Auflistung nach Autor:in "Wiesmaier, Alexander"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragOn Criteria and Tooling for Cryptographic Inventories(Sicherheit 2024, 2024) Schmitt, Nicolai; Henrich, Johanna; Heinz, Dominik; Alnahawi, Nouri; Wiesmaier, AlexanderWhen cryptography becomes insecure, a migration to new schemes is required. Often the migration process is very complicated, but the time available is very limited. Only if the used cryptographic algorithms, protocols and configurations are known can a system be efficiently and fully adapted to changed security situations. This creates the need for a crypto-inventory that gathers this knowledge. Consequently, the question arises what criteria a crypto-inventory must fulfill to support this adaptation. It also highlights the need for tools to assist compilation. We therefore conducted a literature survey and extracted key requirements. Missing content was supplemented by expanding existing requirements or adding new ones. Furthermore, appropriate metrics were assigned to assess the fulfillment of the requirements for a certain crypto-inventory implementation. Regarding the tooling, we identified five major areas of interest — installed software, connected hardware, communication, stored data and source code scanning — and provide prototypes for semi-automatic creation of crypto-inventories for three of them. This provides organizations with a starting point to understand their cryptographic landscape as a prerequisite for crypto-agility and crypto-migration. However, theoretical design and prototypes have not yet been evaluated. This will be done as a follow-up to this work. All types of organizations are invited to participate.
- KonferenzbeitragOn the design and implementation of the Open eCard App(SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Hühnlein, Detlef; Petrautzki, Dirk; Schmölz, Johannes; Wich, Tobias; Horsch, Moritz; Wieland, Thomas; Eichholz, Jan; Wiesmaier, Alexander; Braun, Johannes; Feldmann, Florian; Potzernheim, Simon; Schwenk, Jörg; Kahlo, Christian; Kühne, Andreas; Veit, HeikoThe paper at hand discusses the design and implementation of the “Open eCard App”, which is a lightweight and open eID client, which integrates major international standards. It supports strong authentication and electronic signatures with numerous common electronic identity cards in desktop as well as mobile environments. The Open eCard App is designed to be as lightweight, usable and modular as possible to support a variety of popular platforms including Android for example. It will be distributed under a suitable open source license and hence may provide an interesting alternative to existing eID clients.
- TextdokumentOn the State of Post-Quantum Cryptography Migration(INFORMATIK 2021, 2021) Alnahawi,Nouri; Wiesmaier, Alexander; Grasmeyer, Tobias; Geißler, Julian; Zeier, Alexander; Bauspieß, Pia; Heinemann, AndreasSafeguarding current and future IT security from quantum computers implies more than the mere development of Post-Quantum Cryptography (PQC) algorithms. Much work in this respect is currently being conducted, making it hard to keep track of the many individual challenges and respective solutions so far identified. In consequence, it is difficult to judge, whether all (known) challenges have been sufficiently addressed, and whether suitable solutions have been provided. We present results of a literature survey and discuss discovered challenges and solutions categorized into different areas and utilize our findings to evaluate the state of readiness for a full scale PQC migration. We use our findings as starting point to initiate an open community project in the form of a website to keep track of the ongoing efforts and the state of the art in PQC research. Thereby, we offer a single entry-point for the community into the subject reflecting the current state in a timely manner.
- KonferenzbeitragPlanning for directory services in public key infrastructures(Sicherheit 2005, Sicherheit – Schutz und Zuverlässigkeit, 2005) Karatsiolis, Vangelis; Lippert, Marcus; Wiesmaier, AlexanderIn this paper we provide a guide for public key infrastructure designers and administrators when planning for directory services. We concentrate on the LDAP directories and how they can be used to successfully publish PKI information. We analyse their available mechanisms and propose a best practice guide for use in PKI. We then take a look into the German Signature Act and Ordinance and discuss their part as far as directories concerning. Finally, we translate those to the LDAP directories practices.
- WorkshopbeitragZur Benutzbarkeit und Verwendung von API-Dokumentationen(Mensch und Computer 2020 - Workshopband, 2020) Huesmann, Rolf; Zeier, Alexander; Heinemann, Andreas; Wiesmaier, AlexanderEine gute Dokumentation ist essenziell für eine gute Benutzbarkeit von (Sicherheits-)APIs, d.h. insbesondere für die korrekte Verwendung der APIs. Anforderungen an eine gute Dokumentation von APIs wurden in mehreren Arbeiten beschrieben, jedoch gibt es bislang keine technische Umsetzung (im folgenden Dokumentationssystem genannt), welche diese Anforderungen umsetzt. Die Anforderungen lassen sich unterteilen in Anforderungen an das Dokumentationssystem und Anforderungen an den Dokumentationsinhalt. Aus 13 identifizierten Anforderungen an ein Dokumentationssystem selbst wurden im Rahmen dieser Arbeit 9 in einen Prototypen umgesetzt und in einer Nutzerstudie mit 22 Probanden unter Verwendung einer kryptografischen API evaluiert. Es hat sich gezeigt, dass die Umsetzung der Anforderung Schnelle Nutzung der API ermöglichen zum einen wesentlich von der Qualität der eingepflegten Inhalte abhängt, zum anderen aber auch 5 weitere der betrachteten Anforderungen bzw. deren Umsetzungen subsumiert. Die zwei weiteren umgesetzten Anforderungen (Klassische Referenz und Rückfragen und Kommentarfunktion) wurden von den Probanden kaum oder nicht eingesetzt. Deren Nützlichkeit und Relevanz sollte in einer Langzeitstudie untersucht werden.