Urs Hengartner

Associate Professor
David R. Cheriton School of Computer Science
University of Waterloo
Waterloo, Ontario, Canada N2L 3G1

Office: DC 3526
Email:

Menu:

• Home
• Publications
• Students
• Teaching
• Professional Activities
• Software

2024

• Jiayi Chen, Urs Hengartner, and Hassan Khan. MRAAC: A Multi-Stage Risk-Aware Adaptive Authentication and Access Control Framework for Android. ACM Transactions on Privacy and Security (TOPS), 27(2), April 2024, pp. 17:1-17:30. [Abstract] [PDF] [Software]

• Jiayi Chen, Urs Hengartner, and Hassan Khan. SHRIMPS: A framework for evaluating multi-user, multi-modal implicit authentication systems. Elsevier Computers and Security, 137, February 2024, 17 pages. [Abstract] [PDF] [Software]

2023

• Thomas Humphries, Simon Oya, Lindsey Tulloch, Matthew Rafuse, Ian Goldberg, Urs Hengartner, and Florian Kerschbaum. Investigating Membership Inference Attacks under Data Dependencies. Proc. of 36th IEEE Computer Security Foundations Symposium (CSF 2023), Dubrovnik, Croatia, July 2023, 16 pages. [Abstract] [PDF] [Software]

• Andre Kassis and Urs Hengartner. Breaking Security-Critical Voice Authentication. Proc. of 44th IEEE Symposium on Security and Privacy (Oakland 2023), San Francisco, CA, May 2023, pp. 951-968. [Abstract] [PDF] [Software]

• Sohail Habib, Hassan Khan, Andrew Hamilton-Wright, and Urs Hengartner. Revisiting the Security of Biometric Authentication Systems Against Statistical Attacks. ACM Transactions on Privacy and Security (TOPS), 26(2), April 2023, pp. 21:1-21:30. [Abstract] [PDF] [Software]

2022

• Jiayi Chen, Urs Hengartner, and Hassan Khan. Sharing without Scaring: Enabling Smartphones to Become Aware of Temporary Sharing. Proc. of 18th Symposium on Usable Privacy and Security (SOUPS 2022), Boston, MA, August 2022, pp. 671-685. [Abstract] [PDF] [Software]

2021

• Matthew Rafuse and Urs Hengartner. PUPy: A Generalized, Optimistic Context Detection Framework for Implicit Authentication. Proc. of 18th Annual International Conference on Privacy, Security and Trust (PST2021), Auckland, New Zealand, December 2021, 10 pages. [Abstract] [PDF] [Software]

• Jason Ceci, Hassan Khan, Urs Hengartner, and Daniel Vogel. Concerned but Ineffective: User Perceptions, Methods, and Challenges when Sanitizing Old Devices for Disposal. Proc. of 17th Symposium on Usable Privacy and Security (SOUPS 2021), virtual, August 2021, pp. 455-473. [Abstract] [PDF]

2020

• Tousif Osman, Mohammad Mannan, Urs Hengartner, and Amr Youssef. Securing Applications against Side-channel Attacks through Resource Access Veto. Digital Threats: Research and Practice (DTRAP), Vol. 1, No. 4, Article 22, December 2020, pp. 1–29. [Abstract] [PDF] [Software]

• Jiayi Chen, Urs Hengartner, Hassan Khan, and Mohammad Mannan, Chaperone: Real-time Locking and Loss Prevention for Smartphones. Proc. of 29th USENIX Security Symposium, virtual, August 2020, pp. 325-342. [Abstract] [PDF] [Software]

• Hassan Khan, Urs Hengartner, and Daniel Vogel. Mimicry Attacks on Smartphone Keystroke Authentication. ACM Transactions on Privacy and Security (TOPS), 23(1), February 2020, pp. 2:1-2:34. [Abstract] [PDF] [Software]

2019

• Tousif Osman, Mohammad Mannan, Urs Hengartner, and Amr Youssef. AppVeto: Mobile Application Self-Defense through Resource Access Veto. Proc. of 35th Annual Computer Security Applications Conference (ACSAC'19), San Juan, Puerto Rico, December 2019, pp. 366-377. [Abstract] [PDF] [Software]

2018

• Hassan Khan, Urs Hengartner, and Daniel Vogel. Augmented Reality-based and Audiovisual Mimicry Attacks on Keystroke Authentication on Smartphones. Proc. of 16th ACM International Conference on Mobile Systems, Applications and Services (MobiSys 2018), Munich, Germany, June 2018, pp. 41-53. [Abstract] [PDF] [Software]

• Hassan Khan, Urs Hengartner, and Daniel Vogel. Evaluating Attack and Defense Strategies for Smartphone PIN Shoulder Surfing. Proc. of ACM CHI Conference on Human Factors in Computing Systems (CHI 2018), Montreal, QC, Canada, April 2018. [Abstract] [PDF]

• Kelly Grindrod, Hassan Khan, Urs Hengartner, Stephanie Ong, Alexander G. Logan, Daniel Vogel, Robert Gebotys, and Jilan Yang. Evaluating authentication options for mobile health applications in younger and older adults. PLoS One 2018 (Jan 4, 2018). [Online version]

2017

• Erinn Atwater, Cecylia Bocovic, Ian Goldberg, and Urs Hengartner. Netsim: Network simulation and hacking for high schoolers. Proc. of 2017 USENIX Workshop on Advances in Security Education (ASE '17), Vancouver, BC, Canada, August 2017. [Abstract] [PDF] [Online game]

2016

• Berker Ağır, Kévin Huguenin, Urs Hengartner, and Jean-Pierre Hubaux. On the Privacy Implications of Location Semantics. Proc. of 16th Privacy Enhancing Technologies Symposium (PETS 2016), Darmstadt, Germany, July 2016, pp. 165-183. [Abstract] [PDF]

• Erinn Atwater and Urs Hengartner. Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices. Proc. of 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2016), Darmstadt, Germany, July 2016, pp. 91-102. [Abstract] [PDF] [Software]

• Hassan Khan, Urs Hengartner, and Daniel Vogel. Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. Proc. of 14th International Conference on Mobile Systems, Applications and Services (MobiSys 2016), Singapore, June 2016, pp. 387-398. [Abstract] [PDF] [Software]

• Lalit Agarwal, Hassan Khan, and Urs Hengartner. Ask Me Again But Don't Annoy Me: Evaluating Re-authentication Strategies for Smartphones. Proc. of 12th Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, June 2016, pp. 221-236. [Abstract] [PDF] [Software]

• Hassan Khan, Kelly Grindrod, Urs Hengartner, and Daniel Vogel. Poster: Evaluating Smartphone Authentication Schemes with Older Adults. Proc. of 12th Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, June 2016. [Abstract] [PDF]

2015

• Yihang Song and Urs Hengartner. PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices. Proc. of 5th Annual CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015), Denver, CO, October 2015, pp. 15-26. [Abstract] [PDF] [Software]

• Hassan Khan, Urs Hengartner, and Daniel Vogel. Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying. Proc. of 11th Symposium On Usable Privacy and Security (SOUPS 2015), Ottawa, ON, July 2015, pp. 225-239. [Abstract] [PDF]

• Erinn Atwater, Cecylia Bocovich, Urs Hengartner, Ed Lank, and Ian Goldberg. Leading Johnny to Water: Designing for Usability and Trust. Proc. of 11th Symposium On Usable Privacy and Security (SOUPS 2015), Ottawa, ON, July 2015, pp. 69-88. [Abstract] [PDF]

2014

• Hassan Khan, Aaron Atwater, and Urs Hengartner. A Comparative Evaluation of Implicit Authentication Schemes. Proc. of 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2014), Gothenburg, Sweden, September 2014, pp. 255-275. [Abstract] [PDF]

• Hassan Khan, Aaron Atwater, and Urs Hengartner. Itus: An Implicit Authentication Framework for Android. Proc. of 20th Annual International Conference on Mobile Computing and Networking (MobiCom 2014), Maui, HI, September 2014, pp. 507-518. [Abstract] [PDF] [Software]

• Bisheng Liu and Urs Hengartner. pTwitterRec: A Privacy-Preserving Personalized Tweet Recommendation Framework. Proc. of 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan, June 2014, pp. 365-376. [Abstract] [PDF]

• Yihang Song, Madhur Kukreti, Rahul Rawat, and Urs Hengartner. Two Novel Defenses against Motion-Based Keystroke Inference Attacks. IEEE Mobile Security Technologies workshop (MoST 2014), San Jose, CA, May 2014. [Abstract] [PDF] [Software]

• Hassan Khan and Urs Hengartner. Towards Application-Centric Implicit Authentication on Smartphones. Proc. of 15th Workshop on Mobile Computing Systems and Applications (ACM HotMobile 2014), Santa Barbara, CA, February 2014. [Abstract] [PDF]

2013

• Ayday, E., Raisaro., J. L., Hengartner, U., Molyneaux, A. and Hubaux, J.-P., Privacy-Preserving Processing of Raw Genomic Data. Proc. of 8th International Workshop on Data Privacy Management (DPM 2013), Egham, United Kingdom, September 2013, pp. 133-147. [Abstract] [PDF]
• Liu, B. and Hengartner, U., Privacy-preserving Social Recommendations in Geosocial Networks. Proc. of Privacy, Security and Trust (PST2013), Tarragona, Catalonia, July 2013, pp. 69-76. [Abstract] [PDF]
• Pidcock, S. and Hengartner, U., Zerosquare: A Privacy-Friendly Location Hub for Geosocial Applications. IEEE Mobile Security Technologies workshop (MoST 2013), San Francisco, CA, May 2013. [Abstract] [PDF]

2012

• Essex, A. and Hengartner, U., Hover: Trustworthy Elections with Hash-only Verification. IEEE Security & Privacy, 10 (5), September-October 2012, pp. 18-24. [Abstract] [PDF]
• Essex, A., Clark, J., and Hengartner, U., Cobra: Toward Concurrent Ballot Authorization for Internet Voting. 2012 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '12), Bellevue, WA, August 2012. [Abstract] [PDF]
• Essex, A. and Hengartner, U., Oblivious Printing of Secret Messages in a Multi-party Setting. Proc. of 16th Conference on Financial Cryptography and Data Security (FC 2012), Bonaire, February/March 2012, pp. 359-373. [Abstract] [PDF] [Software]

2011

• Pidcock, S., Smits, R., Hengartner, U. and Goldberg, I., NotiSense: An Urban Sensing Notification System To Improve Bystander Privacy. 2nd International Workshop on Sensing Applications on Mobile Phones (PhoneSense 2011), Seattle, WA, November 2011. [Abstract] [PDF]
• Smits, R., Pidcock, S., Jain, D., Goldberg, I. and Hengartner, U., BridgeSPA: Improving Tor Bridges with Single Packet Authorization, Proc. of 10th Workshop on Privacy in the Electronic Society (WPES 2011), Chicago, IL, October 2011, pp. 93-101 [Abstract] [PDF]
• Essex, A., Henrich, C. and Hengartner, U., Single Layer Optical-scan Voting with Fully Distributed Trust. Proc. of 3rd International Conference on E-voting and Identity (VoteID 2011), Tallinn, Estonia, September 2011, pp. 122-139. [Abstract] [PDF]
• Chairunnanda, P., Pham, N. and Hengartner, U., Privacy: Gone with the Typing! Identifying Web Users by Their Typing Pattern. HotPETS 2011, Waterloo, ON, July 2011. [Abstract] [PDF]
• Xie, Q. and Hengartner, U., Privacy-Preserving Matchmaking For Mobile Social Networking Secure Against Malicious Users. Proc. of 9th Annual Conference on Privacy, Security and Trust (PST2011), Montreal, QC, July 2011, pp. 252-259. [Abstract] [PDF]
• Clark, J. and Hengartner, U., Selections: An Internet Voting System with Over-the-Shoulder Coercion-Resistance. Proc. of 15th Conference on Financial Cryptography and Data Security (FC 2011), Saint Lucia, February/March 2011, pp. 47-61. [Abstract] [PDF]

2010

• Luo, W. and Hengartner, U., VeriPlace: A Privacy-Aware Location Proof Architecture. Proc. of 18th ACM SIGSPATIAL International Conference on Advances in Geographic Information Systems (ACM SIGSPATIAL GIS 2010), San Jose, CA, November 2010, pp. 23-32. [Abstract] [PDF]
• Essex, A., Clark, J., Hengartner, U., and Adams, C., Eperio: Mitigating Technical Complexity in Cryptographic Election Verification. 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '10), Washington, DC, August 2010. [Abstract] [PDF]
• Clark, J., and Hengartner, U., On the Use of Financial Data as a Random Beacon. 2010 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '10), Washington, DC, August 2010. [Abstract] [PDF]
• Olumofin, F., Tysowski, P. K., Goldberg, I. and Hengartner, U., Achieving Efficient Query Privacy for Location Based Services. Proc. of 10th Privacy Enhancing Technologies Symposium (PETS 2010), Berlin, Germany, July 2010, pp. 93-110. [Abstract] [PDF]
• Luo, W. and Hengartner, U., Proving Your Location Without Giving up Your Privacy. Proc. of 11th Workshop on Mobile Computing Systems and Applications (HotMobile 2010), Annapolis, MD, February 2010, pp. 7-12. [Abstract] [PDF]

2009

• Ainsworth, R. T. and Hengartner, U. Quebec's Module d'Enregistrement des Vents (MEV): Fighting the Zapper, Phantomware and Tax Fraud with Technology. Canadian Tax Journal, 57(4), 2009, pp. 715-761. [Abstract]
• Clark, J., Hengartner, U., and Larson, K., Not-So Hidden Information: Optimal Contracts for Undue Influence in E2E Voting. Proc. of 2nd International Conference on E-voting and Identity (Vote-ID 2009), Luxembourg, September 2009, pp. 1-17. [Abstract] [PDF]
• Luo, W., Xie, Q., and Hengartner, U., FaceCloak: An Architecture for User Privacy on Social Networking Sites. Proc. of 2009 IEEE International Conference on Privacy, Security, Risk and Trust (PASSAT-09), Vancouver, BC, August 2009, pp. 26-33. [Abstract] [PDF] [Software]
• Essex, A., Clark, J., Hengartner, U., and Adams, C., How to Print a Secret. Proc. of 4th USENIX Workshop on Hot Topics in Security (HotSec 2009), Montreal, QC, August 2009. [Abstract] [PDF]
• Zhong, G. and Hengartner, U., A Distributed k-Anonymity Protocol for Location Privacy. Proc. of 7th IEEE International Conference on Pervasive Computing and Communication (PerCom 2009), Galveston, TX, March 2009, pp. 253-262. [Abstract] [PDF]

2008

• Zhong, G. and Hengartner, U., Toward a Distributed k-Anonymity Protocol for Location Privacy. Proc. of 7th Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, October 2008, pp. 33-37. [Abstract] [PDF]
• Hengartner, U., Location Privacy based on Trusted Computing and Secure Logging. Proc. of 4th International Conference on Security and Privacy in Communication Networks (SecureComm 2008), Istanbul, Turkey, September 2008. [Abstract] [PDF]
• Ur Rahman, S., Hengartner, U., Ismail, U. and Keshav, S., Practical Security for Rural Internet Kiosks. Proc. of 2nd ACM SIGCOMM Workshop on Networked Systems for Developing Regions (NSDR 2008), Seattle, WA, August 2008, pp. 13-18. [Abstract] [PDF]
• Clark, J. and Hengartner, U.. Panic Passwords: Authenticating under Duress. Proc. of 3rd USENIX Workshop on Hot Topics in Security (HotSec 2008), San Jose, CA, July 2008. [Abstract] [PDF] [HTML]

2007

• Ur Rahman, S. and Hengartner, U., Secure Crash Reporting in Vehicular Ad hoc Networks. Proc. of 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France, September 2007. [Abstract] [PDF]
• Kate, A., Zaverucha, G. and Hengartner, U., Anonymity and Security in Delay Tolerant Networks. Proc. of 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France, September 2007. [Abstract] [PDF]
• Caine, A. and Hengartner, U., The AI Hardness of CAPTCHAs does not imply Robust Network Security. Proc. of Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM 2007), Moncton, NB, Canada, July/August 2007, pp. 367-382. [Abstract] [PDF] [Live demo of repeating CAPTCHAs]
• Zhong, G., Goldberg, I. and Hengartner, U., Louis, Lester and Pierre: Three Protocols for Location Privacy. Proc. of 7th Privacy Enhancing Technologies Symposium (PETS 2007), Ottawa, ON, Canada, June 2007, pp. 62-76. [Abstract] [PDF][Software]
• Hengartner, U., Hiding Location Information from Location-Based Services. Proc. of International Workshop on Privacy-Aware Location-based Mobile Services (PALMS), Mannheim, Germany, May 2007, pp. 268-272. [Abstract] [PDF]
• Hengartner, U. and Zhong, G., Distributed, Uncertainty-Aware Access Control for Pervasive Computing. Proc. of 4th IEEE International Workshop on Pervasive Computing and Communication Security (PerSec 2007), White Plains, NY, March 2007, pp. 241-246. [Abstract] [PDF]

2006

• Hengartner, U. and Steenkiste, P., Avoiding Privacy Violations Caused by Context-Sensitive Services. Pervasive and Mobile Computing, PerCom 2006 special issue, 2(4), November 2006, pp. 427-452. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Exploiting Information Relationships for Access Control in Pervasive Computing. Pervasive and Mobile Computing, 2(3), September 2006, pp. 344-367. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Securing Information Gateways with Derivation-Constrained Access Control. Proc. of 3rd International Conference Security in Pervasive Computing (SPC 2006), York, United Kingdom, April 2006, pp. 181-195. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Avoiding Privacy Violations Caused by Context-Sensitive Services. Proc. of 4th IEEE International Conference on Pervasive Computing and Communications (PerCom 2006), Pisa, Italy, March 2006, pp. 222-231. [Abstract] [PDF]

2005

• Hengartner, U. and Steenkiste, P., Access Control to People Location Information. ACM Transactions on Information and System Security (TISSEC), 8(4), November 2005, pp. 424-456. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Exploiting Hierarchical Identity-Based Encryption for Access Control to Pervasive Computing Information. Proc. of 1st IEEE/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm 2005), Athens, Greece, September 2005, pp. 384-393. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Exploiting Information Relationships for Access Control. Proc. of 3rd IEEE International Conference on Pervasive Computing and Communications (PerCom 2005), Kauai Island, HI, March 2005, pp. 269-278. [Abstract] [PDF]

2004

• Hengartner, U. and Steenkiste, P., Implementing Access Control to People Location Information. Proc. of 9th ACM Symposium on Access Control Models and Technologies (SACMAT 2004), Yorktown Heights, NY, June 2004, pp. 11-20. [Abstract] [PDF]
• Miller, N., Judd, G., Hengartner, U., Gandon, F., Steenkiste, P., I-Heng Meng, Ming-Whei Feng, and Sadeh. N., Context-aware Computing Using a Shared Contextual Information Service. Proc. of Pervasive 2004 Hot Spots, Vienna, Austria, April 2004. [Abstract] [PDF]

2003

• Hengartner, U. and Steenkiste, P., Access Control to Information in Pervasive Computing Environments. Proc. of 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, HI, May 2003, pp. 157-162. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Protecting Access to People Location Information. Proc. of 1st International Conference on Security in Pervasive Computing (SPC 2003), Boppard, Germany, March 2003, pp. 25-38. [Abstract] [PDF]

2002

• Hengartner, U., Moon, S., Mortier R., and Diot, C ., Detection and Analysis of Routing Loops in Packet Traces (Short Paper). Proc. of 2nd Internet Measurement Workshop (IMW 2002), Marseille, France, November 2002, pp. 107-112. [Abstract] [PDF]
• Hengartner, U. and Steenkiste, P., Protecting People Location Information (Extended Abstract). Workshop on Security in Ubiquitous Computing, Göteborg, Sweden, September 2002. [PDF]

2001

• Myers, A., Chuang, J., Hengartner, U., Xie, Y., Zhuang, W., and Zhang, H., A Secure, Publisher-Centric Web Caching Infrastructure. Proc. of IEEE Infocom 2001, Anchorage, AK, April 2001, pp. 1235-1243. [Abstract] [PDF]

2000

• Hengartner, U., Bolliger, J., and Gross, T., TCP Vegas Revisited. Proc. of IEEE Infocom 2000, Tel Aviv, Israel, March 2000, pp. 1546-1555. [Abstract] [PDF]

1999

• Hemy, M., Hengartner, U., Steenkiste, P., and Gross, T., MPEG System Streams in Best-Effort Networks. Proc. of PacketVideo '99, New York, NY, April 1999. [Abstract] [Postscript]
• Bolliger, J., Gross, T., and Hengartner, U., Bandwidth Modelling for Network-Aware Applications. Proc. of IEEE Infocom '99, New York, NY, March 1999, pp. 1300-1309. [Abstract ] [PDF]

Selected Technical Reports

• Hengartner, U., Access Control to Information in Pervasive Computing Environments. Ph.D. Thesis, available as Technical Report CMU-CS-05-160, Computer Science Department, Carnegie Mellon University, August 2005. [Abstract] [PDF]
• Bolliger, J., Hengartner, U., and Gross, T., The Effectiveness of End-to-End Congestion Control Mechanisms. Technical Report #313. Dept. Computer Science, ETH Zürich, February 1999. [Abstract] [PDF]

Original design by Andreas Viklund