Publications

Work in Progress: The European "Right To be Forgotten" – Legal and Technical Challenges of Search Engines Complying With The Right to Erasure

2019 - Jan Rensinghoff, Florian Farke, Markus Dürmuth, Tobias Gostomzyk

AoIR 2019: Trust in the System (AoIR '19). Brisbane, Australia, October 2, 2019

Recht auf Vergessen

2019 - Florian Farke, Jan Rensinghoff, Markus Dürmuth, Tobias Gostomzyk

Datenschutz und Datensicherheit (2019) 43: 681 [Springer]

POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2019 - Miranda Wei, Maximilian Golla, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

USENIX Symposium on Usable Privacy and Security 2019 (SOUPS '19). Santa Clara, CA, USA, August 11-13, 2019 [Full Version]

View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication

2019 - Philipp Markert, Florian Farke, Markus Dürmuth

Who Are You?! Adventures in Authentication (WAY '19). Santa Clara, California, USA, August 11, 2019 [PDF] [Slides]

Towards Contractual Agreements for Revocation of Online Data

2019 - Theodor Schnitzler, Markus Dürmuth, Christina Pöpper

IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC '19), Lisbon, Portugal, June 25-27, 2019 [PDF]

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

2019 - Stephan Wiefling, Luigi Lo Iacono , Markus Dürmuth

IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '19), Lis­bon, Por­tu­gal, June 25-27, 2019 [Website] [PDF]

Reasoning Analytically About Password-Cracking Software

2019 - Enze Liu, Amanda Nakanishi, Maximilian Golla, David Cash, Blase Ur

IEEE Symposium on Security and Privacy (SP '19). San Francisco, California, May 20, 2019 [GitHub] [Video] [PDF] [Slides]

We Value Your Privacy - Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy

2019 - Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz

Network and Distributed System Security Symposium (NDSS 2019), San Diego, California, USA, February 2019 [GitHub] [PDF]

Work in Progress: A Comparative Long-Term Study of Fallback Authentication

2019 - Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, USA, February 24, 2019 [PDF] [Slides]

Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters

2019 - Maximilian Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth

Workshop on Usable Security and Privacy (USEC '19). San Diego, California, February 24, 2019 [News] [PDF] [Slides]

"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

2018 - Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Video] [News] [PDF] [Slides]

On the Accuracy of Password Strength Meters

2018 - Maximilian Golla, Markus Dürmuth

ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018 [Website] [GitHub] [Video] [PDF] [Slides]

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

2018 - Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur

USENIX Security Symposium 2018 (SSYM '18). Baltimore, MD, USA, August 15-17, 2018 [Video] [News] [PDF] [Slides]

POSTER: User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

USENIX Symposium on Usable Privacy and Security 2018 (SOUPS '18). Baltimore, MD, USA, August 12-14, 2018

"Will Any Password Do?" Exploring Rate-Limiting on the Web

2018 - Maximilian Golla, Theodor Schnitzler, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations

2018 - Maximilian Golla, Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The Password Doesn't Fall Far: How Service Influences Password Choice

2018 - Miranda Wei, Maximilian Golla, Blase Ur

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF] [Slides]

The State of User Authentication in the Wild

2018 - Nils Quermann, Marian Harbach, Markus Dürmuth

Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018 [PDF]

User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

2018 - Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth

European Workshop on Usable Security (EuroUSEC) 2018, London, England, 23 April 2018 [PDF] [Slides]

HAL—The Missing Piece of the Puzzle for Hardware Reverse Engineering, Trojan Detection and Insertion

2018 - Marc Fyrbiak, Sebastian Wallat, Pawel Swierczynski, Max Hoffmann, Sebastian Hoppach, Mathias Wilhelm, Tobias Weidlich, Russell Tessier, Chris­tof Paar

IEEE Transactions on Dependable and Secure Computing (to appear)

On The (In-)Security Of JavaScript Object Signing And Encryption

2017 - Dennis Detering, Juraj Somorovsky, Christian Mainka, Vladislav Mladenov, Jörg Schwenk

ROOTS, November 16–17, 2017, Vienna, Austria [PDF]

"I want my money back!" Limiting Online Password-Guessing Financially

2017 - Maximilian Golla, Daniel V. Bailey, Markus Dürmuth

Who Are You?! Adventures in Authentication 2017 (WAY '17). Santa Clara, CA, USA, July 12, 2017 [PDF] [Slides]

POSTER: Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

USENIX Symposium on Usable Privacy and Security 2017 (SOUPS '17). Santa Clara, CA, USA, July 12-14, 2017 [Full Version]

Towards Implicit Visual Memory-Based Authentication

2017 - Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz

ISOC Network and Distributed System Security Symposium 2017 (NDSS '17). San Diego, CA, USA, February 26 - March 1, 2017 [Video] [PDF] [Slides]

EmojiAuth: Quantifying the Security of Emoji-based Authentication

2017 - Maximilian Golla, Dennis Detering, Markus Dürmuth

Workshop on Usable Security 2017 (USEC '17). San Diego, CA, USA, February 25, 2017 [PDF] [Slides]

On the Security of Cracking-Resistant Password Vaults

2016 - Maximilian Golla, Benedict Beuscher, Markus Dürmuth

ACM Conference on Computer and Communications Security 2016 (CCS '16). Vienna, Austria, October 24-28, 2016 [Video] [PDF] [Slides]

Side-Channel Attacks on Fingerprint Matching Algorithms

2016 - Markus Dürmuth, David Oswald, Niklas Pastewka

To appear at the 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016) [PDF]

On User Choice for Android Unlock Patterns

2016 - Marte Loge, Markus Dürmuth, Lillian Rostad

Accepted at the 1st European Workshop on Usable Security, 2016. [PDF]

Position Paper: Measuring the Impact of Alphabet and Culture on Graphical Passwords

2016 - Adam J. Aviv, Markus Dürmuth, Payas Gupta

Adventures in Authentication: WAY Workshop, 2016. [PDF]

Neuralyzer: Flexible Expiration Times for the Revocation of Online Data

2016 - Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper

In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY) 2016 *** OUTSTANDING PAPER AWARD *** [PDF]

Who Are You? A Statistical Approach to Measuring User Authenticity

2016 - Markus Dürmuth, David Freeman, Sakshi Jain, Battista Biggio, Giorgio Giacinto

The Network and Distributed System Security Symposium 2016 (NDSS '16), San Diego, CA, USA, February 21-24, 2016 [PDF] [Slides]

Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)

2015 - Maximilian Golla, Markus Dürmuth

International Conference on Passwords 2015 (PASSWORDS '15). Cambridge, United Kingdom, December 7-9, 2015 [Video] [PDF] [Slides]

OMEN: Faster Password Guessing Using an Ordered Markov Enumerator

2015 - Markus Dürmuth, Fabian Angelstorf, Claude Castelluccia, Daniele Perito, Abdelberi Chaabane

International Symposium on Engineering Secure Software and Systems (ESSoS), 2015. [GitHub] [PDF]

Learning from Neuroscience to Improve Internet Security

2014 - Claude Castelluccia, Markus Dürmuth, Fatma Imamoglu

ERCIM News 2014(99), 2014.

On Password Guessing with GPUs and FPGAs

2014 - Markus Dürmuth, Thorsten Kranz

PASSWORDS 2014 Conference, 2014. [pdf]

Secure Fallback Authentication and the Trusted Friend Attack

2014 - Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk

Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

Statistics on Password Re-use and Adaptive Strength for Financial Accounts

2014 - Daniel V. Bailey, Markus Dürmuth, Chris­tof Paar

Proceedings 9th International Conference on Security and Cryptography (SCN), 2014. [PDF]

Typing passwords with voice recognition --or-- How to authenticate to Google Glass

2014 - Daniel Bailey, Markus Dürmuth, Chris­tof Paar

Adventures in Authentication: WAY Workshop. 2014. [PDF]

Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

2013 - Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz

ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013 [PDF]

Useful Password Hashing: How to Waste Computing Cycles with Style

2013 - Markus Dürmuth

Proceedings of the 2013 New security paradigms workshop (NSPW) Pages 31-40 ACM, 2013 [PDF]

Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms

2013 - Markus Dürmuth, Tim Güneysu, Markus Kasper, Chris­tof Paar, Tolga Yalcin, Ralf Zimmermann

Computer Security - ESORICS 2012 - 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10-12, 2012 [DOI] [BibTeX] [pdf] [bib]

Achieving anonymity against major face recognition algorithms

2013 - Benedikt Driessen, Markus Dürmuth

Proceedings Communications and Multimedia Security (CMS 2013), LNCS 8099, Springer, 2013. [PDF]

Anonymität und Gesichtserkennung

2013 - Benedikt Driessen, Markus Dürmuth

digma, Zeitschrift für Datenrecht und Informationssicherheit, 2013.

Adaptive password-strength meters from Markov models

2012 - Claude Castelluccia, Markus Dürmuth, Daniele Perito

Proceedings 19th Network & Distributed System Security Symposium (NDSS 12). Internet Society, 2012. [PDF]

Timed revocation of user data: Long expiration times from existing infrastructure

2012 - Sirke Reimann , Markus Dürmuth

Proceedings Workshop on Privacy in the Electronic Society (WPES), 2012.

Deniable encryption with negligible detection probability: An interactive construction

2011 - Markus Dürmuth, David Mandell Freeman

Proceedings Advances in Cryptology (EUROCRYPT 11), Springer, 2011

Acoustic Side-Channel Attacks on Printers

2010 - Michael Backes, Markus Dürmuth, Sebastian Gerling, Manfred Pinkal, Caroline Sporleder

Proceedings USENIX Security Symposium, 2010.

Speaker Recognition in Encrypted Voice Streams

2010 - Michael Backes, Goran Doychev, Markus Dürmuth, Boris Köpf

Proceedings European Symposium on Research in Computer Security (ESORICS), 2010. (Preliminary version appeared in the Grande Region Security and Reliability Day, Saarbrücken, 2010.)

A Provably Secure and Efficient Countermeasure against Timing Attacks

2009 - Boris Köpf, Markus Dürmuth

Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF), 2009.

Tempest in a Teapot: Compromising Reflections Revisited

2009 - Michael Backes, Tongbo Chen, Markus Dürmuth, Hendrik P. A. Lensch, Martin Welk

Proceedings of the IEEE Symposium on Security and Privacy (SSP '09), Mai 2009.
Page: