Technische Universität Braunschweig
  • Study & Teaching
    • Beginning your Studies
      • Prospective Students
      • Degree Programmes
      • Application
      • Fit4TU
      • Why Braunschweig?
    • During your Studies
      • Fresher's Hub
      • Term Dates
      • Courses
      • Practical Information
      • Beratungsnavi
      • Additional Qualifications
      • Financing and Costs
      • Special Circumstances
      • Health and Well-being
      • Campus life
    • At the End of your Studies
      • Discontinuation and Credentials Certification
      • After graduation
      • Alumni
    • For Teaching Staff
      • Strategy, Offers and Information
      • Learning Management System Stud.IP
    • Contact
      • Study Service Centre
      • Academic Advice Service
      • Student Office
      • Career Service
  • Research
    • Research Profile
      • Core Research Areas
      • Clusters of Excellence at TU Braunschweig
      • Research Projects
      • Research Centres
      • Professors‘ Research Profiles
    • Early Career Researchers
      • Support in the early stages of an academic career
      • PhD-Students
      • Postdocs
      • Junior research group leaders
      • Junior Professorship and Tenure-Track
      • Habilitation
      • Service Offers for Scientists
    • Research Data & Transparency
      • Transparency in Research
      • Research Data
      • Open Access Strategy
      • Digital Research Announcement
    • Research Funding
      • Research Funding Network
      • Research funding
    • Contact
      • Research Services
      • Academy for Graduates
  • International
    • International Students
      • Why Braunschweig?
      • Degree seeking students
      • Exchange Studies
      • TU Braunschweig Summer School
      • Refugees
      • International Student Support
      • International Career Service
    • Going Abroad
      • Studying abroad
      • Internships abroad
      • Teaching and research abroad
      • Working abroad
    • International Researchers
      • Welcome Support for International Researchers
      • Service for Host Institutes
    • Language and intercultural competence training
      • Learning German
      • Learning Foreign Languages
      • Intercultural Communication
    • International Profile
      • Internationalisation
      • International Cooperations
      • Strategic partnerships
      • International networks
    • International House
      • About us
      • Contact & Office Hours
      • News and Events
      • International Days
      • 5th Student Conference: Internationalisation of Higher Education
      • Newsletter, Podcast & Videos
      • Job Advertisements
  • TU Braunschweig
    • Our Profile
      • Aims & Values
      • Regulations and Guidelines
      • Alliances & Partners
      • The University Development Initiative 2030
      • Facts & Figures
      • Our History
    • Career
      • Working at TU Braunschweig
      • Vacancies
    • Economy & Business
      • Entrepreneurship
      • Friends & Supporters
    • General Public
      • Check-in for Students
      • CampusXperience
      • The Student House
      • Access to the University Library
    • Media Services
      • Communications and Press Service
      • Services for media
      • Film and photo permits
      • Advices for scientists
      • Topics and stories
    • Contact
      • General Contact
      • Getting here
  • Organisation
    • Presidency & Administration
      • Executive Board
      • Designated Offices
      • Administration
      • Committees
    • Faculties
      • Carl-Friedrich-Gauß-Fakultät
      • Faculty of Life Sciences
      • Faculty of Architecture, Civil Engineering and Environmental Sciences
      • Faculty of Mechanical Engineering
      • Faculty of Electrical Engineering, Information Technology, Physics
      • Faculty of Humanities and Education
    • Institutes
      • Institutes from A to Z
    • Facilities
      • University Library
      • Gauß-IT-Zentrum
      • Professional and Personnel Development
      • International House
      • The Project House of the TU Braunschweig
      • Transfer Service
      • University Sports Center
      • Facilities from A to Z
    • Equal Opportunity Office
      • Equal Opportunity Office
      • Family
      • Diversity for Students
  • Search
  • Quicklinks
    • People Search
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Cafeteria
    • Courses
    • Stud.IP
    • Library Catalogue
    • IT Services
    • Information Portal (employees)
    • Link Collection
    • DE
    • EN
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
    • Bluesky
Menu
  • Organisation
  • Faculties
  • Carl-Friedrich-Gauß-Fakultät
  • Institutes
  • Institute for Application Security
  • Team
Logo Institut für Anwendungssicherheit der TU Braunschweig
Alexandra Dirksen
  • Team
    • Prof. Dr. Martin Johns
    • Alexandra Dirksen
    • Jan Niklas Drescher
    • Jannik Hartung
    • Tobias Jost
    • Manuel Karl
    • Robin Kirchner
    • David Klein
    • Malte Wessels

Alexandra Dirksen

Alexandra Dirksen

Alexandra Dirksen is a PhD Candidate at TU Braunschweig/IAS. She is currently working in the field of Web Security & Privacy, focused on Web PKI and Large Scale Adversaries. Further, she is interested on ethical aspects of Computer Science Research.

Recent activities:

  • In 2024 she was the leading part of an interdisciplinary project, that works on new procedures for the integration of ethical reviewing in Computer Science. More...
  • During the year 2023 she was a fellow of OTF's Information Controls Fellowship programm (ICFP).
    In collaboration with Censored Planet she worked on techniques for the detection of large-scale HTTPS Interception attacks, focusing on Russia. More... 
    Final Report...

Room IZ 248
a.dirksen[at]tu-braunschweig.de
+49 531/391-2270

PUBLICATIONS

The Importance of Being Earnest: Shedding Light on Johnny’s (False) Sense of Privacy
Wirawan Agahari , Alexandra Dirksen, Martin Johns, Mark de Reuver, Tobias Fiebig
(To appear) Proceedings of the IEEE Symposium on Security and Privacy (S&P'25)

Don't Patch the Researcher, Patch the Game: A Systematic Approach for Responsible Research via Federated Ethics Boards
Alexandra Dirksen, Sebastian Giessler, Hendrik Erz, Martin Johns, Tobias Fiebig
Proceedings of the New Security Paradigms Workshop (NSPW'24).

Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom 
(Best Practical Award, FOCI'24)

Reethika Ramesh, Ram Sundara Raman, Apurva Virkud, Alexandra Dirksen, Armin Huremagic, David Fifield Dirk Rodenburg, Rod Hynes, Doug Madory, Roya Ensafi
Proc. of the 32rd USENIX Security Symposium  (USENIX'23)

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)

Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20)

TALKS & PANELS

The Internet as a Critical Infrastructure [Slides] [Video]
▪ European Dialog on Internet Govenance 2023 | (virtual)

The Russian Conflict and its Impact on the Global Internet [Abstract]
▪ Critical Infrastructure Lab 2023| Launch Event | Amsterdam (NL)
▪ Splinter Con 2024 | Brussels (BEL)

Taming Rouge Ethics: The Case for a Unified and Fair IRB Procedure  [Abstract]
▪ Revaluing European Research Infrastructures Workshop 2023 | University of Vienna (AUT)

Integrating Ethics: Panel Discussion about Ethical Oversight in Computer Science
▪ STS-hub Germany 2023 | Circulations 

LogPicker: Strengthening Certificate Transparency against Covert Adversaries 
▪ PETS 2021, Gather.town (virtual) [Slides]
▪ IETF 116, 2021, PEARG (virtual)

Towards enabling Secure Web-Based Cloud Services using Client-Side Encryption 
▪ CCSW 2021, Gather.town (virtual) [Slides]

A Blockchain Picture Book 
▪ 35C3 2018, Leipzig, Germany [Video] 
▪ DMZ Europe 2018, Stuttgart, Germany [Slides]

PRESS, REPORTS & MISC.

The Threat of State-Level Surveillance Using HTTPS Interception 
▪ Report | Open Technology Fund , April 2025 | English | File

Responsible research - A systematic approach to strengthening ethical standards in information technology 
▪ Press | Magazin TU Braunschweig, March 2025 | English | Deutsch

Sichere Datenübertragung und wie autoritäre Staaten sie unterwandern (können)
▪ Interview, Podcast | Informatik für die moderne Hausfrau, August 2024 | Deutsch 

Information security during warConsequences of the Ukraine war for internet use
▪ Press | Magazin TU Braunschweig, August 2023 | English | Deutsch

SUPERVISED THESES (finished)

Self Empowerment - Browser Extension for Detection of HTTPS Interception

Bachelor's Thesis by Anna Sack

Security protocols such as HTTPS and TLS, in combination with the Public Key Infrastructure (PKI), ensure the integrity, authenticity, and confidentiality of messages sent over the internet, protecting against man-in-the-middle attacks. The security industry also utilises proxies to analyse the HTTP plaintext of users for malicious code. This is done through a technique called HTTPS interception, which involves terminating the TLS session initiated by the user, issuing a new certificate for the intercepted domain, and initiating a new connection to the server with the newly issued certificate. Although HTTPS interception was originally intended for good purposes, it can also be used maliciously by powerful actors such as governments. In order to carry out large scale interceptions, the interceptors require control over the ISPs that route the traffic they want to intercept, control over a certificate authority that can issue the necessary certificates for re-encryption of terminated TLS sessions, and a browser that accepts those certificates. It is important to note that the use of trusted certificates means that no warning is shown in the browser, making the attack extremely difficult to detect.

This thesis presents a browser extension designed to detect possible HTTPS interception in users’ browsers. The extension provides a color-based detection system, as no proper distributed detection mechanism currently exists and HTTPS interceptions are difficult to identify. Once installed, the extension displays four different colors. When no information is available, the color grey is displayed. Green indicates that everything is fine, yellow indicates suspicion, and red indicates that an HTTPS interception has most likely occurred. To make this work, we receive two certificates: one from the user’s browser and one from the server that the domain is on. If these certificates differ, the color red or yellow is displayed, depending on the severity of the differences.The extension was tested on the top 200 CloudRadar domains worldwide. The results showed that 94.3% of the domains were secure, excluding the unreachable ones. Further analysis of the remaining domains revealed that the differences were mostly harmless.

Practical feasibility evaluation of a large-scale browser-assisted HTTPS Interception Attack

Bachelor's Thesis by Linus Kämmerer

Man-in-the-middle attackers impersonate as the genuine communication partner. To protect traffic form such attacks, encryption in the form of TLS/HTTPS gained popular- ity in the last decade. However, HTTPS interceptions still allow the eavesdropping of encrypted communication. By issuing forged certificates for the requested domains on the fly, the proxy conducting the interception is able to decrypt and re-encrpyt the traffic while having access to the plaintext. HTTPS interceptions are sometimes used in coop- erate networks for Deep Packet Inspection, but are also used as attack by nation states in terms of surveillance of their population. However, previous attacks always came to light rather early, and the corresponding root Certificate Authorities (CAs) used to sign the forged certificates were banned by browser vendors.
In this bachelor thesis, we consider an attack model where an attacker in the form of a nation state controls one specific browser implementation and multiple ISPs. This allows them to conduct a large scale HTTPS interception. By introducing the concept of a conditional HTTPS interception using TLS fingerprinting, the attacker can infer the type of a client before answering its TLS handshake, allowing them to only intercept connections originating from the controlled browser implementation. Thereby, the controlled browser assists the interception by explicitly trusting the forged root CA of the proxy. In- tercepting only a part of the connections avoids that HTTPS warnings are shown to users of other, non-controlled browsers and prevents their browser vendors from hindering the attack. Additionally, recreating certificate chains and letting our proxy behave more similar to client and server makes our interception harder to detect than traditional HTTPS interceptions. Furthermore, we discuss the use case of throttling to covertly motivate users to switch from others browser to the controlled browser, increasing the amount of people that can be surveiled. To evaluate the feasibility of the attack, we explain our implementation of a conditional HTTPS interception proxy and perform various experiments showcasing eavesdropping and modifying payload as well as throttling and performance measurements. Finally, we discuss various detection mechanisms like TCP SYN tests, User-Agent/TLS fingerprint mismatch and client-side in-browser certificate verification.

Native Cookie Consent: Towards User Consent Enforcement on the Browser-Side

Master's Thesis by Robin Heinbockel

The General Data Protection Regulation (GDPR) forms the legal basis for processing personal data of website users. There is a multitude of consent request implementations that are embedded in websites because website providers have to ask for consent before processing the user’s data since the GDPR came into effect in 2018. We present flaws in current implementations and derive goals towards user privacy and usability from the GDPR and related research.
We propose a shift of the consent implementation from the website to the browser for increased privacy control on the client’s side, called Native Cookie Consent (NCC). That means the browser is responsible for showing the consent dialog in a native window and executing the user’s preferences afterwards. NCC also includes a protocol to transmit cookie policies and the user’s preferences separate from the website content.

With our prototype implementation, we show that NCC has benefits over existing consent implementations: Authorities have to control a fraction of instances with an imple- mentation in the most popular browsers compared to the amount of website providers that currently provide the consent interface. Website providers and third parties have to disclose purposes for processing in their cookie policy and the user can choose their degree of consent per individual purpose and party. The browser blocks cookies that do not comply with the user’s consent preferences – and it blocks all cookies before the user expressed consent. Dark patterns in design and wording can be prevented with NCC through balanced design and plain language. We analyze the prototype in terms of functionality and usability and discuss extensions to further improve the implementation, including default settings to avoid the necessity to express the same preferences for each website. We conclude that NCC offers privacy and usability improvements compared to other GDPR consent request implementations.

Practical evaluation of client-side encryption using CryptoMembranes

Bachelor's Thesis by Minela Becirovic

In recent years, data privacy and the usage of privacy-conscious applications have gained significant importance. One example for this is the surge in popularity that the en- crypted messaging app “Signal” has experienced after Edward Snowden’s disclosures. With the implementation of security features like end-to-end encryption (E2EE), applications like “Signal” offer strong security guarantees for their end users. The growing demand puts other software developers under increasing pressure to also implement such security features. Due to this, applications like “Zoom” or Google’s “Messages” are also starting to offer E2EE to meet the rising demand and still be seen as “secure”.

In contrast to desktop or mobile applications, web-based applications are struggling to adopt client-side encryption due to various limitations. In order to dynamically display different data as needed, the server-side reloads the code repeatedly. Therefore, the web application is constantly changed. Encrypting the data afterwards could affect the func- tionality of the web application. In some cases, even web application vendors don’t offer client-side encryption and only store the user data on their servers in encrypted form. This can pose a risk to the user data when JavaScript comes into play.

Web technologies such as HTML and JavaScript are used within web browsers to implement the user interface. This usage enables the execution of malicious JavaScript code on the client-side where confidential data of the user resides unencrypted. Therefore a potential adversary can use this to access this data without the user’s knowledge or consent. One approach to deal with this issue is the idea of “CryptoMembranes” (CM). With the concept of CM, a new type of DOM/HTML element that enables native encryption on the client-side gets introduced. By maintaining an encrypted and decrypted representation of confidential data, the concept aims to provide strong protection against active JavaScript attacks. As a result, only the user has access to the decrypted representation of the confidential data. This new type of DOM/HTML element can be included in any web application just like the standardized DOM/HTML elements.

Security Assessment and Evaluation of Cloud Key Management Service Providers

Master's Thesis by Julius Platon

Cloud infrastructures, platforms, and services remain popular targets for attackers. In particular, public clouds are attractive due to their highly available and distributed nature. Within modern cloud and web-based applications, the need for secure storage of credentials such as cryptographic primitives and certificates grows. The responsibility for the protection and storage of such credentials implies a high complexity burden on the development process and an inherent fault-proneness. Recent cloud and development trends revolve around key management services (KMS), which are able to store credentials and provide high-level interfaces for clients. A primary target group of KMS is software developers, in order to relieve them from the large security burden of key storage and management.

KMS commonly utilize sophisticated hardware components, such as hardware security modules (HSM), in order to protect credentials such as cryptographic key material. The responsibility to protect credentials and remain available within heterogeneous cloud environments shifts the complexity burden from developers to cloud and KMS providers. The sensitive nature of KMS makes them highly attractive targets for attackers. Therefore, this thesis presents a threat model and a subsequent case study of four selected KMS solutions, namely Google KMS, AWS KMS, Azure Key Vault, and HashiCorp Vault. Within the threat model, occurring attacker types are presented and analyzed. As preliminaries of the threat model, the infrastructure, actors, and assets related to KMS are described. The threat model is complemented by the implementation of a prototype application for each KMS, in order to analyze insides such as security protocol details. After threat modeling, implementation, and elaboration of mitigations, an overview of results and a comparison of the selected KMS solutions follows. During the conclusion section, the contribution and future work are covered. Eventually, the output and key takeaways of the research are described.

LogPicker: Byzantine Fault Tolerant Log Selection for Certificate Transparency

Master's Thesis by Tilman Stehr

Certificate Transparency (CT) is an extension to the web’s PKI that allows insight into the issuance of
TLS certificates by introducing public append-only logs, in which all certificates must be included.
Currently, CT can be circumvented by an attacker controlling a CA and several CT logs. We present
an attacker model for this attacker and derive security goals from it. Additionally, we derive design
goals from a review of related work.
We introduce LogPicker, which improves CT’s security by involving multiple logs in the logging of a
certificate. The logs use a distributed randomness protocol to unpredictably chose the log that is to
include the certificate. They generate proof of LogPicker’s execution with an aggregate signature
scheme.
An analysis LogPicker and related protocols to determine the probability of correctness depending
on the number of logs and the trust in each log is presented. The analysis shows that LogPicker can
significantly improve trust in the web’s PKI. Tests with a prototype implementation indicate that
LogPicker has reasonable performance, scalability, and failure tolerance.
We conclude that LogPicker constitutes a useful addition to CT that can be realistically implemented.
Further research into LogPicker is recommended, we suggest formal verification of the protocol
and expansion of the prototype implementation.

Research Community Engagement

Year Activity Venue(s)
2025 Local Chair New Security Paradigms Workshop
2024 Post-Shepherding New Security Paradigms Workshop
Since 2018 Sub-Reviewing S&P, NDSS, WebConf, ACSAC, ARES, Euro S&P, CODASPY, SAC

TEACHING ASSISTANT

Year Semester Name
24/25 WS Anwendungssicherheit (Seminar)
    Einführung in die IT-Sicherheit
2024 SS Anwendungssicherheit (Seminar)
2022 SS Anwendungssicherheit (Seminar)
21/22 WS Programmieren 1 (Seminar)
Anwendungssicherheit(Seminar)
2021 SS Anwendungssicherheit (Seminar)
20/21 WS Anwendungssicherheit (Seminar)
TEAM: MTG Scanner, Lego@Space²
2020 SS Anwendungssicherheit (Seminar)
SEP: IAS_CONTENT0
19/20 WS Anwendungssicherheit (Seminar)
Projektarbeit: Lego@Space
18/19 WS Anwendungssicherheit (Seminar)
Photo credits on this page

For All Visitors

Vacancies of TU Braunschweig
Career Service' Job Exchange 
Merchandising

For Students

Term Dates
Courses
Degree Programmes
Information for Freshman
TUCard

Internal Tools

Glossary (GER-EN)
Change your Personal Data

Contact

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig

P. O. Box: 38092 Braunschweig
GERMANY

Phone: +49 (0) 531 391-0

Getting here

© Technische Universität Braunschweig
Legal Notice Privacy Accessibility

TU Braunschweig uses the software Matomo for anonymised web analysis. The data serve to optimise the web offer.
You can find more information in our data protection declaration.