Recent Publications

More Publications

(2019). The Android Platform Security Model. arXiv:1904.05572 [cs].


(2019). Insider Attack Resistance in the Android Ecosystem. Enigma 2019.

(2018). Android Pie à la mode: Security & Privacy.


(2018). Investigating the impact of network security on the line current differential protection system. The Journal of Engineering.


(2018). Design, Implementation, and Evaluation of Secure Communication for Line Current Differential Protection Systems over Packet Switched Networks. International Journal of Critical Infrastructure Protection.


(2018). Mobile Match-on-Card Authentication Using Offline-Simplified Models with Gait and Face Biometrics. IEEE Transactions on Mobile Computing.


(2018). Sulong, and Thanks For All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model. Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems.


(2018). Wie sicher ist die schöne, neue und vernetzte Welt?. Automatisierung: Wechselwirkung mit Kunst, Wissenschaft und Gesellschaft.

(2017). Smartphone-based Gait Recognition: From Authentication to Imitation. IEEE Transactions on Mobile Computing (IEEE TMC).


(2017). ShakeUnlock: Securely Transfer Authentication States Between Mobile Devices. IEEE Transactions on Mobile Computing (IEEE TMC).


Presentations & Talks

Recent Posts

More Posts

Why Tor allows to anonymize Internet traffic through onion routing, typically via 3 separate hops. At INS, we run one of the fastest Tor exit nodes in Austria, and provide statistical data on its usage. For more details, please check those project websites. On my personal home network, I use Tor - among other reasons - to test various devices such as mobile phones, tablets, etc. with apps I do not necessarily trust, “smart home” / IoT style devices, or wearables.


Disclaimer This web page is written primarily in English, but uses German words originating from the Austrian law. There seems to be little point in artificially translating these terms when they are special definitions of a law written in German. I have tried to explain the terms when I first use them - if something is unclear, feel free to send me an email. Introduction Since the beginning of 2000, the Austrian government has begun introducing its digital signature scheme in form for the so called “Bürgerkarte”.


Creating X.509 certificates programmatically in Java My probem statement was simple: create a X.509 certificate with only a few fields being configurable, sign it with an already existing CA private key/certificate combination, and write the new certificate in PKCS12 format. Then it became complicated: I needed to it with Java, on a PDA. I spent about 2 days to get this seemingly simple task to work, so I thought it might be good to share my findings in the hope that they will serve others with similar problems.


How to set up an OpenWRT router/gateway as an IPsec/L2TP gateway for Andoid and iPhone clients The only “reasonable” (that is, not counting PPTP due to its known security issues) VPN protocol supported by default on non-rooted / non-jailbroken Android / iPhone phones as clients is the combination of IPsec and L2TP. Most probably, this was chosen due to its out-of-the-box support by newer Windows clients and MacOS/X as well.


Introduction After (again) suffering under KMail’s recent sluggishness when dealing with my email spool and general Eclipse slowness when run with many plugins (such as the excellent Android ADT or the still-to-mature Scala plugin), I decided that the best update for my Lenovo Thinkpad X201s laptop would be a solid state disk (SSD). Some preliminary web article research yielded the Crucial C300 256GB as one candidate with near top-level performance and reasonable pricing.



A selection of personal research and development projects I worked on either alone or as the main contributor. Larger academic projects I managed are linked to their respective web sites.


Context authentication

[Finished Jan. 2008] Research into context-based device-to-device authentication.

Context prediction

[Finished Nov. 2004] PhD project on predicting mobile user context


[Finished Sept. 2014] Open source Ubiquitous Authentication Toolkit


[Finished Jan. 2008] Relative spatial positioning


[Finished] Enabling IPv6 address privacy on Android devices.

Gibraltar firewall

[Finished/closed] A Linux firewall/UTM distribution with read-only root file system.

JKU Tor exit node

[Running] High-bandwidth Tor exit node at JKU/INS for research on use of anonymization

Josef Ressel Center u'smile

[Finished Sept. 2017] Research Center for User-friendly Secure Mobile Environments

Android Exploit Framework

[Finished] Android on-device permanent root exploit framework


[Finished/stopped] A personal Dropbox replacement based on Git

Private Notes

[Finished] Cross-platform end-to-end encrypted note-taking app


[Finished] Package to support building Linux live-booting CDs

Squid filter patches

[Finished] Filtering patches for Squid proxy