"What happens in the background when I call up a website on my smartphone?" asks Dominik Kempter, no one in particular. Sitting in front of him is the 11th-grade class of the technical secondary school in Saarbrücken. Soft whispers can be heard in the seminar room in Saarbrücken's Saarlandhalle. Two hands go up. "A request has to be sent to a web server so that the web page can be displayed," one of the students answers. "Exactly, a so-called HTTPS request is sent to a server, which sends back a response, and the browser renders the whole thing so that the website is displayed to us," explains Kempter, who is studying cybersecurity for his master's degree and also supervises workshops for students, citizens, and interested parties as an employee of the CISPA Cysec Lab. "And how is the right server found?" continues Kempter with his questions.
How the Web is fundamentally organized is part of the basics CISPA Cyber Days participants will need before diving into the actual topic of Web security afterward. Throughout the workshop, students will learn more about common attack variants on the Internet. For example, in cross-site scripting, attackers try to obtain confidential data or take over online banking accounts.
After the theoretical introduction, the focus is on the practical application of what has been learned. "You can log on to our challenge site with the laptops in front of you and solve the cross-site scripting tasks. If you have any questions, we'll be happy to help," says Kempter. Becoming a hacker themselves is clearly fun for the participants.
In the seminar room next door, IT specialist trainees are poring over an encrypted text. In groups of two or three, they discuss, try, fail, guess again, and calculate. They are to decrypt so-called one-time-pad encryption, an encryption method in which the key is used once to encrypt a single message. The participants have long known which encryption methods exist and which are used where and how. Philipp Settegast explained it to them. He works as an auxiliary scientist at CISPA and is part of Andrea Ruffing's team.
It is Friday and already the third and last workshop day of the CISPA Cyber Days. The team is happy that everything went smoothly and that besides students, there were also interested citizens who wanted to learn more about cyber security. "'How can I protect myself from attacks?', 'Which password manager is good?', 'Have I ever been a victim of a phishing attack?' - these and similar questions were asked by the citizens in the workshop on data protection and social networks," says Kempter.
"With the CISPA Cysec Lab, we combine cybersecurity knowledge with playful elements to make science fun and reduce fear of contact with computer science topics. For example, some participants are looking for further education, while others are trying out cybersecurity topics for the first time. So this event brings together very different target groups. After the big closing party, we are already planning the next outreach events for 2023."
At the "Science meets Entertainment, presented by WORLD CLUB DOME," a massive party in the evening in the large hall of the Saarlandhalle, fried brains and quiet murmuring are long gone. Fat beats, a breathtaking light show, and a furious DJ line-up round off the CISPA Cyber Days in a more than worthy manner - and add a night of partying to the three-day workshops.
translated by Oliver Schedler