Cybersecurity researchers are often unable to comply with data protection regulations because they do not know before the start of a research activity whether and what personal data they will be processing. Our data protection experts have therefore formulated a proposed addition to the GDPR. Their concern: The legally binding introduction of data protection precautions that take unplanned data access into account.read more
Led by Prof. Haya Schulmann of Goethe University Frankfurt, a team of ATHENE researchers has uncovered a critical flaw in the design of DNSSEC (DNS Security Extensions), which is a vulnerability in all Domain Name System (DNS) implementations. DNS is one of the fundamental building blocks of the Internet. Without a fix, the design flaw could have devastating consequences for virtually all DNS implementations using DNSSEC and public DNS providers such as Google and Cloudflare.read more
Three papers written by ATHENE researchers were accepted at the A*-ranked ACM CHI Conference on Human Factors in Computing Systems, CHI for short. The annual conference is the premier international conference of Human-Computer Interaction.read more
The ACM Transactions on Privacy and Security (TOPS), one of the most established and renowned scientific journals in the field of cybersecurity and privacy technology, has appointed ATHENE Director Prof. Michael Waidner as Editor-in-Chief. His term runs from February 1, 2024 to January 31, 2027.read more
Medical practices send important documents such as electronic certificates of incapacity for work or treatment and cost plans to health insurance companies via the telematics infrastructure mail system. The e-health team at Fraunhofer SIT has now discovered that the encryption for the mail system was set up incorrectly at several health insurance companies - a total of eight health insurance companies used the same keys and were therefore theoretically able to decrypt the mails of other health insurance companies. The researchers are presenting their findings at this year's Chaos Communication Congress (37c3) organized by the Chaos Computer Club (CCC).read more
The Bundesamt für Sichere Informationstechnologie (BSI) has commissioned ATHENE researchers from Fraunhofer SIT to conduct a study on the security of hospital information systems and data exchange formats. In order to be able to examine the hospital information systems (KIS) already used in everyday clinical practice more closely, HIS manufacturers and clinics are being sought who would like to have their KIS evaluated by means of penetration tests at no cost. After the test, the results will be made available together with a test certificate. More information about the project can be found here: www.sit.fraunhofer.de/sikis.read more
Update: The submission deadline has been extended to January 26, 2024!
For the 10th time, the Horst Görtz Foundation is looking for the best security projects and developments that are particularly suitable for implementation in practice and contribute to improving IT security in Germany. The winning team can look forward to a prize of EUR 100,000.
How can big data and AI applications be used profitably without violating data protection and IT security? Our data protection experts addressed this question in the recently published legal study "Systematic Privacy in real-life Data Processing Systems". They examined current regulations from the legal areas of data protection, IT security law and copyright law in relation to big data and also looked at the draft EU regulation on artificial intelligence (KI-VO-E).read more
Jasmin Haunschild, an ATHENE scientist, completed the final part of her doctoral thesis at the Department of Computer Science at the TU Darmstadt. Her thesis titled "Enhancing Citizens' Role in Public Safety: Interaction, Perception and Design of Mobile Warning Apps" was written as part of the ATHENE research area Secure Urban infrastructures (SecUrban). Her thesis was supervised by Prof. Dr. Dr. Christian Reuter and co-supervised by Prof. Dr.-Ing. Frank Fiedrich. The thesis was reviewed and recommended for acceptance by the Department of Computer Science. The oral examination was chaired by Prof. Dr. Marco Zimmerling, with Prof. Dr. Jan Gugenheimer and Prof. Dr. Joachmin Vogt also involved as examiners.read more
Since the European Commission presented a proposal for the "Regulation on horizontal cybersecurity requirements for products with digital elements", the Cyber Resilience Act (CRA), in September 2022, there has been a lot of discussion about it, such as the regulation of open source products. Even though many details are still unclear, companies are trying to prepare for the upcoming changes at an early stage: These concern, for example, the handling of vulnerabilities, update management or security testing of products.
Our experts at Fraunhofer SIT combine technical and legal expertise, support product managers and development managers in companies in their preparations and provide recommendations for implementing the CRA.