Almost no day goes by without news of severe cyber attacks against companies, public facilities, and critical infrastructure—including even hospitals and power plants. Although the incentives of malicious actors that conduct these attacks are manifold, the vast majority are primarily perpetrated to gain financial profit. As a result, a large network of professional, fraudulent actors has emerged in recent years, leading to a wide variety of malicious activities with which companies and law enforcement agencies must contend on a daily basis.

Traditional defenses, like signature-based systems for spam and intrusion detection, require manual effort to update their detection patterns. Thus, they are unsuitable for coping with the large number of fast-evolving malicious activities that emerge every day. To counter this threat, machine learning-based techniques have been extensively explored, as these methods extract effective detection patterns from large amounts of data automatically. Although promising, these learning-based detection methods suffer from severe drawbacks that limit their applicability in real-world settings.

First of all, the underlying models are often very complex and their decision-making process is hard to interpret even for human analysts with expert knowledge. Secondly, learning-based systems have shown to perform badly if train and test distributions differ; a phenomenon known as dataset shift that affects many security domains. As a result, these systems either fail completely in real-world settings or become outdated quickly, requiring continuous retraining of the underlying machine learning models, which is time consuming and computationally expensive. Even worse, very recently, it has been found that the state-of-the-art learning model ChatGPT itself has already been used by malicious actors to generate new frauds automatically, thereby potentially transforming the way fraudsters operate. Consequently, the impressive capabilities of recent learning-based models raise serious concerns regarding their potential misuse by malicious actors, as these learning models will change the threat landscape in the upcoming years and likely speed-up the evolution of new fraud schemes even further.

To keep pace with the fast-evolving threat landscape, we aim to address three key security research questions throughout this project. In particular, we want to better understand the decision-making process of current learning-based methods in security, and to use this knowledge to improve their robustness in the presence of dataset shift. We also plan to leverage and enhance the developed methods to understand and properly address the rising threat introduced by AI-generated fraud. The project is divided into three parts:

1. In the first part of this project, we seek to develop methods to help us better understand the decision-making process of learning models in security. To this end, we plan to develop novel techniques that allow for the identification of high-level concepts relevant to the prediction of a learning model in security. Using these techniques, we aim to gain insight into why the performance of current models decreases over time and how dataset shifts differ among security fields.

2. In the second part, we plan to develop new learning-based methods that can cope with different types of dataset shift in various security domains. Here, we guide our research along the following two dimensions: First, we want to explore different feature representations and assess their robustness in the face of dataset shift. Second, we plan to examine alternative strategies to cope with dataset shift, such as methods from the active learning field. By combining the best performing techniques from both dimensions, we aim to improve the robustness of current learning methods in security as compared to the current state of the art.

3. Finally, in the third part of this project, we use the previously developed techniques to analyze and address with a fast-evolving security threat that will change the future threat landscape: The rise of AI-generated fraud, such as deep-fake images and videos, misleading information, and even sophisticated malware. The speed and scale of such developments in recent years make it likely that this novel threat will become one of the biggest challenges for security researchers. Equipped with the new techniques developed throughout this project, however, we aim to be able to tackle these these threats as they emerge.

We are observing a trend towards decentralization, reflected in technologies such as blockchains and distributed ledgers. These enable currencies without banks, community-based platforms without commercial actors, and many more. Central to all such systems is their transparency, allowing anyone to verify the system state, which makes trust in central parties obsolete. However, transparency conflicts with protection of user privacy (meanwhile even legally enforced by GDPR) and current systems cause huge environmental damage.

The goal of COnFIDE is to use cryptography to reconcile public verifiability with privacy in distributed ledgers, and to improve efficiency and sustainability of decentralized systems, avoiding wasting energy (as for mining Bitcoins) and storage (as for massive duplication of obsolete transaction data).

The Web undertook a progressive conceptual switch from a mesh of interconnected documents to an application distribution platform. In parallel, smartphones and tablets changed the way people consume Web content. With Web apps being ubiquitous, mobile platforms are introducing new mechanisms to integrate Web content into the operating system: in addition to apps embedding browsers, cross-platform apps can be developed using Web frameworks with little to no app development experience. At the same time, powerful Web APIs are in development to close the gap between Web and native apps.

The security and privacy implications of this ongoing transformation have yet to be explored. In particular, the security analysis is hampered by the fast-changing nature of Web and mobile platforms and the contrasting evolution of functionalities across different OSes and browsers. Previous work mainly focused on security and privacy issues affecting either websites or mobile apps in isolation.

We propose to develop a unified framework that will enable us to rigorously evaluate the security implications of the intersection between Web and mobile platforms. We plan to shed light on new ways that Web and mobile apps can interact with each other and how these interactions could potentially lead to security and privacy issues. We will conduct large-scale measurements to confirm the impact of our findings, and we will propose remediation strategies for the emerging mechanisms analyzed.

In recent years, Distributed Ledger Technologies (DLTs) like blockchains have gained much popularity both within industry and research. Today, DLTs are not only perceived as the underlying technology for cryptocurrencies like Bitcoin, but have also been identified as a potential disruptive technology in many different fields, e.g., supply chain tracking and healthcare. In a lot of these fields, blockchains are combined with Internet of Things (|oT) technologies in order to store data from real-world objects in a tamper-proof way, to process this data, and to share the results.

The widespread attention for DLTs has led to manifold research and development activities. These focus either on the application of blockchains in novel use cases, theenhancement of already existing technologies, or the development of completely new DLTs. As a result, today's DLT landscape is heavily fragmented, with different, incompatible technologies being available to potential users. Since interoperability between different blockchains is usually not foreseen in existing protocols and standards, functionalities like sending tokens from one participant to another, invoking and executing smart contracts, or guaranteeing validity of data stored in a blockchain can only be carried out within a single blockchain. This incompatibility contradicts the open nature of |oT- based systems, where heterogeneous technologies interact with each other, and therefore prevents the uptake of blockchains by the industry.

Therefore, the Christian Doppler Laboratory for Blockchain Technologies for the Internet of Things (CDL-BOT) will contribute to the foundations of blockchain interoperability by providing fundamental research results in the areas of cross-blockchain token transfers, cross-blockchain smart contract invocation and interaction, the integration of blockchains with further DLTs and other systems, and by providing client-side blockchain interoperability through developer support. In addition, research in the area of lightweight DLTs for the loT is conducted. While the focus of CDL-BOT is on the application of blockchain technologies in the |oT, other DLTs are also regarded. Furthermore, the research results from the laboratory are not only applicable to the |oT field, but also important for non-|oT-based systems where interoperability between different DLTs is necessary. By doing so, CDL-BOT stimulates a paradigm shift from todays closed blockchains to an open system where devices and users can interact with each other across the boundaries of DLTs.

Consumer devices, from door locks to light bulbs, are becoming increasingly smart. They are linked with other devices as part of smart homes and offices, usually Internet-connected, and may be publicly accessible through misconfiguration or IPv6.

The corresponding security and privacy implications have yet to be explored in depth, and their analysis is complicated by device type and architecture diversity. Prior work focused on case studies of specific device types, or analyzed devices' firmware in isolation, requiring substantial manual effort. In contrast, the automatic analysis of devices' interaction with their environment and other devices could uncover new vulnerability types and privacy violations.

In this project, we will propose scalable techniques to analyze smart devices for potential vulnerabilities based on how they are collecting, processing, and sharing data by interacting with their mobile companion app or smart hubs. We will provide a proof-of-concept tool to show our research's practicality.

The basis of our project are novel software and network analyses of companion apps and hub integration to synthesize protocols, discover commands to exercise device functionality, and identify information flows ‒ without requiring access to the smart devices themselves.

The project is a multi-disciplinary research effort enabling security and privacy analyses. It has also societal impact by enabling informed decision making by manufactures, lawmakers, and users.

Bitcoin marked the beginning of a new era in digital finance; the data structure known as the blockchain enabled financial transactions to be executed in a secure decentralized manner, therefore revolutionizing the financial landscape. Blockchains naturally form environments where the participants act for profit (i.e., participants are rational). Nevertheless, current works typically analyze the security of blockchain protocols in the traditional setting where some of the participants are malicious and the rest are honest as there is no general framework to analyze blockchains from a rational perspective. Furthermore, blockchain systems are complex and consist of several components that handle different performance aspects, such as the network layer or Layer 0, the consensus layer or Layer 1, and the off-chain network or Layer 2. All these layers interact with each other and the security of each layer depends on the security of its substrate layer and vice versa. Therefore, the composition of protocols in the blockchain setting is vital for the security guarantees and the correct operation of cryptocurrencies. The goal of this project is to introduce a composable framework for the security analysis of blockchain protocols under a hybrid model of both rational and malicious participants. This is a significant yet currently missing tool with impact across multiple disciplines such as computer science and economics.

The constantly increasing number of attacks on web applications shows how their rapid development has not been accompanied by adequate security foundations and demonstrates the lack of solid security enforcement tools. Indeed, web applications expose a gigantic attack surface, which hinders a rigorous understanding and enforcement of security properties. Hence, despite the worthwhile efforts to design secure web applications, users for a while will be confronted with vulnerable, or maliciously crafted, code. Unfortunately, end users have no way at present to reliably protect themselves from malicious applications. BROWSEC will develop a holistic approach to client-side web security, laying its theoretical foundations and developing innovative security enforcement technologies. In particular, BROWSEC will deliver the first client-side tool to secure web applications that is practical, in that it is implemented as an efficient and easily deployable browser extension, and also provably sound, i.e., backed up by machine-checked proofs that the tool provides end users with the required security guarantees. At the core of the proposal lies a novel monitoring technique, which treats the browser as a blackbox and intercepts its inputs and outputs in order to prevent dangerous information flows. With this lightweight monitoring approach, we aim at enforcing strong security properties without requiring any expensive and, given the dynamic nature of web applications, statically infeasible program analysis.

BROWSEC is thus a multidisciplinary research effort, promising practical impact and delivering breakthrough advancements in various disciplines, such as web security, JavaScript semantics, software engineering, and program verification.

Blockchains are emerging as a disruptive technology for securing transactions and computations across mutually distrustful peers. The security and privacy of blockchains, however, depends on a complicated combination of cryptography, programming languages, game theory, distributed systems, and network concepts, which is not well understood. The goal of this project is to lay sound foundations for blockchain technologies, devising techniques for their provable analysis and design.

Today, much of our personal freedom and the power to guarantee and maintain a free society depends on cryptographic primitives (e.g., digital signatures and encryption) incorporated in the security protocols of today's Internet used for securing many daily tasks such as messaging, online banking or sending e-mails. While anticipated regulations like the upcoming EU General Data Protection Regulation (GDPR) promote the usage of cryptography to protect sensitive data, revelations about activities of governmental agencies have revealed worryingly information. Examples include subverting cryptographic software products, subverting certification authorities, backdooring cryptographic schemes, or influencing and weakening cryptographic standardization processes. Besides providing governmental institutions means to spy on citizens, such practices are highly vulnerable to also be exploited by non-governmental attackers.

Many of the public-key cryptographic schemes used to secure today's Internet were not designed with the functionality and the security requirements in mind that come along with tomorrow's envisioned use-cases on the Internet. This requires novel and typically more advanced cryptographic schemes that consider aspects that were not known or of interest in the early days of the Internet. Cryptography for a future-proof Internet needs to consider a potentially huge number of devices to which data is communicated simultaneously and shared selectively and needs to be flexible enough to work on both ends of the spectrum, i.e., resource constrained IoT devices as well as cloud-powered services. What is more, new security aspects such as readiness for a post-quantum era as well as the increasing importance of cryptographic schemes which are resilient against threats due to subversion as well as surveillance (as mentioned before) are of high relevance.

PROFET targets at designing public-key cryptography capable to secure tomorrow's Internet which will encompass paradigms such as cloud computing, the IoT and distributed ledgers as essential ingredients. We thereby want to specifically put our focus on two highly important issues for the future: (1) designing security models and cryptographic schemes that are surveillance and subversion resilient by design, e.g., provide strong notions such as forward security and post-compromise security, and (2) designing cryptographic schemes that remain secure in the presence of powerful quantum computers, i.e., schemes that provide post-quantum security. We will on the one hand work on foundational aspects, but also investigate the application of our techniques to certain problems encountered in the IoT and cloud application scenarios.

The aim of ViSP is to break down the silos and boost the existing research synergies among the partner institutions, to establish a graduate educational program in cybersecurity and privacy, and to create all together an internationally leading research and educational brand for cybersecurity and privacy in Vienna.

While the primary goals are research excellence and education, ViSP will have a significant impact on industry and regional development. Cybersecurity and privacy expertise is extremely required by enterprises, which open branches and labs in close proximity to research centers and universities leading in this field, due to the availability of the required know-how, possibilities of technology transfer, and access to specialized students. Cybersecurity and privacy are also a flourishing field worldwide for startups created by students during or at the end of their studies, which will be promoted and mentored in the incubation phase by ViSP.

The ultimate goal is to establish Vienna as the place to be for cybersecurity and privacy research in Europe. Besides the central location and the excellent quality of life, the unique selling point of the Viennese landscape in the cybersecurity and privacy domain is the unmatchable concentration of research excellence (as witnessed, e.g., by the 6 ERC grants in this field, all joining ViSP, which has no equal in Europe) and the number of universities and research centers active in this field, which however requires a consolidation effort to emerge internationally as a leading location.