Refereed papers

[1] M. Rigger, R. Schatz, R. Mayrhofer, M. Grimmer, and H. Mössenböck, “Sulong, and thanks for all the bugs: Finding errors in c programs by abstracting from the native execution model,” in Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018, 2018. [ bib | DOI ]
[2] M. Muaaz and R. Mayrhofer, “Accelerometer based gait recognition using adapted gaussian mixture models,” in Proceedings of the 14th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2016), (Singapore), pp. 288--291, ACM, 11/2016 2016. [ bib | DOI ]
Keywords: Accelerometer; gait recognition; Gaussian Mixture Models; segmentation; variance
[3] G. Schoiber, R. Mayrhofer, and M. Hölzl, “DAMN - a debugging and manipulation tool for android applications,” in Proceedings of the 14th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2016), (Singapore), pp. 40--44, ACM, ACM, 11/2016 2016. [ bib | DOI ]
Keywords: Android; Code Analysis; Debugging; Reverse Engineering
[4] M. Hölzl, M. Roland, and R. Mayrhofer, “Real-world identification: Towards a privacy-aware mobile eID for physical and offline verification,” in Proceedings of the 14th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2016), (Singapore), p. 280–283, ACM, ACM, 11/2016 2016. [ bib | DOI ]
There are many systems that provide users with an electronic identity (eID) to sign documents or authenticate to online services (e.g. governmental eIDs, OpenID). However, current solutions lack in providing proper techniques to use them as regular ID cards that digitally authenticate their holders to another physical person in the real world. We envision a fully mobile eID which provides such functionality in a privacy-preserving manner, fulfills requirements for governmental identities with high security demands (such as driving licenses, or passports) and can be used in the private domain (e.g. as loyalty cards). In this paper, we present potential use cases for such a flexible and privacy-preserving mobile eID and discuss the concept of privacy-preserving attribute queries. Furthermore, we formalize necessary functional, mobile, security, and privacy requirements, and present a brief overview of potential techniques to cover all of them.

Keywords: electronic identities; mobile eID; Privacy; requirements
[5] R. D. Findling, M. Hölzl, and R. Mayrhofer, “Mobile gait match-on-card authentication from acceleration data with offline-simplified models,” in Proceedings of the 14th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2016), (Singapore), pp. 250--260, ACM, ACM, 11/2016 2016. [ bib | DOI ]
Biometrics have become important for authentication on mobile devices, e.g. to unlock devices before using them. One way to protect biometric information stored on mobile devices from disclosure is using embedded smart cards (SCs) with biometric match-on-card (MOC) approaches. Com- putational restrictions of SCs thereby also limit biometric matching procedures. We present a mobile MOC approach that uses offline training to obtain authentication models with a simplistic internal representation in the final trained state, whereat we adapt features and model representation to enable their usage on SCs. The obtained model is used within SCs on mobile devices without requiring retraining when enrolling individual users. We apply our approach to acceleration based mobile gait authentication, using a 16 bit integer range Java Card, and evaluate authentication performance and computation time on the SC using a pub- licly available dataset. Results indicate that our approach is feasible with an equal error rate of ˜12% and a computation time below 2s on the SC, including data transmissions and computations. To the best of our knowledge, this thereby represents the first practically feasible approach towards acceleration based gait match-on-card authentication.

Keywords: Acceleration; authentication; gait; match-on-card; mobile biometrics; smart card
[6] D. Hintze, S. Scholz, E. Koch, and R. Mayrhofer, “Location-based risk assessment for mobile authentication,” in 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing, UbiComp Adjunct 2016, Heidelberg, Germany, September 12-16, 2016, (Heidelberg, Germany), pp. 85--88, ACM, ACM, 09/2016 2016. [ bib | DOI ]
Mobile devices offer access to our digital lives and thus need to be protected against the risk of unauthorized physical access by applying strong authentication, which in turn adversely affects usability. The actual risk, however, depends on dynamic factors like day and time. In this paper we discuss the idea of using location-based risk assessment in combination with multi-modal biometrics to adjust the level of authentication necessary to the situational risk of unauthorized access.

Keywords: authentication; biometrics; risk assessment
[7] D. Hintze, R. D. Findling, M. Muaaz, E. Koch, and R. Mayrhofer, “CORMORANT: Towards continuous risk-aware multi-modal cross-device authentication,” in Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers: Adjunct Publication (UbiComp 2015), UbiComp '15, (New York, NY, USA), pp. 169--172, ACM, 2015. [ bib | DOI | http ]
Keywords: authentication, biometrics, risk assessment
[8] D. Hintze, M. Muaaz, R. D. Findling, S. Scholz, E. Koch, and R. Mayrhofer, “Confidence and risk estimation plugins for multi-modal authentication on mobile devices using CORMORANT,” in 13th International Conference on Advances in Mobile Computing and Multimedia (MoMM 2015), (Brussels, Belgium), p. 384–388, ACM, ACM, 12/2015 2015. [ bib | DOI ]
Mobile devices, ubiquitous in modern lifestyle, embody and provide convenient access to our digital lives. Being small and mobile, they are easily lost or stole, therefore require strong authentication to mitigate the risk of unauthorized access. Common knowledge-based mechanism like PIN or pattern, however, fail to scale with the high frequency but short duration of device interactions and ever increasing number of mobile devices carried simultaneously. To overcome these limitations, we present CORMORANT, an extensible framework for risk-aware multi-modal biometric authentication across multiple mobile devices that offers increased security and requires less user interaction.

Keywords: biometrics; multi-modal authentication; risk assessment
[9] M. Muaaz and R. Mayrhofer, “Cross pocket gait authentication using mobile phone based accelerometer sensor,” in Proc. EUROCAST 2015: 15th International Conference on Computer Aided Systems Theory, LNCS, pp. 731--738, Feb. 2015. [ bib | DOI ]
[10] R. D. Findling and R. Mayrhofer, “Towards device-to-user authentication: Protecting against phishing hardware by ensuring mobile device authenticity using vibration patterns,” in Proc. MUM 2015: 14th International Conference on Mobile and Ubiquitous Multimedia, ACM, Dec. 2015. [ bib ]
Users usually authenticate to mobile devices before using them (e.g PIN, password), but devices do not do the same to users. Revealing the authentication secret to a non-authenticated device potentially enables attackers to obtain the secret, by replacing the device with an identical-looking malicious device. The revealed authentication secret could be transmitted to the attackers immediately, who then conveniently authenticate to the real device. Addressing this attack scenario, we analyze different approaches towards mobile device-to-user (D2U) authentication, for which we provide an overview of advantages/drawbacks, potential risks and device authentication data bandwidth estimations. We further analyze vibration as one D2U feedback channel that is unobtrusive and hard to eavesdrop, including a user study to estimate vibration pattern recognition using a setup of  bits per second (b/s). Study findings indicate that users are able to distinguish vibration patterns with median correctness of 97.5% (without taking training effects into account) - which indicates that vibration could act as authentication feedback channel and should be investigated further in future research.

Keywords: feedback, mobile authentication, Phishing hardware, vibration
[11] D. Hintze, R. D. Findling, S. Scholz, and R. Mayrhofer, “Mobile device usage characteristics: The effect of context and form factor on locked and unlocked usage,” in Proc. MoMM 2014: 12th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 105--114, ACM Press, December 2014. [ bib | DOI | conference link | .pdf ]
Smartphones and tablets are an indispensable part of modern communication and people spend considerable time interacting with their devices every day. While substantial research has been conducted concerning smartphone usage, little is known about how tablets are used. This paper studies mobile device usage characteristics like session length, interaction frequency, and daily usage in locked and unlocked state with respect to location context. Based on logs from 1,585 Android devices (470 years of total usage time), we derive and analyze 23 million usage sessions. We found that devices remain locked for 60% of the interactions and usage at home occurs twice as frequent as at work. With an average of 58 interactions per day, smartphones are used twice as often as tablets, while tablet sessions are 2.5 times longer, resulting in almost equal aggregated daily usage. We conclude that usage session characteristics differ considerably between tablets and smartphones.

Keywords: Daily interactions, Device unlocking, Locked usage, Session length, Smartphone, Tablet, Usage session, User context
[12] M. Muaaz and R. Mayrhofer, “Orientation independent cell phone based gait authentication,” in Proc. MoMM 2014: 12th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 161--164, ACM Press, December 2014. [ bib | DOI | conference link | .pdf ]
Gait authentication using a cell phone based accelerometer sensor offers an unobtrusive, user-friendly, and periodic way of authenticating individuals on their cell phones. In this study, we present an approach to deal with inevitable errors induced by continuously changing sensor orientation and other noise under a realistic scenario (when the phone is placed inside the trouser pockets and the user is walking) by using the magnitude data of tri-axes accelerometer and wavelet based noise elimination modules. This study utilizes a gait data set of 35 participants collected at their respective normal walking pace in two different sessions with an average gap of 25 days between the sessions.

Keywords: accelerometer, gait recognition, segmentation, variance, wavelets
[13] R. D. Findling, M. Muaaz, D. Hintze, and R. Mayrhofer, “Shakeunlock: Securely unlock mobile devices by shaking them together,” in Proc. MoMM 2014: 12th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 165--174, ACM Press, December 2014. awarded best MoMM 2014 paper. [ bib | DOI | conference link | .pdf ]
ABSTRACT The inherent weakness of typical mobile device unlocking approaches (PIN, password, graphic pattern) is that they demand time and attention, leading a majority of end users to disable them, effectively lowering device security.

We propose a method for unlocking mobile devices by shaking them together, implicitly passing the unlocked state from one device to another. One obvious use case includes a locked mobile phone and a wrist watch, which remains unlocked as long as strapped to the user’s wrist. Shaking both devices together generates a one-time unlocking event for the phone without the user interacting with the screen. We explicitly analyze the usability critical impact of shaking duration with respect to the level of security. Results indicate that unlocking is possible with a true match rate of 0.795 and true non match rate of 0.867 for a shaking duration as short as two seconds.

Keywords: accelerometer; authentication; frequency domain; mobile devices; shaking; time series analysis; usability;
[14] R. Mayrhofer, H. Hlavacs, and R. D. Findling, “Optimal derotation of shared acceleration time series by determining relative spatial alignment,” in Proc. iiWAS 2014: 16th International Conference on Information Integration and Web-based Applications & Services, (New York, NY, USA), pp. 71--78, ACM Press, December 2014. awarded best iiWAS 2014 paper. [ bib | conference link | .pdf ]
Detecting if two or multiple devices are moved together is an interesting problem for different applications. However, these devices may be aligned arbitrarily with regards to each other, and the three dimensions sampled by their respective local accelerometers can therefore not be directly compared. The typical approach is to ignore all angular components and only compare overall acceleration magnitudes -- with the obvious disadvantage of discarding potentially useful information. In this paper, we contribute a method to ana- lytically determine relative spatial alignment of two devices based on their acceleration time series. Our method uses quaternions to compute the optimal rotation with regards to minimizing the mean squared error. The implication is that the reference system of one device can be (locally and independently) aligned with the other, and thus that all three dimensions can consequently be compared for more accurate classification. Based on real-world experimental data from smart phones and smart watches shaken together, we demonstrate the effectiveness of our method with a magnitude squared coherence metric, for which we show an im- proved EER of 0.16 (when using derotation) over an EER of 0.18 (when not using derotation).

Keywords: Accelerometer time series; spatial alignment; quaternion rotation
[15] D. Hintze, R. D. Findling, M. Muaaz, S. Scholz, and R. Mayrhofer, “Diversity in locked and unlocked mobile device usage,” in Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication (UbiComp 2014), pp. 379--384, ACM Press, 2014. winner of UbiComp/ISWC 2014 Programming Competition. [ bib | DOI | conference link | http ]
We analyze locked and unlocked mobile device usage of 1 960 Android smartphones. Based on approximately 10TB of mobile device data logs collected by the Device Analyzer project, we derive 6.9 million usage sessions using a screen power state machine based approach. From these session we examine the number of interactions per day, the average interaction duration as well as the total daily device usage time. Findings indicate that on average users interact with their devices 117 minutes a day, separated over 57 interactions -- while unlocking their device only 43% of the time (e. g. to check for notifications).

[16] M. Hölzl, E. Asnake, R. Mayrhofer, and M. Roland, “Mobile application to java card applet communication using a password-authenticated secure channel,” in Proc. MoMM 2014: 12th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 147--156, ACM Press, Dec. 2014. [ bib | DOI | conference link | .pdf ]
With the increasing popularity of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing, or mobile digital identities, challenges for the protection of personal and security sensitive data of these use cases emerged. A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications. To address this issue we present a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a), an authenticated key agreement protocol, with a user-provided password at run-time. By exploiting the Java Card cryptographic API and minor adaptations to the protocol, which do not affect the security, we were able to implement this scheme on Java Cards with reasonable computation time.

Keywords: Java Card, smart card, SRP-6a, secure channel, secure element, mobile devices
[17] J. González, M. Hölzl, P. Riedl, P. Bonnet, and R. Mayrhofer, “A practical hardware-assisted approach to customize trusted boot for mobile devices,” in Information Security Conference (ISC 2014), (Hong Kong), Springer International Publishing, Springer International Publishing, 2014. [ bib ]
[18] R. Findling, F. Wenny, C. Holzmann, and R. Mayrhofer, “Range face segmentation: Face detection and segmentation for authentication in mobile device range images,” in Proc. MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 260--269, ACM Press, December 2013. [ bib | conference link | .pdf ]
Face detection (finding faces of different perspectives in images) is an important task as prerequisite to face recognition. This is especially difficult in the mobile domain, as bad image quality and illumination conditions lead to overall reduced face detection rates. Background information still present in segmented faces and unequally normalized faces further decrease face recognition rates. We present a novel approach to robust single upright face detection and segmentation from different perspectives based on range information (pixel values corresponding to the camera-object distance). We use range template matching for finding the face's coarse position and gradient vector flow (GVF) snakes for precisely segmenting faces. We further evaluate our approach on range faces from the u'smile face database, then perform face recognition using the segmented faces to evaluate and compare our approach with previous research. Results indicate that range template matching might be a good approach to finding a single face; in our tests we achieved an error free detection rate and average recognition rates above 98%/96% for color/range images.

Keywords: face detection, face segmentation, mobile device, Range images, snakes, template matching
[19] M. Hölzl, R. Mayrhofer, and M. Roland, “Requirements for an open ecosystem for embedded tamper resistant hardware on mobile devices,” in Proc. MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 249--252, ACM Press, December 2013. [ bib | conference link | .pdf ]
Insufficient security and privacy on mobile devices have made it difficult to utilize sensitive systems like mobile banking, mobile credit cards, mobile ticketing or mobile passports. Solving these challenges in security and privacy, could result in better mobility and a higher level of confidence for the end-user services in such systems. Our approach for a higher security and privacy level on mobile devices introduces an open ecosystem for tamper resistant hardware. Big advantages of these modules are the protection against unauthorized access and the on-device cryptographic operations they can perform. In this paper, we analyse the requirements and performance restrictions of these hardware modules and present an interface concept for a tight integration of their security features.

Keywords: open ecosystem, secure element, Tamper resistant hardware, transparent secure channel, trusted execution environment
[20] M. Muaaz and R. Mayrhofer, “An analysis of different approaches to gait recognition using cell phone based accelerometer,” in Proc. MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 293--300, ACM Press, December 2013. [ bib | conference link | .pdf ]
[21] P. Riedl, P. Koller, R. Mayrhofer, M. Kranz, A. Möller, and M. Koelle, “Visualizations and switching mechanisms for security zones,” in Proc. MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 278--281, ACM Press, December 2013. [ bib | conference link | .pdf ]
[22] M. Roland, J. Langer, and R. Mayrhofer, “(ab)using foreign vms: Running java card applets in non-java card virtual machines,” in Proc. MoMM 2013: 11th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 286--292, ACM Press, December 2013. [ bib | conference link | .pdf ]
[23] R. Mayrhofer, “When users cannot verify digital signatures: On the difficulties of securing mobile devices,” in Proc. HPCC 2013: 15th IEEE International Conference on High Performance Computing and Communications, (Washington, DC, USA), pp. 1579--1584, IEEE CS Press, November 2013. [ bib | conference link | .pdf ]
[24] R. Findling and R. Mayrhofer, “Towards secure personal device unlock using stereo camera pan shots,” in Proc. EUROCAST 2013: 14th International Conference on ComputerAided Systems Theory, LNCS, (Berlin, Heidelberg, Wien), pp. 417--425, Springer-Verlag, February 2013. [ bib | conference link | .pdf ]
[25] R. Findling and R. Mayrhofer, “Towards face unlock: On the difficulty of reliably detecting faces on mobile phones,” in Proc. MoMM 2012: 10th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), ACM Press, December 2012. [ bib | conference link | .pdf ]
[26] B. Groza and R. Mayrhofer, “SAPHE - simple accelerometer based wireless pairing with heuristic trees,” in Proc. MoMM 2012: 10th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 161--168, ACM Press, December 2012. [ bib | conference link | .pdf ]
[27] R. Mayrhofer and T. Kaiser, “Towards usable authentication on mobile phones: An evaluation of speaker and face recognition on off-the-shelf handsets,” in Proc. IWSSI/SPMU 2012: 4th International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, colocated with Pervasive 2012, June 2012. available online at [ bib | conference link | .pdf ]
Authenticating users on mobile devices is particularly challenging because of usability concerns: authentication must be quick and as unobtrusive as possible. Therefore, biometric methods seem well suited for mobile phones. We evaluate both speaker and face recognition methods on off-the-shelf mobile devices concerning their accuracy, suitability for dealing with low-quality recordings, and running with limited resources. Our results show that speaker and face recognition can realistically be used on mobile phones, but that improvements -- e.g. in the form of combining multiple methods -- are still necessary and subject to future work.

[28] P. Riedl and R. Mayrhofer, “Towards a practical, scalable self-localization system for Android phones based on WLAN fingerprinting,” in Proc. ICDCSW 2012: 32nd International Conference on Distributed Computing Systems Workshops, (Washington, DC, USA), pp. 98--101, IEEE CS Press, June 2012. [ bib | DOI | .pdf ]
Indoor localization is becoming increasingly important for mobile applications. WLAN fingerprinting is a compelling technique because it builds upon existing infrastructure and client hardware available in off-the-shelf mobile devices. We evaluate different methods for WLAN fingerprint classification with a focus on on-device localization. The main scientific contribution of this approach is that any Android based device can localize itself (without any server being able to determine the current location) using existing WLAN infrastructure (no additional access points have to be installed, the firmware of existing access points doesn't have to be changed). This approach was chosen to make indoor localization feasible in non-academic use cases. With a functional implementation and a simple procedure for collecting WLAN fingerprints, we currently achieve an accuracy of 4m in 90% of all cases with a mean error of only 2.2m when the same device is used for training and testing. Next steps are calibration between different mobile devices, post-processing in terms of movement, and automatic downloading of the required WLAN fingerprint databases on a global scale.

[29] M. Tschernuth, M. Lettner, and R. Mayrhofer, “Unify localization using user interface description languages and a navigation context-aware translation tool,” in Proc. EICS 2012: 4th ACM SIGCHI symposium on Engineering interactive computing systems, pp. 179--188, ACM, June 2012. [ bib | DOI | conference link ]
The past few years have shown a tendency from desktop software development towards mobile application development due to the increasing amount of smartphone users and available devices. Compared to traditional desktop applications, requirements are different in the mobile world. Due to the massive amount of mobile applications it is important to bring a new idea to the market very quickly and concurrently target a large number of users all over the world. The aspect of localization is crucial if the product should be usable in different countries. The term localization in this context refers to the process of adapting a software to different regions by changing the language, image resources, reading direction or other regional requirements. The proposed solution covers the aspect of string translation, with a focus on devices where the screen area is limited. Translating a software poses a challenge since the text can have several meanings on the one hand and has to match the available screen space on the other hand. Knowing the context and area where a string appears in the user interface can improve the quality and accuracy of the translation. Besides that it reduces efforts for layout implementation and testing. This paper refers to that feature as navigation context-aware. A Context-Aware Translation Tool (CATT) including this feature is presented. As an input for the tool a user interface description language (UIDL) is used which contributes platform independence to the tool. To increase the applicability of the tool to a number of description languages, a meta-model was created which specifies crucial compatibility requirements. An evaluation of existing languages regarding their compatibility to the proposed model and a discussion of limitations is included.

[30] P. Klingelhuber and R. Mayrhofer, “Private Notes: Encrypted xml notes synchronization and sharing with untrusted web services,” in Proc. iiWAS2011: 13th International Conference on Information Integration and Web-based Applications & Services, (New York, NY, USA), ACM Press, December 2011. [ bib | conference link | .pdf ]
Personal notes, even when shared with others, often contain highly sensitive information. From a security and privacy point of view, currently available (web) services that upload such personal notes to potentially untrusted third party servers are therefore problematic and we suggest to encrypt all notes before transferring them from the user's personal device. However, synchronization and sharing of encrypted data is a non-trivial issue, because conflict resolution and merging algorithms need to be applied to plain-text content. With Private Notes, we propose an architecture for client-side encryption, merge, and conflict handling of personal notes stored in XML format. We adopt the OpenPGP standard for symmetric and asymmetric encryption and WebDAV for synchronizing and sharing notes on arbitrary web servers. Specific implementations in the form of a plug-in for the Tomboy desktop note taking application and the Android and iOS mobile platforms demonstrate the ease of use of encrypted notes sharing.

[31] M. Lettner, M. Tschernuth, and R. Mayrhofer, “Feature interaction analysis in mobile phones: on the borderline between application functionalities and platform components,” in Proc. MoMM 2011: 9th International Conference on Advances in Mobile Computing and Multimedia, (New York, NY, USA), pp. 268--272, ACM Press, December 2011. [ bib ]
[32] M. Lettner, M. Tschernuth, and R. Mayrhofer, “A critical review of applied mda for embedded devices: Identification of problem classes and discussing porting efforts in practice,” in Proc. MODELS 2011: ACM/IEEE 14th International Conference on Model Driven Engineering Languages and Systems, LNCS, (Berlin, Heidelberg, Wien), Springer-Verlag, October 2011. [ bib | conference link ]
Model-driven development (MDD) has seen wide application in research, but still has limitations in real world industrial projects. One project which applies such MDD principles is about developing the software of a feature phone. While advantages seem to outweigh any disadvantages in theory, several problems arise when applying the model-driven methodology in practice. Problems when adopting this approach are shown as well as a practical solution to utilize one of the main advantages of MDD---portability. Issues that originate from using a tool which supports a model-driven approach are presented. A conclusion sums up the personal experiences made when applying MDD in a real world project.

[33] S. Höbarth and R. Mayrhofer, “A framework for on-device privilege escalation exploit execution on Android,” in Proc. IWSSI/SPMU 2011: 3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use, colocated with Pervasive 2011, June 2011. [ bib | conference link | .pdf ]
Exploits on mobile phones can be used for various reasons; a benign one may be to achieve system-level access on a device that was locked by the manufacturer or service provider (also known as `jailbreaking' or `rooting'), while potentially malicious reasons are manifold. Independently of the use case however, a specific exploit is not sufficient to achieve the desired access rights. Typically, exploits provide temporary privilege escalation immediately after their execution. To provide additional access to applications, permanent privilege escalation is required -- in the benign case, including secure access control for the user to decide which (parts of) applications are granted elevated access. In this paper, we present a framework that can use arbitrary temporary exploits on Android devices to achieve permanent `root' capabilities for select (parts of) applications.

[34] M. Lettner, M. Tschernuth, and R. Mayrhofer, “Mobile platform architecture review: Android, iPhone, Qt,” in Proc. EUROCAST 2011: 13th International Conference on Computer Aided Systems Theory, Part II, vol. 6928 of LNCS, (Berlin, Heidelberg, Wien), pp. 545--552, Springer-Verlag, February 2011. [ bib | conference link | .pdf ]
[35] R. Mayrhofer and C. Holzmann, “Friends Radar: Towards a private P2P location sharing platform,” in Proc. EUROCAST 2011: 13th International Conference on Computer Aided Systems Theory, Part II, vol. 6928 of LNCS, (Berlin, Heidelberg, Wien), pp. 528--536, Springer-Verlag, February 2011. [ bib | conference link | .pdf ]
[36] M. Tschernuth, M. Lettner, and R. Mayrhofer, “Evaluation of descriptive user interface methodologies for mobile devices,” in Proc. EUROCAST 2011: 13th International Conference on Computer Aided Systems Theory, Part II, vol. 6928 of LNCS, (Berlin, Heidelberg, Wien), pp. 520--527, Springer-Verlag, February 2011. [ bib | conference link | .pdf ]
[37] R. Mayrhofer, A. Sommer, and S. Saral, “Air-Writing: A platform for scalable, privacy-preserving, spatial group messaging,” in Proc. iiWAS2010: 12th International Conference on Information Integration and Web-based Applications & Services, (New York, NY, USA), pp. 181--189, ACM Press, November 2010. [ bib | conference link | .pdf ]
Spatial messaging is a direct extension to text and other multi-media messaging services that have become highly popular with the current pervasiveness of mobile communication. It offers benefits especially to mobile computing, providing localised and therefore potentially more appropriate delivery of nearly arbitrary content. Location is one of the most interesting attributes that can be added to messages in current applications, including gaming, social networking, or advertising services. However, location is also highly critical in terms of privacy. If a spatial messaging platform could collect the location traces of all its users, detailed profiling would be possible -- and, considering commercial value of such profiles, likely. In this paper, we present Air-Writing, an approach to spatial messaging that fully preserves user privacy while offering global scalability, different client interface options, and flexibility in terms of application areas. We contribute both an architecture and a specific implementation of an attribute based messaging platform with special support for spatial messaging and rich clients for J2ME, Google Android, and Apple iPhone. The centralised client/server approach utilises groups for anonymous message retrieval and client caching and filtering as well as randomised queries for obscuring traces. An initial user study with 20 users shows that the overall concept is easily understandable and that it seems useful to end-users. An analysis of real-world and simulated location traces shows that user privacy can be ensured, but with a trade-off between privacy protection and consumed network resources.

[38] V. Kumar, A. Fensel, S. Tomic, R. Mayrhofer, and T. Pellegrini, “User created machine-readable policies for energy efficiency in smart homes,” in Proc. UCSE 2010, co-located with Ubicomp 2010, September 2010. [ bib | conference link | .pdf ]
The project SESAME utilizes smart metering, building automation and policy-based reasoning to support home owners and building managers in saving energy and in optimizing their energy costs while maintaining their preferred quality of living. In this paper, we present how user-created policies are being applied to develop a system of least interference that supports the user in gaining awareness about energy consumption habits and saving potentials. Proposed concepts are currently being implemented and validated in an extensible demonstrator platform which provides a proof-of-concept for an innovative technical solution.

[39] R. Mayrhofer, S. Winkler, H. Hlavacs, M. Affenzeller, and S. Schneider, “On structural identification of 2d regression functions for in-door bluetooth localization,” in Proc. EUROCAST 2009, vol. 5717 of LNCS, (Berlin, Heidelberg, Wien), pp. 801--808, Springer-Verlag, February 2009. [ bib | .pdf ]
[40] H. Radi and R. Mayrhofer, “Towards alternative user interfaces for capturing and managing tasks with mobile devices,” in Proc. MoMM 2008: 6th International Conference on Advances in Mobile Computing and Multimedia, pp. 272--275, November 2008. [ bib | conference link | .pdf ]
Mobile devices, per definition, are supposed to assist in organizing all kinds of things, also tasks of course, because usually such devices are always at hands. But due to the very limited and time consuming possibilities to interact with such devices many fall back to other means to organize their life, like a simple pencil and paper. We developed a collaborative task repository that facilitates collaboration and teamwork, but on the other hand demands that all tasks have to be entered into that system. Therefore a smart and userfriendly interface to that repository is mandatory. This work presents concepts on how to improve the user interface of mobile devices so that capturing tasks on-the-go becomes feasible. We propose to move away from display driven user interfaces to more sophisticated interfaces that utilize all the sensors and actors of current mobile devices.

[41] R. Mayrhofer and H. Gellersen, “Shake well before use: two implementations for implicit context authentication,” in Adjunct Proc. Ubicomp 2007, pp. 72--75, September 2007. [ bib | conference link | .pdf ]
Secure device pairing is especially difficult for spontaneous interaction in ubiquitous computing environments because of wireless communication, lack of powerful user interfaces, and scalability issues. We demonstrate a method to address this problem for small, mobile devices that does not require explicit user interfaces like displays or key pads. By shaking devices together in one hand for a few seconds, they are securely paired. Device authentication happens implicitly as part of the pairing process without the need for explicit user interaction “just for security”. Our method has been implemented in two variants: first, for high-quality data collection using wired accelerometers; second, using built-in accelerometers in standard Nokia 5500 mobile phones.

[42] R. Mayrhofer, H. Gellersen, and M. Hazas, “Security by spatial reference: Using relative positioning to authenticate devices for spontaneous interaction,” in Proc. Ubicomp 2007: 9th International Conference on Ubiquitous Computing, vol. 4717 of LNCS, (Berlin, Heidelberg, Wien), pp. 199--216, Springer-Verlag, September 2007. [ bib | conference link | .pdf ]
Spontaneous interaction is a desirable characteristic associated with mobile and ubiquitous computing. The aim is to enable users to connect their personal devices with devices encountered in their environment in order to take advantage of interaction opportunities in accordance with their situation. However, it is difficult to secure spontaneous interaction as this requires authentication of the encountered device, in the absence of any prior knowledge of the device. In this paper we present a method for establishing and securing spontaneous interactions on the basis of spatial references that capture the spatial relationship of the involved devices. Spatial references are obtained by accurate sensing of relative device positions, presented to the user for initiation of interactions, and used in a peer authentication protocol that exploits a novel mechanism for message transfer over ultrasound to ensures spatial authenticity of the sender.

[43] R. Mayrhofer, “The candidate key protocol for generating secret shared keys from similar sensor data streams,” in Proc. ESAS 2007: 4th European Workshop on Security and Privacy in Ad hoc and Sensor Networks, vol. 4572 of LNCS, (Berlin, Heidelberg, Wien), pp. 1--15, Springer-Verlag, July 2007. [ bib | conference link | .pdf ]
Secure communication over wireless channels necessitates authentication of communication partners to prevent man-in-the-middle attacks. For spontaneous interaction between independent, mobile devices, no a priori information is available for authentication purposes. However, traditional approaches based on manual password input or verification of key fingerprints do not scale to tens to hundreds of interactions a day, as envisioned by future ubiquitous computing environments. One possibility to solve this problem is authentication based on similar sensor data: when two (or multiple) devices are in the same situation, and thus experience the same sensor readings, this constitutes shared, (weakly) secret information. This paper introduces the Candidate Key Protocol (CKP) to interactively generate secret shared keys from similar sensor data streams. It is suitable for two-party and multi-party authentication, and supports opportunistic authentication.

[44] R. Mayrhofer and H. Gellersen, “Shake well before use: Authentication based on accelerometer data,” in Proc. Pervasive 2007: 5th International Conference on Pervasive Computing, vol. 4480 of LNCS, (Berlin, Heidelberg, Wien), pp. 144--161, Springer-Verlag, May 2007. awarded best Pervasive 2007 paper. [ bib | conference link | .pdf ]
Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method.

[45] R. Mayrhofer and M. Welch, “A human-verifiable authentication protocol using visible laser light,” in Proc. ARES 2007: 2nd International Conference on Availability, Reliability and Security, (Washington, DC, USA), pp. 1143--1147, IEEE CS Press, April 2007. [ bib | conference link | .pdf ]
Securing wireless channels necessitates authenticating communication partners. For spontaneous interaction, authentication must be efficient and intuitive. One approach to create interaction and authentication methods that scale to using hundreds of services throughout the day is to rely on personal, trusted, mobile devices to interact with the environment. Authenticating the resulting device-to-device interactions requires an out-of-band channel that is verifiable by the user. We present a protocol for creating such an out-of-band channel with visible laser light that is secure against man-in-the-middle attacks even when the laser transmission is not confidential. A prototype implementation shows that an appropriate laser channel can be constructed with simple off-the-shelf components.

[46] R. Mayrhofer, “Towards an open source toolkit for ubiquitous device authentication,” in Workshops Proc. PerCom 2007: 5th IEEE International Conference on Pervasive Computing and Communications, (Washington, DC, USA), pp. 247--252, IEEE CS Press, March 2007. Track PerSec 2007: 4th IEEE International Workshop on Pervasive Computing and Communication Security. [ bib | conference link | .pdf ]
Most authentication protocols designed for ubiquitous computing environments try to solve the problem of intuitive, scalable, secure authentication of wireless communication. Due to the diversity of requirements, protocols tend to be implemented within specific research prototypes and can not be used easily in other applications. We propose to develop a common toolkit for ubiquitous device authentication to foster wide usability of research results. This paper outlines design goals and presents a first, freely available implementation.

[47] R. Mayrhofer and H. Gellersen, “On the security of ultrasound as out-of-band channel,” in Proc. IPDPS 2007: 21st IEEE International Parallel and Distributed Processing Symposium, (Washington, DC, USA), p. 321, IEEE CS Press, March 2007. Track SSN 2007: 3rd International Workshop on Security in Systems and Networks. [ bib | conference link | .pdf ]
Ultrasound has been proposed as out-of-band channel for authentication of peer devices in wireless ad hoc networks. Ultrasound can implicitly contribute to secure communication based on inherent limitations in signal propagation, and can additionally be used explicitly by peers to measure and verify their relative positions. In this paper we analyse potential attacks on an ultrasonic communication channel and peer-to-peer ultrasonic sensing, and investigate how potential attacks translate to application-level threats for peers seeking to establish a secure wireless link. Based on our analysis we propose a novel method for authentic communication of short messages over an ultrasonic channel.

[48] R. Mayrhofer, “Extending the growing neural gas classifier for context recognition,” in Proc. EUROCAST 2007: 11th International Conference on Computer Aided Systems Theory, vol. 4739 of LNCS, (Berlin, Heidelberg, Wien), pp. 920--927, Springer-Verlag, February 2007. [ bib | conference link | .pdf ]
Context awareness is one of the building blocks of many applications in pervasive computing. Recognizing the current context of a user or device, that is, the situation in which some action happens, often requires dealing with data from different sensors, and thus different domains. The Growing Neural Gas algorithm is a classification algorithm especially designed for un-supervised learning of unknown input distributions; a variation, the Lifelong Growing Neural Gas (LLGNG), is well suited for arbitrary long periods of learning, as its internal parameters are self-adaptive. These features are ideal for automatically classifying sensor data to recognize user or device context. However, as most classification algorithms, in its standard form it is only suitable for numerical input data. Many sensors which are available on current information appliances are nominal or ordinal in type, making their use difficult. Additionally, the automatically created clusters are usually too fine-grained to distinguish user-context on an application level. This paper presents general and heuristic extensions to the LLGNG classifier which allow its direct application for context recognition. On a real-world data set with two months of heterogeneous data from different sensors, the extended LLGNG classifier compares favorably to k-means and SOM classifiers.

[49] R. Mayrhofer, “A context authentication proxy for IPSec using spatial reference,” in Proc. TwUC 2006: 1st International Workshop on Trustworthy Ubiquitous Computing, pp. 449--462, Austrian Computer Society (OCG), December 2006. awarded best iiWAS/MoMM 2006 workshop paper. [ bib | conference link | .pdf ]
Spontaneous interaction in ad-hoc networks is often desirable not only between users or devices in direct contact, but also with devices that are accessible only via a wireless network. Secure communication with such devices is difficult because of the required authentication, which is often either password- or certificate-based. An intuitive alternative is context-based authentication, where device authenticity is verified by shared context, and often by direct physical evidence. Devices that are physically separated can not experience the same context and can thus not benefit directly from context authentication. We introduce a context authentication proxy that is pre-authenticated with one of the devices and can authenticate with the other by shared context. This concept is applicable to a wide range of application scenarios, context sensing technologies, and trust models. We show its practicality in an implementation for setting up IPSec connections based on spatial reference. Our specific scenario is ad-hoc access of mobile devices to secure 802.11 WLANs using a PDA as authentication proxy.

[50] R. Mayrhofer, “Technische Hintergründe für das rechtliche Handeln im Internet,” in Aktuelles zum Internet-Recht, pp. 1--16,, December 2005. [ bib | conference link | .pdf ]
Internet-Recht bewegt sich grundsätzlich an der Schnittstelle zwischen Gesetzgebung und Technik. Wie an vielen Schnittstellen gibt es auch hier Schwierigkeiten zu überwinden, und zwar nicht nur in der Findung gemeinsamer Ziele, Arbeitsgruppen und schlussendlich Lösungen, sondern vor allem im gegenseitigen Verständnis der den jeweils anderen Bereich betreffenden Probleme. Dieser Beitrag soll die technischen Hintergründe einiger aktueller Themen an dieser Schnittstelle allgemein verständlich näher bringen. Die Auswahl an Themen, welche aus technischer Sicht einer Klärung durch die Gesetzgebung bedürfen bzw. derer, die durch neue Gesetze die Entwicklung neuer technischer Systeme erfordern, ist derzeit kaum mehr überschaubar und wächst weiter. Daher erfolgt in diesem Beitrag eine Konzentration auf die technischen Grundlagen für viele dieser Themen sowie auf eine kleine Auswahl von Themen, die von allgemeinem, auch öffentlichem bzw. gesellschaftlichem Interesse sind. Konkret werden die folgenden Themen angesprochen: Grundlagen der Kryptographie, Sichere Signatur, Digitales Rechte Management (DRM) und Peer-to-Peer Systeme. Diese Themen stellen eine subjektive Auswahl dar, sollten jedoch die derzeit am stärksten – auch durch die Tagespresse – diskutierten Gebiete abdecken. Der Beitrag ist auf Leser ohne technisches Detailwissen ausgerichtet, Erfahrung im Um- gang mit Computersystemen, also zum Beispiel mit Webbrowsern und Emailprogrammen, wird jedoch angenommen.

[51] A. Ferscha, M. Hechinger, R. Mayrhofer, E. Chtcherbina, M. Franz, M. dos Santos Rocha, and A. Zeidler, “Bridging the gap with P2P patterns,” in Proceedings of the Workshop on Smart Object Systems, September 2005. in conjunction with the Seventh International Conference on Ubiquitous Computing (UbiComp 2005). [ bib | conference link | .pdf ]
Abstract The design principles of pervasive computing software architectures are widely driven by the need for opportunistic interaction among distributed, mobile and heterogeneous entities in the absence of global knowledge and naming conventions. Peer-to-Peer (P2P) frameworks have evolved, abstracting the access to shared, while distributed information. To bridge the architectural gap between P2P applications and P2P frameworks we propose patterns as an organizational schema for P2P based software systems. Our Peer-it hardware platform is used to demonstrate an application in the domain of flexible manufacturing systems.

[52] R. Mayrhofer, “Context prediction based on context histories: Expected benefits, issues and current state-of-the-art,” in Proc. ECHISE 2005: 1st International Workshop on Exploiting Context Histories in Smart Environments (T. Prante, B. Meyers, G. Fitzpatrick, and L. D. Harvel, eds.), May 2005. part of the Third International Conference on Pervasive Computing (PERVASIVE 2005). [ bib | conference link | .pdf ]
This paper presents the topic of context prediction as one possibility to exploit context histories. It lists some expected benefits of context prediction for certain application areas and discusses the associated issues in terms of accuracy, fault tolerance, unobtrusive operation, user acceptance, problem complexity and privacy. After identifying the challenges in context prediction, a first approach is summarized briefly. This approach, when applied to recorded context histories, builds upon three steps of a previously introduced software architecture: feature extraction, classification and prediction. Open issues remain in the areas of prediction accuracy, dealing with limited resources, sharing of context information and user studies.

[53] R. Mayrhofer, “Eine Architektur zur Kontextvorhersage,” in Ausgezeichnete Informatikdissertationen 2004, vol. D-5 of Series of the German Informatics society (GI), pp. 125--134, Lecture Notes in Informatics (LNI), May 2005. [ bib | .pdf ]
So genannte “kontextsensitive Systeme” haben zum Ziel, die eingesetzten Computersysteme automatisch an die aktuellen Situationen anzupassen und damit bessere Interaktion mit der Umgebung zu ermöglichen. Diese Arbeit befasst sich mit dem nächsten logischen Schritt nach der Erkennung des jeweils aktuellen Kontextes, nämlich der Vorhersage zukünftiger Kontexte. Zu diesem Zweck wurde eine mehrschrittige Software-Architektur entwickelt, welche aus den Daten mehrerer einfacher Sensoren die aktuellen und zukünftig erwarteten Kontexte gewinnt. Die entwickelte Architektur wurde bereits in Form eines flexiblen Software-Frameworks umgesetzt und mit aufgezeichneten Daten aus alltäglichen Situationen evaluiert. Diese Betrachtung zeigt, dass die Vorhersage abstrakter Kontexte in Grenzen bereits möglich ist, jedoch noch Raum für Verbesserungen der Vorhersagequalität in zukünftigen Arbeiten offen bleibt.

[54] A. Ferscha, M. Hechinger, R. Mayrhofer, M. dos Santos Rocha, M. Franz, and R. Oberhauser, “Digital Aura,” in Advances in Pervasive Computing (A. Ferscha, H. Hörtner, and G. Kotsis, eds.), vol. 176, pp. 405--410, Austrian Computer Society (OCG), April 2004. part of the Second International Conference on Pervasive Computing (Pervasive 2004). [ bib | conference link | video | .pdf ]
Smart space and smart appliances, i.e. wirelessly ad-hoc networked, mobile, autonomous special purpose computing devices, providing largely invisible support and context-aware services have started to populate the real world and our daily lives. In such a world, where literally everything is connected to everything with invisible, wireless data links, we need new styles on how humans and things can interact. We have proposed a “spontaneous interaction” thought model, in which things start to interact once they reach physical proximity to each other: Explained using the metaphor of an “aura”, which like a subtle invisible emanation or exhalation radiates from the center of an object into its surrounding, a “digital aura” is built on technologies like Bluetooth radio, RFID or IrDA together with an XML based profile description, such that if an object detects the proximity (e.g. radio signal strength) of another object, it starts exchanging and comparing profile data, and, upon sufficient “similarity” of the two profiles, starts to interact with that object. A “digital aura” depending on the implementation technology, is dense in the center of the object, and thins out towards its surrounding until it is no longer sensible by others. Profiles described as semi-structured data and attached to the object, can be matched by a structural and semantic analysis. Peer-to-peer concepts can then be used to implement applications on top of the digital aura model for spontaneous interaction.

[55] R. Mayrhofer, “An architecture for context prediction,” in Advances in Pervasive Computing (A. Ferscha, H. Hörtner, and G. Kotsis, eds.), vol. 176, pp. 65--72, Austrian Computer Society (OCG), April 2004. part of the Second International Conference on Pervasive Computing (PERVASIVE 2004). [ bib | conference link | .pdf ]
Today's information appliances are usually very powerful, featuring local storage and processing power, communication technology and supporting many different applications. They are either mobile, like laptop computers, handheld devices, mobile phones or wearables, or fixed, like TV set-top boxes, home entertainment centers or even whole rooms equipped with various interacting devices; but most of them have various hardware components that can be used as sensors for querying the environment. By exploiting these sensors, it is possible to make devices context aware and thus adaptive to the current user's situation. This paper presents the basic structure of a framework which eases the implementation of context aware applications by providing the current and future, predicted context.

[56] R. Mayrhofer, H. Radi, and A. Ferscha, “A context prediction code and data base,” in Proceedings of the Benchmarks and a Database for Context Recognition Workshop (H. Junker, P. Lukowicz, and J. Mäntyjarvi, eds.), pp. 20--26, ETH Zurich, April 2004. part of the Second International Conference on Pervasive Computing (PERVASIVE 2004). [ bib | conference link | .pdf ]
Many of the currently available sensors do not provide simple, numerical values but more complex data like a list of other devices in range. Although these sensors can, in the general case, not be transformed to numerical values, they nonetheless provide valuable information about the device or user context. For exploiting all available context information, it is thus important to also regard ordinal and nominal sensor values. In this paper, we propose to jointly develop a meta data format for the evaluation and assessment of context recognition and prediction methods.

[57] H. Radi, R. Mayrhofer, and A. Ferscha, “A notebook sensory data set for context recognition,” in Proceedings of the Benchmarks and a Database for Context Recognition Workshop (H. Junker, P. Lukowicz, and J. Mäntyjarvi, eds.), pp. 17--19, ETH Zurich, April 2004. part of the Second International Conference on Pervasive Computing (PERVASIVE 2004). [ bib | conference link | .pdf ]
For a qualitative and quantitative assessment of context prediction and recognition methods, real-world data sets are inevitable. By collecting sensor data on a single notebook over a period of a few months we got a rather large log file of homogeneous and heterogeneous features reflecting the users activities during this time frame. In this paper we present which devices were exploited as sensors, which information was logged and how this information was stored for further processing by classification algorithms.

[58] A. Ferscha, M. Hechinger, R. Mayrhofer, and R. Oberhauser, “A light-weight component model for peer-to-peer applications,” in Proceedings MDC04: 2nd International Workshop on Mobile Distributed Computing, (Washington, DC, USA), pp. 520--527, IEEE CS Press, March 2004. [ bib | conference link | .pdf ]
Mobile Peer-to-Peer (P2P) computing applications involve collections of heterogeneous and resource-limited devices (such as PDAs or embedded sensor-actuator systems), typically operated in ad-hoc completely decentralized networks and without requiring dedicated infrastructure support. Short-range wireless communication technologies together with P2P networking capabilities on mobile devices are responsible for a proliferation of such applications, yet these applications are often complex and monolithic in nature due to the lack of lightweight component/container support in these resource-constrained devices. In this paper we describe our lightweight software component model P2Pcomp that addresses the development needs for mobile P2P applications. An abstract, flexible, and high-level communication mechanism among components is developed via a ports concept, supporting protocol independence, location independence, and (a)synchronous invocations; dependencies are not hard-coded in the components, but can be defined at deployment or runtime, providing late-binding and dynamic rerouteability capabilities. Peers can elect to provide services as well as consume them, services can migrate between containers, and services are ranked to support Quality-of-Service choices. Our lightweight container realization leverages the OSGi platform and can utilize various P2P communication mechanisms such as JXTA. A “smart space” application scenario demonstrates how P2Pcomp supports flexible and highly tailorable mobile P2P applications.

[59] R. Mayrhofer, H. Radi, and A. Ferscha, “Feature extraction in wireless personal and local area networks,” in Proc. MWCN 2003: 5th International Conference on Mobile and Wireless Communications Networks, pp. 195--198, World Scientific, October 2003. [ bib | conference link | .pdf ]
Context awareness is currently being investigated for applications in different areas, including Mobile Computing. Many mobile devices are already shipped with support for Bluetooth and Wireless LAN, making these technologies commonly available. It is thus possible to exploit the wireless interfaces as sensors for deriving information about the device/user context. However, extracting features from typical Bluetooth or Wireless LAN properties is difficult because not only numerical, but also non-numerical features like the list of MAC addresses in range are important for context awareness. In this paper, we introduce a method to automatically classify these highly heterogeneous features with supervised or un-supervised classification methods. By defining two operators, a distance metric and an adaption operator, any feature can be used as input for the classifier and can thus contribute to context detection.

[60] R. Mayrhofer, H. Radi, and A. Ferscha, “Recognizing and predicting context by learning from user behavior,” in Proc. MoMM 2003: 1st International Conference On Advances in Mobile Multimedia (W. S. G. Kotsis, A. Ferscha and K. Ibrahim, eds.), vol. 171, pp. 25--35, Austrian Computer Society (OCG), September 2003. [ bib | conference link | http | .pdf ]
Current mobile devices like mobile phones or personal digital assistants have become more and more powerful; they already offer features that only few users are able to exploit to their whole extent. With a number of upcoming mobile multimedia applications, ease of use becomes one of the most important aspects. One way to improve usability is to make devices aware of the user's context, allowing them to adapt to the user instead of forcing the user to adapt to the device. Our work is taking this approach one step further by not only reacting to the current context, but also predicting future context, hence making the devices proactive. Mobile devices are generally suited well for this task because they are typically close to the user even when not actively in use. This allows such devices to monitor the user context and act accordingly, like automatically muting ring or signal tones when the user is in a meeting or selecting audio, video or text communication depending on the user's current occupation. This paper presents an architecture that allows mobile devices to continuously recognize current and anticipate future user context. The major challenges are that context recognition and prediction should be embedded in mobile devices with limited resources, that learning and adaption should happen on-line without explicit training phases and that user intervention should be kept to a minimum with non-obtrusive user interaction. To accomplish this, the presented architecture consists of four major parts: feature extraction, classification, labeling and prediction. The available sensors provide a multi-dimensional, highly heterogeneous input vector as input to the classification step, realized by data clustering. Labeling associates recognized context classes with meaningful names specified by the user, and prediction allows to forecast future user context for proactive behavior.

[61] R. Mayrhofer, F. Ortner, A. Ferscha, and M. Hechinger, “Securing passive objects in mobile ad-hoc peer-to-peer networks,” in Electronic Notes in Theoretical Computer Science (R. Focardi and G. Zavattaro, eds.), vol. 85.3, Elsevier Science, June 2003. [ bib | conference link | .pdf ]
Security and privacy in mobile ad-hoc peer-to-peer environments are hard to attain, especially when working with passive objects without own processing power. We introduce a method for integrating such objects into a peer-to-peer environment without infrastructure components while providing a high level of privacy and security for peers interacting with objects. The integration is done by equipping passive objects with public keys, which can be used by peers to validate proxies acting on behalf of the objects. To overcome the problem of limited storage capacity on small embedded objects, ECC keys are used.

[62] R. Mayrhofer, M. Affenzeller, H. Prähofer, G. Höfer, and A. Fried, “DEVS simulation of spiking neural networks,” in Cybernetics and Systems: Proc. EMCSR 2002: 16th European Meeting on Cybernetics and Systems Research (R. Trappl, ed.), vol. 2, pp. 573--578, Austrian Society for Cybernetic Studies, April 2002. [ bib | conference link | .ps ]
This paper presents a new model for simulating Spiking Neural Networks using discrete event simulation which might possibly offer advantages concerning simulation speed and scalability. Spiking Neural Networks are considered as a new computation paradigm, representing an enhancement of Artificial Neural Networks by offering more flexibility and degree of freedom for modeling computational elements. Although this type of Neural Networks is rather new and there is not very much known about its features, it is clearly more powerful than its predecessor, being able to simulate Artificial Neural Networks in real time but also offering new computational elements that were not available previously. Unfortunately, the simulation of Spiking Neural Networks currently involves the use of continuous simulation techniques which do not scale easily to large networks with many neurons. Within the scope of the present paper, we discuss a new model for Spiking Neural Networks, which allows the use of discrete event simulation techniques, possibly offering enormous advantages in terms of simulation flexibility and scalability without restricting the qualitative computational power.

[63] M. Affenzeller and R. Mayrhofer, “Generic heuristics for combinatorial optimization problems,” in Proceedings of the 9th International Conference on Operational Research (KOI2002), pp. 83--92, 2002. [ bib | .ps ]