- Bachelor of Science in Biotechnology/Bioinformatics at the University of Applied Science in Mittweida
-> Bachelor thesis „Die Analyse des Metatraskriptoms einer Biogasanlage und deren Darstellung auf einer Stoffwechselkarte“
- Bachelor of Science in Applied Bioscience at the University of the West of Scotland in Paisley (Scotland)
- Software Developer/ DevOp at the Druckerei C.H.Beck in Nördlingen
- Master of Science in Software Engineering at the University of Ulm
-> Master thesis „Combining Safety and Security Threat Modeling to Improve Automotive Penetration Testing“ in cooperation with SCHUTZWERK GmbH.
- One semester at the Norwegian University of Science and Technology in Gjøvic (Norway)
- Research assistant at the institute distributed systems
- Currently external PhD and working at Mercedes Benz Tech Innovation
My interests vary in many fields of the informatics, like software development, IT security, privacy, artificial intelligence, ...
Currently i'm focusing on Security for Connected Autonomous Cars.
No active teaching anymore, but before:
Management of the seminars:
- Ausgewählte Themen in Verteilten Systemen - ATVS
- Forschungstrends in Verteilten Systemen - RTDS
- Privacy im Internet - PRIV
Supervision of the exercise:
- Sicherheit in IT-Systemen - SEC
- Infrastruktur & Sicherheit - InS
- Privay Enhancing Technologies - PETS
Supervision of students:
Cooperative Adaptive Cruise Control (CACC) is a typical example for cooperative maneuvers of connected, automated vehicles. Safe operation of any such vehicle highly depends on information emitted by the surrounding vehicles as it is processed by the vehicle's longitudinal controller. This opens an attack surface affecting vehicle safety. This paper studies how CACC controllers can be protected against such attacks to ensure the safety of the vehicle and its passengers. This raises the question of how to mitigate injection of false data into the controller by attacks and other forms of vehicle misbehavior. Based on a literature analysis, this paper defines a new categorization for mitigation strategies, discussing their individual strengths, weaknesses and their potential for attack mitigation. This categorization can be used to derive novel ideas for mitigations, for example, an approach with a parameter-dependent reaction of the controller based on a suspiciousness parameter signaled by the Misbehavior Detection System (MDS). Through a simulation study, we show that this approach improves safety and efficiency of the platoon under attack but also identify a fundamental trade-off between these two design goals.
Cooperative Intelligent Transport Systems (C-ITS) is a new upcoming technology that aims at increasing road safety and reducing traffic accidents. C-ITS is based on peer-to-peer messages sent on the Vehicular Ad hoc NETwork (VANET). VANET messages are currently authenticated using digital keys from valid certificates. However, the authenticity of a message is not a guarantee of its correctness. Consequently, a misbehavior detection system is needed to ensure the correct use of the system by the certified vehicles. Although a large number of studies are aimed at solving this problem, the results of these studies are still difficult to compare, reproduce and validate. This is due to the lack of a common reference dataset. For this reason, the original VeReMi dataset was created. It is the first public misbehavior detection dataset allowing anyone to reproduce and compare different results. VeReMi is used in a number of studies and is currently the only dataset in its field. In this Paper, we extend the dataset by adding realistic a sensor error model, a new set of attacks and larger number of data points. Finally, we also provide benchmark detection metrics using a set of local detectors and a simple misbehavior detection mechanism.
Newer technologies like connectivity and autonomy in the automotive sector increases the need for stronger security and for its evaluation penetration tests. In order to focus the tests first on the most critical possible vulnerabilities, threat modeling with a ranking of the risk level is mandatory. Because lives depend on the security of the vehicle, both safety and security aspects should be included into this threat model. Furthermore, the usage of a tool is required, which helps and automates some parts of the process, so the time effort is reduced and the acceptance of the methodology increased. Up to our knowledge no such holistic methodology exists, therefore we have created the CVSIL threat methodology. It combines the outcome of a Hazard Analysis and Risk Assessment (HARA) with results from using Microsofts’ Threat Modeling Tool 2016 and our own application, the TMTe4PT. With our proposed novel solution, after the faults have been mapped to the threats, the Collateral Damage Potential metric can be derived from the HARA, and so the CVSS overall score can be calculated and used as risk level. Additionally, we have introduced another score for the ranking, the Security-ASIL, which consists of elements from the security and safety analysis. For the evaluation, we have illustrated a hypothetical Adaptive Cruise Control (ACC) system and analyzed it with our model and tool. These findings were compared to those from expert interviews and the problems discussed. Based on our results, the CVSIL methodology in its current state does not provide a better distinction and therefore a better ranking between the threats violating the safety. The contribution of this thesis is the evaluation of existing threat methodologies, public threat modeling tools and our own CVSIL methodology. Furthermore we provide a hypothetical ACC system with system architecture and component definitions. For this system, the results of a shortened HARA and threat analysis are released. Additionally, our tool the TMTe4PT will be made open source.
You can contact me for supervision, if you have an idea for a thesis or project out of my research area.
You can contact me for supervision if you have an own idea for a seminar topic out of my research area.
Bachelorseminar ATVS and Masterseminar RTDS
- Hardware Security Module (2023 WS)
- Hacking the Switch Console (2023 SS)
- The Boring Loop - a critical analysis (2021 WS)
- Differential privacy (2021 WS)
- Password Managers (2021 SS)
- Time constraints of Security in CACC (2020 WS)
- Multi Agent Based Simulations (2020 WS)
- Internet of Things: A Security Perspective (2020 SS)
- Attacks on Platoons (2019 WS)
- Browser Privacy (2019 WS)
- Risk Evaluation Methodologies (2019 SS)
- IDS Algorithms (2019 SS)
- Privacy bei Messenger X (2021 SS)
- Privacy in Sozialen Netzwerken (2021 SS)
- Tor: The Onion Router (2021 SS)
- Kryptographische Grundlagen (2020 SS)
- Datenanonymisierung vs. Datennutzung (2020 SS)