Technische Universität Braunschweig
  • Studium & Lehre
    • Vor dem Studium
      • Informationen für Studieninteressierte
      • Studiengänge von A-Z
      • Bewerbung
      • Fit4TU - Self-Assessment
      • Beratungsangebote für Studieninteressierte
      • Warum Braunschweig?
    • Im Studium
      • Erstsemester-Hub
      • Semestertermine
      • Lehrveranstaltungen
      • Studien-ABC
      • Studienorganisation
      • Beratungsnavi
      • Zusatzqualifikationen
      • Finanzierung und Kosten
      • Besondere Studienbedingungen
      • Gesundheit & Wohlbefinden
      • Campusleben
    • Nach dem Studium
      • Exmatrikulation und Vorlegalisation
      • Nach dem Abschluss
      • Alumni*ae
    • Strategien und Qualitätsmanagement
      • Qualitätsmanagement
      • Systemakkreditierung
      • Studienqualitätsmittel
      • TU Lehrpreis
    • Für Lehrende
      • Informationen für Lehrende
      • Konzepte
      • Lernmanagementsystem Stud.IP
    • Kontakt
      • Studienservice-Center
      • Sag's uns - in Studium und Lehre
      • Zentrale Studienberatung
      • Immatrikulationsamt
      • Abteilung 16 - Studium und Lehre
      • Career Service
      • Projekthaus
  • Forschung
    • Forschungsprofil
      • Forschungsschwerpunkte
      • Exzellenzcluster der TU Braunschweig
      • Forschungsprojekte
      • Forschungszentren
      • Forschungsprofile der Professuren
    • Frühe Karrierephase
      • Förderung in den frühen Phasen der wissenschaftlichen Karriere
      • Promotion
      • Postdocs
      • Nachwuchsgruppenleitung
      • Junior Professur und Tenure-Track
      • Habilitation
      • Service-Angebote für Wissenschaftler*innen
    • Forschungsdaten & Transparenz
      • Transparenz in der Forschung
      • Forschungsdaten
      • Open Access Strategie
      • Digitale Forschungsanzeige
    • Forschungsförderung
      • Netzwerk Forschungsförderung
      • Datenbanken und Stiftungen
    • Kontakt
      • Forschungsservice
      • Graduiertenakademie
  • International
    • Internationale Studierende
      • Warum Braunschweig?
      • Studium mit Abschluss
      • Austauschstudium
      • TU Braunschweig Summer School
      • Geflüchtete
      • International Student Support
      • International Career Service
    • Wege ins Ausland
      • Studium im Ausland
      • Praktikum im Ausland
      • Lehren und Forschen im Ausland
      • Arbeiten im Ausland
    • Internationale Forschende
      • Welcome Support for International Researchers
      • Service für gastgebende Einrichtungen
    • Sprachen und interkulturelle Kompetenzvermittlung
      • Deutsch lernen
      • Fremdsprachen lernen
      • Interkulturelle Kompetenzvermittlung
    • Internationales Profil
      • Internationalisierung
      • Internationale Kooperationen
      • Strategische Partnerschaften
      • Internationale Netzwerke
    • International House
      • Wir über uns
      • Kontakt & Sprechstunden
      • Aktuelles und Termine
      • International Days
      • 5. Studentische Konferenz: Internationalisierung der Hochschulen
      • Newsletter, Podcast & Videos
      • Stellenausschreibungen
  • Die TU Braunschweig
    • Unser Profil
      • Ziele & Werte
      • Ordnungen und Leitlinien
      • Allianzen & Partner
      • Hochschulentwicklung 2030
      • Internationale Strategie
      • Fakten & Zahlen
      • Unsere Geschichte
    • Karriere
      • Arbeiten an der TU
      • Stellenmarkt
      • Berufsausbildung an der TU
    • Wirtschaft & Unternehmen
      • Unternehmensgründung
      • Freunde & Förderer
    • Öffentlichkeit
      • Veranstaltungskalender
      • Check-in für Schüler*innen
      • Hochschulinformationstag (HIT)
      • CampusXperience
      • Kinder-Uni
      • Das Studierendenhaus
      • Gasthörer*innen & Senior*innenstudium
      • Nutzung der Universitätsbibliothek
    • Presse & Kommunikation
      • Stabsstelle Presse und Kommunikation
      • Medienservice
      • Ansprechpartner*innen
      • Tipps für Wissenschaftler*innen
      • Themen und Stories
    • Kontakt
      • Allgemeiner Kontakt
      • Anreise
      • Für Hinweisgeber
  • Struktur
    • Leitung & Verwaltung
      • Das Präsidium
      • Stabsstellen
      • Verwaltung
      • Organe, Statusgruppen und Kommissionen
    • Fakultäten
      • Carl-Friedrich-Gauß-Fakultät
      • Fakultät für Lebenswissenschaften
      • Fakultät Architektur, Bauingenieurwesen und Umweltwissenschaften
      • Fakultät für Maschinenbau
      • Fakultät für Elektrotechnik, Informationstechnik, Physik
      • Fakultät für Geistes- und Erziehungswissenschaften
    • Institute
      • Institute von A-Z
    • Einrichtungen
      • Universitätsbibliothek
      • Gauß-IT-Zentrum
      • Zentrale Personalentwicklung
      • International House
      • Projekthaus
      • Transferservice
      • Hochschulsportzentrum
      • Einrichtungen von A-Z
    • Studierendenschaft
      • Studierendenparlament
      • Fachschaften
      • Studentische Wahlen
    • Lehrer*innenbildung
      • Lehrer*innenfortbildung
      • Forschung
    • Chancengleichheit
      • Gleichstellung
      • Familie
      • Diversität
    • Kontakt
      • Personensuche
  • Suche
  • Schnellzugriff
    • Personensuche
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Mensa
    • TUconnect (Studierendenportal)
    • Lehrveranstaltungen
    • Im Notfall
    • Stud.IP
    • UB Katalog
    • Status GITZ-Dienste
    • Störungsmeldung GB3
    • IT Dienste
    • Informationsportal (Beschäftigte)
    • Beratungsnavi
    • Linksammlung
    • DE
    • EN
    • Instagram
    • YouTube
    • LinkedIn
    • Mastodon
    • Bluesky
Menü
  • Struktur
  • Fakultäten
  • Carl-Friedrich-Gauß-Fakultät
  • Institute
  • Institut für Anwendungssicherheit
  • Team
Logo Institut für Anwendungssicherheit der TU Braunschweig
Alexandra Dirksen
  • Team
    • Prof. Dr. Martin Johns
    • Alexandra Dirksen
    • Jan Niklas Drescher
    • Jannik Hartung
    • Tobias Jost
    • Manuel Karl
    • Robin Kirchner
    • David Klein
    • Malte Wessels

Alexandra Dirksen

Alexandra Dirksen

Alexandra Dirksen is a PhD Candidate at TU Braunschweig/IAS. She is currently working in the field of Web Security & Privacy, focused on Web PKI and Large Scale Adversaries. Further, she is interested on ethical aspects of Computer Science Research.

Recent activities:

  • In 2024 she was the leading part of an interdisciplinary project, that works on new procedures for the integration of ethical reviewing in Computer Science. More...
  • During the year 2023 she was a fellow of OTF's Information Controls Fellowship programm (ICFP).
    In collaboration with Censored Planet she worked on techniques for the detection of large-scale HTTPS Interception attacks, focusing on Russia. More... 
    Final Report...

Room IZ 248
a.dirksen[at]tu-braunschweig.de
+49 531/391-2270

PUBLICATIONS

The Importance of Being Earnest: Shedding Light on Johnny’s (False) Sense of Privacy
Wirawan Agahari , Alexandra Dirksen, Martin Johns, Mark de Reuver, Tobias Fiebig
(To appear) Proceedings of the IEEE Symposium on Security and Privacy (S&P'25)

Don't Patch the Researcher, Patch the Game: A Systematic Approach for Responsible Research via Federated Ethics Boards
Alexandra Dirksen, Sebastian Giessler, Hendrik Erz, Martin Johns, Tobias Fiebig
Proceedings of the New Security Paradigms Workshop (NSPW'24).

Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom 
(Best Practical Award, FOCI'24)

Reethika Ramesh, Ram Sundara Raman, Apurva Virkud, Alexandra Dirksen, Armin Huremagic, David Fifield Dirk Rodenburg, Rod Hynes, Doug Madory, Roya Ensafi
Proc. of the 32rd USENIX Security Symposium  (USENIX'23)

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)

Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20)

TALKS & PANELS

The Internet as a Critical Infrastructure [Slides] [Video]
▪ European Dialog on Internet Govenance 2023 | (virtual)

The Russian Conflict and its Impact on the Global Internet [Abstract]
▪ Critical Infrastructure Lab 2023| Launch Event | Amsterdam (NL)
▪ Splinter Con 2024 | Brussels (BEL)

Taming Rouge Ethics: The Case for a Unified and Fair IRB Procedure  [Abstract]
▪ Revaluing European Research Infrastructures Workshop 2023 | University of Vienna (AUT)

Integrating Ethics: Panel Discussion about Ethical Oversight in Computer Science
▪ STS-hub Germany 2023 | Circulations 

LogPicker: Strengthening Certificate Transparency against Covert Adversaries 
▪ PETS 2021, Gather.town (virtual) [Slides]
▪ IETF 116, 2021, PEARG (virtual)

Towards enabling Secure Web-Based Cloud Services using Client-Side Encryption 
▪ CCSW 2021, Gather.town (virtual) [Slides]

A Blockchain Picture Book 
▪ 35C3 2018, Leipzig, Germany [Video] 
▪ DMZ Europe 2018, Stuttgart, Germany [Slides]

PRESS, REPORTS & MISC.

The Threat of State-Level Surveillance Using HTTPS Interception 
▪ Report | Open Technology Fund , April 2025 | English | File

Responsible research - A systematic approach to strengthening ethical standards in information technology 
▪ Press | Magazin TU Braunschweig, March 2025 | English | Deutsch

Sichere Datenübertragung und wie autoritäre Staaten sie unterwandern (können)
▪ Interview, Podcast | Informatik für die moderne Hausfrau, August 2024 | Deutsch 

Information security during warConsequences of the Ukraine war for internet use
▪ Press | Magazin TU Braunschweig, August 2023 | English | Deutsch

SUPERVISED THESES (finished)

Self Empowerment - Browser Extension for Detection of HTTPS Interception

Bachelor's Thesis by Anna Sack

Security protocols such as HTTPS and TLS, in combination with the Public Key Infrastructure (PKI), ensure the integrity, authenticity, and confidentiality of messages sent over the internet, protecting against man-in-the-middle attacks. The security industry also utilises proxies to analyse the HTTP plaintext of users for malicious code. This is done through a technique called HTTPS interception, which involves terminating the TLS session initiated by the user, issuing a new certificate for the intercepted domain, and initiating a new connection to the server with the newly issued certificate. Although HTTPS interception was originally intended for good purposes, it can also be used maliciously by powerful actors such as governments. In order to carry out large scale interceptions, the interceptors require control over the ISPs that route the traffic they want to intercept, control over a certificate authority that can issue the necessary certificates for re-encryption of terminated TLS sessions, and a browser that accepts those certificates. It is important to note that the use of trusted certificates means that no warning is shown in the browser, making the attack extremely difficult to detect.

This thesis presents a browser extension designed to detect possible HTTPS interception in users’ browsers. The extension provides a color-based detection system, as no proper distributed detection mechanism currently exists and HTTPS interceptions are difficult to identify. Once installed, the extension displays four different colors. When no information is available, the color grey is displayed. Green indicates that everything is fine, yellow indicates suspicion, and red indicates that an HTTPS interception has most likely occurred. To make this work, we receive two certificates: one from the user’s browser and one from the server that the domain is on. If these certificates differ, the color red or yellow is displayed, depending on the severity of the differences.The extension was tested on the top 200 CloudRadar domains worldwide. The results showed that 94.3% of the domains were secure, excluding the unreachable ones. Further analysis of the remaining domains revealed that the differences were mostly harmless.

Practical feasibility evaluation of a large-scale browser-assisted HTTPS Interception Attack

Bachelor's Thesis by Linus Kämmerer

Man-in-the-middle attackers impersonate as the genuine communication partner. To protect traffic form such attacks, encryption in the form of TLS/HTTPS gained popular- ity in the last decade. However, HTTPS interceptions still allow the eavesdropping of encrypted communication. By issuing forged certificates for the requested domains on the fly, the proxy conducting the interception is able to decrypt and re-encrpyt the traffic while having access to the plaintext. HTTPS interceptions are sometimes used in coop- erate networks for Deep Packet Inspection, but are also used as attack by nation states in terms of surveillance of their population. However, previous attacks always came to light rather early, and the corresponding root Certificate Authorities (CAs) used to sign the forged certificates were banned by browser vendors.
In this bachelor thesis, we consider an attack model where an attacker in the form of a nation state controls one specific browser implementation and multiple ISPs. This allows them to conduct a large scale HTTPS interception. By introducing the concept of a conditional HTTPS interception using TLS fingerprinting, the attacker can infer the type of a client before answering its TLS handshake, allowing them to only intercept connections originating from the controlled browser implementation. Thereby, the controlled browser assists the interception by explicitly trusting the forged root CA of the proxy. In- tercepting only a part of the connections avoids that HTTPS warnings are shown to users of other, non-controlled browsers and prevents their browser vendors from hindering the attack. Additionally, recreating certificate chains and letting our proxy behave more similar to client and server makes our interception harder to detect than traditional HTTPS interceptions. Furthermore, we discuss the use case of throttling to covertly motivate users to switch from others browser to the controlled browser, increasing the amount of people that can be surveiled. To evaluate the feasibility of the attack, we explain our implementation of a conditional HTTPS interception proxy and perform various experiments showcasing eavesdropping and modifying payload as well as throttling and performance measurements. Finally, we discuss various detection mechanisms like TCP SYN tests, User-Agent/TLS fingerprint mismatch and client-side in-browser certificate verification.

Native Cookie Consent: Towards User Consent Enforcement on the Browser-Side

Master's Thesis by Robin Heinbockel

The General Data Protection Regulation (GDPR) forms the legal basis for processing personal data of website users. There is a multitude of consent request implementations that are embedded in websites because website providers have to ask for consent before processing the user’s data since the GDPR came into effect in 2018. We present flaws in current implementations and derive goals towards user privacy and usability from the GDPR and related research.
We propose a shift of the consent implementation from the website to the browser for increased privacy control on the client’s side, called Native Cookie Consent (NCC). That means the browser is responsible for showing the consent dialog in a native window and executing the user’s preferences afterwards. NCC also includes a protocol to transmit cookie policies and the user’s preferences separate from the website content.

With our prototype implementation, we show that NCC has benefits over existing consent implementations: Authorities have to control a fraction of instances with an imple- mentation in the most popular browsers compared to the amount of website providers that currently provide the consent interface. Website providers and third parties have to disclose purposes for processing in their cookie policy and the user can choose their degree of consent per individual purpose and party. The browser blocks cookies that do not comply with the user’s consent preferences – and it blocks all cookies before the user expressed consent. Dark patterns in design and wording can be prevented with NCC through balanced design and plain language. We analyze the prototype in terms of functionality and usability and discuss extensions to further improve the implementation, including default settings to avoid the necessity to express the same preferences for each website. We conclude that NCC offers privacy and usability improvements compared to other GDPR consent request implementations.

Practical evaluation of client-side encryption using CryptoMembranes

Bachelor's Thesis by Minela Becirovic

In recent years, data privacy and the usage of privacy-conscious applications have gained significant importance. One example for this is the surge in popularity that the en- crypted messaging app “Signal” has experienced after Edward Snowden’s disclosures. With the implementation of security features like end-to-end encryption (E2EE), applications like “Signal” offer strong security guarantees for their end users. The growing demand puts other software developers under increasing pressure to also implement such security features. Due to this, applications like “Zoom” or Google’s “Messages” are also starting to offer E2EE to meet the rising demand and still be seen as “secure”.

In contrast to desktop or mobile applications, web-based applications are struggling to adopt client-side encryption due to various limitations. In order to dynamically display different data as needed, the server-side reloads the code repeatedly. Therefore, the web application is constantly changed. Encrypting the data afterwards could affect the func- tionality of the web application. In some cases, even web application vendors don’t offer client-side encryption and only store the user data on their servers in encrypted form. This can pose a risk to the user data when JavaScript comes into play.

Web technologies such as HTML and JavaScript are used within web browsers to implement the user interface. This usage enables the execution of malicious JavaScript code on the client-side where confidential data of the user resides unencrypted. Therefore a potential adversary can use this to access this data without the user’s knowledge or consent. One approach to deal with this issue is the idea of “CryptoMembranes” (CM). With the concept of CM, a new type of DOM/HTML element that enables native encryption on the client-side gets introduced. By maintaining an encrypted and decrypted representation of confidential data, the concept aims to provide strong protection against active JavaScript attacks. As a result, only the user has access to the decrypted representation of the confidential data. This new type of DOM/HTML element can be included in any web application just like the standardized DOM/HTML elements.

Security Assessment and Evaluation of Cloud Key Management Service Providers

Master's Thesis by Julius Platon

Cloud infrastructures, platforms, and services remain popular targets for attackers. In particular, public clouds are attractive due to their highly available and distributed nature. Within modern cloud and web-based applications, the need for secure storage of credentials such as cryptographic primitives and certificates grows. The responsibility for the protection and storage of such credentials implies a high complexity burden on the development process and an inherent fault-proneness. Recent cloud and development trends revolve around key management services (KMS), which are able to store credentials and provide high-level interfaces for clients. A primary target group of KMS is software developers, in order to relieve them from the large security burden of key storage and management.

KMS commonly utilize sophisticated hardware components, such as hardware security modules (HSM), in order to protect credentials such as cryptographic key material. The responsibility to protect credentials and remain available within heterogeneous cloud environments shifts the complexity burden from developers to cloud and KMS providers. The sensitive nature of KMS makes them highly attractive targets for attackers. Therefore, this thesis presents a threat model and a subsequent case study of four selected KMS solutions, namely Google KMS, AWS KMS, Azure Key Vault, and HashiCorp Vault. Within the threat model, occurring attacker types are presented and analyzed. As preliminaries of the threat model, the infrastructure, actors, and assets related to KMS are described. The threat model is complemented by the implementation of a prototype application for each KMS, in order to analyze insides such as security protocol details. After threat modeling, implementation, and elaboration of mitigations, an overview of results and a comparison of the selected KMS solutions follows. During the conclusion section, the contribution and future work are covered. Eventually, the output and key takeaways of the research are described.

LogPicker: Byzantine Fault Tolerant Log Selection for Certificate Transparency

Master's Thesis by Tilman Stehr

Certificate Transparency (CT) is an extension to the web’s PKI that allows insight into the issuance of
TLS certificates by introducing public append-only logs, in which all certificates must be included.
Currently, CT can be circumvented by an attacker controlling a CA and several CT logs. We present
an attacker model for this attacker and derive security goals from it. Additionally, we derive design
goals from a review of related work.
We introduce LogPicker, which improves CT’s security by involving multiple logs in the logging of a
certificate. The logs use a distributed randomness protocol to unpredictably chose the log that is to
include the certificate. They generate proof of LogPicker’s execution with an aggregate signature
scheme.
An analysis LogPicker and related protocols to determine the probability of correctness depending
on the number of logs and the trust in each log is presented. The analysis shows that LogPicker can
significantly improve trust in the web’s PKI. Tests with a prototype implementation indicate that
LogPicker has reasonable performance, scalability, and failure tolerance.
We conclude that LogPicker constitutes a useful addition to CT that can be realistically implemented.
Further research into LogPicker is recommended, we suggest formal verification of the protocol
and expansion of the prototype implementation.

Research Community Engagement

Year Activity Venue(s)
2025 Local Chair New Security Paradigms Workshop
2024 Post-Shepherding New Security Paradigms Workshop
Since 2018 Sub-Reviewing S&P, NDSS, WebConf, ACSAC, ARES, Euro S&P, CODASPY, SAC

TEACHING ASSISTANT

Year Semester Name
24/25 WS Anwendungssicherheit (Seminar)
    Einführung in die IT-Sicherheit
2024 SS Anwendungssicherheit (Seminar)
2022 SS Anwendungssicherheit (Seminar)
21/22 WS Programmieren 1 (Seminar)
Anwendungssicherheit(Seminar)
2021 SS Anwendungssicherheit (Seminar)
20/21 WS Anwendungssicherheit (Seminar)
TEAM: MTG Scanner, Lego@Space²
2020 SS Anwendungssicherheit (Seminar)
SEP: IAS_CONTENT0
19/20 WS Anwendungssicherheit (Seminar)
Projektarbeit: Lego@Space
18/19 WS Anwendungssicherheit (Seminar)
Bildnachweise dieser Seite

Für alle

Stellen der TU Braunschweig
Jobbörse des Career Service
Merchandising
Sponsoring- & Spendenleistungen
Drittmittelgeförderte Forschungsprojekte
Vertrauenspersonen für Hinweisgeber

Für Studierende

Semestertermine
Lehrveranstaltungen
Studiengänge von A-Z
Informationen für Erstsemester
TUCard

Interne Tools

Status GITZ-Dienste
Handbuch für TYPO3 (Intern)
Corporate Design-Toolbox (Intern)
Glossar (DE-EN)
Meine Daten ändern
Hochschulöffentliche Bekanntmachungen

Kontakt

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
Postfach: 38092 Braunschweig
Telefon: +49 (0) 531 391-0

Anreise

© Technische Universität Braunschweig
Impressum Datenschutz Barrierefreiheit

Zur anonymisierten Reichweitenmessung nutzt die TU Braunschweig die Software Matomo. Die Daten dienen dazu, das Webangebot zu optimieren.
Weitere Informationen finden Sie in unserer Datenschutzerklärung.