Security and Privacy Group

The research vision of the Security and Privacy Group at COMSYS is the analysis, design, and evaluation of secure and privacy-preserving communication systems across various domains, including the Industrial Internet of Things, Smart Grids, and healthcare, among others.

To realize this vision, we most notably craft novel (and sustainable) security and privacy architectures, paradigms, and mechanisms as well as improve upon existing approaches to security and privacy. We consider all types of systems and networks, e.g. ranging from highly resource-constrained IoT networks to distributed (peer-to-peer) applications and networks and large-scale cloud deployments.

Our used and developed technologies range from soft privacy solutions such as semantic annotations and behavioral nudges to applied cryptography or confidential computing for strong and provable security and privacy guarantees.

The close cooperation with the other research groups at COMSYS allows us to work closely with domain experts from various types of communication systems, most notably, centering around industrial, medical, and corporate use cases.

Currently, we pursue this research vision by tackling the following research topics:

  1. Security and Privacy in the Industrial Internet of Things (IIoT)
    • Enabling privacy-sensitive dataflows between different (mutually distrusting) stakeholders
    • Protocol design with existing building blocks (e.g., Bloom filter, HE, PSI, OT, ...) to offer novel use cases
    • Detecting, analyzing, and restricting network flows in the IIoT to improve the network security
    • Secure integration of legacy industrial devices into communication over the Internet
    • Network monitoring solutions that cover industrial performance demands and protocols
  2. Security and Privacy in Decentralized Information Systems
    • ​​​​​​​​​​​​​​Alternatives to traditional (centralized) cloud computing
    • Approaches for sovereign data sharing and privacy-preserving processing
    • Information/Privacy leakage from distributed analysis mechanisms
    • Applications sourcing decentralized infrastructure, with a focus on medical and business use cases
  3. Network Security for the IP-based Internet of Things
    • Secure end-to-end communication of highly resource-constrained devices
    • Adaptive configuration and selection of security concepts, mechanisms, and ciphersuites
    • Delegation of security tasks to less resource-constrained gateways
  4. (Host-centric) Intrusion Detection and Prevention Systems
    • Studying how network information can improve host-based intrusion detection
    • Enabling efficient real-time detection of ransomware
  5. Privacy Enhancing Techniques (PETs)
    • Protocols for secure (industrial) collaboration (e.g., using Homomorphic Encryption)
    • Quantitative modeling of privacy protection and risk (e.g., Differential Privacy)
    • Reconciling PETs and user perception of privacy (e.g., empirical user studies)

Projects

Current Projects

  • IoP: Internet of Prodution for enabling a new level of cross-domain collaboration for production (DFG EXC, 2019-2025+)
  • RUST: Latent Patient Representations using Single-Cell Transcriptomics (ERS SFFAIR002, 2025)
  • SUSTAINET-guarDian: Sustainable Techologies for Advanced Resilient and Energy-Efficient Networks, guided utilities for automation, resilience, and Digital innovation in advanced networks (EUREKA CELTIC-NEXT, 2025-2027)
  • VeN2uS: VerNetzte NetzschUtzSysteme / Networked Grid Protection Systems – Adaptive and Networked (BMWK, 2021-2025)
  • VeSiTRUST: Verlässliche Sicherheitsgarantien für Unternehmen in Wertschöpfungssystemen (BMBF, 2024-2028)

Selected Past Projects

  • CONSENT: Conformance-driven and Auto-configured Security for Home and Industrial Networks (NERD.NRW, 2018-2021)
  • CONNECT: Innovative Smart Components, Modules and Appliances for a Truly Connected, Efficient and Secure Smart Grid (ECSEL Joint Undertaking, 2017-2021)
  • Digital Campus (BMBF, DAAD, 2020-2021)
  • IPACS: Intelligent Privacy-aware Cloud-based Services (DFG EI, 2013-2016)
  • Mobile ACcess: Mobility and City-wide Communication Environment for Secure Internet Services (IKT.NRW, 2009-2012)
  • myneData: Self-determined Utilization of Personal Data with Inherent Protection of Privacy and Data (BMBF, 2016-2019)
  • PREserv: Privacy Enhanced Sensing, Encoding, Relaying & Visualization (IKT.NRW, 2013-2016)
  • SensorCloud: Trustworthy Management and Analysis of Sensor Data in a Cloud Infrastructure (BMWi, 2012-2014)
  • SSICLOPS: Scalable and Secure Infrastructures for Cloud Operations (EU H2020, 2015-2018)
  • TRINICS: Transparent Information on the Individual Usage of Cloud Services (BMBF, 2016-2018)

Available Theses

The Security and Privacy Group typically has thesis topics available for motivated and talented students. An excerpt of available theses can be seen from inside the RWTH University network. If you have specific interests, you may contact any group member individually.

Selected Recent Publications

7.
Proceedings of the 2025 IEEE/IFIP Network Operations and Management Symposium (NOMS '25), May 12-16, 2025, Honolulu, HI, USA
Publisher: IEEE,
May 2025
Accepted
6.
Proceedings of the 22nd Annual Network and Distributed System Security Symposium (NDSS '25), February 24–28, 2025, San Diego, CA, USA
Publisher: Internet Society,
February 2025
ISBN: 979-8-9894372-8-3
5.
Johannes Lohmöller, Jan Pennekamp, Roman Matzutt, Carolin Victoria Schneider, Eduard Vlad, Christian Trautwein, and Klaus Wehrle
Data & Knowledge Engineering, 151
May 2024
ISSN: 0169-023X
4.
Jan Pennekamp, Roman Matzutt, Christopher Klinkmüller, Lennart Bader, Martin Serror, Eric Wagner, Sidra Malik, Maria Spiß, Jessica Rahn, Tan Gürpinar, Eduard Vlad, Sander J. J. Leemans, Salil S. Kanhere, Volker Stich, and Klaus Wehrle
ACM Computing Surveys, 56(2)
February 2024
ISSN: 0360-0300
3.
Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia, page 797-811.
Publisher: ACM,
July 2023
ISBN: 979-8-4007-0098-9/23/07
2.
Jan Pennekamp, Johannes Lohmöller, Eduard Vlad, Joscha Loos, Niklas Rodemann, Patrick Sapel, Ina Berenice Fink, Seth Schmitz, Christian Hopmann, Matthias Jarke, Günther Schuh, Klaus Wehrle, and Martin Henze
Proceedings of the 35th International Conference on Advanced Information Systems Engineering (CAiSE '23), June 12-16, 2023, Zaragoza, Spain Volume 13901, page 489-505.
Publisher: Springer,
June 2023
ISBN: 978-3-031-34559-3
1.
Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security (ASIACCS '22), May 30-June 3, 2022, Nagasaki, Japan, page 252-266.
Publisher: ACM,
May 2022
ISBN: 978-1-4503-9140-5/22/05
- Impressum | Datenschutz -