• Publications
  • Influence
Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound
TLDR
We propose SoundProof, a two-factor authentication mechanism that is transparent to the user and can be used with current phones and with major browsers without any plugin. Expand
  • 127
  • 23
  • PDF
Analysis of the communication between colluding applications on modern smartphones
TLDR
We implement and analyze a number of covert and overt communication channels that enable applications to collude and therefore indirectly escalate their permissions. Expand
  • 154
  • 21
  • PDF
Application Collusion Attack on the Permission-Based Security Model and its Implications for Modern Smartphone Systems
We show that the way in which permission-based mechanisms are used on today's mobile platforms enables attacks by colluding applications that communicate over overt and covert communication channels.Expand
  • 90
  • 7
  • PDF
Smartphones as Practical and Secure Location Verification Tokens for Payments
TLDR
We propose a novel location-based second-factor authentication solution for modern smartphones and show how it can be effectively used for the detection of fraudulent transactions caused by card theft or counterfeiting. Expand
  • 66
  • 5
  • PDF
Hardened Setup of Personalized Security Indicators to Counter Phishing Attacks in Mobile Banking
TLDR
We propose a setup scheme for personalized security indicators that allows a user to identify the legitimate application in the presence of malicious applications. Expand
  • 18
  • 3
User-level secure deletion on log-structured file systems
TLDR
Secure deletion is the act of deleting data from a storage medium such that the data is afterwards irrecoverable from the storage medium. Expand
  • 21
  • 3
  • PDF
Enabling trusted scheduling in embedded systems
TLDR
The growing complexity and increased networking of security and safety-critical systems expose them to the risk of adversarial compromise through remote attacks. Expand
  • 7
  • 2
  • PDF
An architecture for concurrent execution of secure environments in clouds
TLDR
We propose an architecture that enables the creation and management of multiple, concurrent secure execution environments on multi-core systems. Expand
  • 16
  • 1
  • PDF
Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone Applications
TLDR
We revisit the question of personalized security indicator effectiveness and evaluate them in the previously unexplored and increasingly important context of mobile applications. Expand
  • 16
  • 1
  • PDF
Secure Deletion on Log-structured File Systems
TLDR
We address the problem of secure data deletion on log-structured file systems with a focus on the YAFFS file system, widely used on Android smartphones. Expand
  • 14
  • 1
  • PDF