-Awareness: Analyse aus verschiedenen Blickwinkeln — Security, Recht und Faktor Mensch” by Melanie Volkamer (KASTEL, KIT), Martina A. Sasse (University of Bochum, Horst Görtz Institute), Franziska Boehm (KIT, FIZ Karlsruhe) has been accepted for publication in the 'Datenschutz und Datensicherheit' magazine (44, pages 518—521) and is already available online.

To the article
Start of the “15th International Conference on Availability, Reliability and Security”

The 15th International Conference on Availability, Reliability, and Security (ARES) starts on Tuesday, 25th August 2020, where the KASTEL-PIs Prof. Melanie Volkamer and Jun-Prof. Christian Wressnegger have been chairing the program committee. Their responsibilities include coordinating the reviews of the conference submissions and deciding which article appears at the conference. With an acceptance rate of 17.65% (for full papers) and 22.22% (incl. short papers) at 153 submissions, this year has been particularly competitive

ARES is one of the leading conferences in the field of availability, dependability, and computer security. It provides a focal point for both the theoretical and the practical aspects since 2006.

Initially, the conference was planned to take place in Dublin, Ireland, but is now held as an all-online event with four parallel tracks.

In a welcome video, the organizing team of SBA Research and KASTEL-PI Jun-Prof. Christian Wressnegger greets all authors and participants of the conference.

To the ARES Website
New laboratory for conducting empirical experimental research

With the Karlsruhe Decision & Design Lab (KD²Lab), one of the largest computer-aided experimental laboratories in the world is located in Karlsruhe. The goal of the laboratory, which is funded by the German Research Foundation (Deutsche Forschungsgemeinschaft, DFG), is to support scientists in efficiently conducting experiments on human decision behaviour on a large number of test persons.

Within the framework of the KIT Future Fields special call for proposals, funds were awarded to expand the KD²Lab so that it can also be used for empirical experimental research in the future: the ecosystem for empirical experimental research in the laboratory and in the field (KD²Ex). In addition to Prof. Christof Weinhardt, Prof. Alexander Madche and Prof. Benjamin Scheibehenne from the Institute of Information Systems and Marketing (IISM), Prof. Petra Nieken from the Institute of Business Management (IBU), Prof. Nora Szech from the Institute of Economics (ECON) and Prof. Alexander Woll from the Institute of Sports and Sports Science (IfSS), Prof. Melanie Volkamer, KASTEL-PI and head of the research group SECUSO at the Institute of Applied Informatics and Formal Description Methods (AIFB), also received funding for the establishment of the laboratory.

The focus will be on the research field “Wellbeing at Home”. It is to be investigated to what extent one can rely on given IT security measures that are used extensively for secure work in the home office.

To the webseite of KD²Lab
Interview on the detection of phishing emails

In a recent interview conducted by the Deutsche Presse-Agentur (dpa) entitled “Vorsicht, Phishing – So nimmt man es mit Datenräubern auf” (Caution, Phishing - How to deal with data thieves), KASTEL-PI Prof. Volkamer from the SECUSO research group and Philipp Schulte from dpa talked about phishing and ways in which users can detect it. Prof. Volkamer listed questions that every user should ask himself for plausibility checks when receiving e-mails.

She also gives further tips on how to distinguish honest mails from fakes and gives advice on how to deal with attachments.

The interview met with a very broad media response and has already been taken up by german media such as ntv, Süddeutsche Zeitung and Zeit Online, among others.

Awareness measures for password security

Password-based user authentication is a common means to protect resources (e.g., data, user accounts, etc.) from illegitimate access. However, even the most secure implementation of a password-based authentication scheme becomes vulnerable if the passwords get into the wrong hands. Yet, there exist many ways how this could happen: if the passwords are not chosen to be sufficiently strong or if default passwords were used they can be easily guessed by attackers Additionally, even the strongest passwords can be stolen using attacks such as social engineering or shoulder-surfing.

In companies, passwords are often used to give employees access to the company secrets. If such a password is cracked, an attacker potentially gains access to all internal data or other valuable internal resources. Therefore, many companies rely on awareness measures to make users aware of attacks in the space of password and account security and to help them to defend against these attacks. But how are the necessary sensitization materials created?

KASTEL scientists Peter Mayer, Fabian Ballreich, Reyhan Düzgün and Melanie Volkamer from the SECUSO research group together with Christian Schwartz from the german usd AG in Darmstadt describe in the current issue of the journal "Datenschutz und Datensicherheit" (DuD, "data protection and data security") how effective awareness-raising materials for employees regarding password security can be iteratively created using the HumanCentered Security by Design approach. An evaluation in three medium-sized companies showed that the ability of employees to distinguish good from bad password-related behaviour did not decrease significantly even after several months.