This page gives an overview of our current research areas. Please contact us if you are interested to write a Bachelor or Master thesis in one of the fields mentioned below.
Topics Overview: usable techniques and effective legal measures for privacy protection // privacy threats and forensic utility of inferences drawn from data // security and privacy in the software engineering process
With our research we want to create awareness for sophisticated attacks on privacy so that citizens understand what can be inferred about them by analyzing the digital traces they leave behind when they use modern information systems. For this line of work we collaborate with machine learning groups to design tailored analysis techniques that can be applied to real-world datasets. The same techniques can also be used to improve security, for instance in forensic investigations of attacks.
Secondly, we construct and evaluate privacy enhancing techniques that are effective and offer high usability for customers at the same time. In particular, we look into lightweight approaches that protect against specific observers (such as curious DNS servers) and are barely noticeable. We also consider the hurdles that are encountered in corporate environments where privacy is often in conflict with security, for instance when the activities of employees are to be monitored in order to detect insider attacks. Finally, we also consider the perspective of service providers by studying the effectiveness and efficiency of the business processes that enable users to exercise their legal right to access the data collected about them. In this area we collaborate with scholars from the legal field as well as data protection agencies.
Thirdly, we consider the needs of software engineers. Our long-term goal is to improve the usability for engineers in order to foster the adoption of security and privacy techniques. Easy-to-use frameworks, APIs, and practical strategies will help to achieve this goal.
Our activities are not restricted to privacy. A current security-related activity is our analysis of typosquatting attacks on software package repositories.
The following list is a selection of recent publications of Dominik Herrmann. The complete list is available on the website of University of Hamburg.
- Max Maass, Anne Laubach, Dominik Herrmann. PrivacyScore: Analyse von Webseiten auf Sicherheits- und Privatheitsprobleme – Konzept und rechtliche Zulässigkeit. Preprint, arXiv:1705.08889 [cs.CR], 2017. PDF (Preprint)
- Max Maass, Pascal Wichmann, Dominik Herrmann. PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites. Preproceedings of ENISA Annual Privacy Forum, 7–8 June 2017, Vienna. Preprint, arXiv:1705.05139 [cs.CR], 2017. PDF (Preprint)
- Markus Christen, Josep Domingo-Ferrer, Dominik Herrmann, Jeroen van den Hoven.Beyond Informed Consent – Investigating Ethical Justifications for Disclosing, Donating or Sharing Personal Data in Research. Philosophy and Computing: Essays in epistemology, philosophy of mind, logic, and ethics, Proceedings of CEPE-IACAP 2015, University of Delaware, June 22–25, 2015. Springer (in press), 2017. PDF (Preprint)
- Dominik Herrmann, Matthias Kirchler, Jens Lindemann, Marius Kloft. Behavior-Based Tracking of Internet Users with Semi-Supervised Learning. 14th Annual Conference on Privacy, Security and Trust (PST 2016). Auckland, New Zealand, Dec 12–14, 2016. PDF
- Matthias Kirchler, Dominik Herrmann, Jens Lindemann, Marius Kloft. Tracked Without a Trace: Linking Sessions of Users by Unsupervised Learning of Patterns in Their DNS Traffic. 9th ACM Workshop on Artificial Intelligence and Security (AISec), co-located with the 23rd ACM Conference on Computer and Communications (CCS). Vienna, Oct 28, 2016. PDF
- Dominik Herrmann, Hannes Federrath. Unbemerktes Tracking im Internet: Unsere unerwünschte Identität. In Gerrit Hornung und Christoph Engemann (Hrsg.): Der digitale Bürger und seine Identität. Der Elektronische Rechtsverkehr, Bd. 36. Nomos Baden-Baden, 2016. External Link (DOI)
- Dominik Herrmann. Unerfreulich auskunftsfreudig: Inferenzangriffe auf DNS-Anfragen bedrohen unsere Privatsphäre. Datenbank Spektrum 16(2) 119–126, 2016. PDF
- Dominik Herrmann, Jens Lindemann. Obtaining personal data and asking for erasure: Do app vendors and website owners honour your privacy rights?. GI SICHERHEIT 2016: Sicherheit – Schutz und Zuverlässigkeit. Bonn, Apr 5–7, 2016. PDF