René Mayrhofer

René Mayrhofer

Professor of Networks and Security & Director of Engineering at Android Platform Security; pacifist, privacy fan, recovering hypocrite; generally here to question and learn

Johannes Kepler University

Google

Biography

I am a computer scientist with additional interest in physics, philosophy, and politics. At the moment, my main focus is secure communication, digital identity, and fighting against (governmental or corporate) mass surveillance - mostly by demonstrating through research prototypes that decentralized, privacy-first secure digital identity or network privacy are possible, through technical mitigations against all kinds of threats including insider attacks, and open letters and talks to educate against #ChatControl. I hold a Professorship at Johannes Kepler University Linz and act as the head of the Institute for Networks and Security as well as Director of Android Platform Security at Google. Occasionally, I act also as security consultant. Previously, I was head of the Josef Ressel Center for User-friendly Secure Mobile Environments and held Professorships in Mobile Computing at Upper Austria University of Applied Sciences, at University of Vienna, AT, and before that a Marie Curie Fellowship at the University of Lancaster, UK. I received Dipl.-Ing. (MSc) and Dr. techn. (PhD, Promotio sub auspiciis Praesidentis rei publicae) degrees from Johannes Kepler University Linz, Austria and my Venia Docendi for Applied Computer Science from University of Vienna, Austria.

This is my personal web page, and I update it only irregularly as I work on private projects. More content might be added within the next few weeks, months, or eons. My email inbox is often swamped, so please be patient when waiting for replies. Although I used to be able to respond to every email, this is unfortunately no longer possibly. I typically read most emails, though (unless they look like Spam to my filter or me or are in any way abusive).

For my University web page, please go here. I am also active on Mastodon instead of the old centralized site now. Old posts are online at my personal archival site.

Interests
  • Usable Security
  • Networking
  • Mobile Computing
  • Ethics in Computer Science
  • Sustainability of Computing Technology
  • Digital Identity
Education
  • Venia docendi (Habilitation) in Applied Computer Science, 2009

    University of Vienna, Austria

  • Dr.techn. (PhD) in Computer Science, 2004

    Johannes Kepler University Linz, Austria

  • Dipl.Ing. (MSc) in Computer Science, 2002

    Johannes Kepler University Linz, Austria

Experience

 
 
 
 
 
Professor
Sep 2014 – Present Linz, Austria
Head of Institute of Networks and Security
 
 
 
 
 
Director Engineering
Sep 2019 – Present Austria
Strategic project lead for Android platform security
 
 
 
 
 
Director Engineering
Oct 2017 – Aug 2019 California, US
Head of AOSP / Android platform security
 
 
 
 
 
Professor
Feb 2010 – Aug 2014 Hagenberg, Austria
Professor for Mobile Computing
 
 
 
 
 
Guest Professor
Feb 2008 – Jan 2009 Vienna, Austria
 
 
 
 
 
Marie Curie Fellow
Aug 2005 – Jan 2008 Lancaster, UK

Featured Publications

Practical Delegatable Anonymous Credentials From Equivalence Class Signatures
CORMORANT: Ubiquitous Risk-Aware Multi-Modal Biometric Authentication across Mobile Devices

People own and carry an increasing number of ubiquitous mobile devices, such as smartphones, tablets, and notebooks. Being small and mobile, those devices have a high propensity to become lost or stolen. Since mobile devices provide access to their owners’ digital lives, strong authentication is vital to protect sensitive information and services against unauthorized access. However, at least one in three devices is unprotected, with inconvenience of traditional authentication being the paramount reason. We present the concept of CORMORANT, an approach to significantly reduce the manual burden of mobile user verification through risk-aware, multi-modal biometric, cross-device authentication. Transparent behavioral and physiological biometrics like gait, voice, face, and keystroke dynamics are used to continuously evaluate the user’s identity without explicit interaction. The required level of confidence in the user’s identity is dynamically adjusted based on the risk of unauthorized access derived from signals like location, time of day and nearby devices. Authentication results are shared securely with trusted devices to facilitate cross-device authentication for co-located devices. Conducting a large-scale agent-based simulation of 4 000 users based on more than 720 000 days of real-world device usage traces and 6.7 million simulated robberies and thefts sourced from police reports, we found the proposed approach is able to reduce the frequency of password entries required on smartphones by 97.82% whilst simultaneously reducing the risk of unauthorized access in the event of a crime by 97.72%, compared to conventional knowledge-based authentication.

Design, Implementation, and Evaluation of Secure Communication for Line Current Differential Protection Systems over Packet Switched Networks

In this work we propose a secure communication concept for the protection of critical power supply and distribution infrastructure. Especially, we consider the line current differential protection method for modern smart grid implementations. This protection system operates on critical infrastructure, and it requires a precise time behavior on the communication between devices on both ends of a protected power line. Therefore, the communication has to fulfill deterministic constraints and low-delay requirements and additionally needs to be protected against cyber attacks. Existing systems are often either costly and based on deprecated technology or suffering from maloperations. In order to allow for both, economical and reliable operation, we present the first holistic communication concept capable of using state-of-the-art packet switched networks. Our solution consists of three parts: (i) we develop a list of design requirements for line current differential protection systems communication; (ii) we propose a communication concept obeying these design requirements by combining cryptographical and physical security approaches; and (iii) we evaluate our solution in a practical setup. Our evaluation shows a clock accuracy of 3 µs with a resilience to asymmetric delay attacks down to 8 ns/s. This demonstrates the secure and fault-free operation of a line current differential protection system communicating over a state-of-the-art network.

Mobile Match-on-Card Authentication Using Offline-Simplified Models with Gait and Face Biometrics

Biometrics have become important for mobile authentication, e.g. to unlock devices before using them. One way to protect biometric information stored on mobile devices from disclosure is using embedded smart cards (SCs) with biometric match-on-card (MOC) approaches. However, computational restrictions of SCs also limit biometric matching procedures. We present a mobile MOC approach that uses offline training to obtain authentication models with a simplistic internal representation in the final trained state, wherefore we adapt features and model representation to enable their usage on SCs. The pre-trained model can be shipped with SCs on mobile devices without requiring retraining to enroll users. We apply our approach to acceleration based mobile gait authentication as well as face authentication and compare authentication accuracy and computation time of 16 and 32 bit Java Card SCs. Using 16 instead of 32 bit SCs has little impact on authentication performance and is faster due to less data transfer and computations on the SC. Results indicate 11.4% and 2.4-5.4% EER for gait respectively face authentication, with transmission and computation durations on SCs in the range of 2s respectively 1s. To the best of our knowledge this work represents the first practical approach towards acceleration based gait MOC authentication.

Sulong, and Thanks For All the Bugs: Finding Errors in C Programs by Abstracting from the Native Execution Model
A Large-Scale, Long-Term Analysis of Mobile Device Usage Characteristics

Today, mobile devices like smartphones and tablets have become an indispensable part of people’s lives, posing many new questions e.g., in terms of interaction methods, but also security. In this paper, we conduct a large scale, long term analysis of mobile device usage characteristics like session length, interaction frequency, and daily usage in locked and unlocked state with respect to location context and diurnal pattern. Based on detailed logs from 29,279 mobile phones and tablets representing a total of 5,811 years of usage time, we identify and analyze 52.2 million usage sessions with some participants providing data for more than four years.Our results show that context has a highly significant effect on both frequency and extent of mobile device usage, with mobile phones being used twice as much at home compared to in the office. Interestingly, devices are unlocked for only 46% of the interactions. We found that with an average of 60 interactions per day, smartphones are used almost thrice as often as tablet devices (23), while usage sessions on tablets are three times longer, hence are used almost for an equal amount of time throughout the day. We conclude that usage session characteristics differ considerably between tablets and smartphones. These results inform future approaches to mobile interaction as well as security.

Recent Publications

Quickly discover relevant content by filtering publications.
(2024). Threshold Delegatable Anonymous Credentials With Controlled and Fine-Grained Delegation. IEEE Transactions on Dependable and Secure Computing.

Cite DOI

(2023). Anonymously Publishing Liveness Signals with Plausible Deniability. Proc. MoMM 2023: Advances in Mobile Computing and Multimedia Intelligence.

PDF Cite DOI

(2023). Face to Face with Efficiency: Real-Time Face Recognition Pipelines on Embedded Devices. Proc. MoMM 2023: Advances in Mobile Computing and Multimedia Intelligence.

PDF Cite DOI

(2023). A Large-Scale Data Collection and Evaluation Framework for Android Device Security Attributes. IDIMT-2023: 31st Interdisciplinary Information Management Talks.

Cite

(2023). INFRASPEC – Automated Inspection of Critical Infrastructure. ERCIM NEWS- European Research Consortium for Informatics and Mathematics.

Cite

(2023). A Survey on Fingerprinting Technologies for Smartphones Based on Embedded Transducers. IEEE Internet of Things.

Cite DOI

(2023). Digitale Identitäten in der physischen Welt: Eine Abwägung von Privatsphäreschutz und Praktikabilität. HMD Praxis der Wirtschaftsinformatik.

Cite DOI

(2023). Efficient Aggregation of Face Embeddings for Decentralized Face Recognition Deployments. Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP 2023).

Cite DOI

(2023). Practical Delegatable Anonymous Credentials From Equivalence Class Signatures. Proceedings on Privacy Enhancing Technologies (PoPETs).

PDF Cite DOI

(2022). Decentralized, Privacy-Preserving, Single Sign-On. Security and Communication Networks.

Cite DOI URL

Featured Talks

Insider Attack Resistance in the Android Ecosystem

The threat model for a mobile device ecosystem is complex. In addition to the obvious physical attacks on lost or stolen devices and malicious code threats, typical mobile devices integrate a significant amount of code from different organizations into their system images, which are in turn executed on an increasingly complex hardware infrastructure. Both benign mistakes, as well as malicious attacks, could happen on any of these layers, by any of these organizations. Therefore, users as well as app developers and service providers currently have to trust every single one of these organizations. Note that OEMs (original equipment manufacturers) in their role as integrators typically verify their supply chain and components they integrate. However, there are also other parties in the full chain that can tamper with devices after they leave an OEM and before they are in the hands of users. Summarizing, many people could—by honest mistake or malicious intent—tamper with components of a modern smartphone to compromise user security. We call such attacks insider attacks, independently of the motivation or association of these insiders. The basic threat is that insiders have privileged access to some components during the manufacturing or update chain that would allow them to make modifications that third parties could not. This talk will introduce the complexity of the insider attack problem (which is not unique to Android) and introduce some defenses that have already been put in place. In Android, we counter such insider attacks on multiple levels and aim to remove or limit the capability of insiders to harm users, which implies the limiting required trust in many of the involved parties. At the secure hardware level, Android Pie 9.0 introduced insider attack resistance (IAR) for updates to tamper-resistant hardware such as secure elements that is used to validate the user knowledge factor in authentication and for deriving, storing, and using cryptographic key material. Even Google and the respective OEM are technically incapable of distributing modified firmware to such tamper-resistant hardware to exfiltrate user keys without their cooperation. On the system software level, some devices make the hash of their currently running firmware available for (anonymous) local and remote verification. The combination of these features already provide transparency on the system software level and severely limit the possibility of targeted attacks on firmware and system software levels. We continue to work on this problem, and this talk is partially a call to action for the security community to devise additional novel methods to mitigate against insider attacks on components in the mobile device landscape.

Recent Posts

Contact