Security

In today's rapidly changing world, security is of great concern. Companies change, undergo mergers and make acquisitions, and their information infrastructure becomes virtual. People are becoming increasingly mobile, employees work remotely from anywhere in the world, and devices are increasingly interconnected.

Security technology must respond to these changes. It is no longer sufficient to guard against a single entrance to a trusted domain; rather, many and diverse connections from the untrusted outside world to the trusted domain must be protected.

Our research concentrates on many aspects of information security:

• Secure ID solutions
  Secure identity cards and identification systems help businesses and agencies restrict access to physical locations and secure networks. They also provide an identity verification process for receiving government services or conducting online transactions.
• Data storage security
  The most valuable asset in today's information society is data, which must be stored, backed-up, and archived. Many modern storage systems secure the data using cryptography, which poses new challenges for managing encryption keys. Furthermore, novel techniques guarantee the cryptographic integrity of stored data.
• Identity governance
  Today's users have to manage many different online identities. We envision user-controlled identity management systems that respect user privacy and protect personally identifiable information.
• Password-based security
  It is often claimed that passwords are broken and we should stop using them altogether. We are convinced that this is not true. In our view, passwords are just used incorrectly. If the right cryptographic techniques are applied, passwords are a secure and usable means of authentication.
  
• Cloud computing security
  Cloud computing aims at flexible scalable infrastructures using virtualized resources. Although virtualization improves efficiency and flexibility, it also introduces new threats. We mitigate these threats by means of new security technologies for protecting virtual environments. Moreover, we design novel mechanisms that provide protection levels only available in virtualized systems.

Our team maintains close links with the international security and cryptography research communities by means of our research contributions as publications, our participation in scientific conferences, and our contributions to joint research projects.

See also

• Publications
• Past projects