Research topics

A number of security mechanisms are well understood from a technical point of view, but when applied in practice fail due to human factors. Our goal is to consider security mechanisms specifically specifically into account the human users that will use them. The following projects offer some overview of specific projects we are involved. (For more details see our publications page)

Usable and secure online authentication

Passwords are still the most widely used form of online authentication, despite being declared "dead" on a regular basis. Our goal is to make passwords more secure, without making them harder to use.

  • [Who are you? A sta­tis­ti­cal ap­proach to me­a­su­ring user au­then­ti­ci­ty; NDSS 2016]
  • [Ad­ap­ti­ve pass­word-strength me­ters from Mar­kov mo­dels; CCS 2012]

Authentication on mobile devices

Mobile devices offer a quite unique set of challenges for user authentication: Entering passwords or other authentication secrets on the small soft-keyboards is cumbersome at best, but touchscreens are well-suited for graphical passwords. Devices such as smart-phones and smart-watches offer a rich set of sensors, which can enable novel forms of user authentication. In this line of work we are interested in understanding the security and usability of the authentication methods on mobile devices.

  • [Quan­ti­fy­ing the Se­cu­ri­ty of Gra­phi­cal Pass­words: The Case of An­dro­id Un­lock Pat­terns; CCS 2013]
  • [On User Choice for An­dro­id Un­lock Pat­terns; EuroUSec 2016]

Privacy of self-published data: Re­vo­ca­ti­on of online data

Once data is published on the Internet, there is little hope to successfully remove it at a later point. This negatively affects a user's privacy. We are looking at possibilities to remedy this problem, combining different views from a technological, legal, and sociological perspective.

  • [Neu­ra­ly­zer: Fle­xi­ble Ex­pi­ra­ti­on Times for the Re­vo­ca­ti­on of On­line Data; CODASPY 2016]