Researchers from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum, together with colleagues from the University of Chicago and the University of Washington, have investigated what access control for Internet-connected household appliances should ideally be like.They interviewed 425 users in the USA about their preferences and derived suggestions for access management from these.The team presented the results at the Usenix Security Symposium in the USA in August 2018.Only admin and guest are providedThe researchers first analysed which smart home devices are currently on the market, what capabilities they possess, and how access rights to them can be managed."In rare cases, there is a guest group with other access rights in addition to the administrator or owner, who is allowed to do everything," summarises Maximilian Golla, doctoral candidate in the Bochum-based Mobile Security Research Group headed by Professor Markus Dürmuth.
In collaboration with colleagues from Opole University in Poland, researchers at Horst Görtz Institute for IT Security (HGI) at Ruhr-Universität Bochum (RUB) have demonstrated that the Internet protocol "IPsec" is vulnerable to attacks.The research results are published by Dennis Felsch, Martin Grothe and Prof Dr Jörg Schwenk from the Chair for Network and Data Security at RUB as well as Adam Czubak and Marcin Szymanek from Opole University on 16 August 2018 at the Usenix Security Symposium as well as on their blog.As an enhancement of Internet protocol (IP), "IPsec" has been developed to ensure cryptographically secure communication via publicly accessible resp.insecure networks, such as the Internet, by using encryption and authentication mechanisms.This type of communication is often relevant for enterprises whose employees operate from decentralised workplaces - for example as sales reps or from home office - and have to access company resources.Automated key management and authentication, for example via passwords or digital signatures, can be conducted via the Internet Key Exchange protocol "IKEv1".
A research team from the University of Applied Sciences (FH) in Münster, Horst Görtz Institute for IT Security at Ruhr-Universität Bochum (RUB), and Katholieke Universiteit Leuven has demonstrated that the two most common email encryption standards are vulnerable to attacks.Their attack, referred to as Efail, proved successful in 25 out of 35 tested email programs using the S/MIME encryption standard and in 10 out of 28 tested programs using OpenPGP.The program developers have been informed and have fixed the security gaps.The experts urgently recommend updating the underlying cryptographic algorithms in order to withstand any potential attacks in future.Emails are encrypted in order to hide their contents from network providers, cybercriminals, and intelligence services who might gain access to them via hacked routers, an email server, or by recording a message during transmission."In the wake of Snowden's whistleblowing and countless hacked email servers, this is very much a realistic scenario," stresses Prof Dr Sebastian Schinzel from the Department Electrical Engineering and Computer Science at FH Münster.