Ruhr University » SecHuman

PhD Candidates

In an inter- and transdisziplinary context, 13 PhD's have the possibility to conduct research in the NRW financed Fortschrittskolleg SecHuman "Security for people in cyberspace". The following students currently conduct their PhD studies:

Benedikt Auerbach: Post-Snowden Cryptography

As revealed during the Snowden revelations, the NSA managed to include backdoors in widespread cryptographic protocols by using its influence on cryptographic standardization processes. This enabled the surveillance of communication believed to be securely encrypted. Using methods from provable security, the research project aims to investigate the question, whether it is possible to construct cryptographic protocols, which provably do not admit the inclusion of backdoors. A first goal is the development of an appropriate security model describing the setting. Afterwards the construction of cryptographic protocols, whose security in this model can be based on commonly used cryptographic assumptions by security reductions, will be approached.

  • Affiliation: Faculty of Mathematics, Foundations of Crypotography
  • Email: Benedikt.Auerbach [at]
  • Website

Benedikt Bönninghoff: Machine-learning based authorship analysis

Today, many people are using social media platforms to communicate with each other. High damage potentially originates from using a false identity for criminal purposes. Forensic linguistics is the discipline of analyzing the authorship of documents as well as the author's biographical background. We further can combine linguistic features with machine learning tools to automate this process. However, the forensic authorship analysis for social media is a challenging task since the messages are relatively short and linguistic disguise or imitation strategies may be applied to hide the own authorship. Hence, the aim of this research project is to combine linguistic knowledge with machine-learning techniques for forensic authorship analysis on social media platforms and investigate the degree of reliability of the classification results in data sets of inherent high variability.

  • Affiliation: Institute of Communication Accoustics, Cognitive Signal Processing
  • Email: Benedikt.Boenninghoff [at]
  • Website

Florian Farke: Digital Forgetting in the Context of Data Protection and Privacy

Due to the progress of digitization in many areas of life, there is a trend to collect and process more and more data and make it available via the Internet. In addition to knowledge or historical records, gathering personal data of private individuals becomes more prevalent. Much of this data is ephemeral, gets invalid over time, or the affected person would like to withdraw them. However, due to the distributed and decentralized structure of the Internet, it often remains long-term available. This might harm people’s reputation or impede coping negative life experience. To thwart this issue, the idea of digital forgetting is to take some aspects of the human ability to forget and apply them to the Internet. This dissertation investigates technical implementation, data protection regulations, usability, and the influence on privacy of digital forgetting.

  • Affiliation: Department of Electrical Engeneering and Information Technology, Mobile Security
  • Email: Florian.Farke [at]
  • Website

Steffen Becker : Hardware Reverse Engineering

Hardware Trojans and hardware obfuscation are two sides of the same coin: The same techniques used by companies to protect their intellectual property can be deployed by crimals or intelligence agiencies to hide so-called hardware Trojans, which can compromise the security of computer systems completely.
Since the underlying problem of hardware reverse engineering and its' processes cannot be captured adequately with purely technical measures, they will be complemented with metrics which consider the abilities of the human analyst steering the process. These knowledge will subsequently be used to detect hardware Trojans on the one hand, and to develop countermeasures on the other hand.
Another goal entails suggesting and evaluating new countermeasures based on obfuscation techniques, which offer a quantifiable level of security from both the technical as well as the view of the problem-solving human analyst.

  • Affiliation: Department of Electrical Engeneering and Information Technology, Embedded Security
  • Email: Steffen.Becker [at]
  • Website

Alexander Helm: Assimilation of asymmetric schemes regarding Post-Quantum-Cryptography

Without reliable encryption the digital world is inconceivable. While established methods are still considered safe today, this could change due to functioning quantum computers in the future. Widely used asymmetric cryptographic primitives such as RSA, ECC, DH and DSA are already considered broken by Shor's Algorithm and concerning the symmetric methods the factor of security is reduced by half using Grover´s Algorithm. Post-quantum cryptography deals with schemes, which are secure even with the use of quantum computers. In my dissertation I am dealing with possible candidates for quantum-safe encryption and the underlying assumptions, which guarantees the security. The effects of current and newly designed quantum algorithms are investigated to adjust the parameters, e.g. the key length, appropriately to ensure security.

  • Affiliation: Faculty of Mathematics, Cryptology and IT-Security
  • Email: Alexander.Helm [at]
  • Website

Steffen Hessler: Analysis of linguistic techniques for stylization, imitation and disguise with the help of intelligent algorithms

People are communicating via different internet platforms without having secured metadata of their communication partners. With the use of specific language, people are disguising their true identities. My research target is to develop methods to research and detect those linguistic imitation strategies. Just like the stylization in comedy and cabaret programs, imitation uses atypically and over stylized linguistic features, which do not cover linguistic registers of those imitated people. Developing machine-learning based algorithms should help to automatize the process of the systematization of linguistic techniques for imitation and disguise in order to concentrate my linguistic analysis on doubtful cases.

  • Affiliation: Insitute of Germanistics, German Linguistics, Ruhr-Universität Bochum
  • Email: Steffen.Hessler [at]
  • Website

Laura Kocksch: Un-Making IT Security for Big Data

In my dissertation I depart from the observation that IT security is not a given, but rather a dynamic process of tense negotiation, tinkering and dispersed collaborations. IT in-security is commonly considered as a failure from either individual users or developers or as a technological shortcoming. In contrast, I am interested in the way security is dispersed across social-material actors and a matter of organizational, social and technological collaboration. Mobilizing theories from CSCW, I investigate IT security in concrete organizational settings, asking for its epistemic, infrastructuring and relational performativity. In looking at fundamental changes in the way organizations perceive themselves -- now through data -- I am interested in how security is discussed, negotiated, contested and cared for, not simply as a technological rationality but social and organizational doing. Resulting from this perspective, I argue to neither blame humans nor technologies for IT in-security but rather understand the entanglements of organizational, social, technological and material actors involved.

  • Affiliation: Social Science, Cultural Psychology and Anthropology of Knowledge, Ruhr-Universität Bochum
  • Email: Laura.Kocksch [at]
  • Website

Stephan Koloßa: The Right to Privacy in the Digital Age”

The legal concept of “privacy” is not a phenomenon of the most recent years. A right to privacy has been established already more than sixty years ago, in international law foremost in the European Charter on Human Rights (ECHR) and the International Covenant on Civil and Political Rights (ICCPR). However, the latest technology used by governmental as well as private entities and even single individuals in times of “Big Data” and the “Internet of Things” raise more questions regarding the current scope of the legal protection of privacy than ever. The PhD analyzes the existing legal frameworks and scrutinizes the right to privacy in the digital age under international law.

  • Affiliation: Faculty of Law, Institute for International Law of Peace and Armed Conflict, Ruhr-Universität Bochum
  • Email: Stephan.Kolossa [at]
  • Website

Jan Rensinghoff: The right to be forgotten

The right to be forgotten under European law and its legal implementation At the very latest since the Snowden leaks, which exposed the power of data collection to the public, people are more and more aware of the potential dangers that may arise from it. Along with the technical progress in many aspects of everyday life, comes also a high potential risk of misuse of personal data. The new ‘EU General Data Protection Regulation’ tries to protect EU citizens from an uncontrolled and limitless dissemination of personal data by implementing a right to deletion of personal data. This newly introduced ‘right to be forgotten’ (art. 17 I EU GDPR) now faces several challenges in terms of balancing of the multiple interests that people may have. Not only the complainant is affected by the decision of a deletion but also potentially the public, online-search-engines, journalists and publicists. The PhD project tries to analyze this difficult decision making process and searches, along with his IT-partner, for a way to maybe partially automate this process.

  • Affiliation: Jornalism, Media Law, Technical University Dortmund
  • Email: Jan.Rensinghoff [at]
  • Website

Mary Shnayien: „In through the back door…“ Discourse on Security and Privacy in the post-Snowden Era

The Snowden revelations as well as recent cybercrime incidents like WannaCry mark a shift in the media coverage of privacy, surveillance and security. Today, privacy and security can be conceptualized as polar oppositions, in between which the back door is situated – a system with a back door is neither safe nor does it grant privacy in the sense of an enclosed space for solitude. In my dissertation I do a discourse analysis deeply rooted in media and gender studies of different media texts concerned with privacy and security, while mainly focusing on forms of knowledge production and discoursive making of privacy, security and possible modes of critique.

  • Affiliation: Spaces of Anthropological Knowledge, Media and Anthropological Knowledge, Ruhr-Universität Bochum
  • Email:
  • Website

Olga Skrebec: Cognitive Knowledge Integration as Key Factor in inter- and transdisciplinary Knowledge Production

For some time it has been impossible to overcome IT security challenges by isolated implementation of technological, political or economic insights and strategies. Only deep knowledge integration in inter- and transdisciplinary teams leads to development of innovative knowledge needed for solving such complex realworld problems. Against this background, cognitive knowledge integration (cKI) describes the process and the result of the pooling of knowledge stocks of heterogeneous actors. Whereas past research primarily focused on team-level cognitive processes, the role of cKI on the individual level remained relatively unexplored.
The aim of the dissertation project is to analyse the mechanisms of cKI on an individual level using psychological research methods and to identify supporting factors for a better prediction of the cognitive processes. In a second step training measures to support individual cKI are developed and systematically evaluated for future application in science and inter- and transdisciplinary working teams.

  • Affiliation: Environmental Psychology
  • Email: Olga.Skrebec [at]
  • Website

Christine Utz: Privacy in the Post-GDPR Internet

On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect in the European Union, introducing new requirements for any company processing personal data in Europe. Its regulations specify six legal bases for data processing - including user consent -, introduce extensive transparency requirements, and install high fines for companies that do not comply.
This research project investigates how the GDPR's new requirements have influenced - and continue to influence - privacy on the Internet. Did the GDPR affect the prevalence and intensity of online tracking? Do websites provide users with more information about which personal data is collected and for what purpose? Do users understand the new consent interfaces appearing all over the Web, and do websites respect the user's choice to opt in or out of data collection? What can be done from a technical perspective to overcome existing shortcomings?

  • Affiliation: Department of Electrical Engeneering and Information Technology, Systems Security
  • Email: Christine.Utz [at]
  • Website

Carina Wiesen: Problem Solving and Learning in IT Security: Exploration of Human Factors in Hardware Reverse Engineering

Despite intensive technical research on hardware reverse engineering, it is still an opaque and poorly understood process. Even though several automated techniques and best-practices for a human analyst have been described, there is barely any research on the non-automated sensemaking by human analysts involved in hardware reverse engineering. The goal of this research is to describe hardware reverse engineering as a problem form a psychological learning perspective, whereas problem solving strategies, domain specific knowledge, cognitive and non-cognitive factors will be included as well.

  • Affiliation: Institute of Education, Educational Psychology Research Group, Ruhr-Universität Bochum
  • Email: Carina.Wiesen [at]
  • Website