Refereed journal articles

[1] R. Findling, M. Hölzl, and R. Mayrhofer, “Mobile match-on-card authentication using offline-simplified models with gait and face biometrics,” IEEE Transactions on Mobile Computing, March 2018. [ bib | DOI | conference link | www: ]
Biometrics have become important for mobile authentication, e.g. to unlock devices before using them. One way to protect biometric information stored on mobile devices from disclosure is using embedded smart cards (SCs) with biometric match-on-card (MOC) approaches. However, computational restrictions of SCs also limit biometric matching procedures. We present a mobile MOC approach that uses offline training to obtain authentication models with a simplistic internal representation in the final trained state, wherefore we adapt features and model representation to enable their usage on SCs. The pre-trained model can be shipped with SCs on mobile devices without requiring retraining to enroll users. We apply our approach to acceleration based mobile gait authentication as well as face authentication and compare authentication accuracy and computation time of 16 and 32 bit Java Card SCs. Using 16 instead of 32 bit SCs has little impact on authentication performance and is faster due to less data transfer and computations on the SC. Results indicate 11.4% and 2.4-5.4% EER for gait respectively face authentication, with transmission and computation durations on SCs in the range of 2s respectively 1s. To the best of our knowledge this work represents the first practical approach towards acceleration based gait MOC authentication.

[2] A. Aichhorn, B. Etzlinger, A. Unterweger, R. Mayrhofer, and A. Springer, “Design, implementation, and evaluation of secure communication for line current differential protection systems over packet switched networks,” International Journal of Critical Infrastructure Protection, 2018. [ bib ]
[3] M. Muaaz and R. Mayrhofer, “Smartphone-based gait recognition: From authentication to imitation,” IEEE Transactions on Mobile Computing (IEEE TMC), vol. 16, pp. 3209--3221, November 2017. [ bib | DOI | conference link | .pdf ]
This work evaluates the security strength of a smartphone-based gait recognition system against zero-effort and live minimal-effort impersonation attacks under realistic scenarios. For this purpose, we developed an Android application, which uses a smartphone-based accelerometer to capture gait data continuously in the background, but only when an individual walks. Later, it analyzes the recorded gait data and establishes the identity of an individual. At first, we tested the performance of this system against zero-effort attacks by using a dataset of 35 participants. Later, live impersonation attacks were performed by five professional actors who are specialized in mimicking body movements and body language. These attackers were paired with their physiologically close victims, and they were given live audio and visual feedback about their latest impersonation attempt during the whole experiment. No false positives under impersonation attacks, indicate that mimicry does not improve chances of attackers being accepted by our gait authentication system. In 29% of total impersonation attempts, when attackers walked like their chosen victim, they lost regularity between their steps which makes impersonation even harder for attackers.

Keywords: Authentication, Smart phones, Iris recognition, Mobile computing, Accelerometers
[4] R. D. Findling, M. Muaaz, D. Hintze, and R. Mayrhofer, “Shakeunlock: Securely transfer authentication states between mobile devices,” IEEE Transactions on Mobile Computing (IEEE TMC), vol. 16, p. 1175, 04/2017 2017. [ bib | DOI | conference link | .pdf ]
As users start carrying multiple mobile devices, we propose a novel, token based mobile device unlocking approach. Mobile devices are conjointly shaken to transfer the authentication state from an unlocked token device to another device to unlock it. A common use case features a wrist watch as token device, which remains unlocked as long as it is strapped to the users wrist, and a locked mobile phone, which is unlocked if both devices are shaken conjointly. Shaking can be done single-handedly, requires little user attention (users dont have to look at the device for unlocking it) and does not cause additional cognitive load on users. In case attackers gain control over the locked phone, forging shaking is difficult, which impedes malicious unlocks. We evaluate our approach using acceleration records from our 29 people sized ShakeUnlock database and discuss influence of its constituent parts on the system performance. We further present a performance study using an Android implementation and live data, which shows the true negative rate of observational attacks to be in the range of 0.8 - if an attacker manages to gain control over the locked device and shake it in parallel to the device owner shaking the token device.

Keywords: authentication, Mobile environments, Security and Privacy Protection, Time series analysis
[5] P. Riedl, R. Mayrhofer, A. Möller, M. Kranz, F. Lettner, C. Holzmann, and M. Koelle, “Only play in your comfort zone: interaction methods for improving security awareness on mobile devices,” Personal and Ubiquitous Computing, pp. 1--14, March 2015. [ bib | DOI | conference link | .pdf ]
In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.

Keywords: Mobile security; Security zones; Sandboxing; Separation; Compartmentalization
[6] R. Mayrhofer, H. Hlavacs, and R. D. Findling, “Optimal derotation of shared acceleration time series by determining relative spatial alignment,” International Journal of Pervasive Computing and Communications (IJPCC), vol. 11, pp. 454--466, 2015. A preliminary version of this work was published in iiWAS 2014 [?]. [ bib | DOI ]
Purpose: Detecting if two or multiple devices are moved together is an interesting problem for different applications. However, these devices may be aligned arbitrarily with regards to each other, and the three dimensions sampled by their respective local accelerometers can therefore not be directly compared. The typical approach is to ignore all angular components and only compare overall acceleration magnitudes --- with the obvious disadvantage of discarding potentially useful information.
Approach: In this paper, we contribute a method to analytically determine relative spatial alignment of two devices based on their acceleration time series. Our method uses quaternions to compute the optimal rotation with regards to minimizing the mean squared error.
Practical implications: After derotaion, the reference system of one device can be (locally and independently) aligned with the other, and thus that all three dimensions can consequently be compared for more accurate classification.
Findings: Based on real-world experimental data from smart phones and smart watches shaken together, we demonstrate the effectiveness of our method with a magnitude squared coherence metric, for which we show an improved EER of 0.16 (when using derotation) over an EER of 0.18 (when not using derotation).
Originality: Without derotating time series, angular information cannot be used for deciding if devices have been moved together. To the best of our knowledge, this is the first analytic approach to find the optimal derotation of the coordinate systems, given only the two 3D time acceleration series of devices (supposedly) moved together. It can be used as the basis for further research on improved classification towards acceleration-based device pairing.

[7] M. K. Chong, R. Mayrhofer, and H. Gellersen, “A survey of user interaction for spontaneous device association,” ACM Computing Surveys, vol. 47, July 2014. accepted for publication on 2014-03-11. [ bib | DOI | conference link | .pdf ]
In a wireless world, users can establish ad hoc virtual connections between devices that are unhampered by cables. This process is known as spontaneous device association. A wide range of interactive protocols and techniques have been demonstrated in both research and practice, predominantly with a focus on security aspects. In this article, we survey spontaneous device association with respect to the user interaction it involves. We use a novel taxonomy to structure the survey with respect to the different conceptual models and types of user action employed for device association. Within this framework, we provide an in-depth survey of existing techniques discussing their individual characteristics, benefits and issues.

Keywords: Device association, pairing, spontaneous interaction, wireless, user interaction, survey, taxonomy
[8] R. Mayrhofer, “An architecture for secure mobile devices,” Security and Communication Networks, 2014. Significantly revised and extended version of [?], accepted for publication on 2014-03-24, online publication 2014-06-17 (AID SEC1028). [ bib | DOI | http | .pdf ]
Mobile devices such as smart phones have become one of the preferred means of accessing digital services, both for consuming and creating content. Unfortunately, securing such mobile devices is inherently difficult for a number of reasons. In this article, we review recent research results, systematically analyze the technical issues of securing mobile device platforms against different threats, and discuss a resulting and currently unsolved problem: how to create an end-to-end secure channel between the digital service (e.g. a secure wallet application on an embedded smart card or an infrastructure service connected over wireless media) and the user. Although the problem has been known for years and technical approaches start appearing in products, the user interaction aspects have remained unsolved. We discuss the reasons for this difficulty and suggest potential approaches to create human-verifiable secure communication with components or services within partially untrusted devices.

Keywords: mobile device security; user authentication; secure channel; virtualization; embedded smart card
[9] M. Roland, J. Langer, and R. Mayrhofer, “Managing the life cycle of java card applets in other java virtual machines,” International Journal of Pervasive Computing and Communications (IJPCC), vol. 10, pp. 291--312, 2014. A preliminary version of this work was published in MoMM 2013 [?]. [ bib | DOI | conference link | .pdf ]
Purpose - The purpose of this paper is to address the design, implementation, performance and limitations of an environment that emulates a secure element for rapid prototyping and debugging. Today, it is difficult for developers to get access to a near field communication (NFC)-secure element in current smartphones. Moreover, the security constraints of smartcards make in-circuit emulation and debugging of applications impractical. Therefore, an environment that emulates a secure element brings significant advantages for developers.

Design/methodology/approach - The authors' approach to such an environment is the emulation of Java Card applets on top of non-Java Card virtual machines (e.g. Android Dalvik VM), as this would facilitate the use of existing debugging tools. As the operation principle of the Java Card VM is based on persistent memory technology, the VM and applications running on top of it have a significantly different life cycle compared to other Java VMs. The authors evaluate these differences and their impact on Java VM-based Java Card emulation. They compare possible strategies to overcome the problems caused by these differences, propose a possible solution and create a prototypical implementation to verify the practical feasibility of such an emulation environment.

Findings - While the authors found that the Java Card inbuilt persistent memory management is not available on other Java VMs, they present a strategy to model this persistence mechanism on other VMs to build a complete Java Card run-time environment on top of a non-Java Card VM. Their analysis of the performance degradation in a prototypical implementation caused by additional effort put into maintaining persistent application state revealed that the implementation of such an emulation environment is practically feasible.

Originality/value - This paper addresses the problem of emulating a complete Java Card run-time environment on top of non-Java Card virtual machines which could open and significantly ease the development of NFC secure element applications.

[10] R. Mayrhofer, J. Fuss, and I. Ion, “UACAP: A unified auxiliary channel authentication protocol,” IEEE Transactions on Mobile Computing, vol. 12, pp. 710--721, April 2013. [ bib | DOI | conference link | .pdf ]
Authenticating spontaneous interactions between devices and users is challenging for several reasons: the wireless (and therefore invisible) nature of device communication, the heterogeneous nature of devices and lack of appropriate user interfaces in mobile devices, and the requirement for unobtrusive user interaction. The most promising approach that has been proposed in literature involves the exploitation of so-called auxiliary channels for authentication to bridge the gap between usability and security. This concept has spawned the independent development of various authentication methods and research prototypes, that, unfortunately, remain hard to compare and interchange and are rarely available to potential application developers. We present a novel, unified cryptographic authentication protocol framework (UACAP) to unify these approaches and analyze its security properties. This protocol and a selection of auxiliary channels aimed at authentication of mobile devices has been implemented and released in an open source ubiquitous authentication toolkit (OpenUAT). We also present an initial user study evaluating four of these channels.

[11] R. Findling and R. Mayrhofer, “Towards pan shot face unlock: Using biometric face information from different perspectives to unlock mobile devices,” International Journal of Pervasive Computing and Communications (IJPCC), vol. 9, pp. 190--208, 2013. A preliminary version of this work was published in MoMM 2012 [?] with a limited set of classifiers and a significantly smaller data set used for evaluation. [ bib | DOI | conference link | .pdf ]
Purpose – Personal mobile devices currently have access to a significant portion of their user's private sensitive data and are increasingly used for processing mobile payments. Consequently, securing access to these mobile devices is a requirement for securing access to the sensitive data and potentially costly services. The authors propose and evaluate a first version of a pan shot face unlock method: a mobile device unlock mechanism using all information available from a 180° pan shot of the device around the user's head – utilizing biometric face information as well as sensor data of built-in sensors of the device. The paper aims to discuss these issues. Design/methodology/approach – This approach uses grayscale 2D images, on which the authors perform frontal and profile face detection. For face recognition, the authors evaluate different support vector machines and neural networks. To reproducibly evaluate this pan shot face unlock toolchain, the authors assembled the 2013 Hagenberg stereo vision pan shot face database, which the authors describe in detail in this article. Findings – Current results indicate that the approach to face recognition is sufficient for further usage in this research. However, face detection is still error prone for the mobile use case, which consequently decreases the face recognition performance as well. Originality/value – The contributions of this paper include: introducing pan shot face unlock as an approach to increase security and usability during mobile device authentication; introducing the 2013 Hagenberg stereo vision pan shot face database; evaluating this current pan shot face unlock toolchain using the newly created face database.

[12] R. Mayrhofer, A. Sommer, and S. Saral, “Air-writing: A platform for scalable, privacy-preserving, spatial group messaging,” International Journal of Pervasive Computing and Communications (IJPCC), vol. 8, pp. 53--78, 2012. A preliminary version of this work was published in iiWAS 2010 [?]. [ bib | DOI | conference link | .pdf ]
Spatial messaging is a direct extension to text and other multi-media messaging services that have become highly popular with the current pervasiveness of mobile communication. It offers benefits especially to mobile computing, providing localized and therefore potentially more appropriate delivery of nearly arbitrary content. Location is one of the most interesting attributes that can be added to messages in current applications, including gaming, social networking, or advertising services. However, location is also highly critical in terms of privacy. If a spatial messaging platform could collect the location traces of all its users, detailed profiling would be possible - and, considering commercial value of such profiles, likely.

[13] R. Mayrhofer and H. Gellersen, “Shake well before use: Intuitive and secure pairing of mobile devices,” IEEE Transactions on Mobile Computing, vol. 8, pp. 792--806, June 2009. revised and extended version of [?]. [ bib | conference link | .pdf ]
A challenge in facilitating spontaneous mobile interactions is to provide pairing methods that are both intuitive and secure. Simultaneous shaking is proposed as a novel and easy-to-use mechanism for pairing of small mobile devices. The underlying principle is to use common movement as a secret that the involved devices share for mutual authentication. We present two concrete methods, ShaVe and ShaCK, in which sensing and analysis of shaking movement is combined with cryptographic protocols for secure authentication. ShaVe is based on initial key exchange followed by exchange and comparison of sensor data for verification of key authenticity. ShaCK, in contrast, is based on matching features extracted from the sensor data to construct a cryptographic key. The classification algorithms used in our approach are shown to robustly separate simultaneous shaking of two devices from other concurrent movement of a pair of devices, with a false negative rate of under 12 percent. A user study confirms that the method is intuitive and easy to use, as users can shake devices in an arbitrary pattern.

[14] R. Mayrhofer and H. Gellersen, “Spontaneous mobile device authentication based on sensor data,” Information Security Technical Report, vol. 13, pp. 136--150, August 2008. presents a summary and extension of four previous conference papers [?]. [ bib | DOI | conference link | .pdf ]
Small, mobile devices or infrastructure devices without user interfaces, such as Bluetooth headsets, wireless LAN access points, or printers, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. In this article, we describe three different authentication methods for device-to-device authentication based on sensor data from various physical out-of-band channels: shaking devices together, authentication based on spatial reference, and transmission via visible laser.

[15] A. Ferscha, M. Hechinger, A. Riener, M. dos Santos Rocha, A. Zeidler, M. Franz, and R. Mayrhofer, “Peer-it: Stick-on solutions for networks of things,” Pervasive and Mobile Computing, pp. 448--479, 2008. [ bib ]
[16] A. Ferscha, M. Hechinger, M. dos Santos Rocha, R. Mayrhofer, A. Zeidler, A. Riener, and M. Franz, “Building flexible manufacturing systems based on peer-its,” EURASIP Journal on Embedded Systems, vol. 2008, 2008. Article ID 267560. [ bib | DOI | http ]
[17] R. Mayrhofer and R. Gostner, “Using a spatial context authentication proxy for establishing secure wireless connections,” Journal of Mobile Multimedia, vol. 3, pp. 198--217, March 2007. [ bib | .pdf ]
Spontaneous interaction in wireless ad-hoc networks is often desirable not only between users or devices in direct contact, but also with devices that are accessible only via a wireless network. Secure communication with such devices is difficult because of the required authentication, which is often either password- or certificate-based. An intuitive alternative is context-based authentication, where device authenticity is verified by shared context, and often by direct physical evidence. Devices that are physically separated cannot experience the same context and thus cannot benefit directly from context authentication. We introduce a context authentication proxy that is pre-authenticated with one of the devices and can authenticate with the other by shared context. This concept is applicable to a wide range of application scenarios, context sensing technologies, and trust models. We show its practicality in an implementation for setting up IPSec connections based on spatial reference. Our specific scenario is ad-hoc access of mobile devices to secure 802.11 WLANs using a mobile device as authentication proxy. A user study shows that our method and implementation are intuitive to use and compare favourably to a standard, password-based approach.

[18] R. Mayrhofer, H. Radi, and A. Ferscha, “Recognizing and predicting context by learning from user behavior,” Radiomatics: Journal of Communication Engineering, special issue on Advances in Mobile Multimedia, vol. 1, pp. 30--42, May 2004. extended version of [?]. [ bib | .pdf ]
Current mobile devices like mobile phones or personal digital assistants have become more and more powerful; they already offer features that only few users are able to exploit to their whole extent. With a number of upcoming mobile multimedia applications, ease of use becomes one of the most important aspects. One way to improve usability is to make devices aware of the user’s context, allowing them to adapt to the user instead of forcing the user to adapt to the device. Our work is taking this approach one step further by not only reacting to the current context, but also predicting future context, hence making the devices proactive. Mobile devices are generally suited well for this task because they are typically close to the user even when not actively in use. This allows such devices to monitor the user context and act accordingly, like automatically muting ring or signal tones when the user is in a meeting or selecting audio, video or text communication depending on the user’s current occupation. This article presents an architecture that allows mobile devices to continuously recognize current and anticipate future user context. The major challenges are that context recognition and prediction should be embedded in mobile devices with limited resources, that learning and adaptation should happen on-line without explicit training phases and that user intervention should be kept to a minimum with non-obtrusive user interaction. To accomplish this, the presented architecture consists of four major parts: feature extraction, classification, labeling and prediction. The available sensors provide a multi-dimensional, highly heterogeneous input vector as input to the classification step, realized by data clustering. Labeling associates recognized context classes with meaningful names specified by the user, and prediction allows forecasting future user context for proactive behavior.

[19] A. Ferscha, M. Hechinger, R. Mayrhofer, and R. Oberhauser, “A peer-to-peer light-weight component model for context-aware smart space applications,” International Journal of Wireless and Mobile Computing (IJWMC), special issue on Mobile Distributed Computing, 2004. extended version of [?]. [ bib | .pdf ]
Abstract—Mobile Peer-to-Peer (P2P) computing applications involve collections of heterogeneous and resource-limited devices (such as PDAs or embedded sensor-actuator systems), typically operated in ad-hoc completely decentralized networks and without requiring dedicated infrastructure support. Short-range wireless communication technologies together with P2P networking capabilities on mobile devices are responsible for a proliferation of such applications, yet these applications are often complex and monolithic in nature due to the lack of lightweight component/container support in these resource-constrained devices. A threatening field of application is “smart space” control, i.e. software architectures to control various home appliances and embedded home facilities in a personalized, spontaneous and intuitive way. Future home environments are expected to be highly populated by ubiquitous computing technology, allowing to integrate various aspects of home activities seamlessly into walls, floors, furniture, appliances, and even clothing – thus raising the need for lightweight, versatile and component based software architectures to harness such technology rich environments. In this paper we describe our lightweight software component model P2Pcomp that addresses the development needs for mobile P2P applications. An abstract, flexible, and high-level communication mechanism among components is developed via a ports concept, supporting protocol independence, location independence, and (a)synchronous invocations; dependencies are not hard-coded in the components, but can be defined at deployment or runtime, providing late-binding and dynamic rerouteability capabilities. Peers can elect to provide services as well as consume them, services can migrate between containers, and services are ranked to support Quality-of-Service choices. Our lightweight container realization leverages the OSGi platform and can utilize various P2P communication mechanisms such as JXTA. A “smart space” application scenario demonstrates how P2Pcomp supports flexible and highly tailorable mobile P2P applications.

[20] R. Mayrhofer, S. Sigg, and V. Mohan, “Adversary models for mobile device authentication,” submitted for review. [ bib ]