Prof. Dr. Dominik Herrmann
herrmann"AT"informatik.uni-hamburg.de | |
Twitter, WWW | @herdom, https://herdom.net/ |
PGP | 0xbc5826ae4fbe7587 |
About
Until September 2017 Dominik was a post-doctoral researcher in the Security in Distributed Systems Group (SVS) at University of Hamburg. In October 2017 he joined University of Bamberg as a full professor for Privacy and Security in Information Systems (website of his group).
Last update of this page: 17 November 2017.
Activities in 2016 and 2017:
- The German Data Protection Commissioners AK Technik WG has invited me to present some of my work in Feb 2017 (slides are online).
- I serve on the Task Force “Disruptive Technologies and 21st Century Warfare”, which was initiated by the Heinrich Böll Foundation to inform the German foreign policy.
- I am one of the founding members of the editorial team that publishes the newsletter “GI-Radar” of the German Computer Science Society. The first issue was distributed on 13 January 2017 (archive of all issues).
- M. Christen (University of Zurich), K. Weber (OTH Regensburg), E. Bangerter (FH Bern) and myself organize the interdisciplinary workshop “Cybersecurity Challenges in Healthcare - Ethical, Legal and Social Aspects” (Lake Geneva, 12–14 June 2017, funded by Foundation Brocher).
- My student Nikolai Tschacher has published his bachelor's thesis about typosquatting attacks on the package repositories of Ruby, Python, and NodeJS. His work was featured on Ars Technica, Heise, Hackernews, Reddit, and by Bruce Schneier.
- Our SICHERHEIT 2016 paper Obtaining personal data and asking for erasure: Do app vendors and website owners honour your privacy rights? has been featured in the media (for instance, in heise online, Spiegel Online, DRADIO Wissen, Deutschlandfunk, BR5 aktuell)
Research Interests
- Design and evaluation of usable and unobtrusive privacy enhancing technologies
- Protection against undesirable tracking of online and mobile users
- Inference attacks that may infringe privacy or provide forensic evidence
- Security and privacy issues in the Domain Name System
- Applications of machine learning techniques to security and privacy problems
- Application and empirical evaluation of traffic analysis techniques
More details about Dominik's Research Areas are available on his personal website http://herdom.net/
Publications and Talks
Research on Privacy Deficiencies of DNS (Dissertation)
In his PhD thesis Dominik focused on the privacy deficiencies of the Domain Name System, inference attacks, behavior-based tracking of users, and lightweight privacy enhancing technologies for DNS. The title of the thesis is (in German): „Beobachtungsmöglichkeiten im Domain Name System: Angriffe auf die Privatsphäre und Techniken zum Selbstdatenschutz“ (entry in DNB, entry in UHH Informatics Library). The PhD thesis has been published by Springer-Vieweg in 2016 (ISBN: 978-3-658-13262-0, eBook on SpringerLink)
- Allgemein verständliche Darstellung ausgewählter Ergebnisse (in German, 3 pages)
- Zusammenfassung der Ergebnisse der Dissertation (in German, 10 pages)
The PhD thesis has received three research awards: the „Dissertationspreis 2014“ of the Germany Informatics Society (Gesellschaft für Informatik) for the best computer science dissertation in Germany, Austria and Switzerland, the „GI/CAST Promotionspreis IT-Sicherheit 2014“ for the best information-security-related dissertation in Germany, and the „Wissenschaftspreis 2014“ of Gesellschaft für Datenschutz und Datensicherheit (GDD e.V.), which recognizes significant contributions to privacy. The main contributions of the thesis have also been published separately: The behavior-based tracking technique mentioned above has been published in an article that appeared in Computers & Security. The results on range queries have been published in a paper presented at IFIP SEC 2014, additional privacy-enhancing technologies for DNS are discussed in an ESORICS 2011 paper.
Research on Website Fingerprinting (Diploma Thesis)
Dominik's diploma thesis focused on website fingerprinting i.e., traffic analysis attacks that enable an adversary to infer the websites a user downloads over encrypted connections. The thesis received the 2008 research award of Gesellschaft für Datenschutz und Datensicherung (GDD e.V.) and won the 2008 CAST Thesis Award (1. Platz beim CAST-Förderpreis 2008 in der Kategorie Master-/Diplomarbeiten). Selected results on website fingerprinting have been published in a paper at CCSW 2009. The website fingerprinting dataset mentioned in the paper is available online (the location changed since the paper was published).
Services to the Community
- Elected Member (2016–2018) of the Steering Committee of the German Computer Science Society (Präsidium der Gesellschaft für Informatik)
- Stellvertretender Sprecher der GI-Fachgruppe PET (Deputy Chair of Privacy Enhancing Technologies Interest Group of German Informatics Society)
- Organizing Chair of IFIP SEC 2015, IFIPTM 2015, WISE9
- Co-Organizer of five PET-CON Workshops (2007–2009, 2017: with Sebastian Pape)
- Editorial activities: Managing Guest Editor of the “IFIP SEC 2015” Special Issue of Computers & Security, Associate Editor for Information Privacy and Information Security Track of Wirtschaftsinformatik 2017
- Member of the program committee of Wirtschaftsinformatik 2017, ARES 2013–2017, IFIP SEC 2015–2016, GI SICHERHEIT 2016, and EUSPN 2015 conferences as well as APET Workshop 2011 and Information Security Day 2015 (FHWS)
- Ad-hoc reviewer for Springer EURASIP Journal on Information Security, Springer International Journal of Information Security, SIGCOMM Computer Communications Review (CCR), IEEE Transactions on Information Forensics & Security (TIFS), Journal of Computer Security, Entropy, it – Information Technology, Datenbank-Spektrum, PLOS ONE, Wiley Journal of Security and Communication Networks, Computers & Security
- Sub-reviewer for AINA (2010), ARES (2012), ESORICS (2015), PASSAT (2009), PET Symposium (2010–2012), GI SICHERHEIT (2014), GI Wirtschaftsinformatik (2009, 2013)
- Member of GI Junior Fellow Selection Committee (2015, 2016)
- Mentor for Studienstiftung des Deutschen Volkes e.V. (2015)
- Reviewer for CAST-Förderpreis (2015, 2016) and CAST/GI-Dissertationspreis IT-Sicherheit (2016, 2017)
Short Biography
Since October 2017 Dominik is a full professor for Privacy and Security in Information Systems at University of Bamberg. Before that Dominik was a post-doctoral research associate in the Security in Distributed Systems Group chaired by Hannes Federrath at University of Hamburg. Between October 2015 and March 2017 he was a temporary professor for information security and privacy („Vertretungsprofessor“) at University of Siegen. He received a PhD in Computer Science in 2014 from University of Hamburg. His dissertation on privacy issues in the Domain Name System was awarded the GI-Dissertationspreis 2014 for the best computer science dissertation in Germany, Austria, and Switzerland, the GI/CAST Promotionspreis IT-Sicherheit 2014, and the GDD-Wissenschaftspreis 2014. In 2014 he have received a Juniorfellowship of the German Computer Science Society. He also received the Best Teaching Award 2016 of Fakultät III at University of Siegen.
Before Dominik relocated to the Security in Distributed Systems group at University of Hamburg in 2011, he was employed at University of Regensburg as a research and teaching assistant at the Chair of Management of Information Security since 2008. He was also Program Coordinator (Studiengangskoordinator) of the Faculty of Business, Economics and Management Information Systems. In this role he coordinated various degree programs of the faculty and supervised administrative processes such as enrollment and evaluation of courses.
Before that, Dominik studied Management Information Systems (Wirtschaftsinformatik) at University of Regensburg since 2002. In 2006, he participated in the ERASMUS exchange program to study abroad at University College Dublin, Ireland. He received a diploma with honors degree from University of Regensburg and Elite Network of Bavaria (Elitenetzwerk Bayern) in 2008, ranked 1st in class. His studies were sponsored by stipends from the German National Academic Foundation (Studienstiftung des Deutschen Volkes), the Röchling Foundation, and the Bavarian state (BayBFG).
Supervised Theses at SVS (selection)
- Analyse der Sicherheitsmechanismen in der Benutzerverwaltung von populären Onlinediensten (bachelor's thesis)
- Empirische Analyse der Benutzerverwaltungsprozesse populärer Webseiten (bachelor's thesis)
- Wirksamkeit aktueller Mechanismen und Indikatoren zum Schutz vor Krypto-Trojanern auf Windows-basierten Betriebssystemen (master's thesis)
- IPv6-Prefix-Anonymisierung (master's thesis)
- Typo squatting in programming language package managers (bachelor's thesis)
- Distributed Evolutionary Fuzzing (bachelor's thesis, derived paper was accepted at SICHERHEIT 2016)
- On the security of firmware updates for fitness trackers (bachelor's thesis, derived paper accepted at SICHERHEIT 2016, received best student paper award)
- Entwicklung eines Protokolls zur sicheren Nutzung von Beacons (master's thesis)
- Entwurf und Evaluation von Fingerprinting-Techniken auf Basis des Domain Name Systems (master's thesis)
- Entwurf, Implementation und Evaluation eines Systems zum unbeobachtbaren Zugriff auf das DNS (master's thesis)
- Implementierung eines web-basierten Hinweisgebersystems am Beispiel einer internationalen Unternehmensgruppe (master's thesis)
- Das Recht auf Selbstauskunft und Löschung von Daten nach BDSG – Umsetzung durch in Deutschland tätige Internet-Dienstanbieter (bachelor's thesis, derived paper accepted at SICHERHEIT 2016)
- Analyse der Durchsetzbarkeit des Rechts auf Selbstauskunft und Löschung von Daten nach BDSG bei Smartphone-Applikationen (bachelor's thesis, derived paper accepted at SICHERHEIT 2016)
- Schutz durch Honey Encryption und Honeywords (bachelor's thesis)
- Techniken zur Pseudonymisierung und Anonymisierung von Log-Dateien (bachelor's thesis)
- Implementierung einer Shibboleth-Schnittstelle am Beispiel CommSy (bachelor's thesis)
- Usability-Aspekte bei der Erzeugung von S/MIME-Zertifikaten und der Nutzung von S/MIME (bachelor's thesis)
- Semantische Schnittmengen-Angriffe auf Range Queries im DNS (bachelor's thesis, derived paper accepted at IFIP SEC 2014)
- Techniken zur vertraulichen Übertragung von Nachrichten im Domain Name System (master's thesis, derived paper accepted at ESORICS 2014)
- Realisierung eines Single-Sign-On-Dienstes für das Informatik-Netz (bachelor's thesis)
- Sicherheitsanalyse des Domain Name Systems (bachelor's thesis)
- Wiedererkennung von Nutzern anhand von charakteristischen Anfrage-Periodizitäten (bachelor's thesis)
- Implementierung und Evaluation von Techniken zur Verkettung von Internetsitzungen auf Basis von Support und Lift (bachelor's thesis, derived journal paper accepted in Computers & Security)
- Push-Konzepte für das Domain Name System (master's thesis)
- Das Domain Name System: Architektur, Protokolle und Anwendungen (Diplomarbeit)
- Alternative Architekturkonzepte für das Domain Name System (Diplomarbeit)
- Privacy Enhancements for IPv6 (bachelor's thesis, derived paper accepted at PDPT 2012 workshop)
- Überblick über Tracking-Techniken im Internet (bachelor's thesis)
- Honeypots: Möglichkeiten und Grenzen (bachelor's thesis)
- Methoden zum Lauschangriff auf GSM-Netze (bachelor's thesis)
Teaching at SVS
Dominik has been involved in (co-)teaching the following courses:
- GSS / Grundlagen der Systemsoftware (SS 15)
- Master's Project on Practical Information Security (WS 12, WS 13)
- Master's Seminar for SKI / Sicherheit von komplexen Informatik-Systemen (WS 11, WS 12, WS 13, WS 14)
- Master's Seminar for Information Security Management / Informationssicherheitsmanagement (SS 15)
- Master's Project on Information Security (SS 11 + WS 11, SS 15, SS 17)
- Bachelor's Project on Information Security (SS 13, SS14, SS 15)
- Bachelor's Proseminar on Information Security (SS 11)
- Bachelor's Seminar on Information Security (WS 11)
- Tutorials for GSS / Grundlagen der Systemsoftware (SS 11, SS 12, SS 13, SS14, SS 15)
- Tutorials for VIS / Verteilte Systeme und Informationssicherheit (WS 12, WS 13, WS 14)
Besides academic courses, Dominik also engages in teaching professionals, e.g., for udis (Ulmer Akademie für Datenschutz und IT-Sicherheit gGmbH), for ZFW (Zentrum für Weiterbildung at University of Hamburg), and for RAV e.V. (Republikanischer Anwältinnen- und Anwälteverein e.V.).
Research Grants and Projects
Dominik is PI at UHH for the following project:
H2020 CSA CANVAS (2016–2019) – Constructing an Alliance for Value-driven Cybersecurity: The consortium will take three domains of application with unique value-profiles and complementing cybersecurity exigencies – the health system, finance, and police / national security – as starting point for outlining problems related to value-driven cybersecurity. Using a three-step process, CANVAS will (1) structure existing knowledge, (2) design a network for exchanging knowledge and generating insights across domains, and (3) disseminate the insights gained through three means: A reference curriculum for value-driven cybersecurity with a focus on industry-training, briefing packages for policy stakeholders, and a MOOC (massive open online course) on value-driven cybersecurity.
Dominik is involved in the following research projects:
BMBF AN.ON-Next (2016–2019) – Anonymity Online Next Generation: This project has the long-term vision to integrate privacy enhancing technologies into the infrastructure of the Internet to make them available and usable for everyone. To this end, the project will look into lightweight techniques that provide a basic level of protection as well as fundamental approaches that allow to provide strong protection without sacrificing bandwidth and latency. The concepts will be implemented and pilots will be evaluated with business partners.
BMBF AppPETs (2016–2019) – Privacy Enhancing Technologies for Mobile Apps: This project aims to make it easier for developers to integrate privacy enhancing technologies into their smartphone apps. The project will set up a privacy infrastructure, which enables users to verify the protection of their personal data. Moreover, the project will study fair business models that are accepted by both vendors and users
BMBF DREI (2016–2018) – Datenschutzrespektierende Erkennung von Insidern: We will design a distributed solution for security control centers that allows to detect insider attacks via anomaly detection. The project strives for high acceptance by implementing legal requirements regarding the privacy rights of employees
Media Appearances
Dominik has been asked to report on various topics for news shows broadcast on national television:
- 21.03.17: ARD Tagesthemen (on the forensics challenge of Bundesnachrichtendienst)
- 13.03.17: ARD Tagesthemen (on attacks on encrypted messengers)
- 29.11.16: ARD Tagesthemen (on denial of service attacks against DSL routers using TR069 protocol)
- 04.02.16: ARD Nachtmagazin (on insecure ALDI webcams; also broadcast in NDR aktuell, ARD Brisant and ARD Mittagsmagazin)
- 26.08.14: ARD Morgenmagazin (on security and privacy risks on the Internet)
- 30.06.14: ARD Mittagsmagazin and Nachtmagazin (on security properties of DE-Mail)
- 04.04.14: SAT.1 Regional 17:30 (on 18 million leaked user accounts)
- 28.03.14: ARD Tagesschau 14:00 (on face recognition techniques)
- 27.03.14: ARD Mittagsmagazin (on face recognition techniques)
- 28.03.14: ARD Tagesschau 14:00 (on Apple SSL Bug in OS X Mavericks)
- 28.01.14: ARD Tagesschau 15:00, 17:00, 20:00 (on claims that NSA is spying on smartphone games)
- 30.10.13: ARD Nachtmagazin (on mobile phone localization)
- 23.02.13: ARD Ratgeber Internet (on malware, drive-by downloads, and the futility of antivirus)
- 09.11.12: ARD Nachtmagazin (on security bugs in Android apps regarding validation of SSL certificates)
- 18.08.12: ARD Ratgeber Internet (on so-called super cookies)
- 22.05.12: ARD Mittagsmagazin (on tools for remote tracking of smartphones)
- 28.03.12: ARD Nachtmagazin (on behavioral tracking, with appearances of Collusion and Ghostery)