This study probes web servers' behavior for inconsistencies and vulnerabilities when TLS session resumption, client authentication, and virtual hosting, interact. We design and implement an automated test framework. We find that the servers do not always behave according to the TLS and HTTP standards. We show differences between the servers in how they handle client authentication and session resumption and discuss the implications. Namely, we discover a security vulnerability in the Caddy web server.

While S/MIME uses encryption and digital signatures to protect against threats like eavesdropping and spoofing, its real-world effectiveness depends on how well email clients handle different security and technical issues. This thesis tests modern email clients against problematic scenarios such as invalid certificates or tampered content and examines whether users receive clear and helpful information. The findings show that even though S/MIME has been available for many years, email clients still struggle to detect and properly communicate these security issues.

Die Bachelorarbeit untersucht in einer empirischen Nutzerstudie, wie Menschen Deepfakes wahrnehmen, welche visuellen Merkmale sie erkennen, und welche typischen Fehlurteile auftreten. Auf Grundlage dieser Erkenntnisse wird ein nutzerzentriertes, browserbasiertes Unterstützungssystem als Prototyp entwickelt, das durch gezielte visuelle Hinweise den Erkennungsprozess erleichtert. Ziel ist es, die Bewertung digitaler Inhalte zu verbessern und langfristig die Medien- und Urteilskompetenz im Umgang mit manipulierten Videos zu stärken.

5G networks promise faster, more reliable communication but, as part of critical infrastructure, introduce new security challenges. In this thesis, we investigate the resilience of 5G against physical-layer jamming attacks, comparing it with its predecessor LTE, using realistic ns-3 simulations with custom implemented modules. Furthermore, we quantify how much more resistant 5G is under identical attack scenarios, confirming theoretical predictions. The study advances understanding of 5G’s security architecture and provides a reusable framework for future wireless-network resilience research.

The security of cryptographic building blocks shapes the security of entire systems. One such building block are Oblivious Pseudorandom Functions (OPRFs), which allow two parties to jointly compute pseudorandom values in a privacy-preserving manner, and in recent years have been built into many applications. Yet, as this thesis shows, there is no mature and agreed-upon security model, eroding confidence in the guarantees OPRFs claim to provide. To address this gap, this work develops a structured, unifying approach to OPRF security. An abridged version is published at Asiacrypt 2025.

Grid-Oriented Control (GOC) is essential for integrating residential electrification technologies (e.g., heat pumps, EVs) into power grids as it prevents local grid overloads through curtailments and price signals. We review GOC cyber risks in Germany through system analysis, virtual co-simulation, and proof-of-concept attacks. Our testbed demonstrates attacks that could cause device Denial of Service, increased household costs, or local power outages. These threats highlight the need for holistic security measures across the entire GOC implementation, including the residential installation.

Privacy Pass is a cryptographic protocol for anonymous authentication. It was recently standardized by the IETF. The new standard deviates from previously studied versions of the protocol, but no formal security analysis has existed until now. This is the first security analysis of the newly standardized privately verifiable Privacy Pass. We formally model the protocol and introduce new, stronger privacy and unforgeability properties. Finally, we prove the IETF construction secure when instantiated with a secure generic Oblivious PRF (OPRF). The results were published at ACM CCS 2025.

As VR use expands, its numerous sensors collect increasing amounts of data. A user study investigated users' and non-users' awareness of data collection, conditions that influence the acceptance of VR data sharing, and users' privacy-protecting behaviors when using VR. The results show that consent is central to acceptance, with academic and medical as recipient rated positively. While participants display some awareness, most protect their privacy by providing minimal personal information. The results emphasize the need for improved VR privacy, awareness, and accessibility.

Secure Multiparty Computation (MPC) protocols allow to compute a function over private data like medical data, financial transactions, and many ML/statistical calculations. In this thesis, we generalize the MPC protocols ASTRA (CCSW'19) and ABY2.0 (USENIX Security'21) for more efficient computations of sums of products, which are common in statistics. We also propose an optimizer called LORELEI that partitions a function into a network of terms and samples improvements via cost estimation. Our optimizations give a 1−66% communication- and 10−90% run time improvement across practical circuits.