Events & News

ZISC organizes a number events. The annual ZISC Workshop brings together leading experts to present and discuss their latest research results on a chosen information security and privacy topics. The weekly ZISC Lunch Seminar presentations illustrate the research done at the affiliated research groups and invite exciting speakers from other research institutes and companies.

Latest News

Password Managers, Analysed

The Applied Crypto group’s research on password managers is now public at:

https://webro.ke/passwordmanagers

The paper, to appear at USENIX Security ’26, sees Matteo Scarlata, Giovanni Torrisi (former MSc student in AC, now doctoral student at USI Lugano), Matilda Backendal (former doctoral student in AC, now Professor at USI Lugano) and Kenny Paterson take a “Crypto in The Wild” look at Bitwarden, LastPass, Dashlane and 1Password.

Surprisingly, despite their popularity and the importance of the data they protect, password managers were not analysed in depth before.
When considering a malicious server threat model (the de rigueur approach for E2EE protocols), we found “a cornucopia of practical attacks” against the products we analysed.

The findings received wide press coverage: here we are on the ETH main page, on Ars TechnicaRisky Biz and Medium

ZKB renews its ZISC partnership

Zürcher Kantonalbank (ZKB) is extending its ZISC partnership for another 10 years, reaffirming its long-term commitment to strengthening research and education in information security, data protection and artificial intelligence at ETH Zurich.

Security and reliability, the handling of sensitive data and protection against unauthorized access are core competencies of Zürcher Kantonalbank. “The security of digital financial services and the responsible use of artificial intelligence are key prerequisites for a relationship of trust with our customers. Our renewed partnership with ETH Zurich is a clear commitment to shaping the future responsibly,” explains Dr Jörg Müller-Ganz, President of the Bank Council of Zürcher Kantonalbank. “Thanks to ZKB’s long-term support, we have been able to strengthen research and education at ZISC and expand collaboration with industry. We are very pleased that the partnership is being continued,” emphasizes Srdjan Capkun, Chair of ZISC.

The long-term commitment of ZKB enables us to further develop key technologies that are central to security, trust and innovation in adigitalized society. We are very grateful for this support,” says ETH President Joël Mesot.

 

ZISC Report 2025 is live!

The ZISC center has published its annual report for 2025.

The information security landscape is undergoing a significant disruption. The reason behind this is the rapid emergence of new technologies like AI on the one hand, but also the prospect of quantum technologies. On a geopolitical level, the wars in Ukraine and the Middle East have affected the security landscape of Europe irreversibly.

Besides these emerging threats, organizations continue to struggle with traditional information security problems  such as ransomware, phishing campaigns, large data leaks and the increasing complexity of IT systems.

During this year, ZISC continued to work on its core mission which is work on significant and fundamental information security and privacy problems together with is industry partners. Particular topics of focus this year included the research on Defeating prompt injections by Designsovereign, stress testing and improving the Internet Routing System and content-defined chunking among others.

You can read our full report here.

The ZISC center thanks its partners and collaborators and is looking forward to 2026!

Prof. Adrian Perrig receives Outstanding Research Award

Professor Adrian Perrig, who leads the Network Security Group at the Department of Computer Science at ETH Zurich, has been awarded the prestigious ESORICS 2025 Outstanding Research Award.

The award recognises Perrig’s long-standing contributions to building secure network systems and his pioneering work on the SCION Internet architecture. SCION (Scalability, Control, and Isolation On Next-Generation Networks) is a next-generation Internet architecture designed to provide highly secure, reliable and high-performance connectivity. It addresses fundamental Internet security and availability challenges, including protection against routing attacks, network failures and DDoS (distributed denial-of-service) attacks.

Under Adrian Perrig’s leadership, the Network Security Group has been driving SCION from research to practical deployment, enabling real-world adoption through collaborations with industry partners and the co-founding of Anapaya Systems.

The ESORICS Outstanding Research Award is particularly significant because it is not handed out lightly: nominees are proposed by the ESORICS Steering Committee, and the final decision is made by a vote among its members. This selectivity underscores how meaningful the distinction is, as it rewards long-term, technically innovative contributions with lasting impact in the area of computer security. ESORICS (the European Symposium on Research in Computer Security) is one of Europe’s leading security conferences, bringing together top academics and practitioners. Receiving this award places Perrig alongside other researchers whose work has helped advance the field of security. It is a meaningful recognition of his contributions and of his ongoing efforts to support the development of secure and resilient network systems.

 

New ZISC startup company Soverli

ZISC researchers from the groups led by Professor Srdjan Capkun and ETH Assistant Professor Shweta Shinde have developed a new software architecture that can divide a smartphone up into several isolated domains that are completely independent of one another.

Now, the two post-doctoral researchers Ivan Puddu and Moritz Schneider have founded the spin-off Soverli, which is bringing smartphones of this kind to the market. The special thing about these phones is users can switch between different areas on their devices that are completely isolated from one another at the touch of a button. These “domains” can host apps or separate operating systems that run independently of the actual OS and with separate access to memory or sensors.

This gives rise to sovereign areas on the phone that the operating system cannot read, offering users full control over their data. Puddu says: “The hard part was isolating these domains completely and allowing users to switch between them without sacrificing userfriendliness.

Soverli has found a solution to this and recently patented it. There are numerous potential applications for the smartphones from Soverli. One obvious example is to create a domain for a secure messaging app. However, the protection of personal data is just one of Puddu and Schneider’s aims. The new architecture is also an exciting development when it comes to communication in crisis situations. Emergency service organisations could use secure domains in conjunction with a separate emergency mobile network for communication. Systems of this kind are more secure if they are independent of foreign device manufacturers and standard operating systems. Authorities are therefore high on the list of potential customers for Soverli, in addition to business customers with special requirements.