13.02.2024. The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
05.12.2022. Protecting the cybersecurity of society, business and the state, and fending off threats: That is the goal of ATHENE, the National Research Center for Applied Cybersecurity. Through its research and development, Goethe University now is contributing to Europe's largest cybersecurity research center.
Almost every company at one point or another falls victim to IT-based attacks. In addition, online attackers are becoming increasingly professional, Germany’s digital association Bitkom, which represents more than 2,000 companies of the digital economy, has found. The ATHENE National Research Center for Applied Cybersecurity already bundles the cybersecurity activities of several top research institutions. Goethe University recently joined these ranks and is now doing its part to strengthen and complement ATHENE's cybersecurity research.
04.10.2022. The National research center for Cybersecurity ATHENE has found a way to break one of the basic mechanisms used to secure Internet traffic. The mechanism, called RPKI, is actually designed to prevent cybercriminals or government attackers from diverting traffic on the Internet. Such redirections are surprisingly common on the Internet, e.g., for espionage or through misconfigurations. The ATHENE scientist team of Prof. Dr. Haya Shulman showed that attackers can completely bypass the security mechanism without the affected network operators being able to detect this. According to analyses by the ATHENE team, popular implementations of RPKI worldwide were vulnerable by early 2021. The team informed the manufacturers, and now presented the findings to the international expert public.
22.06.2021. This year's ESORICS – European Symposium on Research in Computer Security – will be held virtually. For the first time it will start with monthly tutorials in advance. The first two tutorials will be free of charge. The tutorial series will start at the end of June with cybersecurity expert Dr. Yossi Oren from Ben-Gurion University in Israel. More information and registration: https://esorics2021.athene-center.de/.
ESORICS is one of the most prestigious scientific conferences in cybersecurity (Core Ranking A). This year, for the first time, tutorials will be held prior to the conference. The first two tutorials are free of charge, to enable as many interested people as possible to participate and to whet the appetite for the conference.
21.07.2020. Starting immediately, the National Research Center for Applied Cybersecurity ATHENE offers a wide-ranging overview of the most important scientific conferences in the fields of cybersecurity and data protection at www.athene-center.de/cfp. Currently, the list includes more than 100 events and it can be filtered by event dates and submission deadlines. Additional filtering options allow for quickly finding suitable publication opportunities of various research topics, while taking into account the scientific reputation of each event listed.