The 15th Paderborn IT Security Day took place on November 30, 2021 under the motto "Current topics and issues in IT security". A total of around 150 participants* met virtually to inform themselves about and exchange ideas on current challenges in the field of IT security, which is becoming increasingly important for business, science and society. Special fields of action in the field of IT security were presented in scientific-technical and application-oriented lectures, such as "The Emperor's New Clothes: Modern Attacks vs. Software Diversity" and "Legal Requirements for IT Security Updates". The Paderborn IT Security Day is organized by the "Digital Security" competence area of the SICP - Software Innovation Campus Paderborn at the University of Paderborn. The event is supported by the innovation network InnoZent OWL e. V. and the regional group OWL of the Gesellschaft für Informatik e. V. (German Informatics Society).
Due to the pandemic, the 15th Paderborn IT Security Day was held online via the event platform trember. The platform offered the possibility to move through the event environment via avatar in the interaction rooms and to switch freely between group conversations within a room, so that the networking phases offered many opportunities for networking and exchange - similar to a face-to-face event. "Eleven interaction rooms were available for the networking phases, which served, among other things, to present the IT security relevance of SICP member and partner companies and to introduce specific projects. In other rooms, the speakers were available to answer participants' questions after their presentations," says Dr. Simon Oberthür, R&D Manager "Digital Security" at SICP, explaining the spatial concept of the digital event. Furthermore, the participants had the opportunity to get information about the members of the IT Security Day management team and the research in their specialist groups in one room. Since the leadership team was expanded this year by two new professorships in the field of IT security, the two new leadership team members had the opportunity to briefly introduce themselves and their specialist groups at the beginning of the event. Prof. Dr. Patricia Arias Cabarcos' specialist group "IT Security" researches the development of security technologies that are easy to use, integrative and privacy-friendly: How can individuals be enabled to live a secure digital life without having to have in-depth technical knowledge? The research work of Prof. Dr. Juraj Somorovsky's "System Security" group focuses on system security, network security and applied cryptography. The expertise of the staff has contributed significantly to the discovery of critical security vulnerabilities such as DROWN, ROBOT and Efail. The research group systematically analyzes these vulnerabilities and develops test tools to identify and fix them.
Current attacks on old (still used) cryptography
In his keynote address, Prof. Dr. Jörg Schwenk, head of the Department of Network and Data Security at Ruhr University Bochum, explained that important cryptography standards used in practice and mostly developed toward the end of the last century essentially continue to use old cryptographic elements, while attack methods on cryptographic building blocks such as encryption and digital signatures are becoming more sophisticated, complex and targeted. "Using the example of the industry standards S/MIME and PDF security, I can show that attacks can be generalized and that a rethink towards a holistic view of applications is necessary to guarantee the security of these applications in the future," said Prof. Dr. Schwenk.
Developers are not the enemy! - On usability issues for secure software development
Prof. Dr. Matthew Smith, Professor of Usable Security and Privacy at the University of Bonn and Fraunhofer FKIE, explained in his keynote that every software vulnerability basically arises during development, but that the underlying causes and possible remediation strategies have been little researched to date. Using interactive elements, Prof. Smith highlighted possible security concepts for developers with a focus on the secure storage of passwords and usability issues in software analysis.
