Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Freshers' Hub
      • Term Dates
      • Courses
      • Information for Freshmen
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Notes on the coronavirus
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
      • Teaching and Media Education
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Stage Researchers
      • Promotion of early career scientists
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • International Student Support
      • Degree seeking students
      • Exchange Studies
      • Refugees
      • TU Braunschweig Summer School
    • Going Abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Scientists
      • International Postdocs and Professors
      • International PhD Scholars
      • Service for host institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperation
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
    • General Public
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • Sports center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Self-Service
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
Menu
  • Technische Universität Braunschweig
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
  • Team
  • Alexandra Dirksen
Logo Institut für Anwendungssicherheit der TU Braunschweig
  • Team
    • Prof. Dr. Martin Johns
    • Alexandra Dirksen
    • Jannik Hartung
    • Manuel Karl
    • Robin Kirchner
    • David Klein
    • Simon Koch
    • Dr. Marius Musch
    • Robert Michael
    • Malte Wessels

Alexandra Dirksen

Alexandra Dirksen

Alexandra Dirksen is a PhD Candidate since May 2018 and is currently working in the field of Web Security & Privacy, currently focused on Web PKI and Large Scale Adversaries.
During the year 2023 she is an fellow of OTF's Information Controls Fellowship programm (ICFP). In collaboration with Censored Planet she is working on large-scale detection of HTTPS Interception. 
More...

Her further interests are Ethics in Computer Science and different topics of Applied Cryptography for Protocol Security.

Room IZ 209 A
a.dirksen[at]tu-braunschweig.de
@z4lem

+49 531/391-2270

 

STUDENT PROJECTS

Should I have an open topic, it will be listed here. If you have any ideas of your own that might fit in my area, please feel free to contact me with details.

PUBLICATIONS

Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom
Reethika Ramesh, Ram Sundara Raman, Apurva Virkud, Alexandra Dirksen, Armin Huremagic, David Fifield Dirk Rodenburg, Rod Hynes, Doug Madory, Roya Ensafi
To appear at the 32nd USENIX Security Symposium (USENIX'23)

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)

Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20)

TALKS

Integrating Ethics: Panel Discussion about Ethical Oversight in Computer Science
- STS-hub Germany 2023 | Circulations

LogPicker: Strengthening Certificate Transparency against Covert Adversaries
- IETF 116, PEARG (virtual)
- PETS'21, Gather.town (virtual)

Towards enabling Secure Web-Based Cloud Services using Client-Side Encryption 
- CCSW'21, Gather.town (virtual) [Slides]

A Blockchain Picture Book [Video]
- 35C3, 29.12.2018, Leipzig, Germany
- DMZ Europe, 08.11.2018, Stuttgart, Germany

SUPERVISED THESES

LogPicker: Byzantine Fault Tolerant Log Selection for Certificate Transparency

Master's Thesis by Tilman Stehr

Certificate Transparency (CT) is an extension to the web’s PKI that allows insight into the issuance of
TLS certificates by introducing public append-only logs, in which all certificates must be included.
Currently, CT can be circumvented by an attacker controlling a CA and several CT logs. We present
an attacker model for this attacker and derive security goals from it. Additionally, we derive design
goals from a review of related work.
We introduce LogPicker, which improves CT’s security by involving multiple logs in the logging of a
certificate. The logs use a distributed randomness protocol to unpredictably chose the log that is to
include the certificate. They generate proof of LogPicker’s execution with an aggregate signature
scheme.
An analysis LogPicker and related protocols to determine the probability of correctness depending
on the number of logs and the trust in each log is presented. The analysis shows that LogPicker can
significantly improve trust in the web’s PKI. Tests with a prototype implementation indicate that
LogPicker has reasonable performance, scalability, and failure tolerance.
We conclude that LogPicker constitutes a useful addition to CT that can be realistically implemented.
Further research into LogPicker is recommended, we suggest formal verification of the protocol
and expansion of the prototype implementation.

Practical evaluation of client-side encryption using CryptoMembranes

Bachelor's Thesis by Minela Becirovic

In recent years, data privacy and the usage of privacy-conscious applications have gained significant importance. With the implementation of security features like end-to-end encryption, applications like "Signal" offer strong security guarantees for their end-users.
In contrast to desktop or mobile applications, web-based applications are struggling to adopt client-side encryption due to various limitations. The risk of a data breach is increased when the web application uses JavaScript. This usage enables the execution of malicious JS code on the client-side where confidential data of the user resides unencrypted. This way an active JS attacker can access the user’s data without the user’s knowledge or consent.
One approach to deal with this issue is the idea of CryptoMembranes (CM). With the concept of CM, a new type of DOM element that enables native encryption on the client-side is introduced. By maintaining an encrypted and decrypted representation of confidential data on the client-side, the concept aims to provide strong protection against active JS attacks. As a result, only the user has access to the decrypted representation of the confidential data.
In this thesis, we will implement the CM concept as an extension for the Firefox browser. This way we practically evaluate to what extent the theoretical concept of the paper meets the defined privacy & security goals if implemented as a browser extension for legacy browsers.

Security Assessment and Evaluation of Cloud Key Management Service Providers

Master's Thesis by Julius Platon

Cloud infrastructures, platforms, and services remain popular targets for attackers. In particular, public clouds are attractive due to their highly available and distributed nature. Within modern cloud and web-based applications, the need for secure storage of credentials such as cryptographic primitives and certificates grows. The responsibility for the protection and storage of such credentials implies a high complexity burden on the development process and an inherent fault-proneness. Recent cloud and development trends revolve around key management services (KMS), which are able to store credentials and provide high-level interfaces for clients. A primary target group of KMS is software developers, in order to relieve them from the large security burden of key storage and management.

KMS commonly utilize sophisticated hardware components, such as hardware security modules (HSM), in order to protect credentials such as cryptographic key material. The responsibility to protect credentials and remain available within heterogeneous cloud environments shifts the complexity burden from developers to cloud and KMS providers. The sensitive nature of KMS makes them highly attractive targets for attackers. Therefore, this thesis presents a threat model and a subsequent case study of four selected KMS solutions, namely Google KMS, AWS KMS, Azure Key Vault, and HashiCorp Vault. Within the threat model, occurring attacker types are presented and analyzed. As preliminaries of the threat model, the infrastructure, actors, and assets related to KMS are described. The threat model is complemented by the implementation of a prototype application for each KMS, in order to analyze insides such as security protocol details. After threat modeling, implementation, and elaboration of mitigations, an overview of results and a comparison of the selected KMS solutions follows. During the conclusion section, the contribution and future work are covered. Eventually, the output and key takeaways of the research are described.

Native Cookie Consent: Towards User Consent Enforcement on the Browser-Side

Master's Thesis by Robin Heinbockel

The General Data Protection Regulation (GDPR) forms the legal basis for processing personal data of website users. There is a multitude of consent request implementations that are embedded in websites because website providers have to ask for consent before processing the user’s data since the GDPR came into effect in 2018. We present flaws in current implementations and derive goals towards user privacy and usability from the GDPR and related research.
We propose a shift of the consent implementation from the website to the browser for increased privacy control on the client’s side, called Native Cookie Consent (NCC). That means the browser is responsible for showing the consent dialog in a native window and executing the user’s preferences afterwards. NCC also includes a protocol to transmit cookie policies and the user’s preferences separate from the website content.

With our prototype implementation, we show that NCC has benefits over existing consent implementations: Authorities have to control a fraction of instances with an imple- mentation in the most popular browsers compared to the amount of website providers that currently provide the consent interface. Website providers and third parties have to disclose purposes for processing in their cookie policy and the user can choose their degree of consent per individual purpose and party. The browser blocks cookies that do not comply with the user’s consent preferences – and it blocks all cookies before the user expressed consent. Dark patterns in design and wording can be prevented with NCC through balanced design and plain language. We analyze the prototype in terms of functionality and usability and discuss extensions to further improve the implementation, including default settings to avoid the necessity to express the same preferences for each website. We conclude that NCC offers privacy and usability improvements compared to other GDPR consent request implementations.

TEACHING ASSISTANT

Year Semester Name
2022 SS Anwendungssicherheit (Seminar)
21/22 WS Programmieren 1 (Seminar)
Anwendungssicherheit(Seminar)
2021 SS Anwendungssicherheit (Seminar)
20/21 WS Anwendungssicherheit (Seminar)
TEAM: MTG Scanner, Lego@Space²
2020 SS Anwendungssicherheit (Seminar)
SEP: IAS_CONTENT0
19/20 WS Anwendungssicherheit (Seminar)
Projektarbeit: Lego@Space
18/19 WS Anwendungssicherheit (Seminar)
     
     

FURTHER RESPONSIBILITY

Furthermore I am also responsible for the LegoLab.

Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Imprint Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.