Technische Universität Braunschweig
  • Studium & Lehre
    • Vor dem Studium
      • Informationen für Studieninteressierte
      • Studiengänge von A-Z
      • Bewerbung
      • Fit4TU - Self-Assessment
      • Beratungsangebote für Studieninteressierte
      • Warum Braunschweig?
    • Im Studium
      • Erstsemester-Hub
      • Semestertermine
      • Lehrveranstaltungen
      • Informationen für Erstsemester
      • Studien-ABC
      • Studienorganisation
      • Beratungsnavi
      • Zusatzqualifikationen
      • Finanzierung und Kosten
      • Besondere Studienbedingungen
      • Hinweise zum Coronavirus
      • Gesundheit & Wohlbefinden
      • Campusleben
    • Nach dem Studium
      • Exmatrikulation und Vorlegalisation
      • Nach dem Abschluss
      • Alumni
    • Strategien und Qualitätsmanagement
      • Strategiepapiere für Studium und Lehre
      • Studienqualitätsmittel
      • Studiengangsentwicklung
      • Qualitätsmanagement
      • Rechtliche Grundlagen
    • Für Lehrende
      • Informationen für Lehrende
      • Lernmanagementsystem Stud.IP
      • Lehre und Medienbildung
    • Kontakt
      • Studienservice-Center
      • Sag's uns - in Studium und Lehre
      • Zentrale Studienberatung
      • Immatrikulationsamt
      • Abteilung 16 - Studium und Lehre
      • Career Service
      • Projekthaus
  • Forschung
    • Forschungsprofil
      • Forschungsschwerpunkte
      • Exzellenzcluster
      • Forschungsprojekte
      • Forschungszentren
      • Forschungsprofile der Professuren
    • Wissenschaftlicher Nachwuchs
      • Förderung des wissenschaftlichen Nachwuchs
      • Promotion
      • Postdocs
      • Nachwuchsgruppenleitung
      • Junior Professur und Tenure-Track
      • Habilitation
      • Service-Angebote für Wissenschaftler*innen
    • Forschungsdaten & Transparenz
      • Transparenz in der Forschung
      • Forschungsdaten
      • Open Access Strategie
      • Digitale Forschungsanzeige
    • Forschungsförderung
      • Netzwerk Forschungsförderung
      • Datenbanken und Stiftungen
    • Kontakt
      • Forschungsservice
      • Graduiertenakademie
  • International
    • Internationale Studierende
      • Warum Braunschweig?
      • Studium mit Abschluss
      • Austauschstudium
      • TU Braunschweig Summer School
      • Geflüchtete
      • International Student Support
    • Wege ins Ausland
      • Studium im Ausland
      • Praktikum im Ausland
      • Lehren und Forschen im Ausland
      • Arbeiten im Ausland
    • Internationale Wissenschaftler*innen
      • Internationale Postdocs und Professor*innen
      • Internationale Promovierende
      • Service für gastgebende Einrichtungen
    • Sprachen und interkulturelle Kompetenzvermittlung
      • Deutsch lernen
      • Fremdsprachen lernen
      • Interkulturelle Kompetenzvermittlung
    • Internationales Profil
      • Internationalisierung
      • Internationale Kooperation
    • International House
      • Wir über uns
      • Kontakt & Sprechstunden
      • Aktuelles und Termine
      • Newsletter, Podcast & Videos
      • Stellenausschreibungen
  • Die TU Braunschweig
    • Unser Profil
      • Ziele & Werte
      • Ordnungen und Leitlinien
      • Allianzen & Partner
      • Die Initiative Hochschulentwicklung 2030
      • Internationale Strategie
      • Fakten & Zahlen
      • Unsere Geschichte
    • Karriere
      • Arbeiten an der TU
      • Stellenmarkt
      • Berufsausbildung an der TU
    • Wirtschaft & Unternehmen
      • Unternehmensgründung
      • Freunde & Förderer
    • Öffentlichkeit
      • Veranstaltungskalender
      • Check-in für Schüler*innen
      • Hochschulinformationstag (HIT)
      • Kinder-Uni
      • Gasthörer*innen & Senior*innenstudium
      • Nutzung der Universitätsbibliothek
    • Presse & Kommunikation
      • Stabsstelle Presse und Kommunikation
      • Medienservice
      • Ansprechpartner*innen
      • Tipps für Wissenschaftler*innen
      • Themen und Stories
    • Kontakt
      • Allgemeiner Kontakt
      • Anreise
      • Für Hinweisgeber
  • Struktur
    • Leitung & Verwaltung
      • Das Präsidium
      • Stabsstellen
      • Verwaltung
      • Organe, Statusgruppen und Kommissionen
    • Fakultäten
      • Carl-Friedrich-Gauß-Fakultät
      • Fakultät für Lebenswissenschaften
      • Fakultät Architektur, Bauingenieurwesen und Umweltwissenschaften
      • Fakultät für Maschinenbau
      • Fakultät für Elektrotechnik, Informationstechnik, Physik
      • Fakultät für Geistes- und Erziehungswissenschaften
    • Institute
      • Institute von A-Z
    • Einrichtungen
      • Universitätsbibliothek
      • Gauß-IT-Zentrum
      • Zentrale Personalentwicklung
      • International House
      • Projekthaus
      • Transfer- und Kooperationshaus
      • Hochschulsportzentrum
      • Einrichtungen von A-Z
    • Studierendenschaft
      • Studierendenparlament
      • Fachschaften
      • Studentische Wahlen
    • Lehrer*innenbildung
      • Lehrer*innenfortbildung
      • Forschung
    • Chancengleichheit
      • Gleichstellung
      • Familie
      • Diversität
    • Kontakt
      • Personensuche
  • Suche
  • Schnellzugriff
    • Personensuche
    • Webmail
    • cloud.TU Braunschweig
    • Messenger
    • Mensa
    • TUconnect (Studierendenportal)
    • Lehrveranstaltungen
    • Im Notfall
    • Stud.IP
    • UB Katalog
    • Status GITZ-Dienste
    • Störungsmeldung GB3
    • IT Self-Service
    • Informationsportal (Beschäftigte)
    • Beratungsnavi
    • Linksammlung
    • DE
    • EN
    • Facebook
    • Twitter
    • Instagram
    • YouTube
    • LinkedIn
Menü
  • Technische Universität Braunschweig
  • Struktur
  • Fakultäten
  • Carl-Friedrich-Gauß-Fakultät
  • Institute
  • Institut für Anwendungssicherheit
  • Team
  • Alexandra Dirksen
Logo Institut für Anwendungssicherheit der TU Braunschweig
  • Team
    • Prof. Dr. Martin Johns
    • Alexandra Dirksen
    • Jannik Hartung
    • Manuel Karl
    • Robin Kirchner
    • David Klein
    • Simon Koch
    • Robert Michael
    • Malte Wessels

Alexandra Dirksen

Alexandra Dirksen

Alexandra Dirksen is a PhD Candidate at TU Braunschweig/IAS. She is currently working in the field of Web Security & Privacy, currently focused on Web PKI and Large Scale Adversaries.
During the year 2023 she is an fellow of OTF's Information Controls Fellowship programm (ICFP). In collaboration with Censored Planet she is working on techniques for the detection of large-scale HTTPS Interception attacks
More...

Her further interests are Ethics in Computer Science Research and different topics of Applied Cryptography for Protocol Security.

Room IZ 209 A
a.dirksen[at]tu-braunschweig.de
@z4lem

+49 531/391-2270

 

PUBLICATIONS

Network Responses to Russia’s Invasion of Ukraine in 2022: A Cautionary Tale for Internet Freedom
Reethika Ramesh, Ram Sundara Raman, Apurva Virkud, Alexandra Dirksen, Armin Huremagic, David Fifield Dirk Rodenburg, Rod Hynes, Doug Madory, Roya Ensafi
To appear at the 32nd USENIX Security Symposium (USENIX'23)

LogPicker: Strengthening Certificate Transparency Against Covert Adversaries
Alexandra Dirksen, David Klein, Robert Michael, Tilman Stehr, Konrad Rieck and Martin Johns.
Proceedings on Privacy Enhancing Technologies (PETS'21)

Towards Enabling Secure Web-based Cloud Services using Client-side Encryption
Martin Johns, Alexandra Dirksen
Proceedings of ACM Workshop on Cloud Computing Security (CCSW’20)

TALKS

Integrating Ethics: Panel Discussion about Ethical Oversight in Computer Science
- STS-hub Germany 2023 | Circulations

LogPicker: Strengthening Certificate Transparency against Covert Adversaries
- IETF 116, PEARG (virtual)
- PETS'21, Gather.town (virtual)

Towards enabling Secure Web-Based Cloud Services using Client-Side Encryption 
- CCSW'21, Gather.town (virtual) [Slides]

A Blockchain Picture Book [Video]
- 35C3, 29.12.2018, Leipzig, Germany
- DMZ Europe, 08.11.2018, Stuttgart, Germany

SUPERVISED THESES

LogPicker: Byzantine Fault Tolerant Log Selection for Certificate Transparency

Master's Thesis by Tilman Stehr

Certificate Transparency (CT) is an extension to the web’s PKI that allows insight into the issuance of
TLS certificates by introducing public append-only logs, in which all certificates must be included.
Currently, CT can be circumvented by an attacker controlling a CA and several CT logs. We present
an attacker model for this attacker and derive security goals from it. Additionally, we derive design
goals from a review of related work.
We introduce LogPicker, which improves CT’s security by involving multiple logs in the logging of a
certificate. The logs use a distributed randomness protocol to unpredictably chose the log that is to
include the certificate. They generate proof of LogPicker’s execution with an aggregate signature
scheme.
An analysis LogPicker and related protocols to determine the probability of correctness depending
on the number of logs and the trust in each log is presented. The analysis shows that LogPicker can
significantly improve trust in the web’s PKI. Tests with a prototype implementation indicate that
LogPicker has reasonable performance, scalability, and failure tolerance.
We conclude that LogPicker constitutes a useful addition to CT that can be realistically implemented.
Further research into LogPicker is recommended, we suggest formal verification of the protocol
and expansion of the prototype implementation.

Practical evaluation of client-side encryption using CryptoMembranes

Bachelor's Thesis by Minela Becirovic

In recent years, data privacy and the usage of privacy-conscious applications have gained significant importance. With the implementation of security features like end-to-end encryption, applications like "Signal" offer strong security guarantees for their end-users.
In contrast to desktop or mobile applications, web-based applications are struggling to adopt client-side encryption due to various limitations. The risk of a data breach is increased when the web application uses JavaScript. This usage enables the execution of malicious JS code on the client-side where confidential data of the user resides unencrypted. This way an active JS attacker can access the user’s data without the user’s knowledge or consent.
One approach to deal with this issue is the idea of CryptoMembranes (CM). With the concept of CM, a new type of DOM element that enables native encryption on the client-side is introduced. By maintaining an encrypted and decrypted representation of confidential data on the client-side, the concept aims to provide strong protection against active JS attacks. As a result, only the user has access to the decrypted representation of the confidential data.
In this thesis, we will implement the CM concept as an extension for the Firefox browser. This way we practically evaluate to what extent the theoretical concept of the paper meets the defined privacy & security goals if implemented as a browser extension for legacy browsers.

Security Assessment and Evaluation of Cloud Key Management Service Providers

Master's Thesis by Julius Platon

Cloud infrastructures, platforms, and services remain popular targets for attackers. In particular, public clouds are attractive due to their highly available and distributed nature. Within modern cloud and web-based applications, the need for secure storage of credentials such as cryptographic primitives and certificates grows. The responsibility for the protection and storage of such credentials implies a high complexity burden on the development process and an inherent fault-proneness. Recent cloud and development trends revolve around key management services (KMS), which are able to store credentials and provide high-level interfaces for clients. A primary target group of KMS is software developers, in order to relieve them from the large security burden of key storage and management.

KMS commonly utilize sophisticated hardware components, such as hardware security modules (HSM), in order to protect credentials such as cryptographic key material. The responsibility to protect credentials and remain available within heterogeneous cloud environments shifts the complexity burden from developers to cloud and KMS providers. The sensitive nature of KMS makes them highly attractive targets for attackers. Therefore, this thesis presents a threat model and a subsequent case study of four selected KMS solutions, namely Google KMS, AWS KMS, Azure Key Vault, and HashiCorp Vault. Within the threat model, occurring attacker types are presented and analyzed. As preliminaries of the threat model, the infrastructure, actors, and assets related to KMS are described. The threat model is complemented by the implementation of a prototype application for each KMS, in order to analyze insides such as security protocol details. After threat modeling, implementation, and elaboration of mitigations, an overview of results and a comparison of the selected KMS solutions follows. During the conclusion section, the contribution and future work are covered. Eventually, the output and key takeaways of the research are described.

Native Cookie Consent: Towards User Consent Enforcement on the Browser-Side

Master's Thesis by Robin Heinbockel

The General Data Protection Regulation (GDPR) forms the legal basis for processing personal data of website users. There is a multitude of consent request implementations that are embedded in websites because website providers have to ask for consent before processing the user’s data since the GDPR came into effect in 2018. We present flaws in current implementations and derive goals towards user privacy and usability from the GDPR and related research.
We propose a shift of the consent implementation from the website to the browser for increased privacy control on the client’s side, called Native Cookie Consent (NCC). That means the browser is responsible for showing the consent dialog in a native window and executing the user’s preferences afterwards. NCC also includes a protocol to transmit cookie policies and the user’s preferences separate from the website content.

With our prototype implementation, we show that NCC has benefits over existing consent implementations: Authorities have to control a fraction of instances with an imple- mentation in the most popular browsers compared to the amount of website providers that currently provide the consent interface. Website providers and third parties have to disclose purposes for processing in their cookie policy and the user can choose their degree of consent per individual purpose and party. The browser blocks cookies that do not comply with the user’s consent preferences – and it blocks all cookies before the user expressed consent. Dark patterns in design and wording can be prevented with NCC through balanced design and plain language. We analyze the prototype in terms of functionality and usability and discuss extensions to further improve the implementation, including default settings to avoid the necessity to express the same preferences for each website. We conclude that NCC offers privacy and usability improvements compared to other GDPR consent request implementations.

TEACHING ASSISTANT

Year Semester Name
2022 SS Anwendungssicherheit (Seminar)
21/22 WS Programmieren 1 (Seminar)
Anwendungssicherheit(Seminar)
2021 SS Anwendungssicherheit (Seminar)
20/21 WS Anwendungssicherheit (Seminar)
TEAM: MTG Scanner, Lego@Space²
2020 SS Anwendungssicherheit (Seminar)
SEP: IAS_CONTENT0
19/20 WS Anwendungssicherheit (Seminar)
Projektarbeit: Lego@Space
18/19 WS Anwendungssicherheit (Seminar)
     
     

FURTHER RESPONSIBILITY

Furthermore I am also responsible for the LegoLab.

Bildnachweise dieser Seite

Für alle

Stellen der TU Braunschweig
Jobbörse des Career Service
Merchandising
Sponsoring- & Spendenleistungen
Drittmittelgeförderte Forschungsprojekte
Vertrauenspersonen für Hinweisgeber

Für Studierende

Semestertermine
Lehrveranstaltungen
Studiengänge von A-Z
Informationen für Erstsemester
TUCard

Interne Tools

Status GITZ-Dienste
Handbuch für TYPO3 (Intern)
Corporate Design-Toolbox (Intern)
Glossar (DE-EN)
Meine Daten ändern
Hochschulöffentliche Bekanntmachungen

Kontakt

Technische Universität Braunschweig
Universitätsplatz 2
38106 Braunschweig
Postfach: 38092 Braunschweig
Telefon: +49 (0) 531 391-0

Anreise

© Technische Universität Braunschweig
Impressum Datenschutz Barrierefreiheit

Zur anonymisierten Reichweitenmessung nutzt die TU Braunschweig die Software Matomo. Die Daten dienen dazu, das Webangebot zu optimieren.
Weitere Informationen finden Sie in unserer Datenschutzerklärung.