Publications

View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication

2019 - Philipp Markert, Florian Farke, Markus Dürmuth

Who Are You?! Adventures in Authentication (WAY '19). Santa Clara, California, USA, August 11, 2019

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

2018 - Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur

USENIX Security Symposium 2018 (SSYM '18). Baltimore, MD, USA, August 15-17, 2018 [Video] [News] [PDF] [Slides]

POSTER: Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

USENIX Symposium on Usable Privacy and Security 2017 (SOUPS '17). Santa Clara, CA, USA, July 12-14, 2017 [Full Version]

Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

ISOC Network and Distributed System Security Symposium 2017 (NDSS '17). San Diego, CA, USA, February 26 - March 1, 2017 [Video] [PDF] [Slides]

EmojiAuth: Quantifying the Security of Emoji-based Authentication

2017 - Maximilian Golla, Dennis Detering, Markus Dürmuth

Workshop on Usable Security 2017 (USEC '17). San Diego, CA, USA, February 25, 2017 [PDF] [Slides]

Leveraging Sensor Fingerprinting for Mobile Device Authentication

2016 - Thomas Hupperich, Henry Hosseini, Thorsten Holz

Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, July 2016 [pdf]

Who Are You? A Statistical Approach to Measuring User Authenticity

2016 - Markus Dürmuth, David Freeman, Sakshi Jain, Battista Biggio, Giorgio Giacinto

The Network and Distributed System Security Symposium 2016 (NDSS '16), San Diego, CA, USA, February 21-24, 2016 [PDF] [Slides]

Strengthening Web Authentication through TLS - Beyond TLS Client Certificates

2014 - Vladislav Mladenov, Florian Feldmann, Christopher Meyer, Andreas Mayer, Jörg Schwenk

Open Iden­ti­ty Sum­mit 2014 Sep­tem­ber 4th - 6th 2014, Frauenhofer IZS, Stuttgart, Ger­ma­ny, http://?openidentity.?eu

GraphNeighbors: Hampering Shoulder-Surfing Attacks on Smartphones

2014 - Irfan Altiok, Sebastian Uellenbeck, Thorsten Holz

GI Si­cher­heit - Schutz und Zu­ver­läs­sig­keit, Jah­res­ta­gung des Fach­be­reichs Si­cher­heit der Ge­sell­schaft für In­for­ma­tik, Vienna, Austria, March 2014 [PDF]

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

2013 - Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

TruWalletM: Secure Web Authentication on Mobile Platforms

2010 - Sven Bugiel, Alexandra Dmitrienko, Kari Kostiainen, Ahmad-Reza Sadeghi, Marcel Winandy

Trusted Systems, Second International Conference, INTRUST 2010, LNCS 6802/2011, Springer, 2011. [Bibtex] [PDF]

Towards Hardware-Intrinsic Security

2010 - Ahmad-Reza Sadeghi, David Naccache

[Link]

On RFID Privacy with Mutual Authentication and Tag Corruption

2010 - Frederik Armknecht, Ahmad-Reza Sadeghi, Ivan Visconti, Christian Wachsmann

In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS 2010), Beijing, China, June 22-25, 2010, volume 6123 of LNCS, pages 493-510. Springer Verlag, June 2010.

Anonymous Authentication with TLS and DAA.

2010 - Ahmad-Reza Sadeghi, Hans Löhr, Emanuele Cesena, Gianluca Ramunno, Davide Vernizzi

Accepted for TRUST 2010.

TruWallet: Trustworthy and Migratable Wallet-Based Web Authentication.

2009 - Sebastian Gajek, Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy

STC'09: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, p. 19-28, ACM, 2009. [pdf]

On the Security of PAS (Predicate-based Authentication Service).

2009 - Ahmad-Reza Sadeghi, ­Shujun Li, Hassan Jameel Asghar, Josef Pieprzyk, Roland Schmitz, Huaxiong Wang

Accept­ed for Annual Computer Security Applications Conference (ACSAC’09), 2009.

A novel solution for end-to-end integrity protection in signed PGP mail

2008 - Jörg Schwenk, Lijun Liao,

ICICS 2008, Birmingham, UK

Trusted User-Aware Web Authentication

2007 - Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Marcel Winandy,

Presented at the Workshop on Trustworthy User Interfaces for Passwords and Personal Information (TIPPI'07), Stanford, USA, June 22, 2007. [PDF]

Browser Models for Usable Authentication Protocols.

2007 - Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis,

In Proceedings of the IEEE Security and Privacy Workshop on Web 2.0 Security and Privacy (W2SP'07), Oakland (USA), 2007.

Browser-based Authentication Protocols for Naive Users.

2007 - Jörg Schwenk, Ahmad-Reza Sadeghi, Sebastian Gajek, Mark Manulis,

accepted for presentation at the Western European Workshop on Research in Cryptology (WEWoRC 2007), Bochum (Germany), 2007.

Reversed Responsibilities: Browser Authentication instead of Server Authentication.

2006 - Jörg Schwenk, Sebastian Gajek,

Workshop on Transparency and Usability of Web Authentication, New York (USA), 2006.
Page: