About
Overview
Why this blog
Nothing is lost, nothing is created, everything is transformed.
–Antoine Lavoisie
Human brains are good in processing information, but not good in storing them. In order to organize my ideas, thoughts and experiences, I need to write them down. Some part of that writing, mainly about outdoor experiences and infosec foobar, can be found on this blog since writing facilitates thinking and reflection for me.
Scientific Background
Bachelor Thesis
A Framework for Digital Watermarking Next Generation Media Broadcasts under the supervision of Prof. Dr. Schwenk and Prof. Dr. Tüchelmann published in Advances in Machine Learning and Data Analysis, Lecture Notes in Electrical Engineering, Vol. 48, November 2009.
Abstract: A Framework for Digital Watermarking Next Generation Media Broadcasts
The Internet presents a problem for the protection of intellectual property. Those who create content must be adequately compensated for the use of their works. Rights agencies who monitor the use of these works exist in many jurisdictions. In the traditional broadcast environment this monitoring is a difficult task. With Internet Protocol Television (IPTV) and the Next Generation Networks (NGN) this situation is further complicated.
In this work we focus on Digitally Watermarking next generation media broadcasts. We present a framework which provides the ability to monitor media broadcasts that also utilises a Public Key Infrastructure (PKI) and Digital Certificates. Furthermore, the concept of an independent monitoring agency, that would operate the framework and act as an arbiter, is introduced. We finally evaluate appropriate short signature schemes, suitable Watermarking algorithms and Watermark robustness.
Master Thesis
Forensic Identification and Validation of Computational Structures in Distributed Environments under the supervision of Prof. Dr. Steven Wolthusen and Prof. Dr. Schwenk.
Abstract: Forensic Identification and Validation of Computational Structures in Distributed Environments
Cloud Computing is arguably one of the most discussed topics in recent times as it presents many promising opportunities for the Information Technology sector. However, many customers remain reluctant to move their business IT function completely to the Cloud. One of the main problems that concern customers, when considering Cloud Computing, is that of security and the threat of the unknown. For many reasons Cloud Service Providers (CSPs) often do not want their customers to see what is behind the virtual curtain. Therefore, IT Compliance, Governance, Data Privacy and the ability to perform digital investigations, continue to present an unsolved key problem in the Cloud Computing sector. Especially in the case of Digital Forensics, a lack of physical access to servers constitutes a completely new and disruptive challenge for investigators. This work contributes to the issue of forensic investigations in Cloud environments by providing theoretical approaches for identifying and validating computational structures within Cloud environments. It is researched if and how sequential state estimation methods such as Sequential Monte Carlo methods can be applied for this purpose in distributed infrastructures like Cloud Computing environments on the supposition that various observations are missing. Furthermore, the different probabilistic approaches and their potential combinations are discussed and corresponding limitations are analyzed.
Teaching Assistance
- Organization of the popular HackerPraktikum at the Chair for Network and Data Security, Ruhr University Bochum (2009 – 2011)
- Supervision of several Bachelor / Master Thesis in the area of information security (2009-2011)
- Lecturer at the University of Cooperative Education Emsland (BA Emsland), (Winter terms 2010/2011, 2011/2012)
- Lecturer at a Swiss Technical College (Q1/2020; Q1/2021; Q2/2022) for basics in “Information Security”
Research Periods abroad
- 6 months at the VICOMTech (Visual Communication and Interaction Technologies Centre) - San Sebastian (Spain)
- 2 months at the Norwegian Information Security Laboratory (NISLab) - Gjøvik University College (Norway)
Publication & Talks
Academic Publications
- Dominik Birk, Christoph Wegener, Technical Issues of Forensic Investigations in Cloud Computing Environments, IEEE/SADFE 2011, 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (in conjunction with IEEE Security and Privacy Symposium), Oakland, CA, USA, 2011
- Dominik Birk, Sean Gaines, Using Digital Watermarking for Securing Next Generation Media Broadcasts, Advances in Machine Learning and Data Analysis, Lecture Notes in Electrical Engineering, Vol. 48, 2009
- Dominik Birk, Sebastian Gajek, Felix Gröbert, Ahmad-Reza Sadeghi, Phishing Phishers - Observing and Tracing Organized Cybercrime, IEEE Workshop on Cyber-Fraud (Cyberfraud’07), Silicon Valley (USA), 2007
Academic Talks
- Technical Issues of Forensic Investigations in Cloud Computing Environments, IEEE/SADFE 2011, 6th International Workshop on Systematic Approaches to Digital Forensic Engineering (in conjunction with IEEE Security and Privacy Symposium), Oakland, CA, USA, 2011
- Technical Challenges of Forensic Investigations in Cloud Computing Environments, Workshop on Cryptography and Security in Clouds, IBM Forum Switzerland, Zurich, 2011
- Forensics 2.0: Challenges in the Cloud, Workshop on Trust in the Cloud - TRUST 2010, Berlin, 2010
- A Framework for Digital Watermarking Next Generation Media Broadcasts, World Congress on Engineering & Computer Science 2008, UC Berkeley, USA, 2008
Non-Academic Publications & Articles
- Dominik Birk, Managed Security Services: Hilfe oder Herausforderung für die Informationssicherheit?, Datenschutz und Datensicherheit – DuD, #45, 2021
- Incident Management and Forensics Working Group, Cloud Security Alliance (CSA), Cloud Forensics Capability Maturity Model, Chair of Working Group, 2015
- Incident Management and Forensics Working Group, Cloud Security Alliance (CSA), Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing, co-chair of the WG, 2013
- Andreas Kolb, Christoph Wegener, Dominik Birk, Digitale Forensik in IaaS-Cloud-Umgebungen, 13th German IT Security Congress, Federal Office for Information Security, Bonn, Germany, 2013
- Dominik Birk, Christoph Wegener, Neue Ansätze für die Forensik in Cloud-Umgebungen - Wolkige Aussichten, ADMIN #05, 2011
- Dominik Birk, Dennis Heinson, Christoph Wegener, Virtuelle Spurensuche - Digitale Forensik in Cloud-Umgebungen, Datenschutz und Datensicherheit – DuD, #5, 2011
- Dominik Birk, Thomas Szeremeta, Christoph Wegener, Social Network Inspector – Ein Werkzeug zur Visualisierung des Risikopotentials Sozialer Netzwerke, 12th German IT Security Congress, Federal Office for Information Security, Bonn, Germany, 2011
- Dominik Birk, Christoph Wegener, Security 2.0: Sicherheit im Cloud-Zeitalter, Sicherheit in vernetzten Systemen: 18. DFN Workshop, Proceedings of the 18th DFN Workshop, 2011
- Dominik Birk, Christoph Wegener, Dienste mit Bewölkung – Sicherheits- und forensische Herausforderungen der Cloud, iX Special “Sicher im Netz” / 3, 2010
- Dominik Birk, Christoph Wegener, Über den Wolken: Cloud Computing im Überblick, Datenschutz und Datensicherheit – DuD, #9, 2010
- Dominik Birk, Felix Gröbert, Christoph Wegener, Datenschleudern im Web-2.0: Gläserne Menschen durch Soziale Netzwerke, Sicherheit in vernetzten Systemen: 17. DFN Workshop, Proceedings of the 17th DFN Workshop, 2010
- Dominik Birk, Felix Gröbert, Christoph Wegener, Datenschutz in Sozialen Netzwerken: Freund oder Feind?, Proceedings of “Informatik 2009 – Im Focus das Leben”, Lecture Notes in Informatics, GI-Edition, 2009
- Dominik Birk, Christoph Wegener, Web Exploit Toolkits – Moderne Infektionsroutinen, D * A * CH Security 2008, Berlin, Germany, 2008
- Dominik Birk, Christoph Wegener, Web Exploit Toolkits – Gefahr durch Malware-Baukästen, iX / 11, 2008
- Dominik Birk, Felix Gröbert, Christoph Wegener, Schnapp mich – Wie Web 2.0 den automatisierten Missbrauch ermöglicht, iX / 9, 2008
- Alexander Kasper, Dominik Birk, Sicherheitsaspekte virtueller Hosts, iX / 9, 2007
- Dominik Birk, Felix Gröbert, Jörg Schwenk, Web 2.0: Freund oder Feind?, “Praxis Web 2.0 – Potenziale für die Entwicklung von Medienkompetenz”, Schriftenreihe Medienkompetenz des Landes Nordrhein-Westfalen, Band 7, 2007
- Dominik Birk, Maximillian Dornseif, Sebastian Gajek, Felix Gröbert, Phishing Phishers – Verfolgung von Identitätsbetrügern und Geldwäschern, kes – The Information Security Journal, #3, 2007
- Dominik Birk, Maximillian Dornseif, Sebastian Gajek, Felix Gröbert, Ein Framework zur Identifikation von Identitätsbetrügern, Geldwäschern und Phishing-Simulanten, 10th German IT Security Congress, Federal Office for Information Security, Bonn, Germany, 2007 (Awarded with the Best Student Paper Award)
Non-Academic Talks
- Sicherheitsrisiken von Cloud Computing Anwendungen, DIIR Kongress, Dresden, Germany, 2013
- Cloud Computing “Made in Europe” – Thesen zu IT-Sicherheit, panel discussion, Konferenz Softwareforen Jahrestreffen, Leipzig, Germany, 2013
- Herausforderungen des Cloud Computings an die IT-Forensik, joint work with Dennis Heinson, Security-Zone 2012, Zurich, Switzerland, 2012
- Stranger in the Cloud – Legal and Technical Issues of Forensic Investigations, joint work with Dennis Heinson, SecureCloud 2012, Frankfurt, Germany, 2012
- Technische Herausforderungen der Cloud-Forensik, Anwendertag IT-Forensik 2011, Fraunhofer SIT, Darmstadt, 2011
- On the Issue of Forensic Investigations in Cloud Environments, IBM Research Labs, Zurich, 2010
- Angriffe im Internet, Bochumer Kreis Gewerblicher Rechtsschutz e. V., Bochum, 2010
- 1 UP – Angriffe auf Spielekonsolen, HGI Information Security Breakfast, Bochum, 2010
- Sicherheit in der Wolke: Cloud Computing Security, Cloud Computing Konferenz 2010, Stuttgart, 2010
- Taking-down Credit Card Forums – an Analysis, 2nd Conference Bulletproofhosting and Botnet-Attacks, Hamburg, 2010
- Künftige Angriffe auf Identitäten, a-i3/BSI Symposium 2010, Bochum, 2010
- Forensics 2.0: Challenges in the Cloud, SecureCloud 2010, Barcelona, Spain, 2010
- The German “Bürgerportal”- A Secure Email and e-Government System?, ISSE 2009, Den Haag (NL), 2009
- Datenschutz in Sozialen Netzwerken: Freund oder Feind?, Informatik 2009, Lübeck, 2009 (invited talk)
- Fortgeschrittener Identitätsdiebstahl in Zeiten des Web-2.0, Verinice.XP, Göttingen, 2009
- Flipping the Phishing Con Game – Design and Implementation of FishPhucker, Hacking at Random (HAR 2009), Vierhouten (NL), 2009
- Automatisierter Identitätsdiebstahl in Sozialen Netzwerken, DACH Security 2009, Bochum, 2009
- Datenschleudern leicht gemacht: Gläserne Menschen durch Web-2.0-Anwendungen, 11th German IT Security Congress, Federal Office for Information Security, Bonn, Germany, 2009 (poster session)
- Suchmaschinen – Hacking, a-i3/BSI Symposium 2009, Bochum, 2009
- (Un)Sicherheit im Web 2.0, heise forum – CeBit 2009 – Sicherheit und IT-Recht, Hannover, 2009
- Web Exploit Toolkits – Moderne Infektionsroutinen, a-i3/BSI Symposium 2008, Bochum, 2008
- Ein Framework zur Identifikation von Identitätsbetrügern, Geldwäschern und Phishing-Simulanten, 10th German IT Security Congress, Federal Office for Information Security, Bonn, Germany, 2007 (Awarded with the Best Student Paper Award)
Podcasts
- Relativitie’s Security Sandbox - What to Expect and How to Prepare for the role of CISO - [link]