Prof. Dr. Markus Dürmuth

  • Chair - Research Group Mobile Security
Dürmuth, Markus

Address

Dept. of Electr. Eng. and In­for­ma­ti­on Sci­en­ces
Uni­ver­si­täts­str. 150

Room
ID 2/127
Phone:
(+49)(0)234 / 32 - 26694
Fax:
(+49)(0)234 / 32 - 14956
Email:
markus.duermuth@ruhr-uni-bochum.de PGP key
Website:
http://www.mobsec.rub.de/group/people/duermuth_markus/

Vita

I am assistant professor and head of the mobile security group at Ruhr University Bochum. Before, I was a Post-doctoral Researcher at Ruhr University Bochum and a Post-doctoral Scholar at the Theory Group at the Department of Computer Science of Stanford University. I received my PhD from the Saarland University, Germany, where I was in the Information Security and Cryptography Group at the Computer Science Department, and I studied Math and Computer Science at the University of Karlsruhe, Germany.

Research

  • Usable security and privacy
  • Usable authentication mechanisms
  • Security and usability of password-based authentication
  • Risk-based authentication
  • Privacy of health-related apps
  • Privacy perception by end-users

Courses

Publications

2021
Towards Quantum Large-Scale Password Guessing on Real-World Distributions

Markus Dürmuth, Maximilian Golla, Philipp Markert, Alexander May, Lars Schlieper - International Conference on Cryptology and Network Security 2021 (CANS '21). Vienna, Austria, December 13-15, 2021

Verify It's You: How Users Perceive Risk-based Authentication

Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono - IEEE Security & Privacy, Volume 19, Issue 6, November-December 2021

On the Security of Smartphone Unlock PINs

Philipp Markert, Da­ni­el V. Bai­ley, Maximilian Golla, Markus Dürmuth, Adam J. Aviv - ACM Transactions on Privacy and Security (TOPS '21).

Are Privacy Dashboards Good for End Users? Evaluating User Perceptions and Reactions to Google’s My Activity

Florian Farke, David Balash, Maximilian Golla, Markus Dürmuth, Adam Aviv - USENIX Security Symposium (SSYM '21). Virtual Conference, August 11-13, 2021

Apps Against the Spread: Privacy Implications and User Acceptance of COVID-19-Related Smartphone Apps on Three Continents

Christine Utz, Steffen Becker, Theodor Schnitzler, Florian Farke, Franziska Herbert, Leonie Schaewitz, Martin Degeling, Markus Dürmuth - ACM CHI Conference on Human Factors in Computing Systems 2021

We Built This Circuit: Exploring Threat Vectors in Circuit Establishment in Tor

Theodor Schnitzler, Christina Pöpper, Markus Dürmuth, Katharina Kohls - IEEE European Symposium on Security and Privacy (EuroS&P '21). Virtual Conference, September 6-10, 2021

What's in Score for Website Users: A Data-driven Long-term Study on Risk-based Authentication Characteristics

Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono - Financial Cryptography and Data Security (FC '21). Grenada, March 1-5, 2021

SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data

Theodor Schnitzler, Shujaat Mirza, Markus Dürmuth, Christina Pöpper - Proceedings of Privacy Enhancing Technologies 2021, Volume 1, pp. 229-249, November 9, 2020

2020
More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication

Stephan Wiefling, Markus Dürmuth, Luigi Lo Iacono - Annual Computer Security Applications Conference (ACSAC '20). Austin, USA, December 7-11, 2020

Akzeptanz von Corona-Apps in Deutschland vor der Einführung der Corona-Warn-App

Steffen Becker, Martin Degeling, Markus Dürmuth, Florian Farke, Leonie Schaewitz, Theodor Schnitzler, Christine Utz - Vorabveröffentlichung (Preprint), Juni 2020

Evaluation of Risk-based Re-Authentication Methods

Stephan Wiefling, Tanvil Patil, Markus Dürmuth, Luigi Lo Iacono - IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '20). Maribor, Slovenia, September 21-23, 2020

“You still use the password after all” – Exploring FIDO2 Security Keys in a Small Company

Florian Farke, Lennart Lorenz, Theodor Schnitzler, Philipp Markert, Markus Dürmuth - Symposium on Usable Privacy and Security (SOUPS '20). Virtual Conference, August 7-11, 2020

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, Adam J. Aviv - IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (SP '20). San Fran­cis­co, Ca­li­for­nia, USA, May 18-20, 2020

Exploring User Perceptions of Deletion in Mobile Instant Messaging Applications

Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth - Journal of Cybersecurity, Volume 6, Issue 1, January 30, 2020

2019
Work in Progress: The European “Right To be Forgotten” – Legal and Technical Challenges of Search Engines Complying With The Right to Erasure

Jan Rensinghoff, Florian Farke, Markus Dürmuth, Tobias Gostomzyk - AoIR 2019: Trust in the System (AoIR '19). Brisbane, Australia, October 2, 2019

Recht auf Vergessen

Florian Farke, Jan Rensinghoff, Markus Dürmuth, Tobias Gostomzyk - Datenschutz und Datensicherheit (2019) 43: 681

POSTER: "What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

Miranda Wei, Maximilian Golla, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur - USENIX Symposium on Usable Privacy and Security 2019 (SOUPS '19). Santa Clara, CA, USA, August 11-13, 2019

View The Email to Get Hacked: Attacking SMS-Based Two-Factor Authentication

Philipp Markert, Florian Farke, Markus Dürmuth - Who Are You?! Adventures in Authentication (WAY '19). Santa Clara, California, USA, August 11, 2019

Towards Contractual Agreements for Revocation of Online Data

Theodor Schnitzler, Markus Dürmuth, Christina Pöpper - IFIP International Conference on ICT Systems Security and Privacy Protection (IFIP SEC '19), Lisbon, Portugal, June 25-27, 2019

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild

Stephan Wiefling, Luigi Lo Iacono , Markus Dürmuth - IFIP In­ter­na­tio­nal Con­fe­rence on ICT Sys­tems Se­cu­ri­ty and Pri­va­cy Pro­tec­tion (IFIP SEC '19), Lis­bon, Por­tu­gal, June 25-27, 2019

Work in Progress: A Comparative Long-Term Study of Fallback Authentication

Philipp Markert, Maximilian Golla, Elizabeth Stobert, Markus Dürmuth - Workshop on Usable Security and Privacy (USEC '19). San Diego, California, USA, February 24, 2019

Work in Progress: On the In-Accuracy and Influence of Android Pattern Strength Meters

Maximilian Golla, Jan Rimkus, Adam J. Aviv, Markus Dürmuth - Workshop on Usable Security and Privacy (USEC '19). San Diego, California, February 24, 2019

2018
"What was that site doing with my Facebook password?" Designing Password-Reuse Notifications

Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus Dürmuth, Elissa Redmiles, Blase Ur - ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018

On the Accuracy of Password Strength Meters

Maximilian Golla, Markus Dürmuth - ACM Conference on Computer and Communications Security 2018 (CCS '18). Toronto, Canada, October 15-19, 2018

Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, Blase Ur - USENIX Security Symposium 2018 (SSYM '18). Baltimore, MD, USA, August 15-17, 2018

POSTER: User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth - USENIX Symposium on Usable Privacy and Security 2018 (SOUPS '18). Baltimore, MD, USA, August 12-14, 2018

"Will Any Password Do?" Exploring Rate-Limiting on the Web

Maximilian Golla, Theodor Schnitzler, Markus Dürmuth - Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018

Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations

Maximilian Golla, Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, Markus Dürmuth - Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018

The State of User Authentication in the Wild

Nils Quermann, Marian Harbach, Markus Dürmuth - Who Are You?! Adventures in Authentication 2018 (WAY '18). Baltimore, MD, USA, August 12, 2018

User Perception and Expectations on Deleting Instant Messages -or- "What Happens If I Press This Button?"

Theodor Schnitzler, Christine Utz, Florian Farke, Christina Pöpper, Markus Dürmuth - European Workshop on Usable Security (EuroUSEC) 2018, London, England, 23 April 2018

2017
"I want my money back!" Limiting Online Password-Guessing Financially

Maximilian Golla, Daniel V. Bailey, Markus Dürmuth - Who Are You?! Adventures in Authentication 2017 (WAY '17). Santa Clara, CA, USA, July 12, 2017

POSTER: Towards Implicit Visual Memory-Based Authentication

Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz - USENIX Symposium on Usable Privacy and Security 2017 (SOUPS '17). Santa Clara, CA, USA, July 12-14, 2017

Towards Implicit Visual Memory-Based Authentication

Claude Castelluccia, Markus Dürmuth, Maximilian Golla, Fatma Deniz - ISOC Network and Distributed System Security Symposium 2017 (NDSS '17). San Diego, CA, USA, February 26 - March 1, 2017

EmojiAuth: Quantifying the Security of Emoji-based Authentication

Maximilian Golla, Dennis Detering, Markus Dürmuth - Workshop on Usable Security 2017 (USEC '17). San Diego, CA, USA, February 25, 2017

2016
On the Security of Cracking-Resistant Password Vaults

Maximilian Golla, Benedict Beuscher, Markus Dürmuth - ACM Conference on Computer and Communications Security 2016 (CCS '16). Vienna, Austria, October 24-28, 2016

Side-Channel Attacks on Fingerprint Matching Algorithms

Markus Dürmuth, David Oswald, Niklas Pastewka - To appear at the 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016)

On User Choice for Android Unlock Patterns

Marte Loge, Markus Dürmuth, Lillian Rostad - Accepted at the 1st European Workshop on Usable Security, 2016.

Position Paper: Measuring the Impact of Alphabet and Culture on Graphical Passwords

Adam J. Aviv, Markus Dürmuth, Payas Gupta - Adventures in Authentication: WAY Workshop, 2016.

Neuralyzer: Flexible Expiration Times for the Revocation of Online Data

Apostolis Zarras, Katharina Kohls, Markus Dürmuth, Christina Pöpper - In Proceedings of the ACM Conference on Data and Application Security and Privacy (ACM CODASPY) 2016 *** OUTSTANDING PAPER AWARD ***

Who Are You? A Statistical Approach to Measuring User Authenticity

David Mandell Freeman, Sakshi Jain, Markus Dürmuth, Battista Biggio, Giorgio Giacinto - The Network and Distributed System Security Symposium 2016 (NDSS '16), San Diego, CA, USA, February 21-24, 2016

2015
Analyzing 4 Million Real-World Personal Knowledge Questions (Short Paper)

Maximilian Golla, Markus Dürmuth - International Conference on Passwords 2015 (PASSWORDS '15). Cambridge, United Kingdom, December 7-9, 2015

OMEN: Faster Password Guessing Using an Ordered Markov Enumerator

Markus Dürmuth, Fabian Angelstorf, Claude Castelluccia, Daniele Perito, Abdelberi Chaabane - International Symposium on Engineering Secure Software and Systems (ESSoS), 2015.

2014
Learning from Neuroscience to Improve Internet Security

Claude Castelluccia, Markus Dürmuth, Fatma Imamoglu - ERCIM News 2014(99), 2014.

On Password Guessing with GPUs and FPGAs

Markus Dürmuth, Thorsten Kranz - PASSWORDS 2014 Conference, 2014.

Secure Fallback Authentication and the Trusted Friend Attack

Ashar Javed, David Bletgen, Florian Kohlar, Markus Dürmuth, Jörg Schwenk - Proceedings International Conference on Distributed Computing Systems Workshops (ICDCS Workshops), 2014.

Statistics on Password Re-use and Adaptive Strength for Financial Accounts

Daniel V. Bailey, Markus Dürmuth, Chris­tof Paar - Proceedings 9th International Conference on Security and Cryptography (SCN), 2014.

Typing passwords with voice recognition --or-- How to authenticate to Google Glass

Daniel Bailey, Markus Dürmuth, Chris­tof Paar - Adventures in Authentication: WAY Workshop. 2014.

2013
Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, Thorsten Holz - ACM Conference on Computer and Communications Security (CCS), Berlin, November 2013

Useful Password Hashing: How to Waste Computing Cycles with Style

Markus Dürmuth - Proceedings of the 2013 New security paradigms workshop (NSPW) Pages 31-40 ACM, 2013

Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms

Markus Dürmuth, Tim Güneysu, Markus Kasper, Chris­tof Paar, Tolga Yalcin, Ralf Zimmermann - Computer Security - ESORICS 2012 - 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10-12, 2012

Achieving anonymity against major face recognition algorithms

Benedikt Driessen, Markus Dürmuth - Proceedings Communications and Multimedia Security (CMS 2013), LNCS 8099, Springer, 2013.

Anonymität und Gesichtserkennung

Benedikt Driessen, Markus Dürmuth - digma, Zeitschrift für Datenrecht und Informationssicherheit, 2013.

2012
Adaptive password-strength meters from Markov models

Claude Castelluccia, Markus Dürmuth, Daniele Perito - Proceedings 19th Network & Distributed System Security Symposium (NDSS 12). Internet Society, 2012.

Timed revocation of user data: Long expiration times from existing infrastructure

Sirke Reimann , Markus Dürmuth - Proceedings Workshop on Privacy in the Electronic Society (WPES), 2012.

2011
Deniable encryption with negligible detection probability: An interactive construction

Markus Dürmuth, David Mandell Freeman - Proceedings Advances in Cryptology (EUROCRYPT 11), Springer, 2011

2010
Acoustic Side-Channel Attacks on Printers

Michael Backes, Markus Dürmuth, Sebastian Gerling, Manfred Pinkal, Caroline Sporleder - Proceedings USENIX Security Symposium, 2010.

Speaker Recognition in Encrypted Voice Streams

Michael Backes, Goran Doychev, Markus Dürmuth, Boris Köpf - Proceedings European Symposium on Research in Computer Security (ESORICS), 2010. (Preliminary version appeared in the Grande Region Security and Reliability Day, Saarbrücken, 2010.)

2009
A Provably Secure and Efficient Countermeasure against Timing Attacks

Boris Köpf, Markus Dürmuth - Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF), 2009.

Tempest in a Teapot: Compromising Reflections Revisited

Michael Backes, Tongbo Chen, Markus Dürmuth, Hendrik P. A. Lensch, Martin Welk - Proceedings of the IEEE Symposium on Security and Privacy (SSP '09), Mai 2009.

2008
Compromising Reflections - or - How to Read LCD Monitors Around the Corner

Michael Backes, Markus Dürmuth, Dominique Unruh - Proceedings of the IEEE Symposium on Security and Privacy (SSP '08), Mai 2008.

Datenspionage / Wie Brillengläser Geheimnisse verraten

Michael Backes, Markus Dürmuth, Dominique Unruh - In iX Magazin für Professionelle Informationstechnik, Heise Verlag, Hannover, May 2008.

OAEP is Secure Under Key-dependent Messages

Michael Backes, Markus Dürmuth, Dominique Unruh - Proceedings of ASIACRYPT, December 2008.

2007
Böse Textdokumente – Postscript gone wild

Michael Backes, Markus Dürmuth, Dominique Unruh - iX Magazin für Professionelle Informationstechnik, Heise Verlag, Hannover, August 2007.

Conditional Reactive Simulatability

Michael Backes, Markus Dürmuth, Dennis Hofheinz, Ralf Küsters - International Journal of Information Security (IJIS), Springer, 2007.

Enterprise Privacy Policies and Languages

Michael Backes, Markus Dürmuth - In Digital Privacy: Theory, Technologies and Practices, Elsevier, 2007.

Information Flow in the Peer-Reviewing Process (Extended Abstract)

Michael Backes, Markus Dürmuth, Dominique Unruh - Proceedings of 28th IEEE Symposium on Security and Privacy (SSP '07), May 2007.

On Simulatability Soundness and Mapping Soundness of Symbolic Cryptography

Michael Backes, Markus Dürmuth, Ralf Küsters - Proceedings of 27th International Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), December 2007.

2006
Conditional Reactive Simulatability

Michael Backes, Markus Dürmuth, Dennis Hofheinz, Ralf Küsters - Proceedings of 11th European Symposium on Research in Computer Security (ESORICS '06), September 2006.

2005
A Cryptographically Sound Dolev-Yao Style Security Proof of an Electronic Payment System

Michael Backes, Markus Dürmuth - In Proceedings of 18th IEEE Computer Security Foundations Workshop (CSFW '05), June 2005.

2004
An Algebra for Composing Enterprise Privacy Policies

Michael Backes, Markus Dürmuth, Rainer Steinwandt - Proceedings of 9th European Symposium on Research in Computer Security (ESORICS '04), September 2004.

Unification in Privacy Policy Evaluation - Translating EPAL to Prolog

Michael Backes, Markus Dürmuth, Günter Karjoth - Proceedings of 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), June 2004.