I am a PHD student in Adrian Perrig's Network Security Group at D-INFK. I am also part of the Centre for Cyber Trust, a research collaboration between various research groups at ETH Zürich and the Usable Security And Privacy Group at the university of Bonn.
Research InterestI am fascinated by the intersection between security systems–specifically public key cryptosystems–and psychology. Usability is achieved by finding frameworks that are relevant and intuitive to the end-user, while suitable to express the technical primitives.
My interest arises from not just a passion for teaching, but from a sense of fulfillment that comes with the search for the most effective ways to express ideas which connect with different individuals. Since educating every user as I would pupils in my classroom is not feasible, a reevaluation of said framework must be taken such that simple actions result in tangible benefits for non-experts.
Lastly, while there should generally be a “plug-and-play” default, it is sometimes appropriate to provide finer deviating options for specialized use-cases. In these instances, clarity becomes the fundamental goal of design, allowing sound reasoning about the benefits and downsides by both security experts and end-users.
Focus of StudyI am currently focussing on identity binding in the end-to-end messaging space. Encrypted messaging has reached the mainstream today, largely based on the Signal protocol. It is important to note however that while the “just works” user experience has been widely adopted, it disregards the possibility of malicious impersonation - sacrificing security for usability.
While using a messaging app based on the Signal protocol (e.g., Whatsapp, Signal) each message is end-to-end encrypted; however, without verifying the security number (tied to the identities of both users), no guarantee is given w.r.t whom a user is communicating with. While knowledgeable users have known this and taken precaution, the typical user is unaware. Even if the threat was more widely known, it is unclear if most users would go through the hassle of verifying security numbers out of band (or know what this means), as it has, so far, mostly just worked. To generally establish validation, the process must be simplified and made more usable.
SupervisionI am generally looking for motivated students that share an interest for human factors work and would like to work with the Signal private messaging application. Don't hesitate to get in touch if that sounds interesting to you.
Of course, you are also welcome to bring your own ideas to the table, as long as they are related to network security and have a human factors component.
Research that includes human participants has some extra requirements that you must be aware of. If the project includes a study, this may influence how long it takes to set it up.
If you're a student looking for a thesis topic, please don't hesitate to get in touch with me and we can chat about your interests and the possibilities for a project.
General Project AdviceHere are some of my former colleague Joel Wanner's excellent tips on how to survive writing a thesis.
And here are some more general tips by Brian Kernighan on finding a suitable CS supervisor and project, and working independently towards its completion.
- Information Security Lab, Netsec Module: Head TA (2022-present)
- Information Security Lab, Netsec Module: TA (2020-2021)
- Informatik I, D-BAUG: TA (2021)
- Informatik II, D-ITET: TA (2015-2018 and 2020)
- Informatik I, D-ITET: TA (2015-2018)