Publications and Talks

All Publications

All Talks

Recent Publications

  • Max Maass, Anne Laubach, Dominik Herrmann. PrivacyScore: Analyse von Webseiten auf Sicherheits- und Privatheitsprobleme – Konzept und rechtliche Zulässigkeit. Preprint, arXiv:1705.08889 [cs.CR], 2017. PDF (Preprint)
  • Max Maass, Dominik Herrmann. PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites. Preproceedings of ENISA Annual Privacy Forum, 7–8 June 2017, Vienna. Preprint, arXiv:1705.05139 [cs.CR], 2017. PDF (Preprint)
  • Markus Christen, Josep Domingo-Ferrer, Dominik Herrmann, Jeroen van den Hoven. Beyond Informed Consent – Investigating Ethical Justifications for Disclosing, Donating or Sharing Personal Data in Research. Philosophy and Computing: Essays in epistemology, philosophy of mind, logic, and ethics, Proceedings of CEPE-IACAP 2015, University of Delaware, June 22–25, 2015. Springer (in press), 2017. PDF (Preprint)
  • Dominik Herrmann, Matthias Kirchler, Jens Lindemann, Marius Kloft. Behavior-Based Tracking of Internet Users with Semi-Supervised Learning. 14th Annual Conference on Privacy, Security and Trust (PST 2016). Auckland, New Zealand, Dec 12–14, 2016. PDF
  • Matthias Kirchler, Dominik Herrmann, Jens Lindemann, Marius Kloft. Tracked Without a Trace: Linking Sessions of Users by Unsupervised Learning of Patterns in Their DNS Traffic. 9th ACM Workshop on Artificial Intelligence and Security (AISec), co-located with the 23rd ACM Conference on Computer and Communications (CCS). Vienna, Oct 28, 2016. PDF
  • Dominik Herrmann, Hannes Federrath. Unbemerktes Tracking im Internet: Unsere unerwünschte Identität. In Gerrit Hornung und Christoph Engemann (Hrsg.): Der digitale Bürger und seine Identität. Der Elektronische Rechtsverkehr, Bd. 36. Nomos Baden-Baden, 2016. External Link (DOI)
  • Dominik Herrmann. Unerfreulich auskunftsfreudig: Inferenzangriffe auf DNS-Anfragen bedrohen unsere Privatsphäre. Datenbank Spektrum 16(2) 119–126, 2016. PDF
  • Dominik Herrmann, Jens Lindemann. Obtaining personal data and asking for erasure: Do app vendors and website owners honour your privacy rights?. GI SICHERHEIT 2016: Sicherheit – Schutz und Zuverlässigkeit. Bonn, Apr 5–7, 2016. PDF
  • Dominik Herrmann. Unsichere Überwachungskameras von ALDI – Hilfe zur Selbsthilfe. „Zur Diskussion gestellt“, Homepage der Gesellschaft für Informatik (www.gi.de). 3. Februar 2016. External Link

Recent Talks

  • Ist das autonome Fahrzeug sicher(er)?. Logistik- und Wissenschaftsforum, Hamburg, 18. Mai 2017. Slides
  • Datensammler Smart Car: Was ist technisch alles möglich?. Law & Robots Workshop, Juristische Fakultät der Universität Basel, 17. Mai 2017. Slides
  • Don't Hack Back: Misconceptions about Offensive Responses to Cyberattacks. 1st Workshop of the Task Force „Robots, Bytes, and Bombs: Disruptive Technologies and 21st Century Warfare“. Heinrich-Böll-Stiftung, Berlin, Apr 21, 2017. Slides
  • PrivacyScore: A public scanning platform to assess privacy issues of websites. Privacy Enhancing Technologies Convention (PET-CON 2017.1), Goethe-Universität Frankfurt, Frankfurt/Main, Mar 3, 2017. Slides
  • Mehr Schutz mit weniger Aufwand: Leichtgewichtige Datenschutz-Dienste für Anwender und Anbieter. Sitzung Nr. 68 des Arbeitskreises „Technische und organisatorische Datenschutzfragen“ der Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder, Dresden, 15. Februar 2017. Slides
  • Datenmissbrauch verhindern, Nachvollziehbarkeit verbessern: Leichtgewichtige Datenschutz-Dienste für Anwender und Anbieter. Universität Bamberg, Fakultät Wirtschaftsinformatik und Angewandte Informatik, Bamberg, 20. Januar 2017. Slides
  • Mehr Schutz mit weniger Aufwand: Leichtgewichtige Lösungen für Anwender und Anbieter. Institut für Informatik der Universität Würzburg. Würzburg, 5. Dezember 2016. Slides
  • Unkontrollierte Verarbeitung von Eingabedaten. Institut für Informatik der Universität Würzburg. Würzburg, 5. Dezember 2016. Slides
  • Gibt es in Zukunft noch Privatsphäre? – Herausforderungen und Empfehlungen zum Selbstschutz. „Betzdorf digital“, Lokalkampagne im Rahmen des Projektes „Digitale Dörfer“ von Fraunhofer IESE und dem Innenministerium Rheinland-Pfalz. Betzdorf, 17. November 2016. Slides
  • Cyberspionage, Cyberwarfare und Cyberabwehr. Mit Sicherheit mehr Sicherheit? Perspektiven der Sicherheitspolitik für die Welt in 2035, Tagung der Arbeitsgruppe der Deutschen Nationalen Akademie Leopoldina und der Amaldi-Gruppe in der Union der Deutschen Nationalen Akademien. Hamburg, 10. November 2016. Slides

My student Nikolai Tschacher has released his bachelor thesis about typosquatting attacks on command-line based package managers. Nikolai carried out a covert field study in order to determine to what extent software developers make typos when they install packages on the command line. Installing packages on the command line has become popular with the advent of frameworks like NodeJS (npm) and languages like Ruby (gem). Typos during installation endanger development and production machines.

Read more

Projects

  • H2020 Grant: CANVAS CSA (2016–2019)

    The CANVAS consortium will take three domains of application with unique value-profiles and complementing cybersecurity exigencies – the health system, finance, and police / national security – as starting point for outlining problems related to value-driven cybersecurity. Using a three-step process, CANVAS will (1) structure existing knowledge, (2) design a network for exchanging knowledge and generating insights across domains, and (3) disseminate the insights gained through three means: A reference curriculum, briefing packages for policy stakeholders, and a MOOC on value-driven cybersecurity.

  • BMBF Grant: DREI (2016–2019)

    The DREI project will design a distributed solution for security control centers that allows to detect insider attacks via anomaly detection. The project strives for high acceptance by implementing legal requirements regarding the privacy rights of employees.

  • BMBF Grant: AppPETs (2016–2019)

    AppPETs („Privacy Enhancing Technologies for mobile Apps“) aims at enabling developers to integrate privacy enhancing technologies into their smartphone apps. The project will set up a privacy infrastructure, which enables users to verify the protection of their personal data. Moreover, the project will study fair business models that are accepted by both vendors and users.

  • BMBF Grant: AN.ON-Next (2016–2019)

    AN.ON-Next has the long-term vision to integrate privacy enhancing technologies into the infrastructure of the Internet to make them available and usable for everyone. To this end, the project will look into lightweight techniques that provide a basic level of protection as well as fundamental approaches that allow to provide strong protection without sacrificing bandwidth and latency. The concepts will be implemented and pilots will be evaluated with business partners.

  • PhD on Privacy Deficiencies of the DNS

    In my PhD I focused on the privacy deficiencies of the Domain Name System, inference attacks, behavior-based tracking of users, and lightweight privacy enhancing technologies for DNS.

Teaching

I am currently teaching at University of Hamburg and University of Siegen.

I am recipient of the Best Teaching Award 2016 of Fakultät III at University of Siegen.

Summer Term 2017 (U Hamburg, U Siegen)

  • Project Information Security and Privacy (Project/Seminar, MSc)
  • Selected Areas in Security and Privacy (Paper Reading Class, MSc)
  • Hacking Practice (Practical Lecture, Msc)

Winter Term 2016–17 (U Siegen)

  • Security in Communication and Distributed Systems (Lecture, MSc)
  • Introduction to Business Information Systems 1 (Lecture, BSc)
  • Privacy Enhancing Technologies (Seminar, BSc/MSc)
  • Computer and Network Security (Seminar, BSc/MSc)
  • Multilaterally secure and privacy-preserving applications (Project, BSc)

Other Teaching Activities

I have been teaching at University of Hamburg since 2011 and at University of Regensburg since 2008. Apart from teaching in an academic setting, I have also been asked to contribute to various seminars for students and professionals, e.g., for udis (Ulmer Akademie für Datenschutz und IT-Sicherheit gGmbH), for ZFW (Zentrum für Weiterbildung at University of Hamburg), and for RAV e.V. (Republikanischer Anwältinnen- und Anwälteverein e.V.).

Full Teaching Record

Activities

German Computer Science Society

I am a member of Gesellschaft für Informatik since 2006.

Services to the Community

Conference and Workshop Organization:

  • Organizing Chair of IFIP SEC 2015, IFIPTM 2015, and WISE9
  • PET Symposium 2010: Co-Organizer (with Hannes Federrath)
  • PET-CON Workshops (2007–2009, 2017): Co-Organizer (with Sebastian Pape)

Editorial Activities:

Program Committee Memberships and Journal Reviews:

  • PC Memberships: ARES 2013–2017, IFIP SEC 2015–2016, ENISA Annual Privacy Forum 2017, GI Sicherheit 2016, EUSPN 2015, APET Workshop 2011, Information Security Day 2015 (FHWS), Wirtschaftsinformatik 2017
  • Ad-hoc Reviewer: Springer EURASIP Journal on Information Security, Springer International Journal of Information Security, SIGCOMM Computer Communications Review (CCR), IEEE Transactions on Information Forensics & Security (TIFS), Journal of Computer Security, Entropy, it – Information Technology, Datenbank-Spektrum, PLOS ONE, Wiley Journal of Security and Communication Networks, Computers & Security
  • Subreviewer: AINA 2010, ARES 2012, ESORICS 2015, PASSAT 2009, PET Symposium 2010–2012, GI Sicherheit 2014, Wirtschaftsinformatik 2009 & 2013

Other Activities:

Biography

I am a post-doctoral research associate in the Security in Distributed Systems Group chaired by Hannes Federrath at University of Hamburg. Between October 2015 and March 2017 I was a temporary professor for information security and privacy („Vertretungsprofessur“) at University of Siegen. I received a PhD in Computer Science in 2014 from University of Hamburg. My dissertation on Privacy Issues in the Domain Name System was awarded the GI-Dissertationspreis 2014 for the best computer science dissertation in Germany, Austria and Switzerland, the GI/CAST Promotionspreis IT-Sicherheit 2014, and the GDD-Wissenschaftspreis 2014. In 2014 I have received a GI Juniorfellowship of the German Computer Science Society. I am also honored to be the recipient of the Best Teaching Award 2016 of Fakultät III at University of Siegen.

Before I moved to Hamburg in 2011, I worked at University of Regensburg as a research and teaching assistant at the Chair of Management of Information Security (now chaired by Dogan Kesdoğan) since 2008. At University of Regensburg I was also a Program Coordinator („Studiengangskoordinator“) of the Faculty of Business, Economics and Management Information Systems, coordinating enrollment processes and course evaluation. I studied Management Information Systems („Wirtschaftsinformatik“) at University of Regensburg and University College Dublin and graduated with a Diploma with Honors (equivalent to a M.Sc.) in Management Information Systems in 2008. My diploma thesis on website fingerprinting received the CAST-Förderpreis 2008 and the GDD-Förderpreis 2008. My studies were sponsored by the German National Academic Foundation (Studienstiftung des Deutschen Volkes), the Röchling Foundation, and the Bavarian state (BayBFG).

Contact