Personal Homepage of Publications
(selected scientific & research papers, articles and reports): 2010
– Books: 2009
– Book: 2008
– Book: 2007
– Book: Sandra Frings, Oliver Goebel, Detlef Guenther,
Hardo G. Hase, Jens Nedon, Dirk Schadt,
and Arslan Broemme (editors), "IMF 2007 - IT-Incident
Management & IT-Forensics", Proceedings, Gesellschaft für Informatik (GI), Lecture Notes in Informatics
(LNI) P-114, ISSN 1617-5468, ISBN 978-3-88579-208-6, Koellen
Druck+Verlag, Bonn, Germany, 2007 Preface (excerpt): " Information
technology has become crucial to almost every part of society. IT
infrastructures are critical to the world-wide economy, the financial sector,
the health sector, the government's administration, the military, and the
educational sector. Due to its importance the disruption or loss of IT
capabilities results in a massive reduction of operability. Hence, IT security
is continously gaining importance and has become
technically essential to IT infrastructures. Although security usually gets
integrated into the design process of IT systems nowadays, the process of
maintaining security in IT infrastructure operation still lacks the appropriate
attendance in most cases. Especially the capability to manage and respond to IT
security incidents and their forensic analysis is established in the rarest
cases. The quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities, targeting the mitigation of immediate consequences to the own infrastructure,
essential. Also, the need of subsequent forensic analysis of selected cases to
gather evidence on the incident's details and work up the information for law
suits or to avert unwarranted liability claims of aggrieved third parties is
constantly growing. In order to advance the fields of IT-Incident Management
and IT-Forensics the special interest group Security - Intrusion Detection
and Response (SIDAR) of the German Informatics Society (GI) organises the
annual International Conference on IT-Incident Management and IT-Forensics
(IMF), creating a platform for experts from throughout the world, to discuss
state of the art in these areas. IMF promotes collaboration and exchange of
ideas between industry, academia, law-enforcement and other government bodies. […]" 2007 - Articles: Arslan Broemme, Andreas Netzer, and
Horst Walther, "Exploring
Generic Identity Management Processes - An approach to model the generic
Identity and Access Management Process ‘approve-request’",
Position Paper on behalf of the NIFIS competence centre Identity
Management (GenericIAM),
Germany, 2007 Abstract:
"Here we present a top-down modelling approach for the development of
generic identity and access management (GenericIAM)
processes based on a variant of a state transition model (coloured Petri nets).
By considering the interactions and state transitions of the fundamental
objects involved in the Identity Management and the generic subjects acting on them we
were able to generate an adequate abstract model of the first GenericIAM core process “approve request”,
which is presented here for further discussion. Our approach complements the
bottom-up modelling approach of factoring out generic patterns from an empirical
base of flow oriented diagrams for IAM processes.” (publishing site) 2006: 2005: 2005
- in Book: ACM SAC 2010 - Track on
Computer Security (22.-26.03.2010, Lausanne,
Switzerland) [call
for papers] The 4th International Conference for
Internet Technology and Secured Transactions (ICITST-2009) (09.-12.11.2009,
London, UK) [program]
Snake-Contest
MMG AG Login
Topics of Interest:
Information Security and Risk Management, Biometrics, Identity & Access
Management, Security Architecture and Design
Call for Papers & Upcomming Events:
BIOSIG 2010 (09.-10.09.2010, Darmstadt, Germany)
perspeGKtive 2010 (08.09.2010, Mannheim, Germany)
Preface: "“Biometrics
and Electronic Signatures – Research and Applications” –
17th -18th September 2009: Biometrics and electronic
signatures are central technological components within the present landscape of
authentication and identification of entities, the integrity of biometric
templates and signatures, and electronically signed entity information as well
as in multiple scenarios of emerging future identity management. Recent
developments in the confidentiality domain show also additionally a strong
interest in integrating biometric information in cryptographic keys. Years of
research and development in biometrics and electronic signatures elapsed and
still three main scientific questions based on biometric measurement data,
knowledge, possession, time, and place are in need to be answered: 1.
“who can it be?” - based on partially available data, 2. “who is it for sure?” - based on fully available data,
and 3. “can it be misused?” - based on any
available data. Challenges are given in sufficient number in going to answer
all three questions like you will see in this year’s program. Single
different competing modalities and factors have been approached and fine tuned
to find the best identity determining method. Multimodal approaches have been
tested to compensate the deficiencies of single modalities and to find again a
best multimodal authentication and identification method. Identity management
applications and broad public used applications with the inherent legal
considerations regarding non-repudiation are still in strong need of reliable
authentication and identification technology. Users are expecting this anyway
before they are willing to accept the proposed technology in their daily life.
Now, multifactor multimodal biometric authentication and identification
technology with biometric multitemplates of different
types is a promising method candidate in place to find a balance between the
need for scalable convenience and sensitivity in clear dependence of the
intended application. BIOSIG 2009 offers you again a platform for
experts’ discussions and focuses this year on Research and Applications
in the area of Biometrics and Electronic Signatures."
Preface: "Day #1: “Biometric
Border Control” – Thursday, 11th September 2008: Multibiometric reference data in sufficient quality is used
within Europe and beyond to verify the identity of persons at borders against
the claimed identity within biometric (travel) documents and/or identifying
criminals in certain real life scenarios. Different application scenarios
demand for high reliability of verification and identification. Thus multimodal
high speed biometric systems are needed. Within the workshop the impacts and
possible scenarios for border control is addressed to identify current
possibilities, drawbacks, and future development of biometric systems in border
control processes. In this con-text the state-of-the-art research in 2D and 3D
face recognition approaches is discussed. Day #2: “Federated Identity
Management” – Friday, 12th September 2008: While
electronic identity theft becomes an increasingly pressing problem, which
according to the
Preface: "Day #1:
“Biometrics & Electronic Signatures”: Biometric systems realize
the automated recognition of individuals based on their behavioural and
biological characteristics and thus exploit the rich set of anatomical
characteristics related to the structure of the body (face, finger, etc.). In
various industrial environments the visual recognition of individuals based on
facial photographs is a well established method, to realize access control.
Biometrics can play an important role in connection with the Electronic
Passport and European Citizen Cards. On a European level the EU-Council
regulations on standards for security features and biometrics in EU citizens'
passport has defined the timeline for the introduction of digital face and
fingerprint images in all future European passports. The passport photo as
being already an integral part of the passport for the last decades,
is now been stored electronically in every new German passport issued since
October 2005. From November 2007 on, the data on the passport will be extended
for electronic fingerprints. As soon as a wide percentage of citizens is equipped with the new ePass it
will boost biometrics supported border controls. 3D face recognition and
multi-biometrics, currently two hot topics in the academic and industrial
research laboratories, offer greater reliability. Improvements can be expected
not only with regard to fake resistance but also with regard to biometric
performance. The workshop on July 12 will investigate biometric technology
research in this field and discuss the application of biometrics in electronic
passports and its use in the context of secure travel processes. Furthermore it
will be analyzed to which extend current ISO-standards are sufficient in order
to establish open systems with interoperable data formats. Day #2: “eCard-Strategie”:
Das Bundeskabinett hat am 9. März 2005 die Eckpunkte für eine gemeinsame eCard-Strategie beschlossen, wonach die unterschiedlichen
Projekte der Bundesregierung mit Kartenbezug insbesondere die elektronische
Gesundheitskarte (eGK), der elektronische
Personalausweis (ePA), der elektronische Reisepass (ePass), die elektronische Steuererklärung (ELSTER) und das Jobcard-Verfahren (ELENA) aufeinander abgestimmt werden
sollen, um dadurch die elektronische Authentisierung und die qualifizierte
elektronische Signatur auf Chipkarten unterschiedlicher Ausprägung in
einheitlicher Weise nutzen zu können. Vor diesem Hintergrund sollen der
aktuelle Stand der Umsetzung und Perspektiven im Rahmen eines Workshops
beleuchtet werden. Hierzu werden Entscheider und
Experten der öffentlichen Hand, Vertreter der Wirtschaft und Wissenschaftler
ihren Standpunkt darstellen."
Abstract: "Current approaches
for risk analysis of biometric authentication technology are limited to enrollment and identification/verification processes with
biometric algorithms mainly considered as black-boxes, only. This paper
presents a systematic approach for a holistic security risk analysis of
biometric authentication technology based on the high-level component
& process model for integrated security risk analysis of biometric
authentication technology, also proposed here. The processes and components
used within this model are introduced together with a comprehensive terminology
for biometric authentication technology especially developed for the
research area of IT security biometrics. Biometric authentication
risk matrices are used to show that single possible risk effect classes
can be identified. A discussion on the enabled possibilities for risk analysis
shows the significant advantage of this integrated approach for holistic
security risk analysis of biometric authentication technology in comparison to
other approaches."
Conclusions: "This paper presents a systematic approach for a holistic
security risk analysis of biometric authentication technology based on the high-level
component & process model for integrated security risk analysis of
biometric authentication technology also proposed here. The processes and
components used within this model are developed together with a terminology
for biometric authentication technology for the research field of IT
security biometrics, which is comprehensively presented here for the first
time. Current approaches for risk analysis of biometric authentication
technology are limited to enrollment and
identification/verification processes with biometric algorithms mainly
considered as black-boxes, only. By using the biometric authentication risk
matrices introduced here it is shown that more than seven thousand single possible
risk effect classes can be identified, which should be examined for an
overall holistic security risk analysis of biometric authentication technology.
With the systematic discovery of such a large amount of possible risk effect
classes in this paper, it can be concluded that current biometric
authentication technology contains inherent holistic security risks, which are
not systematically explored. For this reason, the specific risk analysis
approach presented here has a strong advantage in comparison with other
evaluation and risk analysis approaches in this area. More generally speaking,
the presented approach is a significant contribution on the way to the possible
development of more (holistic) secure biometric authentication
technology."
Violeta Uzunova
and
Abstract: "In this paper we
present a report of our experiences with different (in)direct eye feature
marking techniques for revealing eye features. The coordinates of the found
regions of the here considered eye features - eyelids and eye corners -
can be used as reference data for rapid human iris feature tracking (RHIFT)
systems reaching up to 1.000 frames per second for detection and tracking of irides as preprocessing step in irides recognizing biometric authentication systems. The
main conclusion of this work is that automatically collected eye features
reference data with indirect marking will deliver higher accurate evaluation
results if the marking techniques are developed further. So far, manual direct
marking by experts on single images are available for the evaluation of the
accurateness of an eyelids and eye corners detection and tracking method. A
tool for collecting such data was implemented for validation. Tool-based manual
gathered eye feature reference data were used for the accurateness evaluation
of an eye feature detection and tracking method."
Abstract: "Based on the generic
Rapid Human Iris Feature Tracking (RHIFT) System Process Model and a
type-oriented data interface description of a (F|E|I)R(D|T)P RHIFT System an
extension of the data interface to (FR|E(R|F)|IR)(D|T)P RHIFT System is
presented to integrate processes for detection and tracking of eye features
like eye corners and eyelids."
Abstract: "Within a project dedicated to real-time processing of
eye movements at the Computer Vision Group of the Otto-von-Guericke University
a process based system model for rapid human iris feature tracking (RHIFT) was
developed. This article presents a brief introduction to the RHIFT system
process model and focusses on a type-oriented data
interface description of the communicating processes of a (F|E|I)R(D|T)P RHIFT System."
2004:
Abstract: "Current approaches
for risk analysis of biometric authentication technology are limited to enrollment and identification/verification processes with
biometric algorithms mainly considered as black-boxes, only. This paper
presents a systematic approach for a holistic security risk analysis of
biometric authentication technology based on the high-level component
& process model for integrated security risk analysis of biometric
authentication technology, also proposed here. The processes and components
used within this model are introduced together with a comprehensive terminology
for biometric authentication technology especially developed for the
research area of IT security biometrics. Biometric authentication
risk matrices are used to show that single possible risk effect classes
can be identified. A discussion on the enabled possibilities for risk analysis
shows the significant advantage of this integrated approach for holistic
security risk analysis of biometric authentication technology in comparison to
other approaches."
Abstract: "This paper delivers
a survey of selected research papers in the field of iris and eye tracking with
focus on modelling aspects of image based approaches for rapid human iris
feature tracking (RHIFT). The overview of selected papers is structured along
the purpose of the paper, applied methods, aspects of modelling, description of
setups for image data acquisition, evaluation of accurateness, and an
estimation of computational speed. Based on an evaluation this survey concludes
that the main research stream is making use of (1) circular models which are
used for the human iris and pupil, (2) Hough circle transform mainly applied to
reveal rapid and robust detection for tracking (horizontal, vertical, and torsional) and recognition of the human iris, (3)
limitation of search space, which can be done in different ways like usage of
gradients and extraction of eye regions, and that (4) influencing factors like
noise, artifacts, and deformation by projection are
not considered in very detail. Based on the surveyed literature this paper
concludes to assume that the detection of iris center
coordinates is already given with a certain
accurateness and under acceptable speed for up to 10.000 fps. This enables
future research requirements for image sequence based rapid human iris
feature tracking especially in the field of application oriented image
interpretation with accurate and robust identification of supra nuclear
binocular eye movements like saccadic eye movements with variation in
accurateness (undershoot, overshoot, pulsion,
glissades), smooth pursuit eye movements, optokinetic
nystagmus, vestibulo-ocular/non-optical
eye movements, and fixations with regard to e.g. tremors and drifts."
2003:
Abstract: "The domain of IT
security biometrics lacks of a systematical approach
for classifying biometric signatures for biometric authentication, detection,
and reaction systems. This paper presents a first approach to fill this gap.
Outlining the general authentication process and analyzing the meaning of the
term signature from selected sciences, a definition of the term biometric
signature as (bin|n-)ary coded representation of biometric
characteristics is derived. To show the suitability of the suggested
definition, its role within the core processes of biometric authentication
systems (enrollment, authentication, derollment) is described."
Abstract: "In this paper a
multifactor biometric sketch authentication method is proposed based on
biometric sketch recognition and a user's personal knowledge about the sketch`s content, which is negotiated between the biometric
authentication system and the user during enrollment.
The used sketch recognition algorithm analyzes the structural variability of
sketches built up from a set of deformable shapes. For increasing the
reliability of the biometric sketch authentication method the user's knowledge
as authentication factor has been added by fulfilling specific sketching tasks
of varying complexity given by the authentication system. An evaluation and
testing framework for biometric algorithms was used to prove the accuracy of
the method. For this purpose the biometric sketch algorithm has been adapted to
the framework, a compiled sample database for comparability testing between
users has been generated, and attack classes ranging from none, over partial to
complete knowledge about the user's sketch has been developed and used. The
evaluation of the test results for the research field of IT security biometrics
shows that particularly the user's knowledge as an added authentication factor
leads the used sketch recognition algorithm to high accuracy."
Stephan Al-Zubi,
Abstract: "Based on the
research on multifactorial biometric sketch
authentication by Broemme and Al-Zubi this paper focusses on the
usage of a single instantiation of active shape structural models by Al-Zubi and Toennies for sketch
recognition within biometric authentication applications. Experiments executed
within a previously developed evaluation and testing framework for biometric
algorithms by Broemme are
showing that mainly the knowledge factor - represented as static structural
relations between the strokes of handdrawn sketches -
increases the moderate performance of a pure statistical sketch recognition
approach to higher accuracy for biometric authentication applications."
Abstract: "The domain of security
standardization within biometrics lacks of a systematical
framework approach for evaluation and testing of biometric technology. The
international standardization project NP 19792 of the ISO/IEC JTC1/SC27 Information Technology Security Techniques intends to
fill this gap for the highly demanded field of IT security biometrics.
This paper delivers a first contribution for the NP 19792 by providing the
first steps to fill the outlined scope of the proposed international
standard."
2003 - Book:
Preface: "International
standardization and innovative authentication methods from research and
development gain significance for biometric person recognition methods and
electronic signatures After establishing the legal basis, the broad usage of
biometric person recognition methods and electronic signatures from a technical
point of view is in need of international standardization for enabling the
interoperability of different systems and components for reliable, secure, and
privacy enhancing applications. The adequate evaluation and testing of
performance, reliability, and security of biometric person recognition
technology and electronic signatures is of major importance. As a result there
is a significant demand for innovative methods of multifactor biometric person
identification and verification methods based on knowledge, possession,
biometric characteristics, location, and time with regard to specific
applications. Aiming to fill this gap the working group BIOSIG of the Gesellschaft für Informatik e.V. is organizing a
conference in the research and application field of „Biometrics and
Electronic Signatures”. In two parallel tracks the aspects of testing
& standardization and authentication with focus on the technical and algorithmical fundamentals for the broad and specific usage
of biometric person recognition methods and electronic signatures from science
and industry will be presented and discussed."
2002:
Abstract: "This paper presents
a conceptual framework for testing the implementation of biometric algorithms
within Unix and Windows NT/2000 operating systems' login authentication. To
support the analysis and evaluation of biometric algorithms, a data logging
module will be used, enabling the collection of quantitative data, e.g.
timestamps, biometric raw data, (pre)processed data, and return codes from each
run of a biometric authentication. It is shown how biometric algorithms and a
data logging module can be integrated into Unix and
Windows NT/2000. In addition to the explained system components a human
observer is necessary to collect extended data like user behavior
and environmental conditions, which cannot be automatically recorded by the
data logging module. From the combination of these two types of data,
conclusions on the biometric algorithm in the context of its implementation in
operating systems' authentication can be drawn. The resulting benefits for the
development of appropriate biometric algorithms concerning aspects of
robustness (security, safety), performance measures and usability will be
discussed for iris biometrics."
Abstract: "This paper presents
a classification of biometric applications wanted by politics in the shade of
the terror attacks of Sep. 11th 2001. Politics in the urgent obligation to
protect the health and property of inhabitants is in need to quickly find
appropriate methods. Biometrics was one of the general technical methods almost
immediately claimed for passports, person tracking, and fight against terror.
At second sight it is clear that biometrics is no help in finding an unknown,
''sleeping'' terrorist in advance. But what kind of applications can help to
protect a nation's inhabitants against attacks by terrorists and how much
privacy is to be given up, if one wants to enable special biometric
applications for surveillance and to react adequately in the case of danger?
With an initial classification of biometric applications and the description of
a possible scenario of antiterror biometrics this
paper offers a starting point for the discussion on how privacy in particular
and society in general will be influenced by biometric applications wanted by
politics."
2001:
Abstract: "This paper discusses
aspects of privacy needs and (mis)use of biometric
IT-systems along a model for the classification of biometric databases including
biometric characteristics, biometric signatures, personal data, and access
control mechanisms. A scenario-based discussion of privacy needs, which reveals
that a database-organized access to biometric raw data is a main threat to
privacy, results in general and technical design requirements for biometric
IT-systems."
Past Events:
Eighth International Network Conference
(INC2010) (06.-08.07.2010, Heidelberg, Germany) [call for papers]
ACM SAC 2008 - Track on Computer
Security (16.-20.03.2008, Fortaleza, Ceará, Brazil) [call for papers]
IMF 2007 (11.-13.09.2007, Stuttgart,
Germany) [program]
BIOSIG 2007 (12.-13.07.2007,
Darmstadt, Germany) [program]
ACM SAC 2007 - Track on Computer
Security (11.-15.03.2007, Seoul, Korea) [call for papers]
ACM CCS 2006
(30.10.-03.11.2006, Virginia, VA, U.S.A.) [call for proposals_industry_and_government_track] [call for papers_research_track]
ICITST 2006 (11.-13.09.2006, London, United
Kingdom) [call for papers]
BIOSIG 2006 (20.07.2006, Darmstadt, Germany) [program]
ACM SAC 2006 - Track on Computer
Security (23.-27.04.2006, Dijon, France) [call for papers] [program]
SICHERHEIT 2006 (20.-23.02.2006, Magdeburg,
Germany) [call for papers]
QSIG 2006 (20.-23.02.2006,
Magdeburg, Germany) [call for papers]
DAGM 2005, 27th Pattern Recognition
Symposium (30.08.-02.09.2005, Vienna, Austria)
BIOSIG 2005 (21.07.2005, Darmstadt) [in cooperation:
GI FG BIOSIG
and CAST-Forum and Bundesamt für Sicherheit in der
Informationstechnik (BSI))
QSIG 2005 - Qualifizierte
Elektronische Signaturen in Theorie und Praxis (06.04.2005, Regensburg) [cfp pdf] [final program]
SICHERHEIT 2005 - 2. Jahrestagung des
Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (04.-08.04.2005,
Regensburg)
ACM SAC 2005 - Track on Computer
Security (13.-17.03.2005, Santa Fe, New Mexico, USA) [cfp]
ACM SAC 2004 - Track on Computer
Security (14.-17.03.2004, Nicosia, Cyprus) [conference homepage]
IFIP World Computer Congress WCC 2004, Toulouse, France, August 22-27,
2004
DAGM 2004, 26th Pattern recognition Symposium
(30.08.-01.09.2004, Tuebingen, Germany)
BIOSIG 2004 - Biometrics and
Electronic Signatures (15.07.2004, Darmstadt, Germany) [program]
IMF 2003, IT-Incident Management
& IT-Forensics (24.-25.11.2003, Stuttgart, Germany)
INFORMATIK 2003, Teiltagung
Sicherheit - Schutz und Zuverlässigkeit (29.09.-02.10.2003, Frankfurt a.M., Germany) [cfp pdf]
DAGM 2003, 25th Pattern Recognition Symposium,
Magdeburg, Germany, September 10-12, 2003 [program]
IFIP WG 9.2, 9.6/11.7, 9.8 Second Summer School
on "Risks and Challenges of the Network Society", Karlstad University,
Sweden, August 4-8, 2003 [program]
BIOSIG 2003 - Biometrics and
Electronic Signatures (24.07.2003, Darmstadt, Germany) [cfp pdf] [program]
Links:
http://www.biosig.org/
Fachbereich "Sicherheit - Schutz und
Zuverlaessigkeit" @ Gesellschaft fuer Informatik (GI), Germany
Gesellschaft fuer Informatik (GI), Germany
http://www.cs.kau.se/~simone/ifip-wg-9.6/wg96.htm
International Federation for Information Processing (IFIP)
arslan.broemme (locatAT)
aviomatik.de
Wichtiger Hinweis über die Links auf dieser Seite
Die Verantwortung der Inhalte auf externen Links liegt bei den jeweiligen Autoren und
Betreibern dieser Seiten. Die hier angegebenen Links dienen lediglich der persoenlichen
Information. Es wird keine Gewaehr fuer die auf dieser Seite enthaltene Information
uebernommen.
Important
information with regard to the enclosed links
The responsibility of the contents of
external links belong to the authors and persons running
those internet pages. The links included here are added for personal
information purposes only.
No guarantee is given for the information enclosed on this internet page.
[