Publications

2021

T. Höller, M. Roland, and R. Mayrhofer: “Analyzing inconsistencies in the Tor consensus”, in The 23rd International Conference on Information Integration and Web Intelligence (iiWAS2021), Linz, Austria, ACM, 10 pages, 2021.
Event
23rd International Conference on Information Integration and Web Intelligence (iiWAS2021)
Linz, Austria
29 November – 01 December 2021
Abstract

Every distributed system needs some way to list its current participants. The Tor network’s consensus is one way of tackling this challenge. But creating a shared list of participants and their properties without a central authority is a challenging task, especially if the system is constantly targeted by state level attackers. This work carefully examines the Tor consensuses created in the last two years, identifies weaknesses that did already impact users and proposes improvements to strengthen the Tor consensus in the future. Our results show undocumented voting behavior by directory authorities and suspicious groups of relays that try to conceal the fact that they are all operated by the same entity.

@inproceedings{bib:2021-hoeller-iiwas, title = {{Analyzing inconsistencies in the Tor consensus}}, author = {Höller, Tobias and Roland, Michael and Mayrhofer, René}, booktitle = {The 23rd International Conference on Information Integration and Web Intelligence (iiWAS2021)}, location = {Linz, Austria}, pages = {--10}, publisher = {ACM}, doi = {10.1145/3487664.3487793}, year = {2021}, month = NOV }
T. Höller: “V3 onion services usage”, The Tor Project Blog, 2021.
Tor Blog
Abstract

With the deprecation of V2 onion services right around the corner, it is a good time to talk about V3 onion services. This post will discuss the most important privacy improvements provided by V3 onion services as well as their limitations. Aware of those limitations, our research group at the Institute of Network and Security at JKU Linz conducted an experiment that extracts information about how V3 onion services are being used from the Tor network.

@online{bib:2021-hoeller-torblog, title = {{V3 onion services usage}}, author = {Höller, Tobias}, howpublished = {The Tor Project Blog}, year = {2021}, month = SEP }
P. Hofer: “Face recognition: Combining embeddings”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
Abstract

In order to increase the accuracy of SOTA face recognition pipelines, intuitively it would make sense to not only use a single image as reference embedding (template), but combine multipĺe embeddings from different images (different pose, angle, setting) to create a more accurate and robust template. In order to objectively evaluate our different proposed combinations of embeddings, we would benefit from having a single metric to tell how well the template is performing on our dataset. For certain applications (e.g. opening doors) a low false-positive rate is required, while in other situations (e.g. sensor contacting PIA’s) a low false-negative rate is required. Therefore, in this document we try to balance these different approaches by using the harmonic mean of recall and precision.

@techreport{bib:2021-hofer-tr-combiningembeddings, title = {{Face recognition: Combining embeddings}}, author = {Hofer, Philipp}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = AUG }
T. Höller, M. Roland, and R. Mayrhofer: “On the state of V3 onion services”, in Proceedings of the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the Internet (FOCI ‘21), Virtual, ACM, pp. 50–​56, 2021.
Event
11th Workshop on Free and Open Communications on the Internet (FOCI ‘21)
Virtual
27 August 2021
Abstract

Tor onion services are a challenging research topic because they were designed to reveal as little metadata as possible which makes it difficult to collect information about them. In order to improve and extend privacy protecting technologies, it is important to understand how they are used in real world scenarios. We discuss the difficulties associated with obtaining statistics about V3 onion services and present a way to monitor V3 onion services in the current Tor network that enables us to derive statistically significant information about them without compromising the privacy of individual Tor users. This allows us to estimate the number of currently deployed V3 onion services along with interesting conclusions on how and why onion services are used.

@inproceedings{bib:2021-hoeller-foci, title = {{On the state of V3 onion services}}, author = {Höller, Tobias and Roland, Michael and Mayrhofer, René}, booktitle = {Proceedings of the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the Internet (FOCI '21)}, location = {Virtual}, pages = {50--56}, publisher = {ACM}, doi = {10.1145/3473604.3474565}, year = {2021}, month = AUG }
R. Mayrhofer and S. Sigg: “Adversary Models for Mobile Device Authentication”, ACM Comput. Surv. 54, 9, Article 198, 2021. ISSN 0360-​0300.
DOI
Abstract

Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods proposed and analyzed. In related areas, such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have been established and are used to qualitatively compare different methods. However, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. The proposed classification of adversaries provides a strong and practical adversary model that offers a comparable and transparent classification of security properties in mobile device authentication.

@article{bib:2021-mayrhofer-csur, title = {{Adversary Models for Mobile Device Authentication}}, author = {Mayrhofer, René and Sigg, Stephan}, journal = {ACM Comput. Surv.}, volume = {54}, number = {9}, articleno = {198}, numpages = {35}, publisher = {ACM}, address = {New York, NY, USA}, doi = {10.1145/3477601}, issn = {0360-0300}, year = {2021}, month = AUG }
M. Pöll and M. Roland: “Analyzing the Reproducibility of System Image Builds from the Android Open Source Project”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
Abstract

This work proposes a modular automation toolchain to analyze the current state and measure over-time improvements of reproducibility of the Android Open Source Project (AOSP). While perfect bit-by-bit equality of binary artifacts would be a desirable goal to permit independent verification if binary build artifacts really are the result of building a specific state of source code, this form of reproducibility is often not (yet) achievable in practice. In fact, binary artifacts may require to be designed in a way that makes it impossible to simply detach all sources of non-determinism and all non-reproducible build inputs (such as private signing keys). We introduce “accountable builds” as a form of reproducibility that allows such legitimate deviations from 100 percent bit-by-bit equality. Based on our framework that builds AOSP with its native build system, automatically compares artifacts, and computes difference scores, we perform a detailed analysis of discovered differences, identify typical accountable changes, and analyze current major issues that lead to non-reproducibility. While we find that AOSP currently builds neither fully reproducible nor fully accountable, we derive a trivial weighted change metric to continuously monitor changes in reproducibility over time.

@techreport{bib:2021-poell-tr-reproducibilityaospsystemimages, title = {{Analyzing the Reproducibility of System Image Builds from the Android Open Source Project}}, author = {Pöll, Manuel and Roland, Michael}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = JUL }
P. Hofer: “Face recognition: Increase accuracy by filtering images with heuristics”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
Abstract

This document tries to find simple heuristics of images of faces to differentiate between successful and unsuccessful face recognition. Intuitively, the camera-face angle might play an important role: In full-frontal images a lot of information is contained, in contrast to full-profile images where at least half of the face is hidden. Therefore, as a proxy for this angle we will focus on these metrics: (1) distance between the eyes, relative to the face-width, (2) distance between the center of the eye to the mouth, relative to the faceheight, and (3) face size.

@techreport{bib:2021-hofer-tr-increasefacerecognitionaccuracy, title = {{Face recognition: Increase accuracy by filtering images with heuristics}}, author = {Hofer, Philipp}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = JUL }
M. Preisach and M. Roland: “Group Signature Applications: Direct Anonymous Attestation”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
@techreport{bib:2021-preisach-tr-groupsignatureapplications, title = {{Group Signature Applications: Direct Anonymous Attestation}}, author = {Preisach, Michael and Roland, Michael}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = JUN }
T. Höller, T. Raab, M. Roland, and R. Mayrhofer: “On the feasibility of short-lived dynamic onion services”, in 2021 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, IEEE, pp. 25–​30, 2021.
Event
6th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2021)
San Francisco, CA, USA
27 May 2021
Abstract

Tor onion services utilize the Tor network to enable incoming connections on a device without disclosing its network location. Decentralized systems with extended privacy requirements like metadata-avoiding messengers typically rely on onion services. However, a long-lived onion service address can itself be abused as identifying metadata. Replacing static onion services with dynamic short-lived onion services may by a way to avoid such metadata leakage. This work evaluates the feasibility of short-lived dynamically generated onion services in decentralized systems. We show, based on a detailed performance analysis of the onion service deployment process, that dynamic onion services are already feasible for peer-to-peer communication in certain scenarios.

@inproceedings{bib:2021-hoeller-wtmc, title = {{On the feasibility of short-lived dynamic onion services}}, author = {Höller, Tobias and Raab, Thomas and Roland, Michael and Mayrhofer, René}, booktitle = {2021 IEEE Security and Privacy Workshops (SPW)}, location = {San Francisco, CA, USA}, pages = {25--30}, publisher = {IEEE}, doi = {10.1109/SPW53761.2021.00012}, year = {2021}, month = MAY }
P. Hofer, M. Roland, P. Schwarz, M. Schwaighofer, and R. Mayrhofer: “Importance of different facial parts for face detection networks”, in 2021 9th IEEE International Workshop on Biometrics and Forensics (IWBF), Rome, Italy, IEEE, pp. 1–​6, 2021.
Event
9th IEEE International Workshop on Biometrics and Forensics (IWBF 2021)
Rome, Italy
06–07 May 2021
Abstract

Most state-of-the-art face detection algorithms are usually trained with full-face pictures, without any occlusions. The first novel contribution of this paper is an analysis of the accuracy of three off-the-shelf face detection algorithms (MTCNN, Retinaface, and DLIB) on occluded faces. In order to determine the importance of different facial parts, the face detection accuracy is evaluated in two settings: Firstly, we automatically modify the CFP dataset and remove different areas of each face: We overlay a grid over each face and remove one cell at a time. Similarly, we overlay a rectangle over the main landmarks of a face – eye(s), nose and mouth. Furthermore, we resemble a face mask by overlaying a rectangle starting from the bottom of the face. Secondly, we test the performance of the algorithms on people with real-world face masks. The second contribution of this paper is the discovery of a previously unknown behaviour of the widely used MTCNN face detection algorithm – if there is a face inside another face, MTCNN does not detect the larger face.

@inproceedings{bib:2021-hofer-iwbf, title = {{Importance of different facial parts for face detection networks}}, author = {Hofer, Philipp and Roland, Michael and Schwarz, Philipp and Schwaighofer, Martin and Mayrhofer, René}, booktitle = {2021 9th IEEE International Workshop on Biometrics and Forensics (IWBF)}, location = {Rome, Italy}, pages = {1--6}, publisher = {IEEE}, doi = {10.1109/IWBF50991.2021.9465087}, year = {2021}, month = MAY }
T. Raab: “Unlinkable Onion Services: Improved Resilience against Metadata Analysis”, Master's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2021. Advisors: R. Mayrhofer and T. Höller.
Abstract

In our digitized society, in which different organizations attempt to control and monitor Internet use, anonymity is one of the most desired properties that ensures privacy on the Internet. One of the technologies that can be used to provide anonymity is the anonymization network Tor, which obfuscates the connection data of communications in a way that its initiator cannot be identified. However, since this only protects the initiator without protecting further communication participants, Tor Onion Services were developed, which ensure the anonymity of both the sender and the recipient. Due to the metadata created when using these Onion Services, adversaries could still be able to identify participants in a communication by using additional sources of information.

In the course of this thesis, a protocol was developed that reduces metadata leading to the identification of communication participants as far as possible. For this purpose, a two-staged addressing scheme was employed that allows users to obtain an individual address for a service via its public service address, which cannot be traced back. To prove its technical feasibility, a prototype of the protocol was implemented based on Python. Since latency is one of the decisive criteria in the usage decision of services, a performance analysis was carried out to measure the provisioning time of onion services, since this has a significant influence on the duration of address issuing. The architecture and procedure for this had to be specially designed and implemented, as at the time of writing no research existed on the provisioning time of onion services in their current version.

A statistical analysis of the results revealed that the duration of issuing individual addresses using the proposed protocol exceeds the acceptance threshold of users with 6.35 seconds. However, this does not apply to service access using the individual address, implying that the use of the protocol is possible after improving the address issuance procedure. This would reduce the metadata when accessing an Onion service and thus help improve the anonymity of communication participants.

@mastersthesis{bib:2021-raab-masterthesis, title = {{Unlinkable Onion Services: Improved Resilience against Metadata Analysis}}, author = {Raab, Thomas}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Mayrhofer, René and Höller, Tobias}, numpages = {108}, address = {Linz, Austria}, year = {2021}, month = APR }
R. Mayrhofer, M. Roland, T. Höller, and M. Schwaighofer: “Towards Threat Modeling for Private Digital Authentication in the Physical World”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
Abstract

Various forms of digital identity increasingly act as the basis for interactions in the “real” physical world. While transactions such as unlocking physical doors, verifying an individual’s minimum age, or proving possession of a driving license or vaccination status without carrying any form of physical identity document or trusted mobile device could be easily facilitated through biometric records stored in centralized databases, this approach would also trivially enable mass surveillance, tracking, and censorship/denial of individual identities.

Towards a vision of decentralized, mobile, private authentication for physical world transactions, we propose a threat model and requirements for future systems. Although it is yet unclear if all threats listed in this paper can be addressed in a single system design, we propose this first draft of a model to compare and contrast different future approaches and inform both the systematic academic analysis as well as a public opinion discussion on security and privacy requirements for upcoming digital identity systems.

@techreport{bib:2021-mayrhofer-tr-digidowthreatmodeling, title = {{Towards Threat Modeling for Private Digital Authentication in the Physical World}}, author = {Mayrhofer, René and Roland, Michael and Höller, Tobias and Schwaighofer, Martin}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = APR }
R. Mayrhofer, J. V. Stoep, C. Brubaker, and N. Kralevich: “The Android Platform Security Model”, ACM Trans. Priv. Secur. 24, 3, Article 19, 2021. ISSN 2471-​2566.
DOIfulltext
Abstract

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This article aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model.

@article{bib:2021-mayrhofer-tops, title = {{The Android Platform Security Model}}, author = {Mayrhofer, René and Stoep, Jeffrey Vander and Brubaker, Chad and Kralevich, Nick}, journal = {ACM Trans. Priv. Secur.}, volume = {24}, number = {3}, articleno = {19}, numpages = {35}, publisher = {ACM}, address = {New York, NY, USA}, doi = {10.1145/3448609}, issn = {2471-2566}, year = {2021}, month = APR }
P. Hofer: “Analysis of state-of-the-art off-the-shelve face recognition pipelines”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
Abstract

Face recognition pipelines are under active development, with many new publications every year. The goal of this report is to give an overview a modern pipeline and recommend a state-of-the-art approach while optimizing for accuracy and performance on low-end hardware, such as a Jetson Nano.

@techreport{bib:2021-hofer-tr-analysisfacerecognitionpipelines, title = {{Analysis of state-of-the-art off-the-shelve face recognition pipelines}}, author = {Hofer, Philipp}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = MAR }
T. Höller: “Collecting statistical information on v3 onion services”, Technical report, Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World, 2021.
fulltext
Abstract

Monitoring the activities of onion services by deploying multiple HSDir nodes has been done repeatedly in the past. With v3 onion services, Tor mitigated such attacks by blinding the public keys of onion services before uploading them. This effectively prevents the collection of onion addresses, but it does not prevent the collection blinded public key uploads and downloads, which provide statistical insight into how onion services are being used. Additionally, it is possible to identify and link blinded keys derived from well-known onion services, providing a solid estimate on how often they are accessed. This report presents our setup to collect statistically significant information on v3 onion service usage without compromising the privacy of Tor users.

@techreport{bib:2021-hoeller-tr-v3onionservicesstats, title = {{Collecting statistical information on v3 onion services}}, author = {Höller, Tobias}, institution = {Johannes Kepler University Linz, Institute of Networks and Security, Christian Doppler Laboratory for Private Digital Authentication in the Physical World}, year = {2021}, month = FEB }
M. Barth: “Tracking and position estimation of WLAN clients through passively collected data”, Bachelor's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2021. Advisors: M. Roland.
fulltext
Abstract

This work focuses on methods to capture and analyze data transmitted by Wireless Local Area Network (WLAN) clients in order to track them. This includes evaluation of methods where control of the Access Point (AP) infrastructure is not needed and clients do not need to be connected to a WLAN network. This mainly involves data in probe requests which are transmitted by clients when actively searching for WLAN APs. To evaluate this in a real world scenario a setup consisting of multiple distributed capture devices and a central analysis system is introduced. The captured data is analyzed to verify theoretical concepts. There is still a big part of WLAN client devices that leak lists of stored SSID values when actively scanning for WLAN networks. MAC address randomization helps to protect privacy if enabled. User identities for EAP authentication however are still leaked in default configuration by all major operating systems. Finally some extension ideas and current trends and developments are presented.

@thesis{bib:2021-barth-bachelorthesis, title = {{Tracking and position estimation of WLAN clients through passively collected data}}, author = {Barth, Michael}, type = {Bachelor thesis}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Roland, Michael}, numpages = {45}, address = {Linz, Austria}, year = {2021}, month = FEB }

2020

O. Mir, M. Roland, and R. Mayrhofer: “DAMFA: Decentralized Anonymous Multi-Factor Authentication”, in Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI ‘20), Taipei, Taiwan, ACM, pp. 10–​19, 2020.
Event
The 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI 2020)
Taipei, Taiwan
05 October 2020
Abstract

Token-based authentication is usually applied to enable single-sign-on on the web. In current authentication schemes, users are required to interact with identity providers securely to set up authentication data during a registration phase and receive a token (credential) for future accesses to various services and applications. This type of interaction can make authentication schemes challenging in terms of security and usability. From a security point of view, one of the main threats is the compromisation of identity providers. An adversary who compromises the authentication data (password or biometric) stored with the identity provider can mount an offline dictionary attack. Furthermore, the identity provider might be able to track user activity and control sensitive user data. In terms of usability, users always need a trusted server to be online and available while authenticating to a service provider.

In this paper, we propose a new Decentralized Anonymous Multi-Factor Authentication (DAMFA) scheme where the process of user authentication no longer depends on a trusted third party (the identity provider). Also, service and identity providers do not gain access to sensitive user data and cannot track individual user activity. Our protocol allows service providers to authenticate users at any time without interacting with the identity provider.Our approach builds on a Threshold Oblivious Pseudorandom Function (TOPRF) to improve resistance to offline attacks and uses a distributed transaction ledger to improve usability. We demonstrate practicability of our proposed scheme through a prototype.

@inproceedings{bib:2020-mir-bsci, title = {{DAMFA: Decentralized Anonymous Multi-Factor Authentication}}, author = {Mir, Omid and Roland, Michael and Mayrhofer, René}, booktitle = {Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure (BSCI '20)}, location = {Taipei, Taiwan}, pages = {10--19}, publisher = {ACM}, doi = {10.1145/3384943.3409417}, year = {2020}, month = OCT }
B. Gründling: “App-based (Im)plausible Deniability for Android”, Master's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2020. Advisors: R. Mayrhofer.
Abstract

Confidentiality of data stored on mobile devices depends on one critical security boundary in case of physical access, the device’s lockscreen. If an adversary is able to satisfy this lockscreen challenge, either through coercion (e.g. border control or customs check) or due to their close relationship to the victim (e.g. intimate partner abuse), private data is no longer protected. Therefore, a solution is necessary that renders secrets not only inaccessible, but allows to plausibly deny their sole existence. This thesis proposes an app-based system that hides sensitive apps within Android’s work profile, with a strong focus on usability. It introduces a lockdown mode that can be triggered inconspicuously from the device’s lockscreen by entering a wrong PIN for example. Usability, security and current limitations of this approach are analyzed in detail.

@mastersthesis{bib:2020-gruendling-masterthesis, title = {{App-based (Im)plausible Deniability for Android}}, author = {Gründling, Bernhard}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Mayrhofer, René}, numpages = {83}, address = {Linz, Austria}, year = {2020}, month = OCT }
M. Pöll: “An Investigation into Reproducible Builds for AOSP”, Bachelor's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2020. Advisors: M. Roland.
fulltext
Abstract

Reproducible builds enable the creation of bit identical artifacts by performing a fully deterministic build process. This is especially desireable for any open source project, including Android Open Source Project (AOSP). Initially we cover reproducible builds in general and give an overview of the problem space and typical solutions. Moving forward we present Simple Opinionated AOSP builds by an external Party (SOAP), a simple suite of shell scripts used to perform AOSP builds and compare the resulting artifacts against Google references. This is utulized to create a detailed report of the differences. The qualitative part of this report attempts to find insight into the origin of differences, while the quantitative provides a quick summary.

@thesis{bib:2020-poell-bachelorthesis, title = {{An Investigation into Reproducible Builds for AOSP}}, author = {Pöll, Manuel}, type = {Bachelor thesis}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Roland, Michael}, numpages = {30}, address = {Linz, Austria}, year = {2020}, month = SEP }
R. Mayrhofer, M. Vishwath, and S. Sigg: “Adversary Models for Mobile Device Authentication”, Technical report, Computing Research Repository (CoRR), arXiv:2009.10150 [cs.CR], 2020.
arXiv
Abstract

Mobile device authentication has been a highly active research topic for over 10 years, with a vast range of methods having been proposed and analyzed. In related areas such as secure channel protocols, remote authentication, or desktop user authentication, strong, systematic, and increasingly formal threat models have already been established and are used to qualitatively and quantitatively compare different methods. Unfortunately, the analysis of mobile device authentication is often based on weak adversary models, suggesting overly optimistic results on their respective security. In this article, we first introduce a new classification of adversaries to better analyze and compare mobile device authentication methods. We then apply this classification to a systematic literature survey. The survey shows that security is still an afterthought and that most proposed protocols lack a comprehensive security analysis. Our proposed classification of adversaries provides a strong uniform adversary model that can offer a comparable and transparent classification of security properties in mobile device authentication methods.

@techreport{bib:2020-mayrhofer-mobiledeviceauth, title = {{Adversary Models for Mobile Device Authentication}}, author = {Mayrhofer, René and Vishwath, Mohan and Sigg, Stephan}, numpages = {32}, howpublished = {Computing Research Repository (CoRR), arXiv:2009.10150 [cs.CR]}, year = {2020}, month = SEP }
B. Lau, J. Zhang, A. R. Bereford, D. Thomas, and R. Mayrhofer: “Uraniborg’s Device Preloaded App Risks Scoring Metrics”, Whitepaper, 2020.
fulltext
@techreport{bib:2020-lau-uraniborg, title = {{Uraniborg's Device Preloaded App Risks Scoring Metrics}}, author = {Lau, Billy and Zhang, Jiexin and Bereford, Alastair R. and Thomas, Daniel and Mayrhofer, René}, numpages = {8}, year = {2020}, month = AUG }
R. Mayrhofer, M. Roland, D. Gunduz, B. Jalaian, M. Kurz, B. Moser, Y. E. Sagduyu, Y. Shi, G. Stantchev, M. Maaß, and Y. Zheng (Eds.): “WiseML ‘20: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning”, Linz (Virtual Event), Austria, ACM, 2020. ISBN 978-​1-​4503-​8007-​2.
DOIWiseML 2020
Event
2nd ACM Workshop on Wireless Security and Machine Learning (WiseML 2020)
Linz (Virtual Event), Austria
13 July 2020
Abstract

We are very pleased to welcome you to the 2nd ACM Workshop on Wireless Security and Machine Learning. This year’s WiseML is a virtual workshop and we are both excited to try out this workshop format and regretful not to be able to welcome you in the beautiful city of Linz, Austria, due to the ongoing COVID-19 pandemic. ACM WiseML 2020 continues to be the premier venue to bring together members of the AI/ML, privacy, security, wireless communications and networking communities from around the world, and to offer them the opportunity to share their latest research findings in these emerging and critical areas, as well as to exchange ideas and foster research collaborations, in order to further advance the state-of-the-art in security techniques, architectures, and algorithms for AI/ML in wireless communications. The program will be presented online in a single track. WiseML 2020 will be open at no extra cost to everyone and we are trying out new formats such as a mixture of live streams, pre-recorded talks, and interactive Q/A sessions.

@proceedings{bib:2020-mayrhofer-wiseml-proc, title = {{WiseML '20: Proceedings of the 2nd ACM Workshop on Wireless Security and Machine Learning}}, editor = {Mayrhofer, René and Roland, Michael and Gunduz, Deniz and Jalaian, Brian and Kurz, Marc and Moser, Bernhard and Sagduyu, Yalin E. and Shi, Yi and Stantchev, George and Maaß, Max and Zheng, Yao}, location = {Linz (Virtual Event), Austria}, publisher = {ACM}, doi = {10.1145/3395352}, isbn = {978-1-4503-8007-2}, year = {2020}, month = JUL }
R. Mayrhofer, M. Roland, M. Hollick, W. Lou, M. Maaß, and Y. Zheng (Eds.): “WiSec ‘20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks”, Linz (Virtual Event), Austria, ACM, 2020. ISBN 978-​1-​4503-​8006-​5.
Event
13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2020)
Linz (Virtual Event), Austria
08–10 July 2020
Abstract

We are very pleased to welcome you to the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. This year’s WiSec marks the first virtual WiSec conference and we are both excited to try out this conference format and regretful to not be able to welcome you in the beautiful city of Linz, Austria, due to the ongoing SARS-CoV-2 pandemic. ACM WiSec 2020 continues to be the premier venue for research dedicated to all aspects of security and privacy in wireless and mobile networks, their systems, and their applications. The program will be presented online in a single track, along with a poster and demonstration session. WiSec 2020 will be open at no extra cost to everyone and we are trying out new formats such as a mixture of live streams, pre-recorded talks, and interactive Q/A sessions.

@proceedings{bib:2020-mayrhofer-wisec-proc, title = {{WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks}}, editor = {Mayrhofer, René and Roland, Michael and Hollick, Matthias and Lou, Wenjing and Maaß, Max and Zheng, Yao}, location = {Linz (Virtual Event), Austria}, publisher = {ACM}, doi = {10.1145/3395351}, isbn = {978-1-4503-8006-5}, year = {2020}, month = JUL }
P. Hofer: “Gait recognition using neural networks”, Master's thesis, Johannes Kepler University Linz, Institute of Computational Perception, Linz, Austria, 2020. Advisors: J. Scharinger.
Abstract

Methods for recognizing people are both heavily researched presently and widely used in practice, for example by government and police. People can be recognized using various methods, such as face, finger and iris recognition, which differ in terms of requirements massively. Gait recognition allows identifying people despite large distances, hidden body parts and with any camera angle – which makes it a naturally attractive method of identifying people. This approach uses the uniqueness of gait information in every person. Most of the current literature focuses on hand-crafting features, such as step and stride length, cadence, speed and hip angle. This thesis proposes a way of performing gait recognition using neural networks. Hence, features have not to be specified manually anymore, while also boosting current state-of-the-art accuracy of being able to recognize people. First, in order to increase the robustness against cloth-changes, the silhouette from a person is extracted using Mask R-CNN. In order to capture spatial information about the subject, a convolutional neural network creates a gait-embedding based on each silhouette. To augment the quality, the next step is to take temporal information into account, using a long short-term memory network which uses the single-picture-based embedding of multiple images and computes its own, enhanced, embedding. Last but not least, the network should not be trained for every new person from scratch. Thus, a Siamese network is trained to be able to distinguish two people, which the network has (probably) never seen before.

@mastersthesis{bib:2020-hofer-masterthesis, title = {{Gait recognition using neural networks}}, author = {Hofer, Philipp}, school = {Johannes Kepler University Linz, Institute of Computational Perception}, advisor = {Scharinger, Josef}, numpages = {85}, address = {Linz, Austria}, year = {2020}, month = APR }
M. Roland, T. Höller, M. Sonntag, and R. Mayrhofer: “The not so private way of tracing contacts: A first analysis of the NOVID20 Android SDK”, Analysis report, Johannes Kepler University Linz, Institute of Networks and Security, 2020.
fulltext
Abstract

Contact tracing is one of the main approaches widely proposed for dealing with the current, global SARS-CoV-2 crisis. As manual contact tracing is error-prone and doesn’t scale, tools for automated contact tracing, mainly through smart phones, are being developed and tested. While their effectiveness—also in terms of potentially replacing other, more restrictive measures to control the spread of the virus—has not been fully proven yet, it is critically important to consider their privacy implications from the start. Deploying such tools quickly at mass scale means that early design choices may not be changeable in the future, and potential abuse of such technology for mass surveillance and control needs to be prevented by their own architecture.

Many different implementations are currently being developed, including international projects like PEPP-PT/DP-3T and national efforts like the “Stopp Corona” app published by the Austrian Red Cross. In this report, we analyze an independent implementation called NOVID20 that aims to provide a common framework for on-device contact tracing embeddable in different apps. That is, NOVID20 is an SDK and not a complete app in itself. The initial code drop on Github was released on April 6, 2020, without specific documentation on the intent or structure of the code itself. All our analysis is based on the Android version of this open source code alone. Given the time period, our analysis is neither comprehensive nor formal, but summarizes a first impression of the code.

NOVID20 follows a reasonable privacy design by exchanging only pseudonyms between the phones in physical proximity and recording them locally on-device. However, there is some room for improvement: (a) pseudonyms should be generated randomly on the phone, and not on the server side; (b) transmitted pseudonyms should be frequently rotated to avoid potential correlation; (c) old records should automatically be deleted after the expunge period; (d) absolute location tracking, while handled separately from physical proximity and only optionally released, can be problematic depending on its use—absolute location data must be protected with additional anonymization measures such as Differential Privacy, which are left to the application/server and may, therefore, not be implemented correctly; and (e) device analytics data, while helpful during development and testing, should be removed for real deployments. Our report gives more detailed recommendations on how this may be achieved.

We explicitly note that all of these points can be fixed based on the current design, and we thank the NOVID20 team for openly releasing their code, which made this analysis possible in a shorttime window.

@techreport{bib:2020-roland-tr-novid20, title = {{The not so private way of tracing contacts: A first analysis of the NOVID20 Android SDK}}, author = {Roland, Michael and Höller, Tobias and Sonntag, Michael and Mayrhofer, René}, institution = {Johannes Kepler University Linz, Institute of Networks and Security}, year = {2020}, month = APR }
R. Mayrhofer, M. Roland, and T. Höller: “Poster: Towards an Architecture for Private Digital Authentication in the Physical World”, in Network and Distributed System Security Symposium (NDSS Symposium 2020), Posters, San Diego, CA, USA, 2020.
Event
Network and Distributed System Security Symposium (NDSS Symposium 2020)
San Diego, CA, USA
23–26 February 2020
Abstract

How can we use digital identity for authentication in the physical world without compromising user privacy? Enabling individuals to – for example – use public transport and other payment/ticketing applications, access computing resources on public terminals, or even cross country borders without carrying any form of physical identity document or trusted mobile device is an important open question. Moving towards such a device-free infrastructure-based authentication could be easily facilitated by centralized databases with full biometric records of all individuals, authenticating and therefore tracking people in all their interactions in both the digital and physical world. However, such centralized tracking does not seen compatible with fundamental human rights to data privacy. We therefore propose a fully decentralized approach to digital user authentication in the physical world, giving each individual better control over their interactions and data traces they leave.

In project Digidow, we assign each individual in the physical world with a personal identity agent (PIA) in the digital world, facilitating their interactions with purely digital or digitally mediated services in both worlds. We have two major issues to overcome. The first is a problem of massive scale, moving from current users of digital identity to the whole global population as the potential target group. The second is even more fundamental: by moving from trusted physical documents or devices and centralized databases to a fully decentralized and infrastructure-based approach, we remove the currently essential elements of trust. In this poster, we present a system architecture to enable trustworthy distributed authentication and a simple, specific scenario to benchmark an initial prototype that is currently under development. We hope to engage with the NDSS community to both present the problem statement and receive early feedback on the current architecture, additional scenarios and stakeholders, as well as international conditions for practical deployment.

@inproceedings{bib:2020-mayrhofer-ndss, title = {{Poster: Towards an Architecture for Private Digital Authentication in the Physical World}}, author = {Mayrhofer, René and Roland, Michael and Höller, Tobias}, booktitle = {Network and Distributed System Security Symposium (NDSS Symposium 2020), Posters}, location = {San Diego, CA, USA}, year = {2020}, month = FEB }

2019

P. Schöppl: “Personal Agent Prototype in Rust”, Master's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2019. Advisors: R. Mayrhofer.
Abstract

The so called Digidow Project aims to provide a decentralized solution for digital identity management. A key feature is to provide a service for authentication along with the identification of individual persons based on biometric features.

In the center of this idea a so called personal agent should provide this decentralized functionality for each individual user. The sensitive nature of the data this agent handles requires a special level of security standards on both the implementation and surrounding system.

This master thesis evaluates the programming language Rust as potential platform choice for the personal agent. We discuss the features Rust has been chosen for and which additional frameworks where selected and used to create the prototype we used for the evaluation. Furthermore, we dive into details about our prototype and present the implemented concepts. Moreover, we test our implementation and discuss our achievements, like isolated access to the hard drive, the developed concept behind the architecture and how incoming data is verified. Finally, we are going to discuss how future work can build on the introduced and existing concepts.

@mastersthesis{bib:2019-schoeppl-masterthesis, title = {{Personal Agent Prototype in Rust}}, author = {Schöppl, Patrick}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Mayrhofer, René}, numpages = {88}, address = {Linz, Austria}, year = {2019}, month = NOV }
T. Höller: “Towards establishing the link between a person’s real-world interactions and their decentralized, self-managed digital identity in the Digidow architecture”, in IDIMT-2019: Innovation and Transformation in a Digital World, Kutná Hora, Czech Republic, Trauner Verlag, pp. 327–​332, 2019. ISBN 978-​3-​99062-​590-​3.
Event
27th Interdisciplinary Information Management Talks (IDIMT-2019)
Kutná Hora, Czech Republic
04–06 September 2019
Abstract

The Digidow architecture is envisioned to tie digital identities to physical interactions using biometric information without the need for a central collection of biometric templates. A key component of the architecture is the distributed service discovery, for establishing a secure and private connection between a prover, a verifier and a sensor, if none of them knows the others ahead of time. In this paper we analyze the requirements of the service discovery with regard to functionality and privacy. Based on typical use-cases we evaluate the advantages and disadvantages of letting each of the actors be the initiator of the discovery process. Finally, we outline existing technologies could be leveraged to achieve our requirements.

@inproceedings{bib:2019-hoeller-idimt, title = {{Towards establishing the link between a person's real-world interactions and their decentralized, self-managed digital identity in the Digidow architecture}}, author = {Höller, Tobias}, booktitle = {IDIMT-2019: Innovation and Transformation in a Digital World}, location = {Kutná Hora, Czech Republic}, pages = {327--332}, publisher = {Trauner Verlag}, isbn = {978-3-99062-590-3}, year = {2019}, month = SEP }
K. Prinz: “Next Place Prediction with Hidden Markov Models”, Master's thesis, Johannes Kepler University Linz, Institute of Networks and Security, Linz, Austria, 2019. Advisors: R. Mayrhofer and M. Muaaz.
OBVfulltext
Abstract

The prediction of future locations can be useful in various settings, one being the authentication process of a person. In this thesis, we perform the prediction of next places with the help of a HMM. We focus on models with a discrete state space and thus need to discretise the data. This is done by pre-processing the raw, continuous location data in two steps. The first step is the extraction of stay-points, i.e. regions in which a person spends a given time period at. In the second step, multiple stay-points are grouped with the clustering algorithm DBSCAN to form significant places. After pre-processing, we train a HMM with a state and observation space that correspond to the extracted significant places. Based on the previously observed location, our model predicts the next place for a person. In order to find good models for next place prediction, we did experiments with two datasets. The first one is the Geolife GPS trajectory dataset from Microsoft, which consists of GPS traces. The second dataset was self-collected and contains additional data obtained from WiFi and cell towers. Our final model achieves a validation accuracy higher than 0.95 on both datasets. However, a prediction accuracy reaching from 0.8 to 0.99 of a model that solely predicts noise as its future location, leads us to the conclusion that the datasets, as well as the pre-processing step need further refinements for our HMM to encapsulate more valuable information.

@mastersthesis{bib:2019-prinz-masterthesis, title = {{Next Place Prediction with Hidden Markov Models}}, author = {Prinz, Katharina}, school = {Johannes Kepler University Linz, Institute of Networks and Security}, advisor = {Mayrhofer, René and Muaaz, Muhammad}, numpages = {75}, address = {Linz, Austria}, year = {2019}, month = FEB }