Researchers from H-BRS honored for their work on greater security on the Internet

2022-10-27 Lo Iacono Luigi und Wiefling Stephan (42)

The Stifterverband has awarded Professor Luigi Lo Iacono and Stephan Wiefling from Bonn-Rhein-Sieg University of Applied Sciences (H-BRS) with the Open Data Impact Award 2022. The two scientists have made a data set freely available that can be used to improve the security of Internet accounts. Software developers thus gain access to valuable data that previously only a few very large Internet corporations had at their disposal.

2022-11-07 Preisverleihung Open Data Impact Award Lo Iacono und Wiefling

Awarded for their research for more security on the Internet: PhD student Stephan Wiefling and Professor Luigi Lo Iacono. Photo: private

With this award, the Stifterverband wants to highlight the potential of open research data for innovation and society. The jury selected three projects for the Open Data Impact Award. Luigi Lo Iacono and Stephan Wiefling received second prize for their project "Login Data Set for Risk-Based Authentication." The prize is endowed with 10.000 euros. The computer scientists from Bonn-Rhein-Sieg University of Applied Sciences received the prize from Anna Held, program manager in the "Program and Funding" division of the Stifterverband, at the award ceremony on November 7 at the Quadriga Forum in Berlin.

Luigi Lo Iacono is Professor of Information Security at the Department of Computer Science at H-BRS. Together with colleagues, he founded the Institute for Cyber Security & Privacy (ICSP), which started operations in summer 2021. The ICSP bundles research, teaching and transfer at the Department of Computer Science on topics of security and privacy in the digital world. Stephan Wiefling is a doctoral student at the ICSP. In his research, he is investigating how the security of passwords can be improved without additional effort for users. The focus of his work is the young technique of risk-based authentication (RBA), which is already being used by major online services such as Google, Facebook and Amazon. The research and further dissemination of this promising security solution is currently strictly limited because the data basis required for it is not freely available. Lo Iacono and Wiefling have closed this gap by publishing feature data from more than 33 million login attempts.

2022-10-27 Lo Iacono Luigi und Wiefling Stephan (73)

H-BRS scientists have evaluated millions of login attempts. Photo: H-BRS

"We are very pleased to receive this award and see it as a confirmation of our work," commented Professor Lo Iacono about receiving the Open Data Impact Award. "Stephan Wiefling was the first to develop and make openly available a comprehensive body of knowledge on this security technology. Scientifically verifiable new RBA solutions can now benefit the entire digital society; billions of people worldwide will be effectively protected from cyberattacks on their Internet accounts in the future."

Risk-based authentication is based on the principle that a website accepts username and password entries as long as the system does not detect any anomalies. Only when the login attempt is accompanied by unusual circumstances does the system ask for confirmation that the login is legitimate. The system might consider logging in from a previously unused device or from a previously unknown location as unusual. RBA technology is thus convenient for users in that they usually only have to enter their password once.

"With RBA, we can protect many users from cyberattacks without them noticing any difference in how they use it," Stephan Wiefling adds. "But for this to work effectively, development and research teams need real-world test data. Until now, however, this has only been possible for large Internet corporations like Google, Amazon and Meta, which have the necessary resources and - most importantly - data. Now, with our data set, the general public can explore RBA and make it better. And feedback so far also already shows that the data set is being gratefully received by the research and development community."

The data set, which the researchers at Bonn-Rhein-Sieg University of Applied Sciences have published on various platforms under a Creative Commons license, is the data from more than 33 million login attempts by more than three million users of the multinational telecommunications company Telenor. The data was collected over the course of a year and anonymized and synthesized for publication. Developers can use this data set to create more effective security solutions for digital accounts and test them under real conditions.
The Institute for Cyber Security & Privacy intends to use the prize money for the further development of RBA solutions. It will also help companies, organizations and government agencies implement RBA technology. The initial RBA data set will be continuously expanded in the process - especially to include data on attack attempts - in order to provide standardized test procedures for evaluating RBA implementations.

The Open Data Impact Award was presented for the third time by the Stifterverband in cooperation with DUZ 2022 magazine. It is endowed with a total funding amount of 30,000 euros, which was distributed among three projects. By awarding the prize, the association aims to promote the subsequent use of research data. The first prize went to the "Open Sense Map" project at the University of Münster, while the third prize was awarded to Dr. Sean Fobbe from the Ludwig Maximilian University of Munich.

The Stifterverband für die Deutsche Wissenschaft is a joint initiative of companies and foundations. Headquartered in Essen, the association provides funding in the fields of education, science and innovation. The patron of the Stifterverband has traditionally been the German President since 1949, currently Frank-Walter Steinmeier.