The IT Security Research Group at the Department of Information Systems takes an interdisciplinary approach on a range of research questions in information security and privacy. We focus our efforts on the following topics:

Economics of Information Security and Privacy

Security breaches are in the news almost daily, each bigger and more costly than the last. But rarely are they caused by technical failures. Bad security often is a result of wrong decisions on the deployment of security technology. The economic perspective on information security starts with looking at these decisions and analyzes underlying processes and incentive systems. Technology merely defines the action space. Yet with insights into economic and behavioral mechanisms, technology can be designed and deployed in such a way that bad security decisions become less likely.

Relevant research questions include: How can security be measured? How much shall individuals, firms, and governments spend on (cyber-)security? How exactly shall they invest? What incentives really drive privacy decisions? What distinguishes cyber-risks from conventional risks and what consequences emerge for cyber-risk management? How does all this affect the IT security industry?

Our methods in this field range from economic modeling of isolated aspects, via quantitative empirical studies, to broader strategy/policy analyses targeted to corporate decision makers and governments.

Workshop on the Economics of Information Security

Berkeley, Cambridge, Carnegie Mellon, Harvard twice, … in its 11th year, the renowned Workshop on the Economics of Information Security went to Berlin and thus for the first time to continental Europe. Rainer Böhme was proud to organize the event jointly with Gert G. Wagner and Nicola Jentzsch of DIW Berlin, an economic research institute. The workshop took place in the Berlin Brandenburg Academy of Sciences located in the heart of downtown Berlin on 25-26 June 2012.

Rainer Böhme (Ed.): The Economics of Information Security and Privacy, Springer-Verlag, Berlin, 2013, 321 S.

This book is structured in four parts, reflecting the main areas: management of information security, economics of information security, economics of privacy, and economics of cybercrime. Each individual contribution documents, discusses, and advances the state of the art concerning its specific research questions. It will be of value to academics and practitioners in the related fields.

Multimedia Security

Multimedia security aims to enforce protection goals (in particular confidentiality and integrity) for or with the help of digital signals, which represent parts of reality.

Our particular interest is in steganography and steganalysis as well as digital image forensics. Steganography means "covert writing". It is a hiding technique which can be used to embed secret messages into inconspicuous cover media. Steganalysis is the counter-technology to steganography. Its goal is to detect steganographic communication. Digital image forensics, a young and rapidly growing research field, encompasses the development of methods to test the authenticity of digital images.

Books on Multimedia Security

Rainer Böhme: Advanced Statistical Steganalysis, Springer-Verlag, Berlin, 2010, 285 pages.

Steganalysis is the science of detecting secret messages in inconspicuously looking cover media. This volume is the first book dedicated to steganalysis in its breadths. It is suitable for researchers working in cryptography and information security, practitioners in the corporate and national security domains, and graduate students specializing in multimedia security and data hiding.

Rainer Böhme, Philip W. L. Fong,  Rei Safavi-Naini (eds.): Information Hiding, Volume 6387 of Lecture Notes in Computer Science, Springer-Verlag, Berlin, 2010, 277 pages.

Proceedings of the 12th International Conference on Information Hiding in Calgary, Canada, June 2010. With invited contributions by Gabor Tardos on fingerprinting codes and by Boris Skoric on security with noisy data.

Privacy-Enhancing Technologies (PET)

Over the past decades, advances in information technology have tremendously facilitated collection, storage, retrieval, and processing of large amounts of data. This enables ever more individuals and institutions to monitor other people without consent by observing the data traces they leave in computer systems. Privacy-enhancing technologies serve as building blocks for systems that reduce such privacy problems without constraining the desired functionality unnecessarily. PETs thus contribute to finding a balance between privacy protection and information sharing in the information society.