RBA OpenStack

Risk-Based Authentication (RBA) Plugin for OpenStack

Unfortunately, there is a lack of available Open Source RBA solutions which provide good security and usability. Our OpenStack plugins aim to close this gap. This also allows websites with small budget to protect their users with RBA.

View Project


Humanoid Online Service Inspection Tool

A Node.js Framework to imitate human internet browsing behavior on Chrome.

We developed this framework for studies on online services which required our browser automation to be as humanlike as possible. In our work, Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild, we used HOSIT to find out more about the Risk-based Authentication practices of big online services (which were kept secret by the companies).

A detailed description of HOSIT can be found in the paper Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services.

View Project

Cache Testing Tool

RFC 7234 compliances testing with 397 test cases

View Project

USecureD Tools

Principles, Guidelines and Patterns for Usable Security

View Project


Java Library for JSON Object Signing and Encryption (JOSE)

We are proud to present the JWx 0.0.9:


To download the JWx Java library use the following links. The software is provided

Note, that in order to use JWx, some other libraries are required as dependencies.

you will find the javadocs on https://das.web.th-koeln.de/jwxdocs/ .

View Project


jREHMA – Java-based REST-ful HTTP Message Authentication

This is the jRECMA project, a Java library for signing and verifying REST-ful CoAP Messages. jRECMA is an implementation of the REST-ful Message Authentication (REMA) scheme based on the papers "Authentication Scheme for REST" and "REST-ful CoAP Message Authentication".


View Project