CRISP (Center for Research in Security and Privacy)

 Cutting Edge Cybersecurity Research

CRISP-Logo_RGBMore than 400 researchers in Darmstadt are working on the key research topics in cybersecurity. Their activities are combined within CRISP, the Center for Research in Security and Privacy.

CRISP is comprised of several partner institutions: Technische Universität Darmstadt with its profile area for cybersecurity and privacy protection CYSEC, the Darmstadt University of Applied Sciences (h_da), and the Fraunhofer Institutes for Secure Information Technology (Fraunhofer SIT) and for Computer Graphics Research (IGD), both located in Darmstadt. This partnership represents the largest alliance of research institutes in the area of cybersecurity within Europe.

The research projects are interdisciplinary,involving various subject areas such as informatics/computer science, engineering, philosophy, physics, psychology, law and economics – and they cooperate both nationally and internationally with other research and industry partners.

The core focus of these research activities is “Security at Large”. With this, CRISP is pursuing an entirely new objective and redefining the focus of research conducted at Darmstadt, taking developments in diverse fields of application into account. Cybersecurity research to date has mostly considered isolated characteristics and moderately sized systems. CRISP sets out to research security for large systems –  from their individual components all the way up to their interaction within comprehensive security solutions.

The research projects “Secure Internet Infrastructure” and “Secure Web Applications” are both flagship projects at CRISP.

The Internet is the biggest and most complex communication system in existence and, as such, represents the world’s largest piece of IT infrastructure. Functions for routing selection on the Internet assist us in reacting to unforeseen occurrences, such as the loss of nodes or connections. Besides this extremely useful task of securing the availability of the Internet as an essential piece of infrastructure, routing selection is also subject to misuse: data packets can deliberately be directed towards certain Internet nodes to access content and read or alter it. In order to redirect data traffic on the Internet, attackers misuse vulnerabilities and missing security components within the basic routing protocol (Border Gateway Protocol). The flagship project “Secure Internet Infrastructure” is developing new mechanisms to prevent Internet traffic from easily being redirected via manipulated prepared Internet nodes for the sake of eavesdropping.

The security of Internet applications affects millions of users, and many of these applications are insecure. Such software is often created in the programming language JavaScript. Past experience has shown that applications programmed in JavaScript often contain vulnerabilities. The flagship project “Secure Web Applications” is developing scalable program analyses for software based on JavaScript. These analyses will be able to locate vulnerabilities even within large software programs.

CRISP is funded by the German Federal Ministry of Education and Research (BMBF) and the Hessian Ministry for Science and the Arts (HMWK).