# own-publications.bib

@article{art-acm-computing-surveys-2014,
author = {Ming Ki Chong and Rene Mayrhofer and Hans Gellersen},
title = {A Survey of User Interaction for Spontaneous Device Association},
year = {2014},
month = {July},
volume = {47},
issue = {1},
number = {8},
doi = {10.1145/2597768},
journal = {ACM Computing Surveys},
publisher = {ACM Press},
address = {New York, NY, USA},
note = {\emph{accepted for publication on 2014-03-11}},
abstract = {In a wireless world, users can establish ad hoc virtual connections between devices that are unhampered by
cables. This process is known as spontaneous device association. A wide range of interactive protocols and
techniques have been demonstrated in both research and practice, predominantly with a focus on security
aspects. In this article, we survey spontaneous device association with respect to the user interaction it
involves. We use a novel taxonomy to structure the survey with respect to the different conceptual models
and types of user action employed for device association. Within this framework, we provide an in-depth
survey of existing techniques discussing their individual characteristics, benefits and issues.},
keywords = {Device association, pairing, spontaneous interaction, wireless, user interaction, survey, taxonomy},
eventurl = {http://dl.acm.org/citation.cfm?id=2620784.2597768&coll=DL&dl=ACM&CFID=470467745&CFTOKEN=83787398},
pubtype = {article}
}

@article{art-ijwmc,
author = {Alois Ferscha and Manfred Hechinger and Rene Mayrhofer and Roy Oberhauser},
title = {A Peer-to-Peer Light-Weight Component Model for Context-Aware Smart
Space Applications},
journal = {International Journal of Wireless and Mobile Computing ({IJWMC}),
special issue on Mobile Distributed Computing},
year = {2004},
note = {extended version of \cite{paper-mdc2004}},
abstract = {Abstract—Mobile Peer-to-Peer (P2P) computing applications involve
collections of heterogeneous and resource-limited devices (such as
PDAs or embedded sensor-actuator systems), typically operated in
ad-hoc completely decentralized networks and without requiring dedicated
infrastructure support. Short-range wireless communication technologies
together with P2P networking capabilities on mobile devices are responsible
for a proliferation of such applications, yet these applications
are often complex and monolithic in nature due to the lack of lightweight
component/container support in these resource-constrained devices.
A threatening field of application is smart space'' control, i.e.
software architectures to control various home appliances and embedded
home facilities in a personalized, spontaneous and intuitive way.
Future home environments are expected to be highly populated by ubiquitous
computing technology, allowing to integrate various aspects of home
activities seamlessly into walls, floors, furniture, appliances,
and even clothing – thus raising the need for lightweight, versatile
and component based software architectures to harness such technology
rich environments.

In this paper we describe our lightweight software component model
P2Pcomp that addresses the development needs for mobile P2P applications.
An abstract, flexible, and high-level communication mechanism among
components is developed via a ports concept, supporting protocol
independence, location independence, and (a)synchronous invocations;
dependencies are not hard-coded in the components, but can be defined
at deployment or runtime, providing late-binding and dynamic rerouteability
capabilities. Peers can elect to provide services as well as consume
them, services can migrate between containers, and services are ranked
to support Quality-of-Service choices. Our lightweight container
realization leverages the OSGi platform and can utilize various P2P
communication mechanisms such as JXTA. A smart space'' application
scenario demonstrates how P2Pcomp supports flexible and highly tailorable
mobile P2P applications.},
issue = {4},
pubtype = {article}
}

@article{art-ferscha-peer-it,
author = {Alois Ferscha and Manfred Hechinger and Andreas Riener and Marcos
dos Santos Rocha and Andreas Zeidler and Marquart Franz and Rene
Mayrhofer},
title = {Peer-it: Stick-on solutions for networks of things},
journal = {Pervasive and Mobile Computing},
year = {2008},
pages = {448-479},
pubtype = {article}
}

@article{art-eurasip-embedded-systems,
author = {Alois Ferscha and Manfred Hechinger and Marcos dos~Santos~Rocha and
Rene Mayrhofer and Andreas Zeidler and Andreas Riener and Marquardt
Franz},
title = {Building Flexible Manufacturing Systems Based on Peer-Its},
journal = {{EURASIP} Journal on Embedded Systems},
year = {2008},
volume = {2008},
note = {Article {ID} 267560},
doi = {doi:10.1155/2008/267560},
pubtype = {article},
url = {http://www.hindawi.com/getarticle.aspx?doi=10.1155/2008/267560}
}

@article{art-ijpcc2013-face-detection,
author = {Rainhard Findling and Rene Mayrhofer},
title = {Towards pan shot face unlock: Using biometric face information from
different perspectives to unlock mobile devices},
journal = {International Journal of Pervasive Computing and Communications (IJPCC)},
year = {2013},
volume = {9},
pages = {190--208},
note = {A preliminary version of this work was published in MoMM 2012~\cite{paper-momm2012-face-detection} with
a limited set of classifiers and a significantly smaller data set
used for evaluation.},
abstract = {Purpose – Personal mobile devices currently have access to a significant
portion of their user's private sensitive data and are increasingly
used for processing mobile payments. Consequently, securing access
to these mobile devices is a requirement for securing access to the
sensitive data and potentially costly services. The authors propose
and evaluate a first version of a pan shot face unlock method: a
mobile device unlock mechanism using all information available from
a 180° pan shot of the device around the user's head – utilizing
biometric face information as well as sensor data of built-in sensors
of the device. The paper aims to discuss these issues.

Design/methodology/approach – This approach uses grayscale 2D images,
on which the authors perform frontal and profile face detection.
For face recognition, the authors evaluate different support vector
machines and neural networks. To reproducibly evaluate this pan shot
face unlock toolchain, the authors assembled the 2013 Hagenberg stereo
vision pan shot face database, which the authors describe in detail

Findings – Current results indicate that the approach to face recognition
is sufficient for further usage in this research. However, face detection
is still error prone for the mobile use case, which consequently
decreases the face recognition performance as well.

Originality/value – The contributions of this paper include: introducing
pan shot face unlock as an approach to increase security and usability
during mobile device authentication; introducing the 2013 Hagenberg
stereo vision pan shot face database; evaluating this current pan
shot face unlock toolchain using the newly created face database.},
doi = {10.1108/IJPCC-05-2013-0012},
eventurl = {http://www.emeraldinsight.com/journals.htm?articleid=17095548&ini=aob&},
issue = {3},
owner = {rene},
pubtype = {article}
}

@article{art-ijpcc2015-quaternion-derotation,
author = {Ren\'e Mayrhofer and Helmut Hlavacs and Rainhard Dieter Findling},
title = {Optimal Derotation of Shared Acceleration Time Series by Determining Relative Spatial Alignment},
journal = {International Journal of Pervasive Computing and Communications (IJPCC)},
year = {2015},
issn = {1742-7371},
volume = {11},
issue = {4},
pages = {454--466},
doi = {http://dx.doi.org/10.1108/IJPCC-08-2015-0031},
note = {A preliminary version of this work was published in iiWAS~2014~\cite{paper-iiwas2014-quaternion-derotation}.},
abstract = {Purpose: Detecting if two or multiple devices are moved together is an interesting problem for different applications. However, these devices may be aligned arbitrarily with regards to each other, and the three dimensions sampled by their respective local accelerometers can therefore not be directly compared. The typical approach is to ignore all angular components and only compare overall acceleration magnitudes --- with the obvious disadvantage of discarding potentially useful information. \\
Approach: In this paper, we contribute a method to analytically determine relative spatial alignment of two devices based on their acceleration time series. Our method uses quaternions to compute the optimal rotation with regards to minimizing the mean squared error. \\
Practical implications: After derotaion, the reference system of one device can be (locally and independently) aligned with the other, and thus that all three dimensions can consequently be compared for more accurate classification. \\
Findings: Based on real-world experimental data from smart phones and smart watches shaken together, we demonstrate the effectiveness of our method with a magnitude squared coherence metric, for which we show an improved EER of 0.16 (when using derotation) over an EER of 0.18 (when not using derotation). \\
Originality: Without derotating time series, angular information cannot be used for deciding if devices have been moved together. To the best of our knowledge, this is the first analytic approach to find the optimal derotation of the coordinate systems, given only the two 3D time acceleration series of devices (supposedly) moved together. It can be used as the basis for further research on improved classification towards acceleration-based device pairing.},
owner = {rene},
pubtype = {article}
}

@article{art-wiley-scn-2014,
author = {Rene Mayrhofer},
title = {An Architecture for Secure Mobile Devices},
journal = {Security and Communication Networks},
year = {2014},
note = {Significantly revised and extended version of~\cite{paper-tsp2013}, accepted for publication on 2014-03-24, online publication 2014-06-17 (AID SEC1028)},
abstract = {Mobile devices such as smart phones have become one of the preferred
means of accessing digital services, both for consuming and creating
content. Unfortunately, securing such mobile devices is inherently
difficult for a number of reasons. In this article, we review recent
research results, systematically analyze the technical issues of
securing mobile device platforms against different threats, and discuss
a resulting and currently unsolved problem: how to create an end-to-end
secure channel between the digital service (e.g.\ a secure wallet
application on an embedded smart card or an infrastructure service
connected over wireless media) and the user. Although the problem
has been known for years and technical approaches start appearing
in products, the user interaction aspects have remained unsolved.
We discuss the reasons for this difficulty and suggest potential
approaches to create human-verifiable secure communication with components
or services within partially untrusted devices.},
issn = {1939-0122},
keywords = {mobile device security; user authentication; secure channel; virtualization;
embedded smart card},
owner = {rene},
publisher = {Wiley},
timestamp = {2014.03.25},
url = {http://onlinelibrary.wiley.com/journal/10.1002/%28ISSN%291939-0122},
doi = {10.1002/sec.1028},
pubtype = {article}
}

@article{art-transactions-mobile-2018-moc,
author = {Rainhard Findling and Michael H\"olzl and Rene Mayrhofer},
title = {Mobile Match-on-Card Authentication Using Offline-Simplified Models with Gait and Face Biometrics},
journal = {IEEE Transactions on Mobile Computing},
year = {2018},
volume = {},
pages = {},
number = {},
month = {March},
abstract = {Biometrics have become important for mobile authentication, e.g. to unlock devices before using them. One way to protect biometric information stored on mobile devices from disclosure is using embedded smart cards (SCs) with biometric match-on-card (MOC) approaches. However, computational restrictions of SCs also limit biometric matching procedures. We present a mobile MOC approach that uses offline training to obtain authentication models with a simplistic internal representation in the final trained state, wherefore we adapt features and model representation to enable their usage on SCs. The pre-trained model can be shipped with SCs on mobile devices without requiring retraining to enroll users. We apply our approach to acceleration based mobile gait authentication as well as face authentication and compare authentication accuracy and computation time of 16 and 32 bit Java Card SCs. Using 16 instead of 32 bit SCs has little impact on authentication performance and is faster due to less data transfer and computations on the SC. Results indicate 11.4% and 2.4-5.4% EER for gait respectively face authentication, with transmission and computation durations on SCs in the range of 2s respectively 1s. To the best of our knowledge this work represents the first practical approach towards acceleration based gait MOC authentication.},
day = {6},
documenturl = {},
doi = {10.1109/TMC.2018.2812883},
eventurl = {},
issn = {1536-1233},
publisher = {IEEE CS Press},
pubtype = {article}
}

@article{art-transactions-mobile-2013,
author = {Rene Mayrhofer and J\"urgen Fuss and Iulia Ion},
title = {{UACAP}: A Unified Auxiliary Channel Authentication Protocol},
journal = {IEEE Transactions on Mobile Computing},
year = {2013},
volume = {12},
pages = {710--721},
number = {4},
month = {April},
abstract = {Authenticating spontaneous interactions between devices and users
is challenging for several reasons: the wireless (and therefore invisible)
nature of device communication, the heterogeneous nature of devices
and lack of appropriate user interfaces in mobile devices, and the
requirement for unobtrusive user interaction. The most promising
approach that has been proposed in literature involves the exploitation
of so-called auxiliary channels for authentication to bridge the
gap between usability and security. This concept has spawned the
independent development of various authentication methods and research
prototypes, that, unfortunately, remain hard to compare and interchange
and are rarely available to potential application developers. We
present a novel, unified cryptographic authentication protocol framework
(UACAP) to unify these approaches and analyze its security properties.
This protocol and a selection of auxiliary channels aimed at authentication
of mobile devices has been implemented and released in an open source
ubiquitous authentication toolkit (OpenUAT). We also present an initial
user study evaluating four of these channels.},
day = {13},
doi = {10.1109/TMC.2012.43},
eventurl = {http://www.computer.org/csdl/trans/tm/preprint/ttm2012990024-abs.html},
issn = {1536-1233},
note_disabled = {Submitted 2011-06-15, accepted 2012-01-27},
publisher = {IEEE CS Press},
pubtype = {article}
}

@article{art-transactions-mobile-2009,
author = {Rene Mayrhofer and Hans Gellersen},
title = {Shake well before use: Intuitive and Secure Pairing of Mobile Devices},
journal = {IEEE Transactions on Mobile Computing},
year = {2009},
volume = {8},
pages = {792--806},
number = {6},
month = {June},
note = {revised and extended version of \cite{paper-pervasive2007}},
abstract = {A challenge in facilitating spontaneous mobile interactions is to
provide pairing methods that are both intuitive and secure. Simultaneous
shaking is proposed as a novel and easy-to-use mechanism for pairing
of small mobile devices. The underlying principle is to use common
movement as a secret that the involved devices share for mutual authentication.
We present two concrete methods, ShaVe and ShaCK, in which sensing
and analysis of shaking movement is combined with cryptographic protocols
for secure authentication. ShaVe is based on initial key exchange
followed by exchange and comparison of sensor data for verification
of key authenticity. ShaCK, in contrast, is based on matching features
extracted from the sensor data to construct a cryptographic key.
The classification algorithms used in our approach are shown to robustly
separate simultaneous shaking of two devices from other concurrent
movement of a pair of devices, with a false negative rate of under
12 percent. A user study confirms that the method is intuitive and
easy to use, as users can shake devices in an arbitrary pattern.},
eventurl = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4796201},
note_disabled = {Submitted 2008-06-15, accepted 2009-02-10},
publisher = {IEEE CS Press},
pubtype = {article}
}

@article{art-istr2008,
author = {Rene Mayrhofer and Hans Gellersen},
title = {Spontaneous Mobile Device Authentication based on Sensor Data},
journal = {Information Security Technical Report},
year = {2008},
volume = {13},
pages = {136--150},
month = {August},
note = {presents a summary and extension of four previous conference papers~\cite{paper-pervasive2007,paper-ubicomp2007,paper-wais2007,paper-twuc2006}.},
abstract = {Small, mobile devices or infrastructure devices without user interfaces,
such as Bluetooth headsets, wireless LAN access points, or printers,
often need to communicate securely over wireless networks. Active
attacks can only be prevented by authenticating wireless communication,
which is problematic when devices do not have any a priori information
methods for device-to-device authentication based on sensor data
from various physical out-of-band channels: shaking devices together,
authentication based on spatial reference, and transmission via visible
laser.},
doi = {10.1016/j.istr.2008.10.005},
eventurl = {http://dx.doi.org/10.1016/j.istr.2008.10.005},
issn = {1363-4127},
issue = {3},
publisher = {Elsevier},
pubtype = {article}
}

@article{art-mobile-multimedia2007,
author = {Rene Mayrhofer and Roswitha Gostner},
title = {Using a Spatial Context Authentication Proxy for Establishing Secure
Wireless Connections},
journal = {Journal of Mobile Multimedia},
year = {2007},
volume = {3},
pages = {198--217},
number = {3},
month = {March},
abstract = {Spontaneous interaction in wireless ad-hoc networks is often desirable
not only between users or devices in direct contact, but also with
devices that are accessible only via a wireless network. Secure communication
with such devices is difficult because of the required authentication,
which is often either password- or certificate-based. An intuitive
alternative is context-based authentication, where device authenticity
is verified by shared context, and often by direct physical evidence.
Devices that are physically separated cannot experience the same
context and thus cannot benefit directly from context authentication.
We introduce a \emph{context authentication proxy} that is pre-authenticated
with one of the devices and can authenticate with the other by shared
context. This concept is applicable to a wide range of application
scenarios, context sensing technologies, and trust models. We show
its practicality in an implementation for setting up IPSec connections
based on spatial reference. Our specific scenario is ad-hoc access
of mobile devices to secure 802.11 WLANs using a mobile device as
authentication proxy. A user study shows that our method and implementation
are intuitive to use and compare favourably to a standard, password-based
approach.},
issn = {1550-4646},
publisher = {Rinton Press},
pubtype = {article}
}

@article{art-radiomatics2004,
author = {Rene Mayrhofer and Harald Radi and Alois Ferscha},
title = {Recognizing and Predicting Context by Learning from User Behavior},
journal = {Radiomatics: Journal of Communication Engineering, special issue
year = {2004},
volume = {1},
pages = {30--42},
number = {1},
month = {May},
note = {extended version of \cite{paper-momm2003}},
abstract = {Current mobile devices like mobile phones or personal digital assistants
have become more and more powerful; they already offer features that
only few users are able to exploit to their whole extent. With a
number of upcoming mobile multimedia applications, ease of use becomes
one of the most important aspects. One way to improve usability is
to make devices aware of the user’s context, allowing them to adapt
to the user instead of forcing the user to adapt to the device. Our
work is taking this approach one step further by not only reacting
to the current context, but also predicting future context, hence
making the devices proactive. Mobile devices are generally suited
well for this task because they are typically close to the user even
when not actively in use. This allows such devices to monitor the
user context and act accordingly, like automatically muting ring
or signal tones when the user is in a meeting or selecting audio,
video or text communication depending on the user’s current occupation.
to continuously recognize current and anticipate future user context.
The major challenges are that context recognition and prediction
should be embedded in mobile devices with limited resources, that
learning and adaptation should happen on-line without explicit training
phases and that user intervention should be kept to a minimum with
non-obtrusive user interaction. To accomplish this, the presented
architecture consists of four major parts: feature extraction, classification,
labeling and prediction. The available sensors provide a multi-dimensional,
highly heterogeneous input vector as input to the classification
step, realized by data clustering. Labeling associates recognized
context classes with meaningful names specified by the user, and
prediction allows forecasting future user context for proactive behavior.},
issn = {1693-5152},
publisher = {ITB Press},
pubtype = {article}
}

@article{art-ijpcc2011,
author = {Rene Mayrhofer and Alexander Sommer and Sinan Saral},
title = {Air-Writing: A Platform for Scalable, Privacy-Preserving, Spatial
Group Messaging},
journal = {International Journal of Pervasive Computing and Communications ({IJPCC})},
year = {2012},
volume = {8},
pages = {53--78},
note = {A preliminary version of this work was published in iiWAS 2010~\cite{paper-iiwas2010}.},
abstract = {Spatial messaging is a direct extension to text and other multi-media
messaging services that have become highly popular with the current
pervasiveness of mobile communication. It offers benefits especially
to mobile computing, providing localized and therefore potentially
more appropriate delivery of nearly arbitrary content. Location is
one of the most interesting attributes that can be added to messages
in current applications, including gaming, social networking, or
advertising services. However, location is also highly critical in
terms of privacy. If a spatial messaging platform could collect the
location traces of all its users, detailed profiling would be possible
- and, considering commercial value of such profiles, likely.},
doi = {10.1108/17427371211221081},
eventurl = {http://www.emeraldinsight.com/journals.htm?articleid=17024855&ini=aob},
issn = {1742-7371},
issue = {1},
owner = {rene},
pubtype = {article},
timestamp = {2011.06.07}
}

@article{art-puc2015-security-zones,
author = {Peter Riedl and Rene Mayrhofer and Andreas M\"oller and Matthias Kranz and Florian Lettner and Clemens Holzmann and Marion Koelle},
title = {Only play in your comfort zone: interaction methods for improving security awareness on mobile devices},
year = {2015},
month = {March},
day = {27},
issn = {1617-4909},
journal = {Personal and Ubiquitous Computing},
doi = {10.1007/s00779-015-0840-5},
eventurl = {http://dx.doi.org/10.1007/s00779-015-0840-5},
publisher = {Springer London},
keywords = {Mobile security; Security zones; Sandboxing; Separation; Compartmentalization},
pages = {1-14},
language = {English},
pubtype = {article},
abstract = {In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.}
}

@article{art-ijpcc2014-javacard-applets-life-cycle,
author = {Michael Roland and Josef Langer and Rene Mayrhofer},
title = {Managing the life cycle of Java Card applets in other Java virtual machines},
journal = {International Journal of Pervasive Computing and Communications (IJPCC)},
year = {2014},
issn = {1742-7371},
volume = {10},
issue = {3},
pages = {291--312},
note = {A preliminary version of this work was published in MoMM~2013~\cite{paper-momm2013-javacard-emulator}.},
abstract = {Purpose - The purpose of this paper is to address the design, implementation, performance and limitations of an environment that emulates a secure element for rapid prototyping and debugging. Today, it is difficult for developers to get access to a near field communication (NFC)-secure element in current smartphones. Moreover, the security constraints of smartcards make in-circuit emulation and debugging of applications impractical. Therefore, an environment that emulates a secure element brings significant advantages for developers.

Design/methodology/approach - The authors' approach to such an environment is the emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android Dalvik VM), as this would facilitate the use of existing debugging tools. As the operation principle of the Java Card VM is based on persistent memory technology, the VM and applications running on top of it have a significantly different life cycle compared to other Java VMs. The authors evaluate these differences and their impact on Java VM-based Java Card emulation. They compare possible strategies to overcome the problems caused by these differences, propose a possible solution and create a prototypical implementation to verify the practical feasibility of such an emulation environment.

Findings - While the authors found that the Java Card inbuilt persistent memory management is not available on other Java VMs, they present a strategy to model this persistence mechanism on other VMs to build a complete Java Card run-time environment on top of a non-Java Card VM. Their analysis of the performance degradation in a prototypical implementation caused by additional effort put into maintaining persistent application state revealed that the implementation of such an emulation environment is practically feasible.

Originality/value - This paper addresses the problem of emulating a complete Java Card run-time environment on top of non-Java Card virtual machines which could open and significantly ease the development of NFC secure element applications.},
doi = {10.1108/IJPCC-06-2014-0036},
eventurl = {http://www.emeraldinsight.com/doi/full/10.1108/IJPCC-06-2014-0036},
owner = {rene},
pubtype = {article}
}

@article{art-transactions-mobile-2017-shakeunlock,
title = {ShakeUnlock: Securely Transfer Authentication States Between Mobile Devices},
journal = {IEEE Transactions on Mobile Computing (IEEE TMC)},
volume = {16},
year = {2017},
month = {04/2017},
pages = {1175},
chapter = {1163},
abstract = {As users start carrying multiple mobile devices, we propose a novel, token based mobile device unlocking approach. Mobile devices are conjointly shaken to transfer the authentication state from an unlocked token device to another device to unlock it. A common use case features a wrist watch as token device, which remains unlocked as long as it is strapped to the user{\textquoteright}s wrist, and a locked mobile phone, which is unlocked if both devices are shaken conjointly. Shaking can be done single-handedly, requires little user attention (users don{\textquoteright}t have to look at the device for unlocking it) and does not cause additional cognitive load on users. In case attackers gain control over the locked phone, forging shaking is difficult, which impedes malicious unlocks. We evaluate our approach using acceleration records from our 29 people sized ShakeUnlock database and discuss influence of its constituent parts on the system performance. We further present a performance study using an Android implementation and live data, which shows the true negative rate of observational attacks to be in the range of 0.8 - if an attacker manages to gain control over the locked device and shake it in parallel to the device owner shaking the token device.},
keywords = {authentication, Mobile environments, Security and Privacy Protection, Time series analysis},
issn = {1536-1233},
doi = {10.1109/TMC.2016.2582489},
eventurl = {http://ieeexplore.ieee.org/document/7494938/},
author = {Rainhard Dieter Findling and Muhammad Muaaz and Daniel Hintze and Ren{\'e} Mayrhofer},
publisher = {IEEE CS Press},
pubtype = {article}
}

@article{art-transactions-mobile-2017-gait-authentication,
title = {Smartphone-based Gait Recognition: From Authentication to Imitation},
journal = {IEEE Transactions on Mobile Computing (IEEE TMC)},
day = {23},
month = {November},
year = {2017},
pages = {3209--3221},
volume = {16},
issue = {11},
abstract = {This work evaluates the security strength of a smartphone-based gait recognition system against zero-effort and live minimal-effort impersonation attacks under realistic scenarios. For this purpose, we developed an Android application, which uses a smartphone-based accelerometer to capture gait data continuously in the background, but only when an individual walks. Later, it analyzes the recorded gait data and establishes the identity of an individual. At first, we tested the performance of this system against zero-effort attacks by using a dataset of 35 participants. Later, live impersonation attacks were performed by five professional actors who are specialized in mimicking body movements and body language. These attackers were paired with their physiologically close victims, and they were given live audio and visual feedback about their latest impersonation attempt during the whole experiment. No false positives under impersonation attacks, indicate that mimicry does not improve chances of attackers being accepted by our gait authentication system. In 29% of total impersonation attempts, when attackers walked like their chosen victim, they lost regularity between their steps which makes impersonation even harder for attackers.},
keywords = {Authentication, Smart phones, Iris recognition, Mobile computing, Accelerometers},
issn = {1536-1233},
doi = {10.1109/TMC.2017.2686855},
eventurl = {http://ieeexplore.ieee.org/document/7885511/},
author = {Muhammad Muaaz and Ren{\'e} Mayrhofer},
publisher = {IEEE CS Press},
pubtype = {article}
}

@article{art-cip2018-secure-power-line-protection,
author = {Andreas Aichhorn and Bernhard Etzlinger and Andreas Unterweger and René
Mayrhofer and Andreas Springer},
title = {Design, Implementation, and Evaluation
of Secure Communication for Line Current Differential Protection Systems
over Packet Switched Networks},
journal = {International Journal of Critical Infrastructure Protection},
publisher = {Elsevier},
year = {2018},
pubtype = {article}
}

@article{art-cst2018-mobile-auth-adversary-models,
author = {René Mayrhofer and Stephan Sigg and Vishwath Mohan},
title = {Adversary Models for Mobile Device Authentication},
note = {submitted for review},
pubtype = {article}
}