Publications and Talks

All Publications

All Talks

Recent Publications

  • Markus Christen, Josep Domingo-Ferrer, Dominik Herrmann, Jeroen van den Hoven. Beyond Informed Consent – Investigating Ethical Justifications for Disclosing, Donating or Sharing Personal Data in Research. Philosophy and Computing: Essays in epistemology, philosophy of mind, logic, and ethics, Proceedings of CEPE-IACAP 2015, University of Delaware, June 22–25, 2015. Springer (in press), 2017. PDF (Preprint)
  • Dominik Herrmann, Matthias Kirchler, Jens Lindemann, Marius Kloft. Behavior-Based Tracking of Internet Users with Semi-Supervised Learning. 14th Annual Conference on Privacy, Security and Trust (PST 2016). Auckland, New Zealand, Dec 12–14, 2016. PDF
  • Matthias Kirchler, Dominik Herrmann, Jens Lindemann, Marius Kloft. Tracked Without a Trace: Linking Sessions of Users by Unsupervised Learning of Patterns in Their DNS Traffic. 9th ACM Workshop on Artificial Intelligence and Security (AISec), co-located with the 23rd ACM Conference on Computer and Communications (CCS). Vienna, Oct 28, 2016. PDF
  • Dominik Herrmann, Hannes Federrath. Unbemerktes Tracking im Internet: Unsere unerwünschte Identität. In Gerrit Hornung und Christoph Engemann (Hrsg.): Der digitale Bürger und seine Identität. Der Elektronische Rechtsverkehr, Bd. 36. Nomos Baden-Baden, 2016. External Link (DOI)
  • Dominik Herrmann. Unerfreulich auskunftsfreudig: Inferenzangriffe auf DNS-Anfragen bedrohen unsere Privatsphäre. Datenbank Spektrum 16(2) 119–126, 2016. PDF
  • Dominik Herrmann, Jens Lindemann. Obtaining personal data and asking for erasure: Do app vendors and website owners honour your privacy rights?. GI SICHERHEIT 2016: Sicherheit – Schutz und Zuverlässigkeit. Bonn, Apr 5–7, 2016. PDF
  • Dominik Herrmann. Unsichere Überwachungskameras von ALDI – Hilfe zur Selbsthilfe. „Zur Diskussion gestellt“, Homepage der Gesellschaft für Informatik (www.gi.de). 3. Februar 2016. External Link

Recent Talks

  • PrivacyScore: A public scanning platform to assess privacy issues of websites. Privacy Enhancing Technologies Convention (PET-CON 2017.1), Goethe-Universität Frankfurt, Frankfurt/Main, Mar 3, 2017. Slides
  • Mehr Schutz mit weniger Aufwand: Leichtgewichtige Datenschutz-Dienste für Anwender und Anbieter. Sitzung Nr. 68 des Arbeitskreises „Technische und organisatorische Datenschutzfragen“ der Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder, Dresden, 15. Februar 2017. Slides
  • Datenmissbrauch verhindern, Nachvollziehbarkeit verbessern: Leichtgewichtige Datenschutz-Dienste für Anwender und Anbieter. Universität Bamberg, Fakultät Wirtschaftsinformatik und Angewandte Informatik, Bamberg, 20. Januar 2017. Slides
  • Mehr Schutz mit weniger Aufwand: Leichtgewichtige Lösungen für Anwender und Anbieter. Institut für Informatik der Universität Würzburg. Würzburg, 5. Dezember 2016. Slides
  • Unkontrollierte Verarbeitung von Eingabedaten. Institut für Informatik der Universität Würzburg. Würzburg, 5. Dezember 2016. Slides
  • Gibt es in Zukunft noch Privatsphäre? – Herausforderungen und Empfehlungen zum Selbstschutz. „Betzdorf digital“, Lokalkampagne im Rahmen des Projektes „Digitale Dörfer“ von Fraunhofer IESE und dem Innenministerium Rheinland-Pfalz. Betzdorf, 17. November 2016. Slides
  • Cyberspionage, Cyberwarfare und Cyberabwehr. Mit Sicherheit mehr Sicherheit? Perspektiven der Sicherheitspolitik für die Welt in 2035, Tagung der Arbeitsgruppe der Deutschen Nationalen Akademie Leopoldina und der Amaldi-Gruppe in der Union der Deutschen Nationalen Akademien. Hamburg, 10. November 2016. Slides
  • Umgang mit Sicherheitsrisiken beim Betrieb kritischer Infrastrukturen. Intelligenter Verkehr – Rechtsfragen im Kontext, Workshop der Juristischen Fakultät der Universität Basel. Landgut Castelen, 23. September 2016. Slides
  • Security Pitfalls – A review of recurring failures. Keynote at Public Transport User Group of Kapsch CarrierCom AG. Berlin, September 19, 2016. Slides
  • Sie haben kein Recht zu schweigen: Wie reagieren Dienstanbieter auf Anfragen zur Datenauskunft und Kontenlöschung?. Ringkolloquium „Digitale Herausforderungen – Perspektiven auf Datenschutz und Datensicherheit aus Wissenschaft, Wirtschaft und Politik“. HU Berlin, 14. Juli 2016. Slides

My student Nikolai Tschacher has released his bachelor thesis about typosquatting attacks on command-line based package managers. Nikolai carried out a covert field study in order to determine to what extent software developers make typos when they install packages on the command line. Installing packages on the command line has become popular with the advent of frameworks like NodeJS (npm) and languages like Ruby (gem). Typos during installation endanger development and production machines.

Read more

Projects

  • H2020 Grant: CANVAS CSA (2016–2019)

    The CANVAS consortium will take three domains of application with unique value-profiles and complementing cybersecurity exigencies – the health system, finance, and police / national security – as starting point for outlining problems related to value-driven cybersecurity. Using a three-step process, CANVAS will (1) structure existing knowledge, (2) design a network for exchanging knowledge and generating insights across domains, and (3) disseminate the insights gained through three means: A reference curriculum, briefing packages for policy stakeholders, and a MOOC on value-driven cybersecurity.

  • BMBF Grant: DREI (2016–2019)

    The DREI project will design a distributed solution for security control centers that allows to detect insider attacks via anomaly detection. The project strives for high acceptance by implementing legal requirements regarding the privacy rights of employees.

  • BMBF Grant: AppPETs (2016–2019)

    AppPETs („Privacy Enhancing Technologies for mobile Apps“) aims at enabling developers to integrate privacy enhancing technologies into their smartphone apps. The project will set up a privacy infrastructure, which enables users to verify the protection of their personal data. Moreover, the project will study fair business models that are accepted by both vendors and users.

  • BMBF Grant: AN.ON-Next (2016–2019)

    AN.ON-Next has the long-term vision to integrate privacy enhancing technologies into the infrastructure of the Internet to make them available and usable for everyone. To this end, the project will look into lightweight techniques that provide a basic level of protection as well as fundamental approaches that allow to provide strong protection without sacrificing bandwidth and latency. The concepts will be implemented and pilots will be evaluated with business partners.

  • PhD on Privacy Deficiencies of the DNS

    In my PhD I focused on the privacy deficiencies of the Domain Name System, inference attacks, behavior-based tracking of users, and lightweight privacy enhancing technologies for DNS.

Teaching

I am currently teaching at University of Siegen.

I am recipient of the Best Teaching Award 2016 of Fakultät III at University of Siegen.

Winter Term 2016–17

  • Security in Communication and Distributed Systems (Lecture, MSc)
  • Introduction to Business Information Systems 1 (Lecture, BSc)
  • Privacy Enhancing Technologies (Seminar, BSc/MSc)
  • Computer and Network Security (Seminar, BSc/MSc)
  • Multilaterally secure and privacy-preserving applications (Project, BSc)

Summer Term 2016

  • Selected Areas in Security and Privacy (Paper Reading Class, MSc)
  • Hacking Practice (Practical Lecture, Msc)
  • Privacy Enhancing Technologies (Seminar, BSc/MSc)
  • Computer and Network Forensics (Seminar, BSc/MSc)
  • Multilaterally secure and privacy-preserving applications (Project, BSc)

Winter Term 2015–16

  • Security in Communication and Distributed Systems (Lecture, MSc)
  • Introduction to Business Information Systems 1 (Lecture, BSc)
  • Authentication Techniques (Seminar, BSc/MSc)
  • Multilaterally secure and privacy-preserving applications (Project, BSc)

Other Teaching Activities

I have been teaching at University of Hamburg since 2011 and at University of Regensburg since 2008. Apart from teaching in an academic setting, I have also been asked to contribute to various seminars for students and professionals, e.g., for udis (Ulmer Akademie für Datenschutz und IT-Sicherheit gGmbH), for AWW (Arbeitsstelle für wissenschaftliche Weiterbildung at University of Hamburg), and for RAV e.V. (Republikanischer Anwältinnen- und Anwälteverein e.V.).

Full Teaching Record

Activities

German Computer Science Society

I am a member of Gesellschaft für Informatik since 2006.

Services to the Community

Conference and Workshop Organization:

  • Organizing Chair of IFIP SEC 2015, IFIPTM 2015, and WISE9
  • PET Symposium 2010: Co-Organizer (with Hannes Federrath)
  • PET-CON Workshops (2007–2009, 2017): Co-Organizer (with Sebastian Pape)

Editorial Activities:

Program Committee Memberships and Journal Reviews:

  • PC Memberships: ARES 2013–2017, IFIP SEC 2015–2016, GI Sicherheit 2016, EUSPN 2015, APET Workshop 2011, Information Security Day 2015 (FHWS), Wirtschaftsinformatik 2017
  • Ad-hoc Reviewer: Springer EURASIP Journal on Information Security, Springer International Journal of Information Security, SIGCOMM Computer Communications Review (CCR), IEEE Transactions on Information Forensics & Security (TIFS), Journal of Computer Security, Entropy, it – Information Technology, Datenbank-Spektrum, PLOS ONE, Wiley Journal of Security and Communication Networks, Computers & Security
  • Subreviewer: AINA 2010, ARES 2012, ESORICS 2015, PASSAT 2009, PET Symposium 2010–2012, GI Sicherheit 2014, Wirtschaftsinformatik 2009 & 2013

Other Activities:

Biography

Since October 2015 I am temporary professor for information security and privacy („Vertretungsprofessur“) at University of Siegen. Before that I was a member of the Security in Distributed Systems Group chaired by H. Federrath at University of Hamburg, where I graduated with a PhD in Computer Science in 2014. Before I moved to Hamburg in 2011, I worked at University of Regensburg as a research and teaching assistant at the Chair of Management of Information Security (now chaired by D. Kesdoğan) since 2008. At University of Regensburg I was also a Program Coordinator („Studiengangskoordinator“) of the Faculty of Business, Economics and Management Information Systems, coordinating enrollment processes and course evaluation. I studied Management Information Systems („Wirtschaftsinformatik“) at University of Regensburg and University College Dublin and graduated with a Diploma with Honors (equivalent to a M.Sc.) in Management Information Systems in 2008. My diploma thesis on website fingerprinting received the CAST-Förderpreis 2008 and the GDD-Förderpreis 2008. My studies were sponsored by the German National Academic Foundation (Studienstiftung des Deutschen Volkes), the Röchling Foundation, and the Bavarian state (BayBFG).

Contact