Menu:
2024
- Jiayi Chen, Urs Hengartner, and Hassan Khan. MRAAC: A Multi-Stage Risk-Aware Adaptive Authentication and Access Control Framework for Android. ACM Transactions on Privacy and Security (TOPS), 27(2), April 2024, pp. 17:1-17:30. [Abstract] [PDF] [Software]
- Jiayi Chen, Urs Hengartner, and Hassan Khan. SHRIMPS: A framework for evaluating multi-user, multi-modal implicit authentication systems. Elsevier Computers and Security, 137, February 2024, 17 pages. [Abstract] [PDF] [Software]
2023
- Thomas Humphries, Simon Oya, Lindsey Tulloch, Matthew Rafuse, Ian Goldberg, Urs Hengartner, and Florian Kerschbaum. Investigating Membership Inference Attacks under Data Dependencies. Proc. of 36th IEEE Computer Security Foundations Symposium (CSF 2023), Dubrovnik, Croatia, July 2023, 16 pages. [Abstract] [PDF] [Software]
- Andre Kassis and Urs Hengartner. Breaking Security-Critical Voice Authentication. Proc. of 44th IEEE Symposium on Security and Privacy (Oakland 2023), San Francisco, CA, May 2023, pp. 951-968. [Abstract] [PDF] [Software]
- Sohail Habib, Hassan Khan, Andrew Hamilton-Wright, and Urs Hengartner. Revisiting the Security of Biometric Authentication Systems Against Statistical Attacks. ACM Transactions on Privacy and Security (TOPS), 26(2), April 2023, pp. 21:1-21:30. [Abstract] [PDF] [Software]
2022
2021
- Matthew Rafuse and Urs Hengartner. PUPy: A Generalized, Optimistic Context Detection Framework for Implicit Authentication. Proc. of 18th Annual International Conference on Privacy, Security and Trust (PST2021), Auckland, New Zealand, December 2021, 10 pages. [Abstract] [PDF] [Software]
- Jason Ceci, Hassan Khan, Urs Hengartner, and Daniel Vogel. Concerned but Ineffective: User Perceptions, Methods, and Challenges when Sanitizing Old Devices for Disposal. Proc. of 17th Symposium on Usable Privacy and Security (SOUPS 2021), virtual, August 2021, pp. 455-473. [Abstract] [PDF]
2020
- Tousif Osman, Mohammad Mannan, Urs Hengartner, and Amr Youssef. Securing Applications against Side-channel Attacks through Resource Access Veto. Digital Threats: Research and Practice (DTRAP), Vol. 1, No. 4, Article 22, December 2020, pp. 1–29. [Abstract] [PDF] [Software]
- Jiayi Chen, Urs Hengartner, Hassan Khan, and Mohammad Mannan, Chaperone: Real-time Locking and Loss Prevention for Smartphones. Proc. of 29th USENIX Security Symposium, virtual, August 2020, pp. 325-342. [Abstract] [PDF] [Software]
- Hassan Khan, Urs Hengartner, and Daniel Vogel. Mimicry Attacks on Smartphone Keystroke Authentication. ACM Transactions on Privacy and Security (TOPS), 23(1), February 2020, pp. 2:1-2:34. [Abstract] [PDF] [Software]
2019
2018
- Hassan Khan, Urs Hengartner, and Daniel Vogel. Augmented Reality-based and Audiovisual Mimicry Attacks on Keystroke Authentication on Smartphones. Proc. of 16th ACM International Conference on Mobile Systems, Applications and Services (MobiSys 2018), Munich, Germany, June 2018, pp. 41-53. [Abstract] [PDF] [Software]
- Hassan Khan, Urs Hengartner, and Daniel Vogel. Evaluating Attack and Defense Strategies
for Smartphone PIN Shoulder Surfing. Proc. of ACM CHI Conference on Human Factors in Computing Systems (CHI 2018), Montreal, QC, Canada, April 2018. [Abstract] [PDF]
- Kelly Grindrod, Hassan Khan, Urs Hengartner, Stephanie Ong, Alexander G. Logan, Daniel Vogel, Robert Gebotys, and Jilan Yang. Evaluating authentication options for mobile health applications in younger and older adults. PLoS One 2018 (Jan 4, 2018). [Online version]
2017
2016
- Berker Ağır, Kévin Huguenin, Urs Hengartner, and Jean-Pierre Hubaux. On the Privacy Implications of Location Semantics. Proc. of 16th Privacy Enhancing Technologies Symposium (PETS 2016), Darmstadt, Germany, July 2016, pp. 165-183. [Abstract] [PDF]
- Erinn Atwater and Urs Hengartner. Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices. Proc. of 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2016), Darmstadt, Germany, July 2016, pp. 91-102. [Abstract] [PDF] [Software]
- Hassan Khan, Urs Hengartner, and Daniel Vogel. Targeted Mimicry Attacks on Touch Input Based Implicit Authentication Schemes. Proc. of 14th International Conference on Mobile Systems, Applications and Services (MobiSys 2016), Singapore, June 2016, pp. 387-398. [Abstract] [PDF] [Software]
- Lalit Agarwal, Hassan Khan, and Urs Hengartner. Ask Me Again But Don't Annoy Me: Evaluating Re-authentication Strategies for Smartphones. Proc. of 12th Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, June 2016, pp. 221-236. [Abstract] [PDF] [Software]
- Hassan Khan, Kelly Grindrod, Urs Hengartner, and Daniel Vogel. Poster: Evaluating Smartphone Authentication Schemes with Older Adults. Proc. of 12th Symposium on Usable Privacy and Security (SOUPS 2016), Denver, CO, June 2016. [Abstract] [PDF]
2015
- Yihang Song and Urs Hengartner. PrivacyGuard: A VPN-based Platform to Detect Information Leakage on Android Devices. Proc. of 5th Annual CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM 2015), Denver, CO, October 2015, pp. 15-26. [Abstract] [PDF] [Software]
- Hassan Khan, Urs Hengartner, and Daniel Vogel. Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying. Proc. of 11th Symposium On Usable Privacy and Security (SOUPS 2015), Ottawa, ON, July 2015, pp. 225-239. [Abstract] [PDF]
- Erinn Atwater, Cecylia Bocovich, Urs Hengartner, Ed Lank, and Ian Goldberg. Leading Johnny to Water: Designing for Usability and Trust. Proc. of 11th Symposium On Usable Privacy and Security (SOUPS 2015), Ottawa, ON, July 2015, pp. 69-88. [Abstract] [PDF]
2014
- Hassan Khan, Aaron Atwater,
and Urs Hengartner. A Comparative Evaluation of Implicit Authentication Schemes. Proc. of 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2014), Gothenburg, Sweden, September 2014, pp. 255-275. [Abstract] [PDF]
- Hassan Khan, Aaron Atwater,
and Urs Hengartner. Itus: An Implicit Authentication Framework for Android. Proc. of 20th Annual International Conference on Mobile Computing and Networking (MobiCom 2014), Maui, HI, September 2014, pp. 507-518. [Abstract] [PDF] [Software]
- Bisheng Liu and Urs Hengartner. pTwitterRec: A Privacy-Preserving Personalized Tweet Recommendation Framework. Proc. of 9th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2014), Kyoto, Japan, June 2014, pp. 365-376. [Abstract] [PDF]
- Yihang Song, Madhur Kukreti, Rahul Rawat, and Urs Hengartner. Two Novel Defenses against Motion-Based Keystroke Inference Attacks. IEEE Mobile Security Technologies workshop (MoST 2014), San Jose, CA, May 2014. [Abstract] [PDF] [Software]
- Hassan Khan and Urs Hengartner. Towards Application-Centric Implicit Authentication on Smartphones. Proc. of 15th Workshop on Mobile Computing Systems and Applications (ACM HotMobile 2014), Santa Barbara, CA, February 2014. [Abstract] [PDF]
2013
-
Ayday, E., Raisaro., J. L., Hengartner, U., Molyneaux, A. and Hubaux, J.-P.,
Privacy-Preserving Processing of Raw Genomic Data.
Proc. of 8th International Workshop on Data Privacy Management (DPM 2013), Egham, United Kingdom, September 2013, pp. 133-147. [Abstract] [PDF]
-
Liu, B. and
Hengartner, U.,
Privacy-preserving Social Recommendations in Geosocial Networks.
Proc. of Privacy, Security and Trust (PST2013), Tarragona, Catalonia, July 2013, pp. 69-76. [Abstract] [PDF]
-
Pidcock, S. and
Hengartner, U.,
Zerosquare: A Privacy-Friendly Location Hub for Geosocial Applications.
IEEE Mobile Security Technologies workshop (MoST 2013), San Francisco, CA, May 2013. [Abstract] [PDF]
2012
-
Essex, A. and
Hengartner, U.,
Hover: Trustworthy Elections with Hash-only Verification. IEEE
Security & Privacy, 10 (5), September-October 2012, pp. 18-24. [Abstract]
[PDF]
-
Essex, A.,
Clark, J., and
Hengartner, U.,
Cobra: Toward Concurrent Ballot Authorization for Internet
Voting. 2012 Electronic Voting Technology
Workshop/Workshop on Trustworthy Elections (EVT/WOTE '12),
Bellevue, WA, August 2012. [Abstract] [PDF]
-
Essex, A. and
Hengartner, U.,
Oblivious Printing of Secret Messages in a Multi-party Setting.
Proc. of 16th Conference on Financial Cryptography and Data Security (FC 2012),
Bonaire, February/March 2012, pp. 359-373. [Abstract] [PDF] [Software]
2011
- Pidcock, S., Smits, R., Hengartner, U. and Goldberg, I., NotiSense: An Urban Sensing Notification System To Improve Bystander Privacy. 2nd International Workshop on Sensing Applications on Mobile Phones (PhoneSense 2011), Seattle, WA, November 2011. [Abstract] [PDF]
- Smits, R., Pidcock, S., Jain, D., Goldberg, I. and Hengartner, U.,
BridgeSPA: Improving Tor Bridges with Single Packet Authorization,
Proc. of 10th Workshop on Privacy
in the Electronic Society (WPES 2011), Chicago, IL, October 2011,
pp. 93-101 [Abstract] [PDF]
- Essex, A., Henrich, C. and Hengartner,
U., Single Layer Optical-scan Voting with Fully Distributed
Trust. Proc. of
3rd International Conference on E-voting and Identity (VoteID
2011), Tallinn, Estonia, September 2011, pp. 122-139. [Abstract] [PDF]
- Chairunnanda, P., Pham, N. and Hengartner, U.,
Privacy: Gone with the Typing! Identifying Web Users by Their
Typing Pattern. HotPETS 2011,
Waterloo, ON, July 2011. [Abstract] [PDF]
-
Xie, Q. and Hengartner, U.,
Privacy-Preserving Matchmaking For Mobile Social Networking
Secure Against Malicious Users. Proc. of 9th Annual
Conference on Privacy, Security and Trust (PST2011), Montreal, QC,
July 2011, pp. 252-259. [Abstract] [PDF]
-
Clark, J. and
Hengartner, U.,
Selections: An Internet Voting
System with Over-the-Shoulder Coercion-Resistance. Proc. of 15th Conference on Financial Cryptography and Data Security (FC 2011),
Saint Lucia, February/March 2011, pp. 47-61. [Abstract]
[PDF]
2010
-
Luo, W. and
Hengartner, U.,
VeriPlace: A Privacy-Aware Location Proof Architecture. Proc. of
18th ACM SIGSPATIAL International Conference on Advances in Geographic
Information Systems (ACM SIGSPATIAL GIS 2010),
San Jose, CA, November 2010, pp. 23-32. [Abstract] [PDF]
-
Essex, A.,
Clark, J.,
Hengartner, U., and
Adams, C.,
Eperio: Mitigating Technical Complexity in Cryptographic Election
Verification. 2010 Electronic Voting Technology
Workshop/Workshop on Trustworthy Elections (EVT/WOTE '10),
Washington, DC, August 2010. [Abstract] [PDF]
-
Clark, J., and
Hengartner, U.,
On the Use of Financial Data as a Random Beacon. 2010 Electronic Voting Technology
Workshop/Workshop on Trustworthy Elections (EVT/WOTE '10),
Washington, DC, August 2010. [Abstract] [PDF]
- Olumofin, F., Tysowski, P. K.,
Goldberg, I. and
Hengartner, U.,
Achieving Efficient Query Privacy for Location Based
Services. Proc. of 10th
Privacy Enhancing Technologies Symposium (PETS 2010), Berlin,
Germany, July 2010, pp. 93-110. [Abstract]
[PDF]
-
Luo, W. and
Hengartner, U.,
Proving Your Location Without Giving up Your Privacy. Proc. of 11th Workshop on
Mobile Computing Systems and Applications (HotMobile 2010),
Annapolis, MD, February 2010, pp. 7-12. [Abstract]
[PDF]
2009
-
Ainsworth,
R. T. and Hengartner,
U. Quebec's Module d'Enregistrement des Vents (MEV): Fighting
the Zapper, Phantomware and Tax Fraud with Technology. Canadian Tax Journal, 57(4), 2009, pp. 715-761. [Abstract]
-
Clark, J.,
Hengartner, U., and
Larson, K.,
Not-So Hidden Information: Optimal Contracts for Undue Influence in
E2E Voting. Proc. of 2nd International
Conference on E-voting and Identity (Vote-ID 2009), Luxembourg,
September 2009, pp. 1-17.
[Abstract]
[PDF]
-
Luo, W., Xie, Q., and
Hengartner, U.,
FaceCloak: An Architecture for User Privacy on Social Networking
Sites. Proc. of 2009 IEEE
International Conference on Privacy, Security, Risk and Trust
(PASSAT-09), Vancouver, BC, August 2009, pp. 26-33. [Abstract]
[PDF] [Software]
-
Essex, A.,
Clark, J.,
Hengartner, U., and
Adams, C.,
How to Print a Secret. Proc. of 4th USENIX
Workshop on Hot Topics in
Security (HotSec 2009), Montreal, QC, August 2009.
[Abstract]
[PDF]
-
Zhong, G. and
Hengartner, U.,
A Distributed k-Anonymity Protocol for Location Privacy.
Proc. of 7th IEEE International Conference on Pervasive Computing and Communication (PerCom 2009),
Galveston, TX, March 2009, pp. 253-262.
[Abstract]
[PDF]
2008
-
Zhong, G. and
Hengartner, U.,
Toward a Distributed k-Anonymity Protocol for Location Privacy.
Proc. of 7th
Workshop on Privacy in the Electronic Society (WPES 2008),
Alexandria, VA, October 2008, pp. 33-37.
[Abstract]
[PDF]
-
Hengartner, U.,
Location Privacy based on Trusted Computing and Secure Logging.
Proc. of 4th
International Conference on Security and Privacy in Communication
Networks (SecureComm 2008), Istanbul, Turkey, September 2008.
[Abstract]
[PDF]
-
Ur Rahman, S.,
Hengartner, U.,
Ismail, U. and
Keshav, S.,
Practical Security for Rural Internet Kiosks. Proc. of 2nd ACM SIGCOMM
Workshop on Networked Systems for Developing Regions (NSDR 2008), Seattle,
WA, August 2008, pp. 13-18.
[Abstract]
[PDF]
-
Clark, J. and
Hengartner, U..
Panic Passwords: Authenticating under Duress. Proc. of 3rd USENIX
Workshop on Hot Topics in Security (HotSec 2008), San Jose, CA, July
2008.
[Abstract]
[PDF]
[HTML]
2007
-
Ur Rahman, S. and
Hengartner, U.,
Secure Crash Reporting in Vehicular Ad hoc Networks. Proc. of 3rd International Conference on Security and Privacy in
Communication Networks (SecureComm 2007), Nice, France, September
2007.
[Abstract]
[PDF]
-
Kate, A., Zaverucha, G. and Hengartner, U.,
Anonymity and Security in Delay Tolerant Networks. Proc. of 3rd International Conference on Security and Privacy in
Communication Networks (SecureComm 2007), Nice, France, September
2007.
[Abstract]
[PDF]
-
Caine, A. and Hengartner, U.,
The AI Hardness of CAPTCHAs does not imply Robust Network
Security. Proc. of Joint iTrust and PST
Conferences on Privacy, Trust Management and Security (IFIPTM 2007), Moncton, NB, Canada, July/August 2007, pp. 367-382.
[Abstract]
[PDF]
[Live demo of repeating CAPTCHAs]
-
Zhong, G., Goldberg, I. and Hengartner, U.,
Louis, Lester and Pierre: Three Protocols for Location Privacy. Proc. of 7th Privacy Enhancing Technologies Symposium (PETS 2007), Ottawa, ON, Canada, June 2007, pp. 62-76.
[Abstract]
[PDF][Software]
-
Hengartner, U.,
Hiding Location Information from Location-Based Services. Proc. of International
Workshop on Privacy-Aware Location-based Mobile Services (PALMS),
Mannheim, Germany, May 2007, pp. 268-272.
[Abstract]
[PDF]
-
Hengartner, U. and
Zhong, G.,
Distributed, Uncertainty-Aware Access Control for Pervasive
Computing. Proc. of 4th IEEE International Workshop on Pervasive Computing and Communication
Security (PerSec 2007), White Plains, NY, March 2007, pp. 241-246.
[Abstract]
[PDF]
2006
-
Hengartner, U. and
Steenkiste, P.,
Avoiding Privacy Violations Caused by Context-Sensitive Services.
Pervasive and Mobile Computing,
PerCom 2006 special issue, 2(4), November 2006, pp. 427-452.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Exploiting Information Relationships for Access Control in Pervasive Computing.
Pervasive and Mobile Computing,
2(3), September 2006, pp. 344-367.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Securing Information Gateways with Derivation-Constrained Access
Control.
Proc. of
3rd International Conference Security in Pervasive Computing (SPC 2006),
York, United Kingdom, April 2006, pp. 181-195.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Avoiding Privacy Violations Caused by Context-Sensitive Services.
Proc. of 4th IEEE
International Conference on Pervasive Computing and
Communications (PerCom 2006), Pisa, Italy, March 2006, pp. 222-231.
[Abstract]
[PDF]
2005
-
Hengartner, U. and
Steenkiste, P.,
Access Control to People Location Information.
ACM Transactions on Information and System Security (TISSEC),
8(4), November 2005, pp. 424-456.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Exploiting Hierarchical Identity-Based Encryption for
Access Control to Pervasive Computing Information.
Proc. of 1st
IEEE/CreateNet International Conference on Security and Privacy for
Emerging Areas in Communication Networks (SecureComm
2005), Athens, Greece, September 2005, pp. 384-393.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Exploiting Information Relationships for Access Control.
Proc. of 3rd IEEE
International Conference on Pervasive Computing and
Communications (PerCom 2005), Kauai Island, HI, March 2005, pp. 269-278.
[Abstract]
[PDF]
2004
-
Hengartner, U. and
Steenkiste, P.,
Implementing Access Control to People Location Information.
Proc. of 9th ACM Symposium on Access Control Models and Technologies (SACMAT 2004),
Yorktown Heights, NY, June 2004, pp. 11-20.
[Abstract]
[PDF]
-
Miller, N.,
Judd, G.,
Hengartner, U.,
Gandon, F.,
Steenkiste, P.,
I-Heng Meng, Ming-Whei Feng, and
Sadeh. N.,
Context-aware Computing Using a Shared Contextual Information
Service.
Proc. of Pervasive 2004 Hot Spots, Vienna, Austria, April 2004.
[Abstract]
[PDF]
2003
-
Hengartner, U. and
Steenkiste, P.,
Access Control to Information in Pervasive Computing Environments.
Proc. of 9th
Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, HI, May
2003, pp. 157-162.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Protecting Access to People Location Information.
Proc. of 1st International Conference on Security in Pervasive Computing (SPC 2003), Boppard,
Germany, March 2003, pp. 25-38.
[Abstract]
[PDF]
2002
-
Hengartner, U.,
Moon, S.,
Mortier R., and
Diot, C
.,
Detection and Analysis of Routing Loops in Packet Traces (Short
Paper).
Proc. of
2nd Internet Measurement Workshop (IMW 2002), Marseille, France, November 2002, pp. 107-112.
[Abstract]
[PDF]
-
Hengartner, U. and
Steenkiste, P.,
Protecting People Location Information (Extended Abstract).
Workshop on Security in Ubiquitous Computing, Göteborg, Sweden, September 2002.
[PDF]
2001
-
Myers, A.,
Chuang, J.,
Hengartner, U.,
Xie, Y.,
Zhuang, W., and
Zhang, H.,
A Secure, Publisher-Centric Web Caching Infrastructure.
Proc. of IEEE
Infocom 2001, Anchorage, AK, April 2001, pp. 1235-1243.
[Abstract]
[PDF]
2000
-
Hengartner, U.,
Bolliger, J., and
Gross, T.,
TCP Vegas Revisited.
Proc. of IEEE
Infocom 2000, Tel Aviv, Israel, March 2000, pp. 1546-1555.
[Abstract]
[PDF]
1999
-
Hemy, M.,
Hengartner, U.,
Steenkiste, P., and
Gross, T.,
MPEG System Streams in Best-Effort Networks.
Proc. of
PacketVideo '99, New York, NY, April 1999.
[Abstract]
[Postscript]
-
Bolliger, J.,
Gross, T., and
Hengartner, U.,
Bandwidth Modelling for Network-Aware Applications.
Proc. of IEEE
Infocom '99, New York, NY, March 1999, pp. 1300-1309.
[Abstract
]
[PDF]
Selected Technical Reports
-
Hengartner, U.,
Access Control to Information in Pervasive Computing
Environments.
Ph.D. Thesis, available as Technical Report
CMU-CS-05-160, Computer Science Department, Carnegie Mellon University, August 2005.
[Abstract]
[PDF]
-
Bolliger, J.,
Hengartner, U., and
Gross, T.,
The Effectiveness of End-to-End Congestion Control Mechanisms.
Technical Report #313. Dept. Computer Science, ETH Zürich, February 1999.
[Abstract]
[PDF]