Publications

In approximately inverse chronological order

P73

AI-Adapted Learning and Coursework in Distance Education with Online Learning Platforms

Contribution to the Wissenschaftsforum 2025 “Didaktische Zeitenwende – Innovationen in der Fernlehre”, 13 November 2025, Wilhelm Büchner Hochschule, Darmstadt.
Forthcoming in: Schriftenreihe der Wilhelm Büchner Hochschule.
Preprint: SSRN:5928575
Abstract
Generative AI fundamentally challenges traditional written coursework in distance education, rendering conventional containment strategies ineffective. This paper presents a pedagogical framework implemented in Master's-level cyber security modules at Wilhelm Büchner Hochschule that strategically addresses AI integration through platform-based design. Using the Milanote visual workspace, the approach combines autonomous task selection from emerging topics with minimal published sources, deliberately open-ended formulations requiring explicit audience decisions, mandatory dual-board architecture separating content from reflection, multi-modal composition requirements, and evaluation criteria emphasizing curation and didactic quality over reproduction. Rather than restricting AI use, the framework explicitly encourages reflective AI integration while structurally incentivizing critical engagement through multiple decision points that complicate unreflective adoption. This design demonstrates how thoughtful pedagogical architecture can transform AI from an assessment threat into a catalyst for developing higher-order cognitive competencies essential for contemporary professional practice, while maintaining the practical constraints of distance education.
P72

Sky Computing in Practice: A Framework for Unified Vendor Agnostic Multi-Cloud Management and the Lessons Learned

Together with Henry-Norbert Cocos, Christian Baun, Thorsten Luft, and Abo El Hage.
In: Proceedings of the 11th International Congress on Information and Communication Technology (ICICT 2026), London, UK, 24–27 February 2026.
Springer Lecture Notes in Networks and Systems (LNNS). To appear.
P71

Toward Secure M2M Authentication for S3 Object Storage

Together with Michael Geiger
In: Proceedings of the International Conferences on Applied Computing 2025 and WWW/Internet 2025, Porto, Portugal, November 2025, pp. 235-239.
Edited by Paula Miranda and Pedro Isaías. IADIS Press. ISBN 978-989-8704-71-9. Short paper.
Abstract
This paper addresses security vulnerabilities in Machine-to-Machine authentication for Amazon S3 object storage in industrial environments. Current AWS authentication relies on often insecurely managed symmetric keys. While Amazon's Secure Token Service with OpenID Connect authentication offers a solution in principle, most enterprise S3-compatible storage products lack STS support. We propose a security architecture combining Privileged Access Management (PAM) with OIDC authentication to abstract credentials from application code, enabling automated key rotation and centralized management. Through industrial simulation testing, we demonstrate this approach maintains production continuity while significantly improving credential security for M2M S3 access.
BibTeX
@inproceedings{geigerschmidt2025, author = {Michael Geiger and Andreas U. Schmidt}, title = {Toward Secure M2M Authentication for S3 Object Storage}, booktitle = {Proceedings of the International Conferences on Applied Computing 2025 and WWW/Internet 2025}, year = {2025}, pages = {235--239}, month = nov, address = {Porto, Portugal}, editor = {Paula Miranda and Pedro Isaías}, publisher = {IADIS Press}, isbn = {978-989-8704-71-9}, note = {Short paper} }
P70

Sky Computing for SME: Simplifying Multi-Cloud Complexity

Together with Henry-Norbert Cocos and Christian Baun
In: Proceedings of the International Conferences on Applied Computing 2025 and WWW/Internet 2025, Porto, Portugal, November 2025, pp. 314-317.
Edited by Paula Miranda and Pedro Isaías. IADIS Press. ISBN 978-989-8704-71-9. Poster paper.
Abstract
The evolution from traditional on-premise infrastructures to hybrid and multi-cloud architectures has transformed IT, enabling organizations to reduce vendor lock-in, optimize costs, and improve flexibility. However, managing resources across multiple clouds remains complex, especially for small and medium-sized enterprises (SMEs). This paper presents a vendor-agnostic multi-cloud framework focused on unified cost management through a standardized Cost API. The proposed architecture aims to simplify multi-cloud management, enabling more efficient and cost-effective operations. We conclude with the benefits of this approach and future research directions.
BibTeX
@inproceedings{cocosbaunschmidt2025, author = {Henry-Norbert Cocos and Christian Baun and Andreas U. Schmidt}, title = {Sky Computing for SME: Simplifying Multi-Cloud Complexity}, booktitle = {Proceedings of the International Conferences on Applied Computing 2025 and WWW/Internet 2025}, year = {2025}, pages = {314--317}, month = nov, address = {Porto, Portugal}, editor = {Paula Miranda and Pedro Isaías}, publisher = {IADIS Press}, isbn = {978-989-8704-71-9}, note = {Poster paper} }
P69

Multi-Factor Authentication as a Service

10.1109/MobileCloud.2015.35
Together with Yogendra Shah, Vinod Choiy, Lakshmi Subramanian
IEEE Mobile Cloud 2015, March 30 2015-April 3 2015, San Francisco, CA, pp. 144-150.
Abstract
An architecture for providing multi-factor authentication as a service in a mobile environment is proposed, resting on the principle of a loose coupling and separation of duties between network entities and the end user devices. The multi-factor authentication architecture leverages Identity Federation and Single-Sign-On technologies, such as the OpenID framework, in order to provide for a modular integration of various factors of authentication. The architecture is robust and scalable in order to support any number of authentication factors, which may be executed dynamically according to service providers’ authentication policies. Additionally, the architecture provides for the mapping of defined assurance level requirements posed by service providers, to concrete authentication factors, taking into account the varied authentication capabilities of users’ devices.
P68

Network based Aggregation Server for Federated WiFi Access

Together with Yogendra Shah, Yousif Targali, Lakshmi Subramanian, Aamer Chaudry
Contribution to Wireless World Research Forum Meeting 31, Vancouver, Canada, 22 - 24 October, 2013.
P67

Evolution of Trust Systems from PCs to Mobile Devices: Building Secured and Trusted Ecosystems

10.1109/MVT.2012.2234055
Together with Dolores Howry and Yogendra Shah
In: IEEE Vehicular Technology Magazine, Vol. 8, no. 1 (2013), 70-80. Enhanced, revised paper of a contribution at Wireless World Research Forum Meeting 29, Berlin, Germany, Oct 23-25, 2012.
Abstract
A trust ecosystem for mobile devices based on trusted computing principles is presented. The trust ecosystem model from the latest PC platform provides a reference for the evolution of a trust model for the diverse mobile device market. By balancing the trusted computing burden between the mobile device and network and separating service delivery/access control decisions and error reporting from remediation, the processing in the network is hugely simplified, and efficiency in the use of network resources is increased. Additionally, certification and accreditation of the mobile device’s trust security capabilities provides a white box view into a mobile device’s security architecture and a means to gain a high level of trust assurance in the mobile device.
BibTeX
@ARTICLE{VTM13-Trust, author = {Dolores Howry and Yogendra Shah and Andreas U. Schmidt}, title = {Evolution of Trust Systems from PCs to Mobile Devices: Building Secured and Trusted Ecosystems}, journal = {IEEE Vehicular Technology Magazine}, year = {2013}, volume = {8}, pages = {70-80}, number = {1}, month = {March}, abstract = {A trust ecosystem for mobile devices based on trusted computing principles is presented. The trust ecosystem model from the latest PC platform provides a reference for the evolution of a trust model for the diverse mobile device market. By balancing the trusted computing burden between the mobile device and network and separating service delivery/access control decisions and error reporting from remediation, the processing in the network is hugely simplified, and efficiency in the use of network resources is increased. Additionally, certification and accreditation of the mobile device’s trust security capabilities provides a white box view into a mobile device’s security architecture and a means to gain a high level of trust assurance in the mobile device.}, doi = {10.1109/MVT.2012.2234055}, }
P66

Tree-formed verification data for trusted platforms

10.1016/j.cose.2012.09.004
Together with Andreas Leicher, Andreas Brett, Yogendra Shah, Inhyok Cha
In: Computers & Security, 32 (2013), 19-35.
Abstract
The establishment of trust relationships to a computing platform relies on validation processes. Validation allows an external entity to build trust in the expected behaviour of the platform based on provided evidence of the platform's configuration. In a process like remote attestation, the 'trusted' platform submits verification data created during a start up process. These data consist of hardware-protected values of platform configuration registers, containing nested measurement values, e.g., hash values, of loaded or started components. Commonly, the register values are created in linear order by a hardware secured operation. Fine-grained diagnosis of components, based on the linear order of verification data and associated measurement logs, is not optimal. We propose a method to use tree-formed verification data to validate a platform. Component measurement values represent leaves, and protected registers represent roots of a hash tree. We describe the basic mechanism of validating a platform using tree-formed measurement logs and root registers and show a logarithmic speed-up for the search of faults. Secure creation of a tree is possible using a limited number of hardware-protected registers and a single protected operation. In this way, the security of tree-formed verification data is maintained.
BibTeX
@ARTICLE{CoSe_TFV1, author = {Andreas U. Schmidt and Andreas Leicher and Andreas Brett and Yogendra Shah and Inhyok Cha}, title = {Tree-formed verification data for trusted platforms}, journal = {Computers \& Security}, year = {2013}, volume = {32}, pages = {19-35}, abstract = {The establishment of trust relationships to a computing platform relies on validation processes. Validation allows an external entity to build trust in the expected behaviour of the platform based on provided evidence of the platform's configuration. In a process like remote attestation, the 'trusted' platform submits verification data created during a start up process. These data consist of hardware-protected values of platform configuration registers, containing nested measurement values, e.g., hash values, of loaded or started components. Commonly, the register values are created in linear order by a hardware secured operation. Fine-grained diagnosis of components, based on the linear order of verification data and associated measurement logs, is not optimal. We propose a method to use tree-formed verification data to validate a platform. Component measurement values represent leaves, and protected registers represent roots of a hash tree. We describe the basic mechanism of validating a platform using tree-formed measurement logs and root registers and show a logarithmic speed-up for the search of faults. Secure creation of a tree is possible using a limited number of hardware-protected registers and a single protected operation. In this way, the security of tree-formed verification data is maintained.}, doi = {10.1016/j.cose.2012.09.004}, url = {http://arxiv.org/pdf/1007.0642v4} }
P65

Security and Privacy in Mobile Information and Communication Systems

10.1007/978-3-642-33392-7
Book edited together with Giovanni Russello and Ioannis Krontiris and Shiguo Lian
th International Conference, MobiSec 2012, Frankfurt am Main, Germany, June 25-26, 2012, Revised Selected Papers Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST), Vol. 107. Springer-Verlag, Berlin, Heidelberg, New York. ISBN 978-3-642-33391-0.
BibTeX
@PROCEEDINGS{MobiSec12_Proceedings, title = {Security and Privacy in Mobile Information and Communication Systems - 4th International Conference, MobiSec 2012, Frankfurt am Main, Germany, June 25-26, 2012, Revised Selected Papers}, year = {2012}, editor = {Andreas U. Schmidt and Giovanni Russello and Ioannis Krontiris and Shiguo Lian}, volume = {107}, series = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST)}, address = {Berlin, Heidelberg, New York}, publisher = {Springer-Verlag}, doi = {10.1007/978-3-642-33392-7}, isbn = {978-3-642-33391-0} }
P64

Smart OpenID: A Smart Card Based OpenID Protocol

10.1007/978-3-642-30436-1_7
Together with Andreas Leicher, Yogendra Shah
In: Information Security and Privacy Research. 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings. Vol. 376 of IFIP Advances in Information and Communication Technology. Springer (2012), pp. 75-86.
Abstract
OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity Management (IdM), and has great potential for large scale user adoption especially for mobile applications. At the same time, Mobile Network Operators are increasingly interested in leveraging their existing infrastructure and assets for SSO and IdM. In this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user's device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials over the Internet and thus avoid phishing attacks. We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts with OpenID-enabled web services.
BibTeX
@INPROCEEDINGS{IFIPSEC12, author = {Andreas Leicher and Andreas U. Schmidt and Yogendra Shah}, title = {Smart OpenID: A Smart Card Based OpenID Protocol}, booktitle = {Information Security and Privacy Research. 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, Heraklion, Crete, Greece, June 4-6, 2012. Proceedings}, year = {2012}, editor = {Dimitris Gritzalis and Steven Furnell and Marianthi Theoharidou}, volume = {376}, series = {IFIP Advances in Information and Communication Technology}, pages = {75-86}, publisher = {Springer-Verlag}, abstract = {OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity Management (IdM), and has great potential for large scale user adoption especially for mobile applications. At the same time, Mobile Network Operators are increasingly interested in leveraging their existing infrastructure and assets for SSO and IdM. In this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user's device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials over the Internet and thus avoid phishing attacks. We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts with OpenID-enabled web services.}, doi = {10.1007/978-3-642-30436-1_7}, isbn = {978-3-642-30435-4}, url = {http://link.springer.com/chapter/10.1007%2F978-3-642-30436-1_7} }
P63

Trusted computing enhanced user authentication with OpenID and trustworthy user interface

10.1504/IJITST.2011.043133
Together with Andreas Leicher, Yogendra Shah, Inhyok Cha
In: International Journal of Internet Technology and Secured Transactions, vol. 3, no. 4 (2011), 331-353.
Abstract
Trusted computing, used as a security technology, can establish trust between multiple parties. One implementation of trusted computing technology standardised by the Trusted Computing Group is the trusted platform module (TPM). We build on the security provided by the TPM to create a trusted variant of identity management systems based on the popular OpenID protocol. We show that it is feasible to bind OpenID identities to the trustworthiness of the device. Our concept and implementation builds on previous work which showed that trusted computing can be used to create tickets. In this work, we use such tickets as a building block to establish trust in the OpenID protocol between the identity provider and the device. Furthermore, we investigate how mutual trust can be established in the communication between device and user during authentication. The concept of trust visualisation via a trusted environment and binding to user authentication are presented.
BibTeX
@ARTICLE{IJITST11, author = {Andreas Leicher and Andreas U. Schmidt and Yogendra Shah and Inhyok Cha}, title = {Trusted computing enhanced user authentication with OpenID and trustworthy user interface}, journal = {International Journal of Internet Technology and Secured Transactions}, year = {2011}, volume = {3}, pages = {331-353}, number = {4}, month = {October}, abstract = {Trusted computing, used as a security technology, can establish trust between multiple parties. One implementation of trusted computing technology standardised by the Trusted Computing Group is the trusted platform module (TPM). We build on the security provided by the TPM to create a trusted variant of identity management systems based on the popular OpenID protocol. We show that it is feasible to bind OpenID identities to the trustworthiness of the device. Our concept and implementation builds on previous work which showed that trusted computing can be used to create tickets. In this work, we use such tickets as a building block to establish trust in the OpenID protocol between the identity provider and the device. Furthermore, we investigate how mutual trust can be established in the communication between device and user during authentication. The concept of trust visualisation via a trusted environment and binding to user authentication are presented.}, doi = {10.1504/IJITST.2011.043133}, keywords = {Computing and MAthematics; Internet and Web Services}, url = {http://www.ingentaconnect.com/content/ind/ijitst/2011/00000003/00000004/art00001} }
P62

Security and Privacy in Mobile Information and Communication Systems

10.1007/978-3-642-30244-2
Book edited together with Ramjee Prasad, Károly Farks, Giovanni Russello and Flaminia L. Luccio
Third International ICST Conference, MOBISEC 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST), Vol. 94. Springer-Verlag, Berlin, Heidelberg, New York. ISBN 978-3-642-30244-2.
BibTeX
@PROCEEDINGS{MobiSec11_Proceedings, title = {Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MOBISEC 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers}, year = {2011}, editor = {Ramjee Prasad and Károly Farks and Andreas U. Schmidt and Giovanni Russello and Flaminia L. Luccio and Shiguo Lian}, volume = {94}, series = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST)}, address = {Berlin, heidelberg, New York}, publisher = {Springer-Verlag}, doi = {10.1007/978-3-642-30244-2}, isbn = {978-3-642-30244-2} }
P61

Sender Scorecards: Prevention of Unsolicited Communication in IMS Networks

10.1109/MVT.2010.939906
Together with Andreas Leicher, Inhyok Cha, Yogendra Shah, and Louis Guccione
In: IEEE Vehicular Technology Magazine, Vol. 5, no. 1 (2011), 52-59. Enhanced, revised paper of a contribution at Wireless World Research Forum Meeting 25, London, UK, 2010.
Abstract
Unsolicited communication is a major issue in digital communications and hence for the networks enabling such communication. With the increasing use of IP Multimedia Subsystem (IMS) networks, protection of time-critical communication, e.g. Voice over IP, from unsolicited messages, becomes an important topic. 3GPP identified and developed various concepts to cope with unsolicited communication in IMS networks (UCI) in 3GPP TR 33.937. The Protection against UCI (PUCI) borrows concepts from traditional email SPAM filtering but needs to adapt to the nature of IMS communication being direct and time critical. In addition to the protection methods identified in TR 33.937 we present a concept which uses a secure and interoperable scorecard which is associated with the caller and the IMS communication. Depending on the outcome of the scorecard evaluation, the receiving domain can take appropriate actions such as denying or allowing a communication attempt. Scorecards are used to generate a standardized exchange format for sender and message related information. Based on 3GPP standards we present an IMS architecture with scorecard elements, including basic operating procedures for the prevention of UCI.
BibTeX
@ARTICLE{VTM11-PUCI, author = {Andreas U. Schmidt and Andreas Leicher and Inhyok Cha and Yogendra Shah and Louis Guccione}, title = {Sender Scorecards: Prevention of Unsolicited Communication in IMS Networks}, journal = {IEEE Vehicular Technology Magazine}, year = {2011}, volume = {5}, pages = {52--59}, number = {3}, month = {March}, doi = {10.1109/MVT.2010.939906} }
P60

Efficient Application SSO for Evolved Mobile Networks

Together with Andreas Leicher, Inhyok Cha, and Yogendra Shah
Contribution to Wireless World Research Forum Meeting 25, London, UK, 2010.
Abstract
Efficient and seamless Single-Sign-On (SSO) access to applications is a core question for the evolution of services in wireless networks. A fundamental requirement is lightweight, secure authentication protocols and an overarching identity management framework. We review 3GPP standardisation efforts on this topic, and propose generation of identity assertions, locally at the device as an efficient and secure authentication method for mobile SSO.
BibTeX
@INPROCEEDINGS{SmartOpenID_WWRF25, author = {Andreas U. Schmidt and Andreas Leicher and Yogendra Shah Inhyok Cha}, title = {Efficient Application SSO for Evolved Mobile Networks}, booktitle = {Proceedings of the Wireless World Research Forum Meeing 25 (WWRF 25), London, UK, 2010}, year = {2009}, abstract = {Efficient and seamless Single-Sign-On (SSO) access to applications is a core question for the evolution of services in wireless networks. A fundamental requirement is lightweight, secure authentication protocols and an overarching identity management framework. We review 3GPP standardisation efforts on this topic, and propose generation of identity assertions, locally at the device as an efficient and secure authentication method for mobile SSO.} }
P59

Security and Privacy in Mobile Information and Communication Systems

10.1007/978-3-642-17502-2
Book edited together with Giovanni Russello, Antonio Lioy, Neeli R. Prasad, and Shiguo Lian.
Proceedings of the Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST), Vol. 47. Springer-Verlag, Berlin, Heidelberg, New York. ISBN 978-3-642-17502-2.
BibTeX
@PROCEEDINGS{MobiSec10_Proceedings, title = {Security and Privacy in Mobile Information and Communication Systems}, year = {2010}, editor = {Andreas U. Schmidt and Giovanni Russello and Antonio Lioy and Neeli R. Prasad and Shiguo Lian}, volume = {47}, series = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST)}, address = {Berlin, heidelberg, New York}, publisher = {Springer-Verlag}, note = {Second International ICST Conference, MobiSec 2010, Catania, Sicily, Italy, May 27-28, 2010, Revised Selected Papers}, doi = {10.1007/978-3-642-17502-2}, isbn = {978-3-642-17502-2} }
P58

Trusted Computing enhanced OpenID

Together with Andreas Leicher, Inhyok Cha, and Yogendra Shah
Proc. 2010 International Conference for Internet Technology and Secured Transactions (ICITST).
Abstract
Trusted Computing, used as a security technology, can establish trust between multiple parties. One implementation of Trusted Computing Technology standardized by the Trusted Computing Group is the Trusted Platform Module (TPM). We build on the security provided by the TPM to create a trusted variant of Identity Management Systems based on the popular OpenID protocol. We show that it is feasible to bind OpenID identities to the trustworthiness of the device. Our concept and implementation builds on previous work which showed that Trusted Computing can be used to create tickets. In this work, we use such tickets as a building block to establish trust in the OpenID protocol between the identity provider and the device.
BibTeX
@INPROCEEDINGS{LSSC-ICITST10, author={Andreas Leicher and Andreas U. Schmidt and Yogendra Shah and Inhyok Cha}, booktitle={2010 International Conference for Internet Technology and Secured Transactions (ICITST)}, title={Trusted Computing enhanced OpenID}, year={2010}, month=nov., pages={1-8}, keywords={OpenID protocol;identity management system;security technology;trusted computing technology;trusted platform module;security of data;}, url = {http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5678097&isnumber=5678008} }
P57

Trusted Platform Validation and Management

10.4018/jdtis.2010040101
Together with Andreas Leicher, Inhyok Cha, and Yogendra Shah
International Journal of Dependable and Trustworthy Information Systems (IJDTIS), vol. 1, no. 2 (2010), 1-31.
Abstract
Computing platforms are approaching the era of truly distributed and mobile systems. For such large scale deployments of partly autonomously communicating and connecting network elements, trust issues acquire new qualities. Remote establishment of trust and an enabling architecture to manage distributed network elements remotely become essential. Following the authors' previous analysis on trust establishment, this paper presents base concepts for platform validation and management, with scalable trust properties and flexible security. The presentation is set in context of machine-to-machine communication and intelligent gateways in mobile networks.
BibTeX
@ARTICLE{IJDTIS-TPVM10, author = {Andreas U. Schmidt and Andreas Leicher and Inhyok Cha and Yogendra Shah}, title = {Trusted Platform Validation and Management}, journal = {International Journal of Dependable and Trustworthy Information Systems (IJDTIS)}, year = {2010}, volume = {1}, pages = {1--31}, number = {2}, abstract = {Computing platforms are approaching the era of truly distributed and mobile systems. For such large scale deployments of partly autonomously communicating and connecting network elements, trust issues acquire new qualities. Remote establishment of trust and an enabling architecture to manage distributed network elements remotely become essential. Following the authors' previous analysis on trust establishment, this paper presents base concepts for platform validation and management, with scalable trust properties and flexible security. The presentation is set in context of machine-to-machine communication and intelligent gateways in mobile networks.}, doi = {10.4018/jdtis.2010040101} }
P56

Security and Privacy in Mobile Information and Communication Systems

10.1007/978-3-642-04434-2
Book edited together with Shiguo Lian.
Proceedings of the First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST), Vol. 17. Springer-Verlag, Berlin, Heidelberg, New York. ISBN 978-3-642-04433-5.
BibTeX
@PROCEEDINGS{MobiSec09_Proceedings, title = {Security and Privacy in Mobile Information and Communication Systems}, year = {2009}, editor = {Andreas U. Schmidt and Shiguo Lian}, volume = {17}, series = {Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (LNICST)}, address = {Berlin, heidelberg, New York}, publisher = {Springer-Verlag}, note = {First International ICST Conference, MobiSec 2009, Turin, Italy, June 3-5, 2009, Revised Selected Papers}, doi = {10.1007/978-3-642-04434-2}, isbn = {978-3-642-04433-5}, url = {http://www.springer.com/computer/security+and+cryptology/book/978-3-642-04433-5} }
P55

Trust in M2M Communications

10.1109/MVT.2009.933478
Together with Inhyok Cha, Yogendra Shah, Andreas Leicher, and Mike Meyerstein
In: IEEE Vehicular Technology Magazine, Vol. 4, no. 3 (2009), 69-75. Enhanced revised version of a contribution at Wireless World Research Forum Meeting 22, Paris, France, 5-7 May, 2009.
Abstract
Machine-to-machine (M2M) communication is viewed as one of the next frontiers in wireless communications. M2M communication applications and scenarios are growing and lead the way to new business cases. Because of the nature of M2M scenarios, involving unguarded, distributed devices, new security threats emerge. The use case scenarios for M2M communication also address the new requirement on flexibility, because of deployment scenarios of the M2ME in the field. We believe that these new requirements require a paradigm shift. One important pillar of such a shift will be a new, more balanced mix of device-centric trust and traditional enforcement of security properties.
BibTeX
@ARTICLE{CSALM09B, author = {Inhyok Cha and Yogendra Shah and Andreas U. Schmidt and Andreas Leicher and Micheal Meyerstein}, title = {Trust in M2M Communication}, journal = {IEEE Vehicular Technology Magazine}, year = {2009}, volume = {4}, pages = {69--75}, number = {3}, doi = {10.1109/MVT.2009.93347810.1109/MVT.2009.933478} }
P54

Scaling Concepts between Trust and Enforcement

10.4018/978-1-61520-682-7.ch002
Together with Inhyok Cha, and Andreas Leicher
In, Zheng Yan (Ed.), Trust Modeling and Management in Digital Environments: From Social Concept to System Development. IGI Global Publishing, 2009, pp. 20-57.
Abstract
Enforcement and trust are opposite concepts in information security. This chapter reflects on the paradigm shift from traditional concepts of access control and policy enforcement toward to de-centralised methods for establishing trust between loosely connected entities. By delegating parts of enforcement tasks to trusted elements dispersed in a system, transitive trust relationships can be established. This is the most advanced evolvement of the organisational method of separation of duties within IT-security. The technological basis for trust in systems - Trusted Computing platforms - is described on conceptual levels allowing comparison with other top-level security concepts and mapping to application domains. Important applications in modern information systems and networks are e xhibited.
BibTeX
@INCOLLECTION{Trust_Chapter2010, author = {Andreas U. Schmidt and Andreas Leicher and Inhyok Cha}, title = {Scalable Concepts between Trust and Enforcement}, booktitle = {Trust Modeling and Management in Digital Environments: From Social Concept to System Development}, publisher = {IGI Global}, year = {2010}, editor = {Zheng Yan}, chapter = {2}, pages = {20-57}, address = {Hershey, PA, USA}, abstract = {Enforcement and trust are opposite concepts in information security. This chapter reflects on the paradigm shift from traditional concepts of access control and policy enforcement toward de-centralised methods for establishing trust between loosely connected entities. By delegating parts of enforcement tasks to trusted elements dispersed in a system, the system can establish transitive trust relationships. This is the most advanced evolution of the organisational method of separation of duties within IT security. The technological basis for trust in systems - Trusted Computing platforms - is described on conceptual levels allowing comparison with other top-level security concepts and mapping to application domains. Important applications in modern information systems and networks are exhibited.}, doi = {10.4018/978-1-61520-682-7.ch002}, isbn = {9781615206827}, keywords = {IT Security; Trust; Enforcement; Trusted Computing;}, url = {http://www.igi-global.com/Bookstore/TitleDetails.aspx?TitleId=37255} }
P53

Trusted Watermarks

10.1109/ISBMSB.2009.5133835
Together with Andreas Brett and Nicolai Kuntze
In: Proceedings of 2009 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting (BMSB 2009) 13-15 May 2009 - Bilbao, Spain, pp. 1-7.
Abstract
The Internet becomes more and more integrated into everyday life these days. Reasons may be increasing data transfer rates and decreasing connection fees. Increasing data transfer rates on the client-side cause a widespread usage of peer-to-peer techniques that balance network load between servers and clients. Especially when distributing content to a multitude of customers, usage of peer-to-peer mechanisms comes in handy. Another main impact of the Internet nowadays is an increasing appetite for on-demand content which leads to entertainment devices providing customers with on-demand media from the Internet in their living rooms. Furthermore uprising media-deployment results in an arising demand for theft-protection by the holders of copyrights. Nevertheless past showed that copyright protection methods that restrict the user in being able to playback acquired media without difficulty cause decreasing sales figures. Thus customer-friendly copyright-protection methods seem to bridge the gap between customer's and supplier's needs. Moreover one major problem in the growing usage of software implemented algorithms in embedded systems, like on-demand entertainment-devices, is the ability of customers to modify their devices in order to reveal secret data or to bypass copyrightprotection providing methods. Integrity-proving mechanisms that ensure devices are being unaltered are required accordingly. This paper presents a concept for a so called Trusted Set- Top-Box (TSTB) that will make use of peer-to-peer file sharing mechanisms to provide the customer with real-time and ondemand video streaming. To protect copyrighted video material from theft in a customer-friendly manner, novel watermarkingtechnology will be used. This allows for unproblematic playback of acquired media on distinct playback devices. The TSTB is referenced to be trusted since TPM-Technology will serve as security anchor, providing methods for attesting the devices' integrity. Through this unauthorized modification of the device will be detected.
BibTeX
@INPROCEEDINGS{BrettKuntzeSchmidt2009A, author = {Andreas Brett and Nikolai Kuntze and Andreas U. Schmidt}, title = {Trusted Watermarks}, booktitle = {IEEE International Symposium on Broadband Multimedia Systems and Broadcasting, 2009. BMSB '09.}, year = {2009}, pages = {1-7}, organization = {IEEE}, abstract = {The Internet becomes more and more integrated into everyday life these days. Reasons may be increasing data transfer rates and decreasing connection fees. Increasing data transfer rates on the client-side cause a widespread usage of peer-to-peer techniques that balance network load between servers and clients. Especially when distributing content to a multitude of customers, usage of peer-to-peer mechanisms comes in handy. Another main impact of the Internet nowadays is an increasing appetite for on-demand content which leads to entertainment devices providing customers with on-demand media from the Internet in their living rooms. Furthermore uprising media-deployment results in an arising demand for theft-protection by the holders of copyrights. Nevertheless past showed that copyright protection methods that restrict the user in being able to playback acquired media without difficulty cause decreasing sales figures. Thus customer-friendly copyright-protection methods seem to bridge the gap between customer's and supplier's needs. Moreover one major problem in the growing usage of software implemented algorithms in embedded systems, like on-demand entertainment-devices, is the ability of customers to modify their devices in order to reveal secret data or to bypass copyrightprotection providing methods. Integrity-proving mechanisms that ensure devices are being unaltered are required accordingly. This paper presents a concept for a so called Trusted Set- Top-Box (TSTB) that will make use of peer-to-peer file sharing mechanisms to provide the customer with real-time and ondemand video streaming. To protect copyrighted video material from theft in a customer-friendly manner, novel watermarkingtechnology will be used. This allows for unproblematic playback of acquired media on distinct playback devices. The TSTB is referenced to be trusted since TPM-Technology will serve as security anchor, providing methods for attesting the devices' integrity. Through this unauthorized modification of the device will be detected.}, doi = {10.1109/ISBMSB.2009.5133835} }
P52

Injecting Trust to Cryptographic Key Management

Together with Gökhan Bal and Nicolai Kuntze
Proceedings of the The 11th International Conference on Advanced Communication Technology (ICACT 2009), Feb. 15~18, 2009, Phoenix Park, Korea, pp. 1197-1201.
Abstract
Notwithstanding the adoption of strong cryptographic mechanisms, the anticipated degree of security in the protection and management of privacy sensitive data can only be achieved, if secret keys can be hielded adequately. In practice, most implementations are based on software tokens that shall guard the keys against eavesdropping. This fact alleviates the hardness of circumvention of used cryptographic protocols and with this the disclosure of secret keys. In this paper we propose a key management architecture which - based on the capabilities of Trusted Computing Technology - will provide a higher level of security.
BibTeX
@INPROCEEDINGS{BalSchmidtKuntze2009A, author = {G�khan Bal and Nicolai Kuntze and Andreas U. Schmidt}, title = {Injecting Trust to Cryptographic Key Management}, booktitle = {Proceedings of the 11th International Conference on Advanced Communication Technology (ICACT 2009), Feb. 15~18, 2009, Phoenix Park, Korea.}, pages = {1197-1201}, month = {feb.}, abstract = {Not withstanding the adoption of strong cryptographic mechanisms, the anticipated degree of security in the protection and management of privacy sensitive data can only be achieved, if secret keys can be shielded adequately. In practice, most implementations are based on software tokens that shall guard the keys against eavesdropping. This fact alleviates the hardness of circumvention of used cryptographic protocols and with this the disclosure of secret keys. In this paper we propose a key management architecture which - based on the capabilities of trusted computing technology - will provide a higher level of security.} }
P51

On the Superdistribution of Digital Goods

Journal of Universal Computer Science, vol. 15 (2009) 401-425.
Extended version of [P46]
Abstract
Business models involving buyers of digital goods in the distribution process are called superdistribution schemes. We review the state-of-the art of research and application of superdistribution and propose a systematic approach to market mechanisms using super-distribution and technical system architectures supporting it. The limiting conditions on such markets are of economic, legal, technical, and psychological nature. Large scale applications of superdistribution such as video-on-demand and multimedia over peer-to-peer type networks pose particular requirements on security and efficiency.
BibTeX
@article{AUS09A, author = {A.U. Schmidt}, title = {On the Superdistribution of Digital Goods}, journal = {Journal of universal computer science}, year = {2009}, volume = {15}, pages = {401--425}, number = {2}, abstract = {Business models involving buyers of digital goods in the distribution process are called superdistribution schemes. We review the state-of-the art of research and application of superdistribution and propose a systematic approach to market mechanisms using super-distribution and technical system architectures supporting it. The limiting conditions on such markets are of economic, legal, technical, and psychological nature. Large scale applications of superdistribution such as video-on-demand and multimedia over peer-to-peer type networks pose particular requirements on security and efficiency.}, url = {www.jucs.org/jucs_15_2/on_the_superdistribution_of} }
P50

Implementation of a Trusted Ticket System

Together with Andreas Leicher and Nicolai Kuntze
In: Dimitris Gritzalis and Javier Lòpez (Eds.). Emerging Challenges for Security, Privacy and Trust, 24th IFIP TC 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18-20, 2009. Proceedings. International Federation for Information Processing (IFIP), Vol 297, pp. 152-163, Springer-Verlag, Boston, 2009.
Abstract
Trusted Computing is a security technology which enables the establishment of trust between multiple parties. Previous work showed that Trusted Computing technology can be used to build tickets, a core concept of Identity Management Systems. Relying solely on the Trusted Platform Module we will demonstrate how this technology can be used in the context of Kerberos for an implementation variant of Identity Management.
BibTeX
@INPROCEEDINGS{KuntzeSchmidtLeicher2009A, author = {Andreas Leicher and Nicolai Kuntze and Andreas U. Schmidt}, title = {Implementation of a Trusted Ticket System}, booktitle = {Emerging Challenges for Security, Privacy and Trust, 24th IFIP TC 11 International Information Security Conference, SEC 2009, Pafos, Cyprus, May 18-20, 2009. Proceedings}, year = {2009}, editor = {Dimitris Gritzalis and Javier L{\'o}pez}, volume = {297}, series = {IFIP}, pages = {152-163}, publisher = {Springer-Verlag}, abstract = {Trusted Computing is a security technology which enables the establishment of trust between multiple parties. Previous work showed that Trusted Computing technology can be used to build tickets, a core concept of Identity Management Systems. Relying solely on the Trusted Platform Module we will demonstrate how this technology can be used in the context of Kerberos for an implementation variant of Identity Management.}, doi = {10.1007/978-3-642-01244-0_14} }
P49

Evaluating Measures and Countermeasures for SPAM over Internet Telephony

Together with Nicolai Kuntze and Rachid El Khayari
In: Norbert Pohlmann, Helmut Reimer, and Wolfgang Schneider (Eds.), ISSE 2008, Securing Electronic Business Processes. Highligths of the Information Security Solutions Europe 2008 Conference, 7-9 October 2008, Barcelona, Vieweg + Teubner, 2008, pp. 329-340.
BibTeX
@INPROCEEDINGS{KuntzeSchmidtElKhayari2008B, author = {Andreas U. Schmidt and Nicolai Kuntze and Rachid El Khayari}, title = {Evaluating Measures and Countermeasures for SPAM over Internet Telephony}, booktitle = {ISSE 2008 Securing Electronic Business Processes}, year = {2008}, editor = {Norbert Pohlmann and Helmut Reimer and Wolfgang Schneider}, address = {Wiesbaden}, publisher = {Vieweg + Teubner}, abstract = {Nowadays telephony has developed to an omnipresent service. Furthermore the Internet has emerged to an important communication medium. These facts and the raising availability of broadband internet access have led to the fusion of these two services. VoIP is the keyword that describes this combination. Furthermore it is undeniable that one of the most annoying facets of the Internet nowadays is email spam, which is considered to be 80 to 90 percent of the email traffic produced. The threat of so called voice spam or Spam over Internet Telephony is even more fatal than the threat that arose with email spam, for the annoyance and disturbance factor is much higher. From the pro-viders point of view both email spam and voice spam produce unwanted traffic and loss of trust of customers into the service. In this paper we discuss how SPIT attacks can be put into practice, than we point out advantages and disadvantages of state of the art anti voice spam solutions. With the knowledge provided in this paper and with our SPIT producing attack tool, it is possible for an administrator, to find out weak points of VoIP systems and for developers to rethink SPIT blocking techniques.}, arxiv = {0806.1610v1} }
P48

Trust in business processes

10.1109/ICYCS.2008.78
Together with Nicolai Kuntze, Zaharina Velikova, Carsten Rudolph
Proceedings of the 9th International Conference for Young Computer Scientists, 2008. ICYCS 2008 (pp. 1992-1997).
Section: 2008 International Symposium on Trusted Computing (TrustCom 2008), Zhang Jia Jie, Hunan, China - November 18-20, 2008
Abstract
The service oriented architectures (SOA) approach designing the interaction between various business entities leads to complex and highly automated relations between formerly separate organisations. In particular the automation of these processes demands a high level of trust of each partner in the underlying IT infrastructure and the results produced. This paper discusses the security and trust implications and shows how to utilize Trusted Computing within the SOA approach introducing means for integrity and authenticity.
BibTeX
@INPROCEEDINGS{KSVR08, author = {Nicolai Kuntze and Andreas U.Schmidt and Zaharina Velikova and Carsten Rudolph}, title = {Trust in business processes}, booktitle = {Proceedings of the 9th International Conference for Young Computer Scientists, 2008. ICYCS 2008.}, year = {2008}, pages = {1992-1997}, address = {Hunan, China}, publisher = {IEEE Computer Society}, abstract = {The service oriented architectures (SOA) approach designing the interaction between various business entities leads to complex and highly automated relations between formerly separate organisations. In particular the automation of these processes demands a high level of trust of each partner in the underlying IT infrastructure and the results produced. This paper discusses the security and trust implications and shows how to utilize Trusted Computing within the SOA approach introducing means for integrity and authenticity.}, doi = {10.1109/ICYCS.2008.78} }
P47

SPAM over Internet Telephony and how to deal with it

Together with Nicolai Kuntze and Rachid El Khayari
Refereed contribution to the 7th annual Conference Information Security South Africa (ISSA 2008) University of Johannesburg, South Africa, 7 -9 July 2008.
Abstract
In our modern society telephony has developed to an omnipresent service. People are available at anytime and anywhere. Furthermore the Internet has emerged to an important communication medium. These facts and the raising availability of broadband internet access has led to the fusion of these two services. Voice over IP or short VoIP is the keyword, that describes this combination. The advantages of VoIP in comparison to classic telephony are location independence, simplification of transport networks, ability to establish multimedia communications and the low costs. Nevertheless one can easily see, that combining two technologies, always brings up new challenges and problems that have to be solved. It is undeniable that one of the most annoying facet of the Internet nowadays is email spam. According to different sources email spam is considered to be 80 to 90 percent of the email traffic produced. Security experts suspect that this will spread out on VoIP too. The threat of so called voice spam or Spam over Internet Telephony (SPIT) is even more fatal than the threat that arose with email spam, for the annoyance and disturbance factor is much higher. As instance an email that hits the inbox at 4 p.m. is useless but will not disturb the user much. In contrast a ringing phone at 4 p.m. will lead to a much higher disturbance. From the providers point of view both email spam and voice spam produce unwanted traffic and loss of trust of customers into the service. In order to mitigate this threat different approaches from different parties have been developed. This paper focuses on state of the art anti voice spam solutions, analyses them and reveals their weak points. In the end a SPIT producing benchmark tool will be introduced, that attacks the presented anti voice spam solutions. With this tool it is possible for an administrator of a VoIP network to test how vulnerable his system is.
P46

On the Superdistribution of Digital Goods

10.1109/CHINACOM.2008.4685251
In: Proceedings of 2008 Third International Conference on Communications and Networking in China (CHINACOM'08) (pp. 1236-1243). IEEE
Invited paper at the Wokshop 2008 International Workshop on Multimedia Security in Communication (MUSIC'08) August 25-27, 2008, Hangzhou, China.
Abstract
Business models involving buyers of digital goods in the distribution process are called superdistribution schemes. We review the state-of-the art of research and application of superdistribution and propose systematic approach to market mechanisms using super-distribution and technical system architectures supporting it. The limiting conditions on such markets are of economic, legal, technical, and psychological nature.
BibTeX
@INPROCEEDINGS{AUS08A, author = {Andreas U. Schmidt}, title = {On the Superdistribution of Digital Goods}, booktitle = {Proceedings of 2008 Third International Conference on Communications and Networking in China (ChinaCom2008)}, year = {2008}, pages = {1236-1243}, address = {Hangzhou, China}, publisher = {IEEE}, note = {Invited paper at the Wokshop 2008 International Workshop on Multimedia Security in Communication (MUSIC'08)}, abstract = {Business models involving buyers of digital goods in the distribution process are called superdistribution schemes. We review the state-of-the art of research and application of superdistribution and propose systematic approach to market mechanisms using super-distribution and technical system architectures supporting it. The limiting conditions on such markets are of economic, legal, technical, and psychological nature.}, arxiv = {0806.1543v1}, doi = {10.1109/CHINACOM.2008.4685251} }
P45

Trust in the Value-Creation Chain of Multimedia Goods

Together with Nicolai Kuntze
Contributed chapter. In Shiguo Lian and Yan Zhang (Eds.): Handbook of Research on Secure Multimedia Distribution, IGI Global Publishing, 2009. ISBN 978-1-60566-262-6.
Abstract
Security in the value creation chain hinges on many single components and their interrelations. Trusted Platforms open ways to fulfil the pertinent requirements. This chapter gives a systematic approach to the utilisation of trusted computing platforms over the whole lifecycle of multimedia products. This spans production, aggregation, (re-)distribution, consumption, and charging. Trusted Computing technology as specified by the Trusted Computing Group provides modular building blocks which can be utilized at many points in the multimedia lifecycle. We propose an according research roadmap beyond the conventional Digital Rights Management use case. Selected technical concepts illustrate the principles of Trusted Computing applications in the multimedia context.
BibTeX
@INBOOK{TC_MM_Chapter_09, chapter = {Trust in the Value-Creation Chain of Multimedia Goods}, pages = {405-426}, title = {Handbook of Research on Secure Multimedia Distribution}, publisher = {IGI Global}, year = {2009}, editor = {Shiguo Lian and Yan Zhang}, author = {Andreas U. Schmidt and Nicolai Kuntze}, abstract = {Security in the value creation chain hinges on many single components and their interrelations. Trusted Platforms open ways to fulfil the pertinent requirements. This chapter gives a systematic approach to the utilisation of trusted computing platforms over the whole lifecycle of multimedia products. This spans production, aggregation, (re-)distribution, consumption, and charging. Trusted Computing technology as specified by the Trusted Computing Group provides modular building blocks which can be utilized at many points in the multimedia lifecycle. We propose an according research roadmap beyond the conventional Digital Rights Management use case. Selected technical concepts illustrate the principles of Trusted Computing applications in the multimedia context.}, isbn = {978-1-60566-262-6} }
P44

Rechtssichere Transformation signierter Dokumente

Together with Alexander Roßnagel
Nomos Verlag, Baden-Baden, 2008. ISBN 978-3-8329-2983-1.
BibTeX
@BOOK{TRANSIDOC_AB, title = {Rechtssichere Transformation signierter Dokumente}, publisher = {Nomos Verlag}, year = {2008}, author = {Alexander Ro{\ss}nagel and Andreas U. Schmidt,}, address = {Baden-Baden}, isbn = {978-3-8329-2983-1}, }
P43

Trusted Computing in mobiler Anwendung: Von Zugangskontrolle zu Identitäten

Together with Nicolai Kuntze
In: Norbert Pohlmann, Helmut Reimer (Hrsg.): Trusted Computing : Ein Weg zu neuen IT-Sicherheitsarchitekturen oder Ein Quantensprung in der IT-Sicherheit, pp. 187-206, Vieweg-Verlag, Wiesbaden 2007.
Abstract
Der Sektor mobiler Kommunikation und Dienstleistungen verändert sich rasant durch die horizontale Konvergenz von Zugangstechnologien und die zunehmende Intelligenz von Endgeräten. Neue Geschäftsmodelle in diesem Bereich brauchen neue Schutzmethoden und Vertrauensgrundlagen technischer Art. Trusted Computing (TC) in seiner Ausprägung für mobile Geräte kann diese bieten. Wir zeigen auf konzeptioneller Ebene und in konkreten Anwendungsbeispielen, wie diese Technologie nicht nur bestehende Anwendungen schützen kann sondern auch neuartige Geschäftsmodelle erst ermöglicht. Die Vorteile eines dezentralisierten Ansatzes für Identitätsmanagement basierend auf TC werden herausgestellt.
BibTeX
@INBOOK{AUSNK_TC_Buch_07, chapter = {Trusted Computing in mobiler Anwendung: Von Zugangskontrolle zu Identitäten}, pages = {187-206}, title = {Trusted Computing : Ein Weg zu neuen IT-Sicherheitsarchitekturen oder Ein Quantensprung in der IT-Sicherheit}, publisher = {Vieweg}, year = {2007}, editor = {Norbert Pohlmann and Helmut Reimer}, author = {Andreas U. Schmidt and Nicoali Kuntze}, address = {Wiesbaden}, isbn = {978-3-8348-0309-2}, }
P42

Subscriber Authentication in Cellular Networks with Trusted Virtual SIMs

10.1109/ICACT.2008.4493913
Together with Nicolai Kuntze and Michael Kasper
Proceedings of the 10th International Conference on Advanced Communication Technology (ICACT2008), Feb. 17-20, 2008, Phoenix Park, Korea, IEEE.
Abstract
The primary goal of this paper is to design a software replacement for a Subscriber Identity Module (SIM) based on the TCG MPWG Reference Architecture in order to access a mobile cellular network and its offered services. Therefore, we introduce a virtual software SIM (vSIM) with comparable usage and security characteristics like the traditional smartcard-based solution. Additionally, running a virtual SIM as a trusted and protected software on a mobile device allow significant expansion of services by introducing new usage scenarios and business models, cost reduction and more flexibility. Our approach demonstrates the substitutability of a SIM card with an adequate trusted software module supported and protected by a trustworthy operating system. In particular we propose several methods for authentication and enrollment of a subscriber.
BibTeX
@INPROCEEDINGS{KuntzeSchmidtKasper2008A, author = {Andreas U. Schmidt and Nicolai Kuntze and Michael Kasper}, title = {Subscriber Authentication in Cellular Networks with Trusted Virtual SIMs}, booktitle = {Proceedings of the 10th International Conference on Advanced Communication Technology, Feb. 17-20, 2008, Phoenix Park, Korea}, year = {2008}, volume = {2}, pages = {903-908}, organization = {IEEE}, abstract = {The primary goal of this paper is to design a software replacement for a Subscriber Identity Module (SIM) based on the TCG MPWG Reference Architecture in order to access a mobile cellular network and its offered services. Therefore, we introduce a virtual software SIM (vSIM) with comparable usage and security characteristics like the traditional smartcard-based solution. Additionally, running a virtual SIM as a trusted and protected software on a mobile device allow significant expansion of services by introducing new usage scenarios and business models, cost reduction and more flexibility. Our approach demonstrates the substitutability of a SIM card with an adequate trusted software module supported and protected by a trustworthy operating system. In particular we propose several methods for authentication and enrollment of a subscriber.}, doi = {10.1109/ICACT.2008.4493913}, }
P41

On the deployment of Mobile Trusted Modules

10.1109/WCNC.2008.552
Together with Nicolai Kuntze and Michael Kasper
Proceedings of the Wireless Communications and Networking Conference WCNC 2008, Las Vegas, USA, 31 March - 2 April 2008, IEEE.
star Received best paper award (PDF) at IEEE WCNC 2008.
Abstract
In its recently published TCG Mobile Reference Architecture, the TCG Mobile Phone Work Group specifies a new concept to enable trust into future mobile devices. For this purpose, the TCG devises a trusted mobile platform as a set of trusted engines on behalf of different stakeholders supported by a physical trust-anchor. In this paper, we present our perception on this emerging specification. We propose an approach for the practical design and implementation of this concept and how to deploy it to a trustworthy operating platform. In particular we propose a method for the take-ownership of a device by the user and the migration (i.e., portability) of user credentials between devices.
BibTeX
@INPROCEEDINGS{KuntzeSchmidtKasper2008, author = {Andreas U. Schmidt and Nicolai Kuntze and Michael Kasper}, title = {On the deployment of Mobile Trusted Modules}, booktitle = {Proceedings of the Wireless Communications and Networking Conference, WCNC 2008, Las Vegas, USA, 31 March - 2 April 2008}, year = {2008}, pages = {3163-3168}, organization = {IEEE}, abstract = {In its recently published TCG Mobile Reference Architecture, the TCG Mobile Phone Work Group specifies a new concept to enable trust into future mobile devices. For this purpose, the TCG devises a trusted mobile platform as a set of trusted engines on behalf of different stakeholders supported by a physical trust-anchor. In this paper, we present our perception on this emerging specification. We propose an approach for the practical design and implementation of this concept and how to deploy it to a trustworthy operating platform. In particular we propose a method for the take-ownership of a device by the user and the migration (i.e., portability) of user credentials between devices.}, arxiv = {0712.2113v1}, doi = {10.1109/WCNC.2008.552}, }
P40

Trust for Location-based Authorisation

10.1109/WCNC.2008.553
Together with Nicolai Kuntze and Jörg Abendroth
Proceedings of the Wireless Communications and Networking Conference WCNC 2008, Las Vegas, USA, 31 March - 2 April 2008, IEEE.
Abstract
We propose a concept for authorisation using the location of a mobile device and the enforcement of location-based policies. Mobile devices enhanced by Trusted Computing capabilities operate an autonomous and secure location trigger and policy enforcement entity. Location determination is twotiered, integrating cell-based triggering at handover with precision location measurement by the device.
BibTeX
@INPROCEEDINGS{KuntzeSchmidtAbendroth2008, author = {Andreas U. Schmidt and Nicolai Kuntze and J{\"o}rg Abendroth}, title = {Trust for Location-based Authorisation}, booktitle = {Proceedings of the Wireless Communications and Networking Conference, WCNC 2008, Las Vegas, USA, 31 March - 2 April 2008}, year = {2008}, pages = {3169-3174}, organization = {IEEE}, abstract = {We propose a concept for authorisation using the location of a mobile device and the enforcement of location-based policies. Mobile devices enhanced by Trusted Computing capabilities operate an autonomous and secure location trigger and policy enforcement entity. Location determination is twotiered, integrating cell-based triggering at handover with precision location measurement by the device.}, arxiv = {0712.2231v1}, doi = {10.1109/WCNC.2008.553}, }
P39

Trusted Infrastructures for Identities

Together with Barbara Fichtinger, Eckehard Herrmann, and Nicolai Kuntze
In: Virtual Goods: Technology, Economy, and Legal Aspects. Proceedings of the 5th International Workshop for Technical, Economic and Legal Aspects of Business Models for Virtual Goods, Koblenz, October 11-13, 2007. Rüdiger Grimm and Berthold Hass (Eds.). Nova Publishers, 2008.
Abstract
The establishment of trust relationships across multiple identifier domains in identity management architectures enables a service provider in a certain domain to trust the decisions of an identity provider located in a foreign identifier domain. As a result, users do not have to create new credentials for every identifier domain they communicate with. This trust relationship can be established by using the infrastructure provided by the Trusted Computing Group. In this paper, a concept for the establishment of this trust relationship based on trusted computing technology is developed.
BibTeX
@INPROCEEDINGS{FHKS07, author = {Barbara Fichtinger and Eckehard Herrmann and Nicolai Kuntze and Andreas U. Schmidt}, title = {Trusted Infrastructures for Identities}, booktitle = {Virtual Goods: Technology, Economy, and Legal Aspects. Proceedings of the 5th International Workshop for Technical, Economic and Legal Aspects of Business Models for Virtual Goods, Koblenz, October 11-13, 2007}, editor = {R{\"u}diger Grimm and Berthold Hass}, year = {2008}, publisher = {Nova Publishers}, address = {Hauppauge, New York} isbn = {978-1-60456-486-0}, abstract = {The establishment of trust relationships across multiple identifier domains in identity management architectures enables a service provider in a certain domain to trust the decisions of an identity provider located in a foreign identifier domain. As a result, users do not have to create new credentials for every identifier domain they communicate with. This trust relationship can be established by using the infrastructure provided by the Trusted Computing Group. In this paper, a concept for the establishment of this trust relationship based on trusted computing technology is developed.}, }
P38

Free riding and competition in network markets for digital goods

10.1109/HICSS.2008.176
In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS-41), January 7-10, 2008.
starNominated for best paper award at HICSS-41
Abstract
We present a continuous, stochastic model - the first of its kind - for the monetary flow in multi-level markets allowing for the quantitative assessment of the incentive accruing to market participants through resales revenues. The main application of the model is for novel business models for the marketing of information goods, which purport to yield alternatives to technical copyright protection and DRM. We show analytically that within the scope of the mode free-riding can be mitigated by employing multi-level marketing, and that multi-level markets are open markets for competing information goods.
BibTeX
@INPROCEEDINGS{AUS_HICSS2008, author = {Andreas U. Schmidt}, title = {Free riding and competition in network markets for digital goods}, booktitle = {Proceedings of the 41st Annual Hawaii International Conference on System Sciences (CD-ROM), January 7-10, 2008.}, year = {2008}, pages = {(10 pages)}, publisher = {IEEE Computer Society Press}, doi = {10.1109/HICSS.2008.176}, abstract = {We present a continuous, stochastic model - the first of its kind - for the monetary flow in multi-level markets allowing for the quantitative assessment of the incentive accruing to market participants through resales revenues. The main application of the model is for novel business models for the marketing of information goods, which purport to yield alternatives to technical copyright protection and DRM. We show analytically that within the scope of the mode free-riding can be mitigated by employing multi-level marketing, and that multi-level markets are open markets for competing information goods.}, }
P37

Long-Term and Dynamical Aspects of Information Security: Emerging Trends in Information and Communication Security

Book edited together with Michael Kreutzer and Rafael Accorsi
Nova Publishers, Hauppauge, NY, 2007. ISBN 1-60021-912-8
BibTeX
@PROCEEDINGS{SKA-LTE-book-2007, title = {Long-Term and Dynamical Aspects of Information Security: Emerging Trends in Information and Communication Security}, year = {2007}, editor = {Andreas U. Schmidt and Michael kreutzer and Rafael Accorsi}, address = {Hauppauge NY}, publisher = {Nova Publishers}, isbn = {1-60021-912-8}, }
P36

Protection of DVB Systems by Trusted Computing

Together with Nicolai Kuntze
Contribution to the IEEE International Symposium on Broadband Multimedia Systems and Broadcasting 2007, 28-29 March 2007 at the Orange County Convention Center, Orlando, FL, USA.
Archive: cs.CR/0702086
Abstract
We describe a concept to employ Trusted Computing technology to secure Conditional Access Systems (CAS) for DVB. Central is the embedding of a trusted platform module (TPM) into the set-top-box or residential home gateway. Various deployment scenarios exhibit possibilities of charging co-operation with mobile network operators (MNO), or other payment providers.
BibTeX
@CONFERENCE{KuntzeSchmidt2007C, author = {Nicolai Kuntze and Andreas U. Schmidt}, title = {Protection of DVB Systems by Trusted Computing}, booktitle = {IEEE International Symposium on Broadband Multimedia Systems and Broadcasting 2007, 28-29 March 2007 at the Orange County Convention Center, Orlando, FL, USA}, year = {2007}, abstract = {We describe a concept to employ Trusted Computing technology to secure Conditional Access Systems (CAS) for DVB. Central is the embedding of a trusted platform module (TPM) into the set-top-box or residential home gateway. Various deployment scenarios exhibit possibilities of charging co-operation with mobile network operators (MNO), or other payment providers.}, arxiv = {cs.CR/0702086}, keywords = {Trusted computing, conditional access system, content distribution, payment and charging.}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/07-005-Schmidt-Kuntze-final_paper.pdf}, }
P35

Non-Repudiation in Internet Telephony

10.1007/978-0-387-72367-9_31
Together with Nicolai Kuntze and Christian Hett
In: New Approaches for Security, Privacy, and Trust in Complex Systems. International Federation for Information Processing, Vol 232, pp. 361-372, Springer, Boston, 2007. Proceedings of the IFIP sec2007, Sandton, South Africa 14-16 May 2007
Archive: cs.CR/0701145
Abstract
We present a concept to achieve non-repudiation for natural language conversations over the Internet. The method rests on chained electronic signatures applied to pieces of packet-based, digital, voice communication. It establishes the integrity and authenticity of the bidirectional data stream and its temporal sequence and thus the security context of a conversation. The concept is close to the protocols for Voice over the Internet (VoIP), provides a high level of inherent security, and extends naturally to multilateral non-repudiation,e.g., for conferences. Signatures over conversations can become true declarations of will in analogy to electronically signed, digital documents. This enables binding verbal contracts, in principle between unacquainted speakers, and in particular without witnesses. A reference implementation of a secure VoIP archive is exhibited.
BibTeX
@INPROCEEDINGS{KuntzeSchmidtHett2007, author = {Nicolai Kuntze and Andreas U. Schmidt and Christian Hett}, title = {Non-Repudiation in Internet Telephony}, booktitle = {New Approaches for Security, Privacy and Trust in Complex Systems}, year = {2007}, editor = {H. Venter and M. Eloff and L. Labuschagne and J. Eloff and R. von Solms}, volume = {232}, series = {IFIP International Federation for Information Processing}, pages = {361-372}, address = {Boston}, publisher = {Springer}, abstract = {We present a concept to achieve non-repudiation for natural language conversations over the Internet. The method rests on chained electronic signatures applied to pieces of packet-based, digital, voice communication. It establishes the integrity and authenticity of the bidirectional data stream and its temporal sequence and thus the security context of a conversation. The concept is close to the protocols for Voice over the Internet (VoIP), provides a high level of inherent security, and extends naturally to multilateral non-repudiation,e.g., for conferences. Signatures over conversations can become true declarations of will in analogy to electronically signed, digital documents. This enables binding verbal contracts, in principle between unacquainted speakers, and in particular without witnesses. A reference implementation of a secure VoIP archive is exhibited.}, arxiv = {cs.CR/0701145}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/VoIP_Non_Repudiation.pdf}, }
P34

Trusted Ticket Systems and Applications

10.1007/978-0-387-72367-9_5
Together with Nicolai Kuntze
In: New Approaches for Security, Privacy, and Trust in Complex Systems. International Federation for Information Processing, Vol 232, pp. 49-60, Springer, Boston, 2007. Proceedings of the IFIP sec2007. Sandton, South Africa 14-16 May 2007
Archive: cs.CR/0701144
Abstract
Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users' privacy. We construct a ticket system - a concept which is at the heart of Identity Management - relying solely on the capabilities of the trusted platform module and the standards specified by the Trusted Computing Group. Two examples show how it can be used for pseudonymous and protected service access.
BibTeX
@INPROCEEDINGS{KuntzeSchmidt2007B, author = {Nicolai Kuntze and Andreas U. Schmidt}, title = {Trusted Ticket Systems and Applications}, booktitle = {New Approaches for Security, Privacy and Trust in Complex Systems}, year = {2007}, editor = {H. Venter and M. Eloff and L. Labuschagne and J. Eloff and R. von Solms}, volume = {232}, series = {IFIP International Federation for Information Processing}, pages = {49-60}, address = {Boston}, publisher = {Springer}, abstract = {Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users' privacy. We construct a ticket system - a concept which is at the heart of Identity Management - relying solely on the capabilities of the trusted platform module and the standards specified by the Trusted Computing Group. Two examples show how it can be used for pseudonymous and protected service access.}, arxiv = {cs.CR/0701144}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/TC_Ticket_systems.pdf}, }
P33

Trustworthy content push

10.1109/WCNC.2007.539
Together with Nicolai Kuntze
In: Proceedings of the Wireless Communications and Networking Conference WCNC 2007, Hong Kong, 11-15 March 2007, IEEE.
Archive: cs.CR/0612061
Abstract
Delivery of content to mobile devices gains increasing importance in industrial environments to support employees in the field. An important application are e-mail push services like the fashionable Blackberry. These systems are facing security challenges regarding data transport to, and storage of the data on the end user equipment. The emerging Trusted Computing technology offers new answers to these open questions.
BibTeX
@INPROCEEDINGS{KuntzeSchmidt2007A, author = {Nicolai Kuntze and Andreas U. Schmidt}, title = {Trustworthy content push}, booktitle = {Proceedings of the Wireless Communications and Networking Conference, WCNC 2007, Hong Kong, 11-15 March 2007}, year = {2007}, pages = {2909-2912}, organization = {IEEE}, arxiv = {cs.CR/0612061}, doi = {10.1109/WCNC.2007.539}, }
P32

Employing Trusted Computing for the forward pricing of pseudonyms in reputation systems

Together with Nicolai Kuntze and Dominique Mähler
In: Axmedis 2006 : proceedings of the 2nd international Conference on automated production of cross media content for multi-channel distribution; Workshops Tutorials Applications and Industrial, Kia Ng, Atta Badii, and Pierfrancesco Bellini (eds.). pp. 145-149, Atti del Convegno, Leeds (UK), Firenze University Press, 2006.
Refereed contribution to the Workshop Virtual Goods at the Conference AXMEDIS 2006, 13.-15. December 2006, Leeds, UK
Archive: cs.CR/0607142
Abstract
Reputation and recommendation systems are fundamental for the formation of community market places. Yet, they are easy targets for attacks which disturb a market's equilibrium and are often based on cheap pseudonyms used to submit ratings. We present a method to price ratings using trusted computing, based on pseudonymous tickets.
BibTeX
@INPROCEEDINGS{KMS06, author = {Nicolai Kuntze and Dominique M{\"a}hler and Andreas U. Schmidt}, title = {Employing Trusted Computing for the forward pricing of pseudonyms in reputation systems}, booktitle = {Axmedis 2006 : proceedings of the 2nd international Conference on automated production of cross media content for multi-channel distribution; Workshops Tutorials Applications and Industrial}, year = {2006}, editor = {Kia Ng and Atta Badii and Pierfrancesco Bellini}, series = {Atti del Convegno, Leeds (UK)}, pages = {145-149}, publisher = {Firenze University Press}, abstract = {Reputation and recommendation systems are fundamental for the formation of community market places. Yet, they are easy targets for attacks which disturb a market�s equilibrium and are often based on cheap pseudonyms used to submit ratings. We present a method to price ratings using trusted computing, based on pseudonymous tickets.}, arxiv = {cs.CR/0607142}, doi = {10.1400/56812}, isbn = {88-8453-526-3}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/TC_Pseudonyms_for_Reputation_Systems.pdf}, }
P31

Security and Non-Repudiation for Voice-Over-IP Conversations

Together with Christian Hett and Nicolai Kuntze
Wireless World Research Forum Meeting 17, Heidelberg, Germany 15.-17. November 2006.
Poster presentation at the Conference Information Security South Africa (ISSA 2006) Sandton, South Africa, 5 -7 July 2006.
Archive: cs.CR/0606068
Abstract
We present a concept to achieve non-repudiation for natural language conversations by electronically signing packet-based, digital, voice communication. Signing a VoIP-based conversation means to protect the integrity and authenticity of the bidirectional data stream and its temporal sequence which together establish the security context of the communication. Our concept is conceptually close to the protocols that embody VoIP and provides a high level of inherent security. It enables signatures over voice as true declarations of will, in principle between unacquainted speakers. We point to trusted computing enabled devices as possible trusted signature terminals for voice communication. ACM:
C.2.0 [Computer-Communication Networks]: General - Security and protection Electronic signature; non-repudiation; voice over IP; interval signature; cryptographic chaining; natural-language communication.
BibTeX
@MISC{HKS06B, author = {Christian Hett and Nicolai Kuntze and Andreas U. Schmidt}, title = {Security and Non-Repudiation for Voice-Over-IP Conversations}, howpublished = {Poster presentation at the ISSA 2006 From Insight to Foresight Conference, Sandton, South Africa, 5th-7th July 2006}, acm = {C.2.0}, arxiv = {cs.CR/0606068}, keywords = {Electronic signature; non-repudiation; voice over IP; interval signature; cryptographic chaining; natural-language communication}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/Signed_Voice_Transactions_ISSA06_final.pdf} }
P30

Authorised Translations of Electronic Documents

Together with Jan Piechalski
Refereed contribution to the Conference Information Security South Africa (ISSA 2006) Sandton, South Africa, 5 -7 July 2006.
Archive: cs.OH/0606046
See the corresponding thesis [TH4].
Abstract
A concept is proposed to extend authorised translations of documents to electronically signed, digital documents. Central element of the solution is an electronic seal, embodied as an XML data structure, which attests to the correctness of the translation and the authorisation of the translator. The seal contains a digital signature binding together original and translated document, thus enabling forensic inspection and therefore legal security in the appropriation of the translation. Organisational aspects of possible implementation variants of electronic authorised translations are discussed and a realisation as a stand-alone web-service is presented. ACM:
H.4.1 [Information Systems Applications]: Office Automation - Workflow Management;
K.6.5 [Management of Computing and Information Systems]: Security and Protection - Authentication Authorised translation; electronic signature; electronic seal.
BibTeX
@INPROCEEDINGS{PiechalskiSchmidt2006A, author = {Jan Piechalski and Andreas U. Schmidt}, title = {Authorised Translations of Electronic Documents}, booktitle = {Peer-reviewed Proceedings of the ISSA 2006 From Insight to Foresight Conference}, year = {2006}, editor = {H. S. Venter and J. H. P. Eloff and L. Labuschagne and M. M. Eloff}, publisher = {Information Security South Africa (ISSA)}, acm = {H.4.1 [Information Systems Applications]: Office Automation - Workflow Management; K.6.5 [Management of Computing and Information Systems]: Security and Protection - Authentication}, arxiv = {cs.OH/0606046}, isbn = {1-86854-636-5}, keywords = {Authorised translation; electronic signature; electronic seal}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/Authorised_Translations_ISSA06_final.pdf} }
P29

Trusted Computing in Mobile Action

Together with Nicolai Kuntze
Refereed contribution to the Conference Information Security South Africa (ISSA 2006) Sandton, South Africa, 5 -7 July 2006.
Archive: cs.CR/0606045
Abstract
Due to the convergence of various mobile access technologies like UMTS, WLAN, and WiMax the need for a new supporting infrastructure arises. This infrastructure should be able to support more efficient ways to authenticate users and devices, potentially enabling novel services based on the security provided by the infrastructure. In this paper we exhibit some usage scenarios from the mobile domain integrating trusted computing, which show that trusted computing offers new paradigms for implementing trust and by this enables new technical applications and business scenarios. The scenarios show how the traditional boundaries between technical and authentication domains become permeable while a high security level is maintained. ACM:
C.2.0 [Computer-Communication Networks]: General - Security and protection Trusted computing, mobile service, authentication, privacy.
BibTeX
@INPROCEEDINGS{KuntzeSchmidt2006C, author = {Nicolai Kuntze and Andreas U. Schmidt}, title = {Trusted Computing in Mobile Action}, booktitle = {Peer-reviewed Proceedings of the ISSA 2006 From Insight to Foresight Conference}, year = {2006}, editor = {H. S. Venter and J. H. P. Eloff and L. Labuschagne and M. M. Eloff}, publisher = {Information Security South Africa (ISSA)}, acm = {C.2.0 [Computer-Communication Networks]: General - Security and protection}, arxiv = {cs.CR/0606045}, isbn = {1-86854-636-5}, keywords = {Trusted computing, mobile service, authentication, privacy}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/Trusted_Mobile_Scenarios_final.pdf} }
P28

A secure archive for Voice-over-IP conversations

Together with Christian Hett and Nicolai Kuntze
In: Proceedings of the 3rd Annual VoIP Security Workshop (VSW06), Berlin, Germany 1st-2nd June 2006.
Archive: cs.CR/0606032
Abstract
An efficient archive securing the integrity of VoIP-based two-party conversations is presented. The solution is based on chains of hashes and continuously chained electronic signatures. Security is concentrated in a single, efficient component, allowing for a detailed analysis.
BibTeX
@INPROCEEDINGS{HKS06A, author = {Christian Hett and Nicolai Kuntze and Andreas U. Schmidt}, title = {A secure archive for Voice-over-IP conversations}, booktitle = {Proceedings of the 3rd Annual VoIP Security Workshop (VSW06)}, year = {2006}, editor = {Dorgham Sisalem et al.}, publisher = {ACM}, arxiv = {cs.CR/0606032}, doi = {X}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/Secure_VoIP_Archive.pdf}, }
P27

A Mobile service architecture utilising trusted computing

Together with Nicolai Kuntze
Wirless World Research Forum Meeting 16 (WWRF 16), 26. - 28. April 2006, Shanghai, China.
Abstract
Convergence of access technologies potentially enables new mobile business scenarios. To enable them, trust between the stakeholders is a prerequisite, e.g., in the form of a cross-domain authentication infrastructure. Service architectures provide solutions for some of these needs. This paper proposes a use case combining the well understood techniques from the mobile domain with the upcoming new possibilities of trusted computing.
BibTeX
@INPROCEEDINGS{KuntzeSchmidt2006B, author = {Nicolai Kuntze and Andreas U. Schmidt}, title = {A Mobile service architecture utilising trusted computing}, booktitle = {Proceedings of the Wirless World Research Forum Meeting 16 (WWRF 16)}, year = {2006}, keywords = {authentication, service architecture, trusted computing}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/WWRF16-Contribution_.pdf}, }
P26

Transitive trust in mobile scenarios

10.1007/11766155_6
Together with Nicolai Kuntze
In: Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006), Freiburg im Breisgau, Germany 6th-9th June 2006, Günter Müller (Ed.), Lecture Notes in Computer Science, Vol. 3995 Springer-Verlag, 2006, pp. 73-85.
Archive: cs.CR/0603051
Abstract
Horizontal integration of access technologies to networks and services should be accompanied by some kind of convergence of authentication technologies. The missing link for the federation of user identities across the technological boundaries separating authentication methods can be provided by trusted computing platforms. The concept of establishing transitive trust by trusted computing enables the desired crossdomain authentication functionality. The focus of target application scenarios lies in the realm of mobile networks and devices.
BibTeX
@INPROCEEDINGS{KuntzeSchmidt2006A, author = {Nicolai Kuntze and Andreas U. Schmidt}, title = {Transitive trust in mobile scenarios}, booktitle = {Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006)}, year = {2006}, editor = {G\"unter M\"uller}, volume = {3995}, series = {Lecture Notes in Computer Science}, pages = {73-85}, publisher = {Springer-Verlag}, arxiv = {cs.CR/0603051}, doi = {10.1007/11766155_6}, url = {http://www.math.uni-frankfurt.de/~aschmidt/docs/ETIRCS06-transitive-trust.pdf} }
P25

Trusted Integration of Mobile Platforms into Service-oriented Networks

Together with Dr. Michael Marhöfer, Siemens AG
Extended Summary of a talk presented at the 11th German-Japanese Symposium "Security, Privacy and Safety in the Information Society" of the Münchner Kreis, Tokio, Japan, 13th-16th September 2005.
BibTeX
@MISC{MS05, author = {Andreas U. Schmidt and Michael Marhöfer}, title = {Trusted Integration of Mobile Platforms into Service-oriented Networks}, howpublished = {Extended Summary of a talk presented at the 11th German-Japanese Symposium "Security, Privacy and Safety in the Information Society" of the Münchner Kreis, Tokio, Japan, 13th-16th September 2005.}, month = {9}, year = {2005}, url = {http://www.muenchner-kreis.de/}, }
P24

Aspect-Oriented Security for Web-Applications

Together with Nicolai Kuntze and Thomas Rauch
In: Sachar Paulus, Norbert Pohlmann, Helmut Reimer (Eds.), ISSE 2005 Securing Electronic Business Processes, Highligths of the Information Security Solutions Europe 2005 Conference, Vieweg-Verlag, September 2005, pp. 83-91.
See the corresponding paper [P21]
Abstract
Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This paper presents an approach to securing a system without any knowledge of its source code. The security module adds authentication and authorisation functionalities based on aspect oriented programming (AOP) and the liberty alliance identity federation framework, an upcoming industry standard providing single sign on (SSO). High modularisation is achieved through use of AspectJ, a programming language extension of Java. The security module is adapted to the host application in an intuitive, initial training phase. The use of hardware tokens and proactive computing as authorisation methods is demonstrated.
BibTeX
@inproceedings{KRS05C, author = {Nicolai Kuntze and Thomas Rauch and Andreas U. Schmidt}, title = {Aspect-Oriented Security for Web-Applications}, year = {2005}, publisher = {Vieweg-Verlag}, booktitle = {ISSE 2005 Securing Electronic Business Processes, Highligths of the Information Security Solutions Europe 2005 Conference}, editor = {Sachar Paulus and Norbert Pohlmann and Helmut Reimer}, isbn = {3-8348-0011-2} pages = {83-91}, }
P23

Multi-level markets and incentives for information goods

10.1016/j.infoecopol.2005.06.001
Information Economics and Policy 18 no. 2 (2006) 125-138.
Abstract
The free-rider phenomenon which impedes the marketing of information goods is conventionally countered by copyright protection regulations and technology. Alternative ways to market information goods, in particular through systems based on the super-distribution of a good from buyer to buyer, have recently raised some interest. Some of them mimic peer-to-peer file-sharing networks, while advanced ones are mechanisms falling into the category of multi-level markets. Motivated by this, the present paper develops a general model for the monetary flux in a multi-level market, quantitatively describing the incentives that buyers receive through resales revenues. Based on it, some qualitative questions pertaining to a profitable marketing of information goods are discussed. JEL: C51, C67, D4 Information good, Multi-level market, Virtual good, Incentive, Copyright protection.
BibTeX
@article{AUS05A, author = {Andreas U. Schmidt}, title = {Multi-level markets and incentives for information goods}, journal = {Information Economics and Policy}, year = {2006}, volume = {18}, number = {2}, pages = {125-138} }
P22

Incentive Systems in Multi-Level Markets for Virtual Goods

Workshop Virtual Goods at the Conference AXMEDIS 2005, 30. November - 2. December 2005, Florence, Italy.
Axmedis 2005, Proceedings of the 1st International Conference on Automated Production of Cross Media Content for Multi-Channel Distribution, Volume for Workshops, Industrial, and Application Sessions, Paolo Nesi, Kia Ng, Jaime Delgado (Eds.), Firenze University Press, 2005 (Atti 22), pp. 134-141. ISBN 88-8453-354-6 (online), 88-8453-354-4 (print)
Archive: cs.GT/0409028
Abstract
As an alternative to rigid DRM measures, ways of marketing virtual goods through multi-level or networked marketing have raised some interest. This report is a first approach to multi-level markets for virtual goods from the viewpoint of theoretical economy. A generic, kinematic model for the monetary flow in multi-level markets, which quantitatively describes the incentives that buyers receive through resales revenues, is devised. Building on it, the competition of goods is examined in a dynamical, utilitytheoretic model enabling, in particular, a treatment of the free-rider problem. The most important implications for the design of multi-level market mechanisms for virtual goods, or multi-level incentive management systems, are outlined. MSC: 91B60, 90B60, 46N10 JEL: C51, C67, D4 ACM: K4.4 Multi-Level Market; Incentive; Free-Rider Problem; Competition.
BibTeX
@inproceedings{AUS04C, author = {Andreas U. Schmidt}, title = {Multi-Level Markets for Virtual Goods}, year = {2005}, publisher = {Firenze University Press}, booktitle = {Axmedis 2005, Proceedings of the 1st International Conference on Automated Production of Cross Media Content for Multi-Channel Distribution, Volume for Workshops, Industrial, and Application Sessions}, series = {Atti}, volume = {22}, editor = {Paolo Nesi and Kia Ng and Jaime Delgado}, pages = {134-141}, ISBN = {88-8453-354-6 (online) 88-8453-354-4 (print)}, note = {arXiv: \href{http://arXiv.org/abs/cs.GT/0409028}{cs.GT/0409028}} }
P21

Security for Distributed Web-Applications via Aspect-Oriented Programming

Together with Nicolai Kuntze and Thomas Rauch
Refereed contribution to the Conference Information Security South Africa (ISSA 2005) Sandton, South Africa, 29. June - 1. July 2005.
Archive: cs.CR/0507071
Abstract
Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This paper presents an approach securing a system without any knowledge of the system source code. The security module adds to the existing system authentication and authorisation based on aspect oriented programming and the liberty alliance framework, an upcoming industrie standard providing single sign on. In an initial training phase the module is adapted to the application which is to be secured. Moreover the use of hardware tokens and proactive computing is demonstrated. The high modularisation is achived through use of AspectJ, a programming language extension of Java. ACM: K.6.5; D.1.5; D.2 Identity Mangement, aspect oriented programming, single sign on, liberty alliance, pro active computing, aspectj, identity federation.
BibTeX
@inproceedings{KRS05B, author = {Nicolai Kuntze and Thomas Rauch and Andreas U. Schmidt}, title = {Security for Distributed Web-Applications via Aspect-Oriented Programming}, year = {2005}, publisher = {Information Security South Africa (ISSA)}, booktitle = {Peer-reviewed Proceedings of the ISSA 2005 New Knowledge Today Conference}, editor = {H. S. Venter and J. H. P. Eloff and L. Labuschagne and M. M. Eloff}, isbn = {1-86854-625-X} }
P20

Sicherheit in verteilten Web-Applikationen durch aspektorientierte Programmierung

Together with Nicolai Kuntze and Thomas Rauch
Refereed contribution to the 19. DFN-Arbeitstagung über Kommunikationsnetze, Handwerkskammer Düsseldorf, Germany, 18.-20 May 2005.
In: Jan Van Knop and Wilhelm Haverkamp and Eike Jessen (Hrsg.) "Heute schon das Morgen sehen." 19. DFN-Jahrestagung über Kommunikationsnetze. GI-Edition, Lecture Notes in Informatics (LNI), Vol. P-73, pp. 95-108, 2005.
See the corresponding paper [P21]
Abstract
Identity Management erlangt eine immer größere Bedeutung, da immer mehr Firmen ihre IT-Systeme für Partner, Lieferanten oder Kunden öffnen. Die Arbeit stellt einen Ansatz vor, durch den ein Zugriffskontroll- und Authentifikationssystem modular zu bestehenden webbasierten Systemen hinzugefügt werden kann. Das System muss hierfür nicht im Sourcecode vorliegen. In einer Trainingsphase wird das Modul an die zu schützende Applikation angepasst. Dies wird durch den Einsatz von aspektorientierter Programmierung in Form des AspectJ Frameworks erreicht. Für die Authentifikation kommt das Liberty Alliance Protokoll, ein zukünftiger Industriestandard, zum Einsatz, welches ein Single-Sign-On Protokoll unter Verwendung von Identity Federation implementiert. Eine mögliche Verwendung von Hardwaretoken in diesem Framework wird demonstriert und ein Weg vorgestellt, ein proaktives Verhalten in das Systems zu integrieren.
BibTeX
@inproceedings{KRS05A, author = {Nicolai Kuntze and Thomas Rauch and Andreas U. Schmidt}, title = {Sicherheit in verteilten Web-Applikationen durch aspektorientierte Programmierung}, year = {2005}, publisher = {Gesellschaft für Informatik}, booktitle = {Heute schon das Morgen sehen. 19. DFN-Jahrestagung über Kommunikationsnetze}, series = {LNI}, volume = {P-73}, isbn = {3-88579-402-0}, editor = {Jan Van Knop and Wilhelm Haverkamp and Eike Jessen}, pages = {95-108} }
P19

Konzepte für rechtssichere Transformationen signierter Dokumente

Together with Thomas Kunz and Ursula Viebeg
Datenschutz und Datensicherheit (DuD) 29 (Mai 2005) 5, 279-285
See the corresponding talks [T8, T11], and the related papers [P17, P18]
Website of the TransiDoc project
Abstract
Umwandlungen signierter Dokumente werfen Fragen auf, die für die Anwendung erhebliche Unsicherheiten begründen. Dieser Beitrag untersucht den Themenkomplex unter rechtlichen, technischen und organisatorischen Aspekten. Es werden Grundkonzepte sicherer Transformationen erläutert, die Transformation als Prozess analysiert und Lösungsansätze präsentiert.
BibTeX
@article{KSV05, author = {Thomas Kunz, Andreas U. Schmidt, Ursula Viebeg}, title = {Konzepte für rechtssichere {T}ransformationen signierter {D}okumente}, journal = {Datenschutz und Datensicherheit (DuD)}, year = {2005}, pages = {279-285}, volume = {29}, number = {5}, month = may }
P18

Legal Security for Transformations of Signed Documents: Fundamental Concepts

10.1007/11533733_18
Together with Zbyněk Loebl
Refereed contribution to the Second European PKI Workshop, University of Kent, England 30. June - 1. July 2005.
In: Proceedings of the Second European PKI Workshop, D. Chadwick and G. Zhao (Eds.) Lecture Notes in Computer Science, vol. 3545, pp. 255-270, Springer-Verlag, 2005.
Website of the TransiDoc project
Abstract
Transformations of signed documents raise questions of technical and organisational nature which render the legal security of the transformed document doubtful. In particular, digital signatures of originals break depriving documents of probative force. This report elucidates legal problems, and introduces fundamental concepts of legally secure document transformations in a deliberately generic, applicationindependent way. A process analysis of transformations of signed documents is carried out to elicit common security requirements. This leads to the solution approach transformation seal, a cryptographically secured container used to ensure legal security for transformed documents by securing the content's integrity, attesting a transformation's correctnes, and attributing it to a responsible party.
BibTeX
@inproceedings{LS05, author = {Andreas U. Schmidt and Zbyn\v{e}k Loebl}, title = {Legal Security for Transformations of Signed Documents: Fundamental Concepts}, year = {2005}, publisher = {Springer-Verlag}, booktitle = {EuroPKI 2005.}, series = {Lecture Notes in Computer Science}, volume = {3545}, editor = {D. Chadwick and G. Zhao}, pages = {255-270}, note = {\href{http://www.transidoc.de}{TransiDoc Project Site}} }
P17

Grundkonzepte rechtssicherer Transformation signierter Dokumente

Together with Stefanie Fischer-Dieskau, Thomas Kunz, Ursula Viebeg
Refereed contribution to the Workshop "Qualifizierte elektronische Signaturen in Theorie und Praxis" (QSIG2005) at the Konferenz Sicherheit 2005, 2. Jahrestagung des Fachbereichs Sicherheit der GI, at the University of Regensburg, Germany, 5-8 April 2005.
In: Hannes Federrath (Ed.): Sicherheit 2005: Sicherheit - Schutz und Zuverlässigkeit, GI-Edition, Lecture Notes in Informatics (LNI), Vol. P-62, pp. 401-412, 2005.
Website of the TransiDoc project
Abstract
Umwandlungen signierter Dokumente werfen Fragen auf, die für die Anwendung erhebliche Unsicherheiten begründen. Dieser Beitrag untersucht den Themenkomplex unter rechtlichen, technischen und organisatorischen Aspekten. Es werden Grundkonzepte sicherer Transformationen erläutert, die Transformation als Prozess analysiert und Lösungsansätze präsentiert.
BibTeX
@inproceedings{F-DKSV05, author = {Stefanie Fischer-Dieskau and Thomas Kunz and Andreas U. Schmidt and Ursula Viebeg}, title = {Grundkonzepte rechtssicherer Transformation signierter Dokumente}, year = {2005}, publisher = {Gesellschaft für Informatik}, booktitle = {Sicherheit 2005, Beiträge der 2. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f{\"u}r Informatik e. V. (GI), 5.-8. April 2005 in Regensburg}, series = {LNI}, volume = {P-62}, isbn = {3-88579-391-1}, editor = {Hannes Federrath}, pages = {401-412}, note = {\href{http://www.transidoc.de}{TransiDoc Project Site}} }
P16

Asymptotic Hyperfunctions, Tempered Hyperfunctions, and Asymptotic Expansions

10.1155/IJMMS.2005.755
International Journal of Mathematics and Mathematical Sciences 2005 5 (May 2005) 755-788
Review: Math. Rev. 2173691
Archive: math.FA/0107058
See the corresponding book and PhD Dissertation [P3]
Abstract
We introduce new subclasses of Fourier hyperfunctions of mixed type, satisfying polynomial growth conditions at infinity, and develop their sheaf and duality theory. We use Fourier transformation and duality to examine relations of these asymptotic and tempered hyperfunctions to known classes of test functions and distributions, especially the Gelfand–Shilov-Spaces. Further it is shown that the asymptotic hyperfunctions, which decay faster than any negative power, are precisely the class that allow asymptotic expansions at infinity. These asymptotic expansions are carried over to the higher-dimensional case by applying the Radon transformation for hyperfunctions. 46F15, 46F20, 30E15 Hyperfunctions, asymptotic expansions, moments, Radon transformation
BibTeX
@article{AUS02C, author = {Andreas U. Schmidt}, title = {Asymptotic Hyperfunctions, Tempered Hyperfunctions, and Asymptotic Expansions}, journal = {International Journal of Mathematics and Mathematical Sciences}, year = {}, volume = {}, pages = {}, month = {}, note = {to appear; arXiv \href{http://arXiv.org/abs/math.FA/0107058}{\texttt{math.FA/0107058}}} }
P15

A Model for Prejudiced Learning in Noisy Environments

10.1016/j.amc.2004.09.003
Archive: nlin.AO/0306055
See also the talk [T2] and the paper [P5]
Abstract
TBased on the heuristics that maintaining presumptions can be beneficial in uncertain environments, we propose a set of basic axioms for learning systems to incorporate the concept of prejudice. The simplest, memoryless model of a deterministic learning rule obeying the axioms is constructed, and shown to be equivalent to the logistic map. The system's performance is analysed in an environment in which it is subject to external randomness, weighing learning defectiveness against stability gained. The corresponding random dynamical system with inhomogeneous, additive noise is studied, and shown to exhibit the phenomena of noise induced stability and stochastic bifurcations. The overall results allow for the interpretation that prejudice in uncertain environments entails a considerable portion of stubbornness as a secondary phenomenon. 91A26, 34F05 Learning, prejudice, uncertainty, noise, random dynamical system, noise induced stability, stochastic bifurcation
BibTeX
@ARTICLE{AUS03D, author = {Andreas U. Schmidt}, title = {{A} {M}odel for {P}rejudiced {L}earning in {N}oisy {E}nvironments}, journal = {Applied Mathematics and Computation}, year = {2005}, volume = {168}, pages = {354-379}, number = {1}, arxiv = {nlin.AO/0306055}, doi = {10.1016/j.amc.2004.09.003}, keywords = {Learning; Prejudice; Uncertainty; Noise; Random dynamical system; Noise induced stability; Stochastic bifurcation}, msc = {91A26, 34F05} }
P14

Interoperability Challenges for DRM Systems

Together with Omid Tafreschi, Ruben Wolf
Refereed paper for the GI WG ECOM / IFIP TC 6, WG 6.11 Workshop on Virtual Goods 2004, Technical University of Ilmenau, Germany, 28 - 29 May 2004. Published exclusively on the Web.
Abstract
Large scale Digital Rights Management (DRM) systems are close to deployment in various areas. However, interoperability problems associated with DRM based content distribution systems encompassing many business models, consumer use cases, content and device types, have not been regarded in detail. On grounds of an analysis of these issues we argue that comprehensive DRM poses very special interoperability challenges, and advocate the utility of intermediary roles for viable DRM solutions.
BibTeX
@inproceedings{AUS04B, author = {Andreas U. Schmidt and Omid Tafreschi and Ruben Wolf}, title = {{I}nteroperability {C}hallenges for {DRM} {S}ystems}, year = {2004}, booktitle = {Reviewed Paper. IFIP/GI Workshop on Virtual Goods, Ilmenau (Germany), 28-29 May 2004, online publication pp. 125--136. Available from \href{http://virtualgoods.tu-ilmenau.de/2004/program.html}{http://virtualgoods.tu-ilmenau.de/2004/program.html}}, note = {Published exclusively on the Web} }
P13

Implementierung von Security Policies in offenen Telekollaborationen

Together with Michael Herfert, Peter Ochsenschläger, Jürgen Repp, Roland Rieke, Martin Schmucker, Steven Vettermann, Uwe Böttge, Cristina Escaleira, Dirk Rüdiger
In: D.A.CH Security 2004, Patrick Horster ed., Syssec, Sauerlach, Austria 2004. pp. 37-49. Refereed paper for the Conference D.A.CH Security 2004, joint conference of GI, OCG, BITKOM, SI, and TeleTrusT, at the university of Basle, Switzerland, 30-31 March 2004
Website of the MakoSi project
Abstract
Die besonderen Anforderungen der Planung und Durchsetzung von Sicherheitspolitiken in Telekollaborations-Umgebungen, in die verschiedene Partner unterschiedliche Sicherheitsrichtlinien einbringen, werden diskutiert. Ein durchgängiges Vorgehensmodell wird vorgestellt, dass von der Planung und Formalisierung über die formale Verifikation bis zur Implementierung der Sicherheits-Policies reicht. An einem konkreten Szenario aus der Automotive Industrie wird exemplarisch die Umsetzung des Konzepts dargestellt. Schließlich werden verbleibende Probleme diskutiert und bewertet.
BibTeX
@inproceedings{AUS04A, author = {Michael Herfert and Andreas U. Schmidt and Peter Ochsenschl\"{a}ger and J\"{u}rgen Repp and Roland Rieke and Martin Schmucker and Steven Vettermann and Uwe B\"{o}ttge and Cristina Escaleira and Dirk R\"{u}diger}, title = {{I}mplementierung von {S}ecurity {P}olicies in offenen {T}elekollaborationen}, year = {2004}, publisher = {syssec}, booktitle = {D.A.CH Security 2004}, address = {Sauerlach, Austria}, editor = {Patrick Horster}, pages = {37-39}, note = {ISBN 3-00-013137-X. \href{http://www.makosi.de}{MakoSi Project Site}} }
P12

Mathematics of the Quantum Zeno Effect

In: Mathematical Physics Research on the Leading Edge, Charles V. Benton ed., Nova Science Publishers, Hauppauge NY, pp. 113-143, ISBN 1-59033-905-3, 2004
Review: Math. Rev. 2068576
Archive: math-ph/0307044
See the corresponding presentation [T4], and the papers [P7], [P9]
Abstract
We present an overview of the mathematics underlying the quantum Zeno effect. Classical, functional analytic results are put into perspective and compared with more recent ones. This yields some new insights into mathematical preconditions entailing the Zeno paradox, in particular a simplified proof of Misra's and Sudarshan's theorem. We empahsise the complex-analytic structures associated to the issue of existence of the Zeno dynamics. On grounds of the assembled material, we reason about possible future mathematical developments pertaining to the Zeno paradox and its counterpart, the anti-Zeno paradox, both of which seem to be close to complete characterisations. 46L60, 47D03, 81P15, 81R15, 82B10; 03.65.Xp, 03.65Db, 05.30.-d, 02.30.T Quantum Zeno Effect, anti-Zeno effect, measurement, Trotter's product formula, degenerate semigroup, operator algebra, modular automorphism group, KMS-state, return to equilibrium, Gibbs state
BibTeX
@incollection{AUS04, author = {Andreas U. Schmidt}, title = {{M}athematics of the {Q}uantum {Z}eno {E}ffect}, year = {2004}, publisher = {Nova Science Publishers}, booktitle = {Mathematical Physics Research on the Leading Edge}, address = {Hauppauge NY}, editor = {Charles V. Benton}, pages = {113-143}, isbn = {1-59033-905-3}, note = {to appear. arXiv \href{http://arXiv.org/abs/math-ph/0307044}{\texttt{math-ph/0307044}}} }
P11

XML-Signatur Anwendungsprofile als Weg zur Lösung des Präsentationsproblems

Together with Thomas Kunz and Ulrich Pordesch
Datenschutz und Datensicherheit (DuD) 27/12 (December 2003) 740-745
See the corresponding talk [T6], the paper [P4], and talk [T1]
Abstract
Seit fast zwei Jahren existiert mit dem XML Signaturstandard ein Format für elektronische Signatu-ren, das weit über herkömmliche Signaturformate hinausgeht. Flexibilität und Mächtigkeit des Standards bergen aber auch erhebliche Gefahren. Dieser Bei-trag untersucht, welche Risiken sich in Bezug auf das Präsentationsproblem bei der Anwendung von XML-Signaturen ergeben und welche Anforderungen sich daraus für die anwendungsspezifische Ausgestaltung und Einschränkungen des grundlegenden Standards ergeben.
BibTeX
@article{AUS03C, author = {Andreas U. Schmidt and Thomas Kunz and Ulrich Pordesch}, title = {{X}{M}{L}-{S}ignatur {A}nwendungsprofile als {W}eg zur {L}ösung des {P}räsentationsproblems}, journal = {Datenschutz und Datensicherheit (DuD)}, year = {2000}, pages = {740-745}, volume = {27}, number = {12}, month = dec }
P10

Phragmén-Lindelöf principles of type L^p

Applied Mathematics E-Notes 3 (2003) 178-182
Abstract
Integrability conditions of type $L^p$ along straight lines within a strip in $\mathbf{C}$ are derived for holomorphic functions which are integrable over the area of the strip. 30E20, 30A10 Phragmén-Lindelöf principle, Hadamard's Three-Lines Theorem, $L^p$ bounds, $L^p$ means, convexity
BibTeX
@article{AUS03B, author = {Andreas U. Schmidt}, title = {Phragmén-Lindelöf principles of type $L^p$}, journal = {Appl. Math. E-Notes}, year = {2003}, pages = {178-182}, volume = {3} }
P9

Zeno Dynamics in Quantum Statistical Mechanics

10.1088/0305-4470/36/4/319
Journal of Physics A: Mathematical and General 36 (January 2003) 1135-1148
Corrigendum: ibid. 37 (June 2004) 11309-11310
Review: Math. Rev. 1965478
Archive: math-ph/0207013
See the corresponding presentation [T4], and the papers [P7], [P12]
Abstract
We study the quantum Zeno effect in quantum statistical mechanics within the operator algebraic framework. We formulate a condition for the appearance of the effect in W*-dynamical systems, in terms of the short-time behaviour of the dynamics. Examples of quantum spin systems show that this condition can be effectively applied to quantum statistical mechanical models. Furthermore, we derive an explicit form of the Zeno generator, and use it to construct Gibbs equilibrium states for the Zeno dynamics. As a concrete example, we consider the X-Y model, for which we show that a frequent measurement at a microscopic level, e.g. a single lattice site, can produce a macroscopic effect in changing the global equilibrium. 82B10, 82C10, 81R15; 03.65.Xp, 05.30.-d, 02.30.Tb Quantum Zeno dynamics, W*-dynamical system, quantum spin systems, X-Y model, return to equilibrium
BibTeX
@article{AUS03, author = {Andreas U. Schmidt}, title = {Zeno Dynamics in Quantum Statistical Mechanics}, journal = {J. Phys. A}, year = {2003}, pages = {1135-1148}, volume = {36}, month = jan, note = {arXiv \href{http://arXiv.org/abs/math-ph/0207013}{\texttt{math-ph/0207013}}}, mrnumber = {1965478} }
P8

A Note on Heat Kernel Estimates on Weighted Graphs with Two-Sided Bounds on the Weights

Applied Mathematics E-Notes 2 (2002) 25-28
Abstract
We reconsider estimates for the heat kernel on weighted graphs recently found by Metzger and Stollmann. In the case that the weights satisfy a positive lower bound as well as a finite upper bound, we obtain a specialized lower estimate and a proper generalization of a previous upper estimate. 39A12 Heat kernel, Laplace operator on graphs
BibTeX
@article{AUS02B, author = {Andreas U. Schmidt}, title = {A Note on Heat Kernel Estimates on Weighted Graphs with Two-Sided Bounds on the Weights}, journal = {Appl. Math. E-Notes}, year = {2002}, pages = {25-28}, volume = {2}, mrnumber = {1979406} }
P7

Zeno Dynamics of von Neumann Algebras

10.1088/0305-4470/35/36/309
Journal of Physics A: Mathematical and General 35 (August 2002) 7817-7825
Review: Math. Rev. 1947135
Archive: math-ph/0203008
See the corresponding presentation [T4], and the follow-up papers [P9], [P12]
Abstract
The dynamical quantum Zeno effect is studied in the context of von Neumann algebras. It is shown that the Zeno dynamics coincides with the modular dynamics of a localized subalgebra. This relates the modular operator of that subalgebra to the modular operator of the original algebra by a variant of the Kato--Lie--Trotter product formula. 46L60, 81P15, 81R15; 03.65.Xp, 03.65.Db, 02.30.Tb Quantum Zeno effect, von Neumann algebra, modular group
BibTeX
@article{AUS02A, author = {Andreas U. Schmidt}, title = {Zeno Dynamics of von Neumann Algebras}, journal = {J. Phys. A}, year = {2002}, pages = {7817-7825}, volume = {35}, month = aug, note = {arXiv \href{http://arXiv.org/abs/math-ph/0203008}{\texttt{math-ph/0203008}}}, mrnumber = {1947135} }
P6

Infinite Infrared Regularization and a State Space for the Heisenberg Algebra

10.1063/1.1425427
Journal of Mathematical Physics 36 no. 1 (January 2002) 243-259
Erratum: ibid. 43 no. 6 (June 2002) 3412
Review: Math. Rev. 1902489
Archives: math-ph/0105042, mp_arc/01-194
See the corresponding paper [P2], and the presentation [T5]
Abstract
We present a method for the construction of a Krein space completion for spaces of test functions, equipped with an indefinite inner product induced by a kernel which is more singular than a distribution of finite order. This generalizes a regularization method for infrared singularities in quantum field theory, introduced by G. Morchio and F. Strocchi, to the case of singularites of infinite order. We give conditions for the possibility of this procedure in terms of local differential operators and the Gelfand-Shilov test function spaces, as well as an abstract sufficient condition. As a model case we construct a maximally positive definite state space for the Heisenberg algebra in the presence of an infinite infrared singularity. 46C20, 46F05, 47B50, 81T05; 11.10.-z, 02.10.-v, 02.30.Tb Infrared singularity, Gelfand-Shilov space, Heisenberg algebra, indefinite inner product space, Krein space
BibTeX
@article{AUS02, author = {Andreas U. Schmidt}, title = {{I}nfinite infrared regularization and a state space for the {H}eisenberg algebra}, journal = {J. Math. Phys.}, year = {2002}, pages = {243-259}, volume = {43}, number = {1}, month = jan, note = {arXiv \href{http://arXiv.org/abs/math-ph/0105042}{\texttt{math-ph/0105042}}}, mrnumber = {1902489} }
P5

A Model for Prejudiced Behaviour and a Noisy Dynamical System

GMD Report 104, GMD German National Research Center for Information Technology, Institute for Secure Telecooperation, Darmstadt, Germany, July 2000, ISSN 1435-2702
See the corresponding talk [T2] and the superseding paper [P15]
Abstract
This report combines two different threads of research: In the first chapter, we make a proposal for a mathematical model of prejudiced behaviour. The heuristic background of this is the study of agents in open marketplaces, e.g., on the internet. We derive our model from a simple outset within the framework of the general theory of learning systems and a few axiomatic assumptions. The model considered turns out to be an example of a noisy dynamical system. Systems of this type have recently attracted much attention in the physical and mathematical communities. We perform a theoretical study of our special system in chapter 2 and carry out some numerical experiments. We stress the analogy of the phenomenology of the system with phase transitions in physical systems. The results that we obtain in chapter 2 give us some insight into the qualitative behaviour that learning systems governed by our prejudiced learning rule will exhibit. Dieser Bericht führt zwei verschiedene Forschungsthemen zusammen: Im ersten Kapitel stellen wir ein mathematisches Modell für vorurteilsbehaftetes Verhalten vor. Den heuristische Hintergrund bildet hierbei die Studie des Verhaltens von Agenten in offenen Marktplätzen wie z. B. internetbasierten. Das Modell leiten wir im Rahmen einfacher Grundlagen der Theorie lernender Systeme aus wenigen axiomatischen Annahmen her. Es erweist sich als ein Beispiel für ein dynamisches System mit Rauschen. Systeme dieses Typs haben in jüngster Zeit in Mathematik und Physik einige Aufmerksamkeit erregt. Wir führen eine theoretische Studie unseres speziellen Systems in Kapitel 2 durch und sammeln empirische Daten mittels numerischer Experimente. Dabei betonen wir besonders die Analogie zum Phänomen der Phasenübergänge in physikalischen Systemen. Die Resultate, die wir erhalten ermöglichen es uns wiederum in Kapitel 2, einigen Einblick in das qualitative Verhalten das lernende Systeme, die unserer Lernregel gehorchen, zeigen werden, zu gewinnen.
BibTeX
@techreport{AUS00, author = {Andreas U. Schmidt}, title = {{A} {M}odel for {P}rejudiced {B}ehaviour and a {N}oisy {D}ynamical {S}ystem}, institution = {GMD German National Research Center for Information Technology, Institute for Secure Telecooperation}, year = {2000}, type = {GMD Report}, number = {104}, address = {Darmstadt, Germany}, month = jul, note = {ISSN 1435-2702} }
P4

Signiertes XML und das Präsentationsproblem

Datenschutz und Datensicherheit (DuD) 24/3 (März 2000) 153-158
See the corresponding talk [T1], the follow-up paper [P11], and talk [T6]
Abstract
Eines der gravierendsten Probleme, die sich einer breiten öffentlichen Anwendung digitaler Signaturen in den Weg stellt, ist das Problem der zurechenbaren und beweiskräftigen Präsentation signierter Dokumente. Im vorliegenden Beitrag wird untersucht, welchen Lösungsbeitrag hierzu die Extensible Markup Language (XML) als universelles Datenformat und der XML-Signaturstandard, der zurzeit vom World Wide Web Consortium (W3C) spezifiziert wird, leisten können.
BibTeX
@article{AUS00A, author = {Andreas U. Schmidt}, title = {{S}igniertes {X}{M}{L} und das {P}räsentationsproblem}, journal = {Datenschutz und Datensicherheit (DuD)}, year = {2003}, pages = {153-158}, volume = {24}, number = {3}, month = mar }
P3

Asymptotische Hyperfunktionen, temperierte Hyperfunktionen und asymptotische Entwicklungen

Logos-Verlag, Berlin, 1998, ISBN 3-89722-127-6
PhD Dissertation, Johann Wolfgang Goethe-Universität Frankfurt am Main, Germany, 1999
Review: Zbl. Math. 0934.46042
See the corresponding paper [P16]
Abstract
Wir führen eine neue Unterklasse der Fourier Hyperfunktionen mit polynomialen Wachstumsbedingungen ein mit dem Ziel, asymptotische Entwicklungen von Hyperfunktionen studieren zu wollen, wie sie für gewisse Distributionenklassen bekannt sind. Wir entwickeln zuerst die Theorie analytischer Funktionale auf Räumen integrabler Funktionen bezüglich Maßen mit Wachstum O(|Re z|^gamma), wobei gamma in R ist, im Unendlichen. Ein an das berühmte Phragmén-Lindelöf-Prinzip erinnerndes, einfaches analytisches Resultat bildet die Basis der Dualitätstheorie dieser Räume zu Funktionen mit festgelegtem Wachstumstyp. Wir studieren diese Dualität analytischer Funktionale mit Wachstumsbedingungen und unbeschränkten Trägern gründlich in einer Dimension unter Verwendung des von den Fourier Hyperfunktionen her bekannten exponentiell abfallenden Cauchy-Hilbert-Kerns. Daraus ergeben sich Analoga zu den Theoremen von Runge und Mittag-Leffler, die die Grundlage für die Garbentheorie der Hyperfunktionen mit polynomialen Wachstumsbedingungen sind, die wir sodann entwickeln. Die für uns wichtigsten neuen Klassen von Fourier Hyperfunktionen sind die von unendlichem Typ, das heißt solche, die wie eine beliebige Potenz wachsen beziehungsweise schneller als jede Potenz abfallen. In n Dimensionen benutzen wir die Fouriertransformation und Dualität um das Verhältnis dieser temperierten beziehungsweise asymptotischen Hyperfunktionen zu bekannten Distributionenräumen zu studieren. Wir leiten Theoreme vom Paley-Wiener-Typ her, die es uns erlauben, unsere Hyperfunktionen in ein Schema zu ordnen, das Wachstumsordnung und Singularität gegenüberstellt. Wir zeigen, daß dieses Schema eine sinvolle Erweiterung des von Gelfand und Shilow zur Charakterisierung von Testfunktionenräumen eingeführten Schemas der Räume S(alpha,beta) um verallgemeinerte Funktionen ist. Schließlich zeigen wir die Nuklearität der temperierten und asymptotischen Hyperfunktionen. Wir zeigen, daß die asymptotischen Hyperfunktionen genau die Klasse bilden, die Moment-asymptotische Entwicklungen erlauben, wie sie von Estrada et al. für Distributionen betrachtet wurden. Estradas Theorie ist damit ein Spezialfall der unsrigen. Für Hyperfunktionen lassen sich aber dank des Konzeptes der standard definierenden Funktionen die Moment-asymptotischen Entwicklungen als klassische asymptotische Entwicklungen von analytischen Funktionen verstehen. Wir zeigen die einfache Beziehung zwischen der Moment-asymptotischen Entwicklung und der Taylorentwicklung der Fouriertransformierten und benutzen dann ein Resultat von Estrada, um die Vollständigkeit unseres Moment-asymptotischen Schemas abzuleiten. Wir geben genaue Bedingungen für die Moment-Folgen von Hyperfunktionen mit kompaktem Träger an, die kürzlich von Kim et al. gefunden wurden. Die asymptotischen Entwicklungen übertragen wir auf den höherdimensionalen Fall, indem wir die von Kaneko und Takiguchi eingeführte Radontransformation für Hyperfunktionen verwenden. Die wohlbekannte Beziehung zwischen Radon- und Fouriertransformation zeigt wiederum das enge Verhältnis von asymptotischer Entwicklung zur Taylorentwicklung der Fouriertransformierten. Wir benutzen Kims Resultate, um die Moment-Folgen von Hyperfunktionen zu charakterisieren, die von Kugeln mit endlichem Radius getragen werden. Schließlich verwenden wir das Träger-Theorem der Radontransformation, um ein Resultat über das Singularitätenspektrum aus Bedingungen an die Radontransformierte abzuleiten. We introduce new subclasses of Fourier hyperfunctions satisfying polynomial growth conditions at infinity with the intention to study asymptotic expansions in hyperfunction theory, which are known to hold in certain spaces of distributions. We begin by developing the theory of analytic functionals on spaces of integrable functions with respect to measures of growth O(|Re z|^gamma), where gamma is in R, at infinity. A simple analytic result for these Hardy type spaces, reminiscent of the famous Phragmén-Lindelöf principle, prepares the ground for the duality of these functions to spaces of functions of fixed polynomial growth at real infinity. We study this duality theory for analytic funcionals with growth conditions and unbounded carriers in full detail in one dimension, utilizing the exponentially decreasing Cauchy-Hilbert kernel known from the theory of Fourier hyperfunctions. We derive theorems of Runge and Mittag-Leffler type and thereby lay the grounds for a theory of hyperfunctions of the namely growth types as a flabby sheaf theory on the compactified space D, which is then exhibited. The most important new types of Fourier hyperfunctions are such with growth type ±infinity, that is, growing with arbitrary polynomial type or decaying faster than any polynomial, respectively. In higher dimensions we use Fourier transformation and duality to examine relations of these tempered and asymptotic hyperfunctions to known classes of test functions, distributions and hyperfunctions. We identify the Fourier transforms of tempered and asymptotic hyperfunctions by theorems of Paley--Wiener type which allow us to order these spaces into a scheme relating growth type to singularity. This scheme is shown to be a sensible extension to generalized functions of the scheme of spaces S(alpha,beta) which was introduced by Gelfand and Shilov to classify the spaces of test functions for distributions. Finally, we show the nuclearity of the spaces of tempered and asymptotic hyperfunctions. Further, it is shown in one dimension that the asymptotic hyperfunctions which decay faster than any negative power are precisely the class that allow moment asymptotic expansions at infinity, as were studied by Estrada et al. for distributions. We show that Estradas theory of asymptotic expansions is contained in ours. But for hyperfunctions, these asymptotic expansions can be related to the classical asymptotic expansions of analytic functions by the concept of standard defining functions. We show the simple relation of the moment asymptotic expansion of asymptotic hyperfunctions to the Taylor expansion of their Fourier transform, by which we can use a result of Estrada to show the completeness of the asymptotic scheme in our case. We cite the necessary and sufficient conditions for the moment sequences of hyperfunctions with compact support, which were recently found by Kim et al. These asymptotic expansions are carried over to the higher-dimensional case by apploying the Radon transformation for hyperfunctions, as introduced by Kaneko and Takiguchi. The well-known relation between Radon and Fourier transformation shows again the relation between the moment asymptotic expansion of hyperfunctions and the Taylor expansion of their Fourier transforms. We use Kim's result to characterize the moment sequences of hyperfunctions carried by balls with finite radius. Finally, we use the support theorem for the Radon transformation to derive a condition on the singularity spectrum of a hyperfunction by conditions on its Radon transform.
BibTeX
@book{AUSDISS, author = {Andreas U. Schmidt}, title = {Asymptotische {H}yperfunktionen, temperierte {H}yperfunktionen und asymptotische {E}ntwicklungen}, year = 1999, publisher = {Logos-Verlag}, address = {Berlin}, isbn = {3-89722-127-6} note = {PhD Dissertation, Johann Wolfgang Goethe-Universit{\"a}t, Frankfurt am Main, 1999} }
P2

Mathematical Problems of Gauge Quantum Field Theory: A Survey of the Schwinger Model

Universitatis Iagellonicae Acta Mathematica Fasciculus XXXIV (1997) 113-134
Reviews: Math. Rev. 98e:81114, Zbl. Math. 0934.46042
Archive: hep-th/9707166
See the corresponding paper [P6], and the presentation [T5]
Abstract
This extended write-up of my talk gives an introductory survey of mathematical problems of the quantization of gauge systems. Using the Schwinger model as an exactly tractable but nontrivial example which exhibits general features of gauge quantum field theory, I cover the following subjects: The axiomatics of quantum field theory, formulation of quantum field theory in terms of Wightman functions, reconstruction of the state space, the local formulation of gauge theories, indefiniteness of the Wightman functions in general and in the special case of the Schwinger model, the state space of the Schwinger model, special features of the model. New results are contained in the Mathematical Appendix, where I consider in an abstract setting the Pontrjagin space structure of a special class of indefinite inner product spaces --- the so called quasi--positive ones. This is motivated by the indefinite inner product space structure appearing in the above context and generalizes results of Morchio and Strocchi in [J. Math. Phys. 31 (1990) 1467] and Dubin and Tarski in [Ann.~Phys. 13 (1967) 263]. 81T13, 81-02, 81T10, 81T05 quantum field theory, Schwinger model, Krein space, Pontrjagin space
BibTeX
@article{AUS97, author = {Andreas U. Schmidt}, title = {{M}athematical {P}roblems of {G}auge {Q}uantum {F}ield {T}heory: {A} {S}urvey of the {S}chwinger {M}odel}, journal = {Univ. Iagel. Acta Math.}, year = {1997}, pages = {113-134}, volume = {Fasc. XXXIV}, note = {Extended version of a talk given at the First Frankfurt-Krakow Operator Theory Seminar, Krakow, April 1996. arXiv \href{http://arXiv.org/abs/hep-th/9707166}{\texttt{hep-th/9707166}}}, mrnumber = {98e:81114} }
P1

Algebraische und konforme Quantenfeldtheorie

Logos-Verlag, Berlin, 1997, ISBN 3-931216-49-7
Diploma Thesis, Johann Wolfgang Goethe-Universität Frankfurt am Main, Germany, 1994
BibTeX
@book{AUSDIPLOMA, author = {Andreas U. Schmidt}, title = {{A}lgebraische und konforme {Q}uantenfeldtheorie}, publisher = {Logos-Verlag}, address = {Berlin}, year = {1997}, note = {Diploma Thesis, Universität Frankfurt am Main, Germany, 1994}, isbn = {3-931216-49-7} }

About

Dr. Andreas U. Schmidt

© 2004-26 Andreas U. Schmidt, all rights reserved.

Contact

Prof. Dr. Andreas U. Schmidt CEO, novalyst IT AG Robert-Bosch Strasse 38 61184 Karben, Germany Tel. +49 6039 4689734 e-mail: andreas.schmidt (at) novalyst.de private e-mail: andreas.u.schmidt (at) googlemail.com
Reviewer for   Computers and Security
Member of the Editorial Board of the Journal of Cyber Security and Mobility
Member of the Deutsche Mathematiker-Vereinigung (DMV)

Short CV

1989-1994
Studies in mathematics and physics at the Johann Wolfgang Goethe-Universität, Frankfurt am Main, Germany
1994
Diploma (Dipl.-Math.) in mathematics, Johann Wolfgang Goethe-Universität, Frankfurt am Main, Germany
1999
Doctoral degree (Dr. phil. nat.) in mathematics, Johann Wolfgang Goethe-Universität, Frankfurt am Main
1999/2000
Postdoctoral Research at the GMD in the Institute for Secure Telecooperation, working group 'Marketplace Internet' (MINT), Darmstadt, Germany
2000/2001
Research fellowship at the Department of Mathematics and Applied Mathematics of the University of Durban-Westville, now part of the University of Kwazulu-Natal, South Africa, funded by the Deutsche Forschungsgemeinschaft (DFG)
Oct 2002 - Nov 2008
Senior Researcher at the Fraunhofer-Institute for Secure Information Technology SIT, working group Transaction and Document Security TaD, and Secure Mobile Systems (SIMS), Darmstadt, Germany
Dec 2008 - June 2009
Area Head of the Security Area at the Create-Net Research Consortium, Trento, Italy.
2009 - 2012
General Chair of the Conference MobiSec on Secure Mobile Systems.
From July 2009 - May 2022
Chief Information Officer of ARTEC IT Solutions AG, Karben, Germany
From 2007 - Current
Co-founder and director of the board of novalyst IT AG, Karben, Germany
From October 2023 - Current
Professor for IT-Security at Wilhelm Büchner Hochschule, Darmstadt, Germany

Research Interests

Mathematics & Physics: Quantum Zeno Effect; Quantum Statistical Mechanics; Axiomatic and Algebraic Quantum Field Theory; Hyperfunctions and Hyperfunction Quantum Field Theory; Indefinite Inner Product Spcaes; Asymptotic Methods; Mathematical Economics; Noisy Dynamical Systems
Computer Science: Information Security; Data Protection and Privacy; Mobile Security; Identity Management; Security and Society; Ethical Hacking; Trusted Computing; Information Security Management; Voice-over-IP and Media Security; Digital Signatures; Long-Term Security; Theoretical and Applied Information Economy; Quantum Cryptography; Digital Rights Management

By Subject Classification

MSC: 34F05, 46C20, 46Fxx (46F05, 46F15, 46F20), 46L60, 46N10, 47B50, 47D03, 47D60, 81Pxx (81P15, 81P68), 81Q10, 81R15, 81T05, 90B60, 91A15, 91A26, 91Bxx (91B60, 91B62), 91E40
PACS: 02.30.-f, 02.30.Sa, 02.30.Tb, 02.50.Le, 03.65Db, 03.67.Dd, 03.67.Hk, 03.65.Xp, 03.70.+k, 05.30.-d
ACM: C.2.0, D.1.5, H.1.1, H.4.1, J.1, K.4.4, K.5.1, K.6.5
JEL: C51, C67, D4

Writing & Media

Follow my writing on these platforms:

Working Papers & Preprints

W6

Harte Fakten zu Runges Phänomen

Together with Claude.
Working Paper, Wilhelm Büchner Hochschule, March 2026.
Abstract
Wir geben eine in sich geschlossene Darstellung des Runge-Phänomens in der Polynominterpolation. Ausgehend von Runges Originalbeobachtung (1901) werden Bernsteins Divergenzsatz, Fabers Theorem, die Rolle der Lebesgue-Konstante im funktionalanalytischen Rahmen und die Konvergenzanalyse über Bernstein-Ellipsen entwickelt. Die Optimalität der Tschebyschow-Stützstellen wird potentialtheoretisch begründet. Abschließend untersuchen wir das Phänomen in Lp-Normen: Während bei äquidistanten Stützstellen die Divergenz in allen Lp-Normen persistiert, ergibt sich bei optimaler Stützstellenwahl eine echte Hierarchie mit dem Satz von Erdős–Turán (L2-Konvergenz) und Nevais Schwelle bei p = 4.
W5

Planning Distributed Security Operations Centers in Multi-Cloud Landscapes: A Case Study

Preprint, Novalyst IT, NOZ Digital, 2022
W4

Secure Operations on Tree-Formed Verification Data

Preprint, Novalyst IT, 2010
W3

The Need for Collaboration Infrastructures for Signed Digital Documents

FP7 position paper on "Collaborative Working Environments (CWE)". Presented at a Workshop of the European Commission, Information Society and Media Directorate-General, Emerging Technologies and Infrastructures, New Working Environments, Brussels, 16th March 2006.
W2

Euclidean Reconstruction in Quantum Field Theory: Between Tempered Distributions and Fourier Hyperfunctions

Preprint, Johann Wolfgang Goethe-Universitãt, Frankfurt am Main, Germany, October 1997
Abstract
In this short note on my talk I want to point out the mathematical difficulties that arise in the study of the relation of Wightman and Euclidean quantum field theory, i.e., the relation between the hierarchies of Wightman and Schwinger functions. The two extreme cases where the reconstructed Wightman functions are either tempered distributions - the well-known Osterwalder-Schrader reconstruction - or modified Fourier hyperfunctions are discussed in some detail. Finally, some perpectives towards a classification of Euclidean reconstruction theorems are outlined and preliminary steps in that direction are presented.
BibTeX
@techreport{AUS97A, author = {Andreas U. Schmidt}, title = {{E}uclidean {R}econstruction in {Q}uantum {F}ield {T}heory: {B}etween {T}empered {D}istributions and {F}ourier {H}yperfunctions}, institution = {Johann Wolfgang Goethe-Universität}, year = {1997}, type = {Preprint}, address = {Frankfurt am Main, Germany}, month = oct, note = {Talk at the 2nd Frankfurt-Krakow Operator Theory Seminar, Iagellonian University, Krakow, Poland, 7th-11th April 1997. arXiv \href{http://arXiv.org/abs/math-ph/9811002}{\texttt{math-ph/9811002}}} }
W1

Ergänzende Notizen zur Quantenfeld- und Stringtheorie

Lecture Notes, Johann Wolfgang Goethe-Universität, Frankfurt am Main, Germany, 1996
Abstract
Skript mit mathematischen Ergänzungen zur Vorlesung von Prof. Dr. F. Constantinescu, Wintersemester 1995/96. Darstellungstheorie von Lie- und assoziativen Algebren; Höchstgewichtsdarstellungen; Tensorprodukte; Clebsch-Gordan-Koeffizienten; Wigner-Eckart-Theorem; Racah-Wigner-Koeffizienten; 6j-Symbole; Invariantentheorie; Brauer-Weyl-Theorie.
BibTeX
@techreport{AUS96, author = {Andreas U. Schmidt}, title = {{E}rg\"anzende {N}otizen zur {Q}uantenfeld- und {S}tringtheorie}, institution = {Johann Wolfgang Goethe-Universit\"at}, year = {1996}, type = {Lecture Notes}, address = {Frankfurt am Main, Germany}, note = {Skript mit mathematischen Erg\"anzungen zur Vorlesung von Prof. Dr. F. Constantinescu, Wintersemester 1995/96} }

Patents

US14

US10044713B2 — OpenID/Local OpenID Security

US Patent, InterDigital Patent Holdings Inc.
Together with Andreas Leicher and Yogendra Shah.
Filed August 20, 2012. Granted August 7, 2018.
US16

US9015845B2 — Transit Control for Data

US Patent, Samsung SDS Co. Ltd.
Filed October 30, 2012. Granted April 21, 2015.
US15

US8826020B2 — Home Node-B Apparatus and Security Protocols

US Patent, InterDigital Patent Holdings Inc.
Filed October 2, 2012. Granted September 2, 2014.
US13

US8914636B2 — Automated Negotiation and Selection of Authentication Protocols

US Patent, InterDigital Patent Holdings Inc.
Filed July 28, 2012. Granted December 16, 2014.
US12

US8509431B2 — Identity Management on a Wireless Device

US Patent, InterDigital Patent Holdings Inc.
Filed September 20, 2011. Granted August 13, 2013.
US11

US8949997B2 — Method and Apparatus for Providing Security to Devices

US Patent, InterDigital Patent Holdings Inc.
Filed March 4, 2011. Granted February 2, 2015.
US10

US9032473B2 — Migration of Credentials and/or Domains between Trusted Hardware Subscription Modules

US Patent, InterDigital Patent Holdings Inc.
Filed March 2, 2011. Granted May 12, 2015.
US9

US8533803B2 — Method and Apparatus for Trusted Federated Identity

US Patent, InterDigital Patent Holdings Inc.
Filed February 9, 2011. Granted September 10, 2013.
US8

US9807608B2 — System of Multiple Domains and Domain Ownership

US Patent, InterDigital Patent Holdings Inc.
Filed April 20, 2010. Granted October 31, 2017.
US7

US8701205B2 — Validation and/or Authentication of a Device for Communication with Network

US Patent, InterDigital Patent Holdings Inc.
Filed April 15, 2010. Granted April 15, 2014.
US6

US8499161B2 — Method and Apparatus for Secure Trusted Time Techniques

US Patent, Interdigital Patent Holdings Inc.
Filed February 19, 2009. Granted July 30, 2013.
US5

US9826335B2 — Method and Apparatus for Enabling Machine to Machine Communication

US Patent, Interdigital Patent Holdings Inc.
Filed January 21, 2009. Granted November 21, 2017.
US4

US8503376B2 — Techniques for Secure Channelization between UICC and a Terminal

US Patent, InterDigital Technology Corp.
Filed October 6, 2008. Granted August 6, 2013.
US3

US8788832B2 — Virtual Subscriber Identity Module

US Patent, InterDigital Patent Holdings Inc.
Filed September 19, 2008. Granted July 22, 2014.
DE2

DE102006025369B4 — Verfahren und Vorrichtung zur Sicherung der Integrität und/oder Nichtabstreitbarkeit von paketbasierter, zeitkritischer Kommunikation

Deutsches Patent, Fraunhofer-Gesellschaft.
Together with Nicolai Kuntze and Christian Hett.
Filed May 31, 2006. Granted October 25, 2007.
EP1

EP1841124A1 — Flexible Erzeugung vertrauenswürdiger Zeitquellen

European Patent, Siemens AG and Fraunhofer-Gesellschaft.
Filed March 28, 2006. Granted September 8, 2008.

Presentations (selected)

T1

Digitale Signaturen mit XML

Presentation at the Workshop "Web-Security", in the CAST-Forum of the ZGDV, Darmstadt, Germany, 29 June 2000
See the corresponding papers [P4], [P11], and the presentation [T6]
Abstract
Auf die Dokumentenbeschreibungssprache XML (EXtensible Markup Language) gründen sich weitreichende Hoffnungen im Hinblick auf interoperable Web-Anwendungen - XML könnte zu einer `lingua franca' des WWW werden. Das World Wide Web Consortium (W3C) entwickelt zur Zeit einen Standard zur Realisierung digitaler Signaturen in XML (XML-DSig) - ein Mosaikstein zur Einlösung dieser Hoffnungen. Nach einem Überblick über den Stand dieses Projekts werden am Beispiel des von der GMD Darmstadt entwickelten BAKO-Protokolls (S. Kolletzki, in: Computer Networks and ISDN Systems 28, 1996, S. 1891-1899, Elsevier) (zum Abschluß zweiseitiger, verbindlicher Verträge) die grundlegenden Techniken und Möglichkeiten von XML-DSig und der Zusammenhang mit anderen W3C-Standards rund um XML diskutiert. Wenn - nach EU-Richtlinie und deutschem Signaturgesetz rechtsverbindliche - Dokumente mit digitalen Signaturen in interoperablen Web-Welten breite Anwendung finden sollen, verdient das sogenannte Präsentationsproblem [U. Pordesch. DuD 2/2000. S. 89-95. A. U. Schmidt. Signiertes XML und das Präsentationsproblem. DuD 3/2000. S. 153-158.] besondere Beachtung: Wurden dem Anwender die zu signierenden Daten vollständig und unverfälscht präsentiert? Und noch wichtiger: ist dies im Streitfall gerichtlich überprüfbar? Es soll gezeigt werden, daß XML und XML-DSig einen Ansatz zu einer (wenigstens teilweisen) Lösung dieses grundlegenden Problems digitaler Signaturen bietet, und wie dies funktionieren kann. Dies weist aber zugleich auf noch offene technische, praktische und theoretische Probleme von XML-DSig hin.
T2

Phase Transitions of the Logistic Map with Inhomogeneous Noise

Presentation at the third Hanno Rund Conference, University of Natal, Durban, South Africa, 13-16 September 2000
See the corresponding papers [P5], and the superseding [P15]
Abstract
Noisy alias random dynamical systems in recent years have attracted the interest of physicists and mathematicians, for two basic reasons: Physically, they add a good deal of realism to the theoretical models of many natural phenomena which were hitherto modeled by deterministic dynamical systems, since it has been realized that noise is almost ubiquitous in reality and often significantly affects the behaviour of complicated systems. Mathematically, random dynamical systems present an attractive synthesis of the fields of stochastics and general dynamical systems in which many branches of mathematical physics and pure mathematics converge and generate new insights. In both disciplines, it soon became clear that random dynamical systems possess a number of interesting new properties, most prominently the phenomena noise induced stability, on-off intermittence, and stochastic bifurcations also called noise induced (phase) transitions.
T3

Estimates for the Heat Kernel on Weighted Graphs

Presentation at the University of Natal, Pietermaritzburg, South Africa, 25 May 2001
See the corresponding paper [P8]
T4

Zeno Dynamics in Quantum Statistical Mechanics

Presentation at the Università di Pisa, Pisa, Itlay 3 July 2002, the conference on `Irreversible Quantum Dynamics', the Abdus Salam ICTP, Trieste, Italy, 29 July - 2 August 2002, and the University of Natal, Pietermaritzburg, South Africa, 14 May 2003
See the corresponding papers [P7], [P9], and also [P12]
T5

Infinite Infrared Regularization in Krein Spaces

Presentation at the AMS Southeastern Sectional Meeting 14-16 March 2003, and the Workshop `Asymptotic Analysis, Stability, and Generalized Functions', 17-19 March 2003, Louisiana State University, Baton Rouge, Louisiana
See the corresponding paper [P2], [P6]
T6

XML-Signaturen und das Präsentationsproblem / XML-Signatures and the Presentation Problem

Together with Thomas Kunz and Ulrich Pordesch
Presentation at the Workshop "XML-Signatur", at the TU-Ilmenau, Ilmenau, Germany, 3-4 April 2003 organised by XML-Uni and BSI. Also presented at the University of Natal, Durban, South Africa, 16 May 2003. Also presented at the conference "Informatik 2003" of the Gesellschaft für Informatik, Johann Wolfgang Goethe-Universität, Frankfurt am Main, Germany 29 September - 2 October 2003,
See the corresponding papers [P4], [P11], and the presentation [T1]
T7

Kryptographie im Zeitalter des Quantencomputers / Cryptography in the Age of Quantum Computers

Presentation at the Workshop "Wie sicher ist Kryptographie", in the CAST-Forum of the ZGDV, Darmstadt, Germany, 21 August 2003
Abstract
Von der klassischen zur Quantenkryptographie
T8

Rechtssicherheit bei der Transformation signierter Dokumente

Presentation at the Workshop "Public-Key-Infrastrukturen", in the CAST-Forum of the ZGDV, Darmstadt, Germany, 20 January 2005
Abstract
Zunehmend werden zwischen Unternehmen, Behörden, Privatpersonen und auch Rechtsanwälten und Notaren elektronisch signierte Dokumente ausgetauscht. Die stetig größer werdende Vielfalt von Dokumentformaten für spezielle Anwendungsbereiche wird hierbei zum kritischen Reibungspunkt: Wird ein Dokumentenformat geändert, so bricht die ursprüngliche Signatur. Ein analoges Problem tritt beim Übergang von der Papier- in die digitale Welt auf, etwa wenn ein Krankenhaus Patientenakten und Arztbriefe in elektronische Form bringen will. In all diesen Fällen steht die rechtliche Wirksamkeit des umgewandelten, transformierten Dokuments in Frage. Auch bei der Archivierung von Dokumenten wird dieses Problem akut. Um hier langfristige Sicherheit und Lesbarkeit von Dokumenten zu garantieren, müssen Methoden zur sicheren Überführung alter Dokumentenformate in aktuelle gefunden und bei der Konzeption von Archivierungssystemen mitbedacht werden. Rechtssichere Transformationen: Das vom BMWA geförderte Verbundprojekt TransiDoc greift dieses Problem in den drei zentralen Anwendungsfeldern Medizin (Patientenakten), öffentliche Verwaltung (Bauanträge) und Notariate auf. Das Projekt verfolgt dabei einen interdisziplinären Ansatz, der die Entwicklung technischer Lösungen mit der organisatorischer Verfahren verbindet. Dabei ist der bestehende und sich entwickelnde Gesetzesrahmen genau zu berücksichtigen. Zum Projekt gehört eine gründliche Untersuchung der Eig-nung von häufig verwendeten Datenformaten bezüglich Signaturen und Transformationen, aber auch die Konzeption von Gestaltungsvorschlägen für die Rechtsentwicklung. TransiDoc zielt auf eine umfassende Methode, mit der ein breites Spektrum von Transformationen rechtssicher gestaltet werden kann, was bedeutet, dass ein transformiertes Dokument rechtlich gesehen genau so genutzt werden kann wie das ursprüngliche. Kernpunkt des Lösungsansatzes ist es, für einen späteren Begutachter nachvollziehbar und nachprüfbar zu machen, was während der Transformation mit dem Dokument geschah und wie, mit welchen Mitteln und durch wen sie ausgeführt wurde. Transformationssiegel: TransiDoc entwickelt und spezifiziert ein elektronisches Transformationssiegel, in dem die genannten Daten in vertrauenswürdiger, das heißt kryptografisch gesicherter Form vermerkt und an das transformierte Dokument gebunden werden können. In vielen Fällen kann ein mit einem Transformationssiegel versehenes Dokument das Ausgangsdokument für die praktische Verwendung komplett ersetzen. In TransiDoc werden Tools zur Erzeugung, Bearbeitung und Prüfung von Trans-formationssiegeln entwickelt. Organisatorischer Rahmen: Ein Transformationssiegel kann nur dann nützlich sein, wenn sein Zustan-dekommen auf vertrauenswürdige Weise gesichert ist. Hierzu entwickelt TransiDoc einen Organisationsrahmen, also einen Katalog von Handlungsanweisungen, Vorgehensbeschreibungen und technischen Maßgaben. Dieser flexible Rahmen kann von Anwendern auf ihre Bereiche und Anwendungsfälle angepasst werden.
T9

Revisions- und Rechtssicherheit beim Umgang mit elektronisch signierten Dokumenten

Presentation at the MarcusEvans Conference "Unternehmensweites Vertragsmanagement", 16.-17. October 2006, Hotel Hilton, Köln.
T10

Rechtssicherheit bei der Transformation signierter Dokumente

Presentation at the Workshop "Public-Key-Infrastrukturen", in the CAST-Forum of the ZGDV, Darmstadt, Germany, 25 January 2007
T11

TransiDoc - Technologie für sichere Transformation

Presentation at the Fachkonferenz Rechtssichere elektronische Archivierung, Bundesministerium für Wirtschaft und Technologie, Berlin, Germany, 13.12.2007.
T12

Total Information Governance - Trading Old Risks for New Ones?

Presentation at the ISGIG 2008: First International Symposium on Global Information Governance, March 13 - 14, 2008, Pisa, Italy.

Lectures

Supervised Theses

Completed

TH1

Verbindliche Verträge in signiertem XML

Thomas Kunz
BibTeX
@masterthesis{KUN01, author = {Thomas Kunz}, title = {Verbindliche Verträge in signiertem XML}, school = {Johann Wolfgang Goethe-Universität, Frankfurt am Main, Germany}, year = {2001} }
TH2

Sicheres Outsourcing mit verteilten Webservices

Nicolai Kuntze and Thomas Rauch
See the corresponding papers [P20,P21,P24], and talk [T12]
Abstract
Identity Management erlangt eine immer größere Bedeutung, da immer mehr Firmen ihre IT-Systeme für Partner, Lieferanten oder Kunden öffnen. Die Diplomarbeit stellt einen Ansatz vor, durch den ein Zugriffskontroll- und Authentifikationssystem modular zu bestehenden webbasierten Systemen hinzugefügt werden kann. Das System muss hierfür nicht im Sourcecode vorliegen. In einer Trainingsphase wird das Modul an die zu schützende Applikation angepasst. Dies wird durch den Einsatz von aspektorientierter Programmierung in Form des AspectJ Frameworks erreicht. Für die Authentifikation kommt das Liberty Alliance Protokoll, ein zukünftiger Industriestandard, zum Einsatz, welches ein Single-Sign-On Protokoll unter Verwendung von Identity Federation implementiert. Eine mögliche Verwendung von Hardwaretoken in diesem Framework wird demonstriert und eine Weg vorgestellt, ein proaktives Verhalten in das Systems zu integrieren. Identity Management is becoming more and more important in business systems as they are opened for third parties including trading partners, consumers and suppliers. This thesis presents an approach securing a system without any knowledge of the system source code. The security module adds to the existing system authentication and authorisation based on aspect oriented programming and the liberty alliance framework, an upcoming industrie standard providing single sign on. In an initial training phase the module is adapted to the application which is to be secured. Moreover the use of hardware tokens and proactive computing is demonstrated. The high modularisation is achived through use of AspectJ, a programming language extension of Java. Identity Mangement, aspect oriented programming, single sign on, liberty alliance, pro active computing, aspectj, identity federation
BibTeX
@masterthesis{KUN01, author = {Nicolai Kuntze and Thomas Rauch}, title = {Sicheres Outsourcing mit verteilten Webservices}, school = {Technical University Darmstadt, Germany}, year = {2005} }
TH3

Spamfilterung mittels Texterkennungsverfahren

Ulrike Petersen
Abstract
Spam stellt ein immer größeres Problem im E-Mail Verkehr dar und erfordert zunehmend den Einsatz von Spamfiltern. Die aktuell verfügbaren Spamfilter arbeiten entropiebasiert und stützen sich in der Regel auf so genannte Bayes'sche Filter, die Spam aufgrund bedingter Wahrscheinlichkeiten klassifizieren, oder auf die Markov-Diskriminierung, die Zeichenketten in den E-Mails identifiziert und zuordnet. Die bisherigen Filtermethoden liefern zwar gute Ergebnisse, es ist jedoch sinnvoll, verschiedene Verfahren zur Filterung von Spam miteinander zu kombinieren, um bessere Ergebnisse zu erzielen. Weiterhin erschwert die Kombination verschiedener Techniken das Umgehen derartiger Filter, da verschiedene Verfahren auf unterschiedliche Charakteristiken der E-Mails abstellen. Diese Arbeit behandelt die Filterung von Spam mittels eines Textanalyseverfahrens. Dazu wird zunächst der Begriff der Entropie definiert, der weiter zum Begriff des informationsbasierten Abstands zwischen Texten und zur relativen Entropie führt. Mittels dieser relativen Entropie erfolgt nun die Klassifizierung der E-Mails. Im Gegensatz zu Bayes'schen Filtern, die jedem Wort der E-Mail eine Wahrscheinlichkeit zuordnen um die Spamwahrscheinlichkeit der E-Mail zu berechnen, betrachtet die Textanalyse den Informationsgehalt, der durch die Entropie definiert wird.
BibTeX
@masterthesis{UP07, author = {Ulrike Petersen}, title = {Spamfilterung mittels Texterkennungsverfahren}, school = {Technical University Darmstadt, Germany}, year = {2007} }
TH4

Beglaubigte Übersetzung elektronisch signierter Dokumente

Jan Piechalski
See the corresponding paper [P30]
Abstract
Beglaubigte Übersetzungen sind zurzeit ein rein papierbasiertes Geschüft, obwohl im deutschen Rechtsraum alle rechtlichen Voraussetzungen für beglaubigte Übersetzungen von elektronischen Dokumenten gegeben sind. Diese Diplomarbeit beschreibt die digitale Nachbildung des Prozesses der beglaubigten Übersetzung. Grundlage hierfür bildet das Projekt TransiDoc - Rechtssichere Transformation signierter Dokumente [20]. Aus dem für TransiDoc zentralen Konzept des Transformationssiegels wird ein anwendungsspezifisches Übersetzungssiegel abgeleitet, das das Ausgangs- und das Zieldokument mittels einer elektronischen Signatur verbindet und weitere Daten wie z. B. den Beglaubigungsvermerk enthält.
BibTeX
@masterthesis{JP06, author = {Jan Piechalski}, title = {Beglaubigte Übersetzung elektronisch signierter Dokumente}, school = {Technical University Darmstadt, Germany}, year = {2006} }
TH5

Security and Non-Repudiation for Voice-over-IP conversations

Christian Hett
See the corresponding paper [P28] and poster presentation [P31]
Abstract
This thesis presents a concept to achieve non-repudiation for natural language conversations by electronically signing continuous, packet-based, digital voice communication (VoIP). Signing a VoIP-based conversation means to protect the integrity and authenticity of the bidirectional data stream and its temporal sequence which together establish the security context of the communication. The solution is based on chains of hashes and continuously chained electronic signatures. The protection is provided continuously during the ongoing conversations, they are not processed at once like traditional digital documents which could be trivially signed. A possible implementation and necessary protocols are described to apply these concepts to SIP/RTP-based VoIP-communication. This provides a high level of inherent security and enables PKI-based non-reputable signatures over voice as true declarations of will, without additional witnesses and in principle between unacquainted speakers. As a demonstrator for these concepts, an efficient VoIP-archive securing the integrity of SIP-based two-party conversations was implemented.
BibTeX
@masterthesis{CH06, author = {Christian Hett}, title = {Security and Non-Repudiation for Voice-over-IP conversations}, school = {Technical University Darmstadt, Germany}, year = {2006}, month = {july} }
TH6

Trusted Infrastructures for Identities

Barbara Fichtinger
Abstract
In the context of identity management, a major research topic is the establishment of trust relationships between multiple identifier domains. Conventional approaches such as cross certification, spanning certificate authorities or mirroring of user databases result in substantial technical overhead. A possible approach is the usage of already existing architectures such as the infrastructure provided by trusted computing technology. The goal of this thesis is the development of a concept that allows a user from a certain identifier domain to access a service at a service provider belonging to a foreign identifier domain by using a ticket issued by an identity provider located in the primary identifier domain. To decide whether the foreign ticket can be accepted, the service provider first of all has to verify that the identity provider is authorized to issue tickets for the particular identifier domain. Moreover, the service provider has to validate the identity provider�s configuration and system status at the moment of the ticket issuing in order to decide whether the identity provider�s decision can be trusted. In the thesis, the realization of these requirements by using trusted computing technology is analyzed. For the authorization of the identity provider, the process of issuing attestation identifier credentials by the privacy-CA has to be adapted. If the identity provider is authorized to issue trusted tickets, the privacy-CA includes a certain key usage attribute in the certificate. In order to create the trusted tickets, SAML assertions are used to transport the status information from the identity provider to the foreign service provider. The flexible SAML framework allows the integration of the identity provider�s status information signed with the attestation identifier key in the attributes of the assertion. For the creation of information describing the platform�s current configuration and system status, the trusted computing technology offers the necessary attestation mechanisms. The developed concept and the reference implementation show that it is possible to use the trusted computing architecture for the establishment of trust relationships across multiple identifier domains in the context of identity management.
BibTeX
@masterthesis{BF07, author = {Barbara Fichtinger}, title = {Trusted Infrastructures for Identities}, school = {Fachhochschule Hagenberg, Austria}, year = {2007}, month = {may} }
TH7

Virtualisation of a SIM card using trusted computing

Michael Kasper
TH8

SPAM over Internet Telephony and how to deal with it

Rachid El Khayari, TU Darmstadt
Software available under GPL v3 at Google Code.
Abstract
In our modern society telephony has developed to an omnipresent service. People are available at anytime and anywhere. Furthermore the Internet has emerged to an important communication medium. These facts and the raising availability of broadband internet access has led to the fusion of these two services. Voice over IP or short VoIP is the keyword, that describes this combination. The advantages of VoIP in comparison to classic telephony are location independence, simplification of transport networks, ability to establish multimedia communications and the low costs. Nevertheless one can easily see, that combining two technologies, always brings up new challenges and problems that have to be solved. It is undeniable that one of the most annoying facet of the Internet nowadays is email spam. According to different sources email spam is considered to be 80 to 90 percent of the email traffic produced. Security experts suspect that this will spread out on VoIP too. The threat of so called voice spam or Spam over Internet Telephony (SPIT) is even more fatal than the threat that arose with email spam, for the annoyance and disturbance factor is much higher. As instance an email that hits the inbox at 4 p.m. is useless but will not disturb the user much. In contrast a ringing phone at 4 p.m. will lead to a much higher disturbance. From the providers point of view both email spam and voice spam produce unwanted traffic and loss of trust of customers into the service. In order to mitigate this threat different approaches from different parties have been developed. This thesis focuses on state of the art anti voice spam solutions, analyzes them to the core and reveals their weak points. In the end a SPIT producing benchmark tool will be implemented, that attacks the presented anti voice spam solutions. With this tool it is possible for an administrator of a VoIP network to test how vulnerable his system is.
BibTeX
@masterthesis{EK08, author = {Rachid El Khayari}, title = {SPAM over Internet Telephony and how to deal with it}, school = {Technical University Darmstadt, Germany}, year = {2008}, month = {july} }
TH9

Trusted Watermarks

Andreas Brett, TU Darmstadt
TH10

Trusted Ticket Systems

Andreas Leicher, Johann Wolfgang Goethe-University Frankfurt
TH11

Trusted Computing Security for Web-Browsers

Raja Sekhar Kannamanani
TH12

Trusted Computing Security for Web-Browsers II

Gökhan Bal, Johann Wolfgang Goethe-University Frankfurt
TH13

Securing Digital Evidence

Jennifer Richter, TU Darmstadt
TH14

Non-Repudiation for Voice over IP Archiving

Ju Zhunli, TU Darmstadt

Reviews

Zentralblatt für Mathematik

All

0948.46048; 0966.46048; 0966.46049; 0972.81081; 0986.81067; 0988.81080; 0992.81054; 0994.81057; 1009.81028; 1024.81027; 1028.81036; 1029.81039; 1037.46041; 1038.46030; 1044.46531; 1049.46023; 1049.46024; 1049.81044; 1049.81046; 1050.46030; 1028.81036; 02062332