No Coffee, No Research

No coffee, no ideas; no ideas, no research. Therefore: no coffee, no research! In this interview series, our researchers answer the most pressing questions about IT security and artificial intelligence over a hot cup of coffee – and, admittedly, sometimes tea. Grab a hot beverage of your choice and join us!

Coffee facts from CISPA

of the employees at CISPA drink coffee

drink 1-3 cups of coffee a day

drink their coffee with milk (or milk substitute) and/or sugar/sweetener

prefer filter coffee

drink neither capsule/french press nor coffee with pods

Coffee cups were photographed for the campaign

The story behind "No Coffee, no Research"

Our collection of coffee cups at CISPA is every bit as diverse as the people who work and do research here. It is not uncommon for ideas on research projects to be born over a chat at the coffee machine in our kitchens. That's why we thought it was time to get our researchers to join us at the coffee table and ask them questions over a cup of joe. Questions like: 'What are passkeys, anyway?' 'Will processors ever be truly secure?' or 'Do all people have the same needs when it comes to IT security and privacy?' Have fun watching our coffee chats!

Are passkeys the new passwords, Maximilian Golla?

Usable-security researcher Maximilian Golla starts his day with two cups of milk, with a bit of coffee added. In this episode of "No Coffee, No Research," he talks to us about one of his current favorite topics: passkeys. Passkeys are a new authentication method that major services like Google, Amazon, and PayPal now offer as an alternative to traditional passwords. Maximilian is quite certain that, at least on large websites, passkeys will eventually replace passwords altogether – which is not a bad thing, as he considers them to be a much safer authentication method. "However, passkeys are not yet at the level they need to be to be perfect," he says. He and his team are working to address questions about the usability and security of passkeys. Anyone who wants to learn how passkeys work, why they are much more secure than passwords, and what challenges still exist should definitely check out this episode, recorded in German.

"I think passkeys will replace passwords on very large websites."

Dr. Maximilian Golla
Tenured Faculty CISPA

Since October 2023, Maximilian Golla has been a tenure-track faculty member at CISPA. Previously, he was a postdoc at the Max Planck Institute for Security and Privacy in Bochum. He earned his PhD at Ruhr University Bochum.

Max's research focuses on computer security, privacy, and human-computer interaction. Specifically, he works on enhancing password security by promoting the adoption of two-factor, risk-based, and passwordless authentication methods.

Is the web a safe place, Giancarlo Pellegrino?

When it comes to coffee, there is one CISPA-Faculty you simply cannot leave out: Giancarlo Pellegrino! With most of his research group mostly running on coffee to fuel their research in web security, we asked him if the web is a safe place to spend a lot of time in. Giancarlo tells us how the web has developed over the last 30 years in terms of security, how things changed with the arrival of smartphones and mobile apps, and what the future may hold for the vast world of the web. Grab a coffee and get ready to be visited by the ghosts of internet past, present and yet to come!

"It's a constant process. As soon as we see something that doesn't work well, there's a new vulnerability, thousands of people are working to fix it."

Dr. Giancarlo Pellegrino
Tenured Faculty CISPA

Dr. Giancarlo Pellegrino started his tenure track at CISPA in 2019, successfully completing it and becoming a tenured Faculty in 2023. Before that, from 2017, he was a visiting assistant professor at Stanford University and research group leader at CISPA as part of the CISPA-Stanford Center for Cybersecurity.

Giancarlo is leading the Application Security (AppSec) research group at CISPA, with their main research interests being broad web security, program analysis, security of immersive web applications and machine learning and artificial intelligence for program analysis.

.

Can we still trust our eyes and ears, Lea Schönherr?

Has Olaf Scholz ever called you to give you election tips? No? Lucky you! In the US state of New Hampshire in January 2024, many voters supposedly had US President Joe Biden on the phone, advising them not to go to the primaries. These kinds of fake calls, so-called robocalls, have become a popular election-campaign tool in the USA. There are also large numbers of AI-generated videos, images, and texts circulating worldwide. For us humans, these so-called deepfakes are almost impossible to recognize. Automated detection methods could and should help us in the future, says CISPA researcher Lea Schönherr in the latest episode of our interview series “No Coffee, No Research”. However, due to the rapid development of generative AI, these methods often reach their limits and are not yet robust enough. So, what can we do? Stay persistent and keep on researching—just like Lea.

"That new technologies come with challenges is not uncommon. The question is how to deal with them."

Dr. Lea Schönherr
Tenure-Track Faculty CISPA

Lea Schönherr has been a Tenure-Track Faculty at CISPA since 2022. Prior to that, she worked at Ruhr University Bochum (RUB) in the DFG Excellence Cluster "Cyber Security in the Age of Large-Scale Adversaries" (CASA).

Lea conducts research in information security with a focus on adversarial machine learning. She earned her PhD in 2021 from Ruhr University Bochum, where she was supervised by Professor Dr.-Ing. Dorothea Kolossa in the Cognitive Signal Processing group. She received two scholarships from UbiCrypt (DFG Graduate School) and CASA (DFG Excellence Cluster).

Will there ever be a completely secure CPU, Michael Schwarz?

He’s the worst nightmare of every CPU manufacturer’s security division: CISPA-Faculty Dr. Michael Schwarz! Whenever there’s a new CPU on the market, his and his team’s work of poking and prodding begins, revealing vulnerabilities and bugs along the way. Riding on his third coffee of the day, he tells us why one of the biggest advantages of our computers, their versatility, is what makes them more susceptible to bugs. He also discusses how the CPU market is about to change and why showing the world how to break an already released CPU can be a complicated ethical question. Get yourself a coffee and prepare for a ride through the world of hardware security!

"We can't assume we're the smartest people in the world and no one else will find these vulnerabilities."

Dr. Michael Schwarz
Tenured Faculty CISPA

Michael Schwarz has been with CISPA since 2020. He has been awarded the Austrian research prize, the ‘Award of Excellence’, for his dissertation ‘Software-based Side-Channel Attacks and Defenses in Restricted Environments’ at TU Graz. Since January 1, 2024, he has been tenured, i.e. a Faculty for life.

Michael Schwarz specialises in side-channel attacks in microarchitectures and in system security. He was part of one of the research teams that in the past found the Meltdown, Spectre, Fallout, LVI and ZombieLoad vulnerabilities in processors, among others.

How secure are emails, Ben Stock?

"In the morning, one or two cups, and then another four or five throughout the day... CISPA researcher Ben Stock certainly lives up to the name of our series with his coffee consumption—and, of course, also with his research on web security. When asked how secure emails actually are, his clear response was: 'So-so.' He pointed out several reasons for this: no standard end-to-end encryption, insufficient security measures on the part of email providers, making emails the perfect tool for phishing attacks, and the lack of consistent security measures across different mail servers. Phew. Thankfully, Ben also offers tips on how we as users can at least protect ourselves a little."

"Emails are more or less a public space."

Dr. Ben Stock
Faculty CISPA

Dr. Ben Stock is a tenured Faculty at CISPA. Prior to that, he completed the tenure track at CISPA and was a research group leader and previously postdoctoral researcher at the Center for IT-Security, Privacy and Accountability at Saarland University in the group of Michael Backes. Before joining CISPA, he was a PhD student and research fellow at the Security Research Group of the University Erlangen-Nuremberg, supervised by Felix Freiling. During that time, he was fortunate enough to join Ben Livshits and Ben Zorn at Microsoft Research in Redmond for an internship.

Ben's research interests lie within Web Security, Network Security, Reverse Engineering, and Vulnerability Notifications.

Do machine learning and privacy go together at all Franziska Boenisch?

If you’ve ever used AI tools such as ChatGPT, you might have wondered sometimes: where does that machine gets all its knowledge of the world from? Well, Franziska knows the answer: it learns it from your data. The data you leave on the internet, voluntarily or involuntarily. In terms of privacy, that is not ideal, as Machine learning models can leak private data. Which is especially critical in fields such as medicine. Luckily, Franziska and her team are working on improving the privacy of machine learning models, while also making sure their predictions are as accurate as possible. And also luckily, her research is heavily fueled by coffee! We brewed her a fresh one and asked her about her work.

"This process of turning data into machine learning models is to some degree invertable, so we can to some degree get out what data is inside that model."

Dr. Franziska Boenisch
Faculty CISPA

Franziska is a Tenure Track Faculty at CISPA since 2023 and is co-leader of the SprintML lab for secure, private, robust, interpretable and trustworthy machine learning. Previously, she was a Postdoctoral Fellow at the Vector Institute for Artificial Intelligence. She completed her PhD at the Free University of Berlin and was a research associate at the Fraunhofer Institute for Applied and Integrated Security (AISEC).

Franziska's research focuses on the intersection of trustworthy machine learning (ML) and data protection from the perspective of individual users and data owners.

Do all people have the same privacy and security needs, Katharina Krombholz?

She enjoys traveling a lot, often bringing her PhD students along. The reason: as a usable security researcher, it's important for her to examine IT security mechanisms from various perspectives and test their practical applicability. This raises the question: Whose practical needs should security features actually meet, and do all people have the same privacy and security requirements? Her clear answer is: "No." The interplay between society, individuals, and technology is complex and still poorly understood in some cultures and regions of the world. According to Katharina, the socio-technical problems that arise can only be solved through intensive research, immersing oneself in different cultures, and maintaining an open-minded perspective.

"Science must build bridges."

Dr. Katharina Krombholz
Tenured Faculty CISPA

Dr. Katharina Krombholz has been researching at CISPA (Center for IT-Security, Privacy, and Accountability) since 2018. Before that, she was a Senior Researcher at SBA Research in Vienna. She completed her doctoral thesis with distinction in Vienna in 2016.

Katharina Krombholz is leader of the Usable Security group at CISPA. Her research focuses on users and looks for ways to design technical solutions for real-life application and threat scenarios and to research what user reality looks like and what users' needs are in the first place.

Meet the Hosts

Tobias is a science editor with a focus on digital media, especially video, photography and podcasting. He joined CISPA in 2019.

Tobias Ebelshäuser

Annabelle is a science editor with a focus on text and podcast production. She joined CISPA in 2021.

Annabelle Theobald