Prof. Dr. rer. nat. Frank Kargl

Prof. Kargl promovierte 2003 und habilitierte sich 2009 an der Opens internal link in current windowUniversität Ulm. Davor war er unter anderem Mitgründer der Opens external link in new windowArago AG und in der Netzgruppe des Opens internal link in current windowRechenzentrums / KIZ der Uni Ulm für Netzwerkbetrieb und -sicherheit verantwortlich. Zwischen Ende 2009 und Anfang 2012 war er als Associate Professor in der Gruppe für Opens external link in new windowDistributed and Embedded Security (DIES) der Opens external link in new windowUniversität Twente in den Niederlanden tätig, danach bis Januar 2015 als Adjunct Professor. Seit Februar 2012 leitet Prof. Kargl das Opens internal link in current windowInstitut für Verteilte Systeme an der Uni Ulm. Seit Oktober 2013 fungiert er darüber hinaus als Prodekan der Opens internal link in current windowFakultät für Ingenieurwissenschaften, Informatik und Psychologie.


Meine Forschungsinteressen liegen im Bereich mobiler und selbst-organisierender Netzwerke, vor allem der Mobilen Ad-hoc Netzwerke und der Fahrzeug-Fahrzeug-Kommunikation. Ein weiterer Schwerpunkt meiner Arbeit sind Security und Privacy in IT-Systemen. Viele meiner Forschungsprojekte bewegen sich im Überlappungsbereich beider Themen, so z.B. Projekte zu Sicherheit und Privacy von Vehicular Ad-hoc Networks. Andere Arbeiten beschäftigen sich mit der Sicherheit von vernetzten eingebetteten Systemen, z.B. im Kontext der Industrial Control Systems oder bei Building Automation. Weitere Projekte beschäftigen sich mit Secure Cloud Computing, Crypto-Currencies, verteiltem Graphen-basiertem Computing und vielen anderen Themen.


Eine ausführliche Auflistung der von mir angebotenen Lehrangebote findet sich Opens internal link in current windowhier.


Eine Auflistung von aktuellen und früheren Forschungsprojekten des Instituts findet sich Opens internal link in current windowhier.


Photo of Frank  Kargl
Prof. Dr. rer.nat. Frank Kargl
O27 - 350

+49 731 50-24141
+49 731 50-24142

Institut für Verteilte Systeme
Universität Ulm
Albert-Einstein-Allee 11
89081 Ulm


Bitte vereinbaren Sie bei Bedarf einen Termin mit mir über unser Sekretariat (Frau Fehlberg) oder Opens window for sending emailper Email


Alle :: 1999, ... , 2013, 2014, 2015, 2016
Thomas Lukaseder, Leonard Bradatsch, Benjamin Erb Person und Frank Kargl Person
Setting Up a High-Speed TCP Benchmarking Environment—Lessons Learned
Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN)
November 2016

Schlüsselwörter: BWNET

Marker: BWNET

Zusammenfassung: There are many high-speed TCP variants with different congestion control algorithms, which are designed for specific settings or use cases. Distinct features of these algorithms are meant to optimize different aspects of network performance, and the choice of TCP variant strongly influences application performance. However, setting up tests to help with the decision of which variant to use can be problematic, as many systems are not designed to deal with high bandwidths, such as 10 Gbps or more. This paper provides an overview of pitfalls and challenges of realistic network analysis to help in the decision making process.

Thomas Lukaseder, Leonard Bradatsch, Benjamin Erb Person, Rens W. van der Heijden und Frank Kargl Person
A Comparison of TCP Congestion Control Algorithms in 10G Networks
Proceedings of the 41st IEEE Conference on Local Computer Networks (LCN)
November 2016

Schlüsselwörter: BWNET

Marker: BWNET

Zusammenfassung: The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present; CUBIC is suggested otherwise.

Dominik Meißner, Benjamin Erb Person, Rens W. van der Heijden, Kristin Lange und Frank Kargl Person
Mobile Triage Management in Disaster Area Networks Using Decentralized Replication
Proceedings of the Tenth ACM MobiCom Workshop on Challenged Networks
Oktober 2016

Zusammenfassung: In large-scale disaster scenarios, efficient triage management is a major challenge for emergency services. Rescue forces traditionally respond to such incidents with a paper-based triage system, but technical solutions can potentially achieve improved usability and data availability. We develop a triage management system based on commodity hardware and software components to verify this claim. We use a single-hop, ad-hoc network architecture with multi-master replication, a tablet-based device setup and a mobile application for emergency services. We study our system in cooperation with regional emergency services and describe experiences from a field exercise. We show that state-of-the-art commodity technology provides the means necessary to implement a triage management system compatible with existing emergency service procedures, while introducing additional benefits. This work highlights that powerful real-world ad-hoc networking applications do not require unreasonable development effort, as existing tools from distributed systems, like replicating No-SQL databases, can be used successfully.

Rens W. van der Heijden, Ala'a Al-Momani, Frank Kargl Person und Osama M.F. Abu-Sharkh
Enhanced Position Verification for VANETs using Subjective Logic
Proceedings of the 2016 IEEE 84th Vehicular Technology Conference: VTC2016-Fall
Herausgeber: IEEE,
September 2016

Zusammenfassung: The integrity of messages in vehicular ad-hoc networks has been extensively studied by the research community, resulting in the IEEE~1609.2 standard, which provides typical integrity guarantees. However, the correctness of message contents is still one of the main challenges of applying dependable and secure vehicular ad-hoc networks. One important use case is the validity of position information contained in messages: position verification mechanisms have been proposed in the literature to provide this functionality. A more general approach to validate such information is by applying misbehavior detection mechanisms. In this paper, we consider misbehavior detection by enhancing two position verification mechanisms and fusing their results in a generalized framework using subjective logic. We conduct extensive simulations using VEINS to study the impact of traffic density, as well as several types of attackers and fractions of attackers on our mechanisms. The obtained results show the proposed framework can validate position information as effectively as existing approaches in the literature, without tailoring the framework specifically for this use case.

Robin Kraft, Benjamin Erb Person, David Mödinger und Frank Kargl Person
Using Conflict-Free Replicated Data Types for Serverless Mobile Social Applications
Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking
Juli 2016

Zusammenfassung: A basic reason for backend systems in mobile application architectures is the centralized management of state. Mobile clients synchronize local states with the backend in order to maintain an up-to-date view of the application state. As not all mobile social applications require strong consistency guarantees, we survey an alternative approach using special data structures for mobile applications. These data structures only provide eventual consistency, but allow for conflict-free replication between peers. Our analysis collects the requirements of social mobile applications for being suitable for this approach. Based on exemplary mobile social applications, we also point out the benefits of serverless architecture or architectures with a thin backend layer.

Christoph Bösch, Benjamin Erb Person, Frank Kargl Person, Henning Kopp und Stefan Pfattheicher
Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns
Proceedings on Privacy Enhancing Technologies, 2016(4)
Juli 2016

Zusammenfassung: Privacy strategies and privacy patterns are fundamental concepts of the privacy-by-design engineering approach. While they support a privacy-aware development process for IT systems, the concepts used by malicious, privacy-threatening parties are generally less understood and known. We argue that understanding the ``dark side'', namely how personal data is abused, is of equal importance. In this paper, we introduce the concept of privacy dark strategies and privacy dark patterns and present a framework that collects, documents, and analyzes such malicious concepts. In addition, we investigate from a psychological perspective why privacy dark strategies are effective. The resulting framework allows for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. We aim to contribute to an easier detection and successive removal of such approaches from the Internet to the benefit of its users.

Stefan Dietzel, Julian Gürtler und Frank Kargl Person
A resilient in-network aggregation mechanism for VANETs based on dissemination redundancy
Ad Hoc Networks, 37, Part 1:101 - 109
Februar 2016
ISSN: 1570-8705

Schlüsselwörter: Multi-hop communication

Marker: FrankKargl, StefanDietzel, F3

Zusammenfassung: Abstract In the field of Vehicular Ad-hoc Networks (VANETs), traffic efficiency applications, such as traffic information systems, are particularly challenging, because they often require the dissemination of information within large geographic areas. Forwarding information over multiple hops is a necessity, and due to the amount of available information, the available wireless capacity is easily exhausted. In-network aggregation protocols are often used to cope with wireless channel restrictions. Their aim is to collaboratively create summaries of traffic information and other information items as information is disseminated within the network. But in-network aggregation is challenging form a security perspective: insider attackers may be able to alter not only their own observations but also modify already aggregated information, or they may introduce false aggregates. As a result, wrong routing decisions may be taken, or drivers may engage in dangerous driving maneuvers. Existing security mechanisms for in-network aggregation often introduce considerable additional overhead, resulting from cryptographic proofs, such as signatures. In this work, we follow a different approach: we design a resilient aggregation mechanism that leverages already existing communication redundancy and combines it with data consistency checks to identify and filter false aggregates information. Our security mechanism introduces limited additional overhead, and simulation results show that at least 20% attacker vehicles can be tolerated by our mechanism.

Bemerkung: Special Issue on Advances in Vehicular Networks

David Förster, Frank Kargl Person und Hans Löhr
PUCA: A pseudonym scheme with strong privacy guarantees for vehicular ad-hoc networks
Ad Hoc Networks, 37, Part 1:122 - 132
Februar 2016
ISSN: 1570-8705

Schlüsselwörter: Anonymous credentials

Marker: FrankKargl, F3

Zusammenfassung: Abstract Pseudonym certificates are the state-of-the-art approach for secure and privacy-friendly message authentication in vehicular ad-hoc networks. However, most of the proposed pseudonym schemes focus on privacy among participants. Privacy towards backend providers is usually (if at all) only protected by separation of responsibilities. The protection can be overridden, when the entities collaborate, e.g. when revocation of long-term credentials is required. This approach puts the users' privacy at risk, if the backend systems are not fully trusted. We propose PUCA -- a scheme that provides full anonymity for honest users, even against colluding backend providers. The scheme uses anonymous credentials for authentication with the backend, while leaving the communication among vehicles and with road side units unchanged and in compliance with existing standards. For removal of misbehaving vehicles from the system, we leverage a privacy-friendly revocation mechanism, that does not require resolution of pseudonyms. With our scheme, we demonstrate that strong and verifiable privacy protection in vehicular networks can be achieved, while fulfilling common security requirements, such as sybil-resistance and revocation.

Bemerkung: Special Issue on Advances in Vehicular Networks

Export als: