Andreas Heinemann

• PhD
• Professor at Darmstadt University of Applied Sciences

Quantum Key Distribution Networks (QKDN) enable secure communication even in the age of powerful quantum computers. In the hands of a network operator, which can offer its service to many users, the economic viability of a QKDN increases significantly. The highly challenging operator-user relationship in a large-scale network setting demands additi...

Widely used asymmetric primitives such as RSA or Ellip-tic Curve Diffie Hellman (ECDH), which enable authentication and key exchange, could be broken by Quantum Computers (QCs) in the coming years. Quantum-safe alternatives are urgently needed. However, a thorough investigation of these schemes is crucial to achieve sufficient levels of security, p...

Quantum communication is currently being scientifically investigated in many projects. However, the application-oriented demonstration of a quantum communication network across all components, systems and processes required for practical operation is still lacking. In this application-oriented research project, a complete QKD link is to be set up i...

Crypto-agility promises agile replacement of cryptographic building blocks and therewith supports context-aware and long-term security. To assess and evolve the degree of crypto-agility of one’s IT system, a commonly agreed model is helpful, but, to the best of our knowledge, does not exist. This work proposes the Crypto-Agility Maturity Model (CAM...

The GDPR grants data subjects certain rights, like the right to access their data from companies, but in practice multiple problems exist with exercising these rights such as unknown data holders or interpreting the received data. Small and medium enterprises on the other hand need to facilitate the obligations given by the GDPR, but often lack pro...

Citizens have gained many rights with the GDPR, e.g. the right to get a copy of their personal data. In practice, however, this is fraught with problems for citizens and small data holders. We present a literature review on solutions promising relief in the form of privacy dashboards for citizens and GDPR services for small data holders. Covered to...

Selecting a library out of numerous candidates can be a laborious and resource-intensive task. We present the $crypto_{lib}$ index, a tool for decision-makers to choose the best fitting cryptography library for a given context. To define our index, 15 library attributes were synthesized from findings based on a literature review and interviews with...

This work proposes the Crypto-Agility Maturity Model (CAMM for short), a maturity model for determining the state of crypto-agility of a given software or IT landscape. CAMM consists of five levels, for each level a set of requirements have been formulated based on literature review. Initial feedback from field experts confirms that CAMM has a well...

Besides the development of PQC algorithms, the actual migration of IT systems to such new schemes has to be considered, best by utilizing or establishing crypto-agility. Much work in this respect is currently conducted all over the world, making it hard to keep track of the many individual challenges and respective solutions that have been identifi...

Currently, PQC algorithms are being standardized to address the emerging threat to conventional asymmetric algorithms from quantum computing. These new algorithms must then be integrated into existing protocols, applications and infrastructures. Integration problems are to be expected, due to incompatibilities with existing standards and implementa...

A good documentation is essential for a good usability of (security) APIs, i.e. especially for the correct use of the APIs. Requirements for good documentation of APIs have been described in several papers, but there is no technical implementation (hereinafter referred to as a documentation system) that implements these requirements. The requiremen...

Hersteller herausgegebenen offiziellen Dokumentationen von Sicherheits-APIs zu lesen. Hingegen bevorzugen sie informelle Dokumentationen, wie sie zum Beispiel auf Q&A Plattformen wie Stack Overflow zu finden sind. Allerdings enthalten Codebeispiele solcher Quellen des Internets oft falschen bzw. aus Sicht der IT-Sicherheit unsicheren Code, welcher...

The rise of quantum computers poses a threat to asymmetric cryptographic schemes. With their continuing development, schemes such as DSA or ECDSA are likely to be broken in a few years’ time. We therefore must begin to consider the use of different algorithms that would be able to withstand powerful quantum computers. Among the considered algorithm...

Social engineering, through means of phishing, is a very popular entry point for a targeted attack in order to obtain further data on a company or private individual, e.g. by injecting malware on the victim’s machine. A phishing attack that leads to a malicious website can usually be identified by the HTTP link with expert knowledge. However, only...

Zusammenfassung Mit der EU-Datenschutzgrundverordnung sind die Rechte der betroffenen Person ausgeweitet und gestärkt worden. Diese Rechte bilden ein zentrales Prinzip des Datenschutzrechts, indem sie die Selbstkontrolle bei der Verarbeitung personenbezogener Daten ermöglichen. Es ist jedoch zu befürchten, dass Betroffene ihre Rechte in der Praxis...

Unser beruflicher wie privater Alltag wird zunehmend digitaler. Mit diesem Trend einher geht ein steigender Bedarf an adäquaten Sicherheitslösungen in digitalen Produkten und Dienstleistungen, die sowohl Unternehmen als auch privaten Endanwendern das notwendige Maß an wirksamem Schutz der sensiblen Daten ermöglichen. Eine wesentliche Rolle kommt hi...

With the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays...

Opportunistische Netze bieten ein alternatives Kommunikationssystem in Situationen, in denen ein repressiver Staat die klassische Internetkommunikation filtert oder ganz unterbindet. AnonDrop erlaubt hier eine räumlich begrenzte Kommunikation, die mittels dynamischer Netzadressen (MAC und IP) und weiterer Schutzmaßnahmen Angriffen auf die Identifiz...

The growing share of people using mobile devices, that support wireless peer-to-peer interaction, offers the opportunity to build a ubiquitous infrastructure for electronic word-of-mouth messaging and advertising. This chapter introduces Opportunistic Networks as a layer for one-hop communication that opens up electronic word-of-mouth messaging for...

Taking typical ubiquitous computing settings as a starting point, this chapter motivates the need for security. The reader will learn what makes security challenging and what the risks predominant in ubiquitous computing are. The major part of this chapter is dedicated to the description of sample solutions in order to illustrate the wealth of prot...

Ad hoc network and peer-to-peer system typically require many users to participate, to leverage the full benefits of the system. In this paper we consider incentive for opportunitic network . A an example, consider an electronic coupon system, where provider end out coupon , which are pailed from user to user. User receive bonus point for each rede...

Opportunistic communication allows humans equipped with mobile devices to exchange information via a wireless link whenever they are nearby. This work examines the performance of a profile-based data dissemination scheme. We use a 2- step simulation approach which combines realistic user mobility traces with synthetic mobility models. We consider d...

Privacy preservation has been identified as an important factor to the success and acceptance of ubiquitous computing systems. Traceability, i. e. attributing events and actions to those who caused them, seems to be a directly contradicting goal. However, harnessing sensitive data collected by ubiquitous computing infrastructures for traceability a...

Ad hoc networks and peer-to-peer systems typically require many users to participate, to leverage the full benefits of the system. In this paper we consider incentives for opportunistic networks. As an example, consider an electronic coupon system, where providers send out coupons, which are passed from user to user. Users receive bonus points for...

This chapter introduces opportunistic networks. Such networks support spontaneous interaction between mobile users carrying mobile devices with them. After having been presented with the motivation for this new type of network, the reader will learn the underlying concepts, including an opportunistic network definition. Next, this chapter discusses...

Taking typical ubiquitous computing settings as a starting point, this chapter motivates the need for security. The reader will learn what makes security challenging and what the risks predominant in ubiquitous computing are. The major part of this chapter is dedicated to the description of sample solutions in order to illustrate the wealth of prot...

Taking typical ubiquitous computing settings as a starting point, this chapter motivates the need for security. The reader will learn what makes security challenging and what the risks predominant in ubiquitous computing are. The major part of this chapter is dedicated to the description of sample solutions in order to illustrate the wealth of prot...

In this issue's Works in Progress department, we have six projects. The first two projects address an individual's privacy concerns and preferences. The next entry discusses a project on data protection for electronic passports. The remaining three projects are investigating various types of privacy protection mechanisms for data collected in perva...

Assisting everyday life is one major intent of ubiquitous computing (UbiComp). In addition, a given UbiComp infrastructure can be harnessed beyond assisting and helping people in their daily life. Exploiting its sensing capabilities, the higher level services tracing, attestation, and confirmation are possible. This paper discusses the inherent tra...

Ad hoc networks and peer-to-peer systems typically require many users to participate, in order to leverage the full benefits of the system. In this paper we examine an electronic coupon system, where providers send out coupons, which are passed from user to user. The incentive for users to participate is that they receive bonus points for each rede...

The field of mobile Peer-to-Peer networks (MP2P) has various forms and currently there exists no coherent view on what is understood by it. The term mobile emphasizes that nodes/peers in the network are mobile, and therefore need to be equipped with some kind of wireless communication technology. Examples of nodes include pedestrians with mobile d...

In a mobile information dissemination network mobile users, equipped with wireless devices, exchange information in a spontaneous manner whenever they come into communication range. Users have to specify what kind of information they are looking for and what kind of information they can offer. A priori there is no relation between users, literally...

The goal of ubiquitous computing research is refine devices to the where their use is transparent. For many applications with mobile devices, transparent operation requires that the device be location-aware. Unfortunately, the location of an individual can be used to infer highly private information. Hence, these devices must be carefully designed,...

Next generation mobile devices will allow users to share and pass information within anonymous groups of people in an ad hoc manner. This will smooth the path for many kinds of new mobile commerce applications. In this paper we present a mobile commerce application that is part of the iClouds research project. It allows the dissemination of digital...

The future mobile and ubiquitous computing world will need new forms of information sharing and collaboration between people. In this paper we present iClouds, an architecture for spontaneous mobile user interaction, collaboration, and transparent data exchange. iClouds relies on wireless ad hoc peer-to-peer communications. We present the iClouds a...

Ubiquitous computing focusing on users and tasks instead of devices and singular applications is an attractive vision for the future. Especially the idea of nomadic, mobile users poses new challenges on hardware and software. Mobile devices provide vastly different presentation capabilities and need to integrate into heterogeneous environments. Net...

Der Erfolg von Funktechnologien wie 802 11b Wireless LAN oder Blue - tooth und deren Integration in Mobiltelefone, PDAs etc erlaubt den Austausch von Wissen durch ad hoc Kommunikation zwischen mobilen Teilnehmern Wir nutzen die Infrastruktur von iClouds, die publish/subscribe in mobilen Ad - Hoc - Netzen un - terstützt, um digitale Anzeigen zu verb...

This technical report introduces goals and early findings of a multi-year multi-party project MUNDO. MUNDO is a pool of services and enablers for mobile and ubiquitous computing. It emphasizes easy global evolutionary deployment as a migra- tion path for the Internet as a whole towards a nomadic computing economy. The no- madic users access the net...

Ubiquitous computing focusing on users and tasks instead of devices and singular applications is an attractive vision for the future. The idea of nomadic, mobile users in particular poses new challenges for hardware and software. Mobile devices provide vastly different presentation capabilities and need to integrate into heterogeneous environments....

In this paper we address the issue of dependable distributed high performance computing in the field of Symbolic Computation. We describe the extension of a middleware infrastructure de- signed for high performance computing with effi- cient checkpointing mechanisms. As target plat- form an IBM Parallel Sysplex Cluster is used. We consider the sati...

Over the past few years, several authentica- tion methods based on location-limited channels have been presented in research literature. We extend this no- tion to location-aware, zero-interaction authentication, present an ecient protocol implementation, and de- scribe the integration of our authentication system into a state-of-the-art enterprise...

Future wireless communication environments ofier many possibilities for new services. Users will not be satisfled with simply being connected, but they will require useful services built on top of the wireless networks. iClouds is an architecture which ofiers spontaneous mobile user interac- tion, collaboration, and transparent data exchange in mob...

Trust in ubiquitous computing is about finding trustworthy partners for risky interactions in presence of uncertainty about identity, motivation, and goals of the potential interactions partners. In this paper, we present new approaches for estimating the trustworthiness of entities and for filtering and weighting recommendations, which we integrat...