Systems Security Lab

Publications

Sticky Fingers: Resilience of Satellite Fingerprinting against Jamming Attacks

Joshua Smailes, Edd Salkield, Sebastian Köhler, Simon Birnbach, Martin Strohmeier, Ivan Martinovic.

2nd Workshop on Security of Space and Satellite Systems (SpaceSec). March 2024.

Cite

To TTP or not to TTP?: Exploiting TTPs to Improve ML-based Malware Detection

Yashovardhan Sharma, Eleonora Giunchiglia, Simon Birnbach, Ivan Martinovic.

2023 IEEE International Conference on Cyber Security and Resilience (CSR). 2023.

Cite

RADAR: A TTP-Based Extensible, Explainable, and Effective System for Network Traffic Analysis and Malware Detection

Yashovardhan Sharma, Simon Birnbach, Ivan Martinovic.

Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference. 2023.

Cite

RADAR: A TTP-based Extensible, Explainable, and Effective System for Network Traffic Analysis and Malware Detection

Yashovardhan Sharma, Simon Birnbach, Ivan Martinovic.

Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference (EICC'23). June 2023.

Cite

Satellite Spoofing from A to Z: On the Requirements of Satellite Downlink Overshadowing Attacks

Edd Salkield, Marcell Szakály, Joshua Smailes, Simon Birnbach, Sebastian Köhler, Martin Strohmeier, Ivan Martinovic.

Proceedings of the 16th Conference on Security and Privacy in Wireless and Mobile Networks (WiSec). May 2023.

Cite

Watch This Space: Securing Satellite Communication through Resilient Transmitter Fingerprinting

Joshua Smailes, Sebastian Köhler, Simon Birnbach, Martin Strohmeier, Ivan Martinovic.

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS 23). November 2023.

Cite

Dishing Out DoS: How to Disable and Secure the Starlink User Terminal

Joshua Smailes, Edd Salkield, Sebastian Köhler, Simon Birnbach, Ivan Martinovic.

arXiv preprint arXiv:2303.00582. March 2023.

Cite

BROKENWIRE: Wireless Disruption of CCS Electric Vehicle Charging

Sebastian Koehler, Richard Baker, Martin Strohmeier, Ivan Martinovic.

The Network and Distributed System Security Symposium (NDSS). February 2023.

Cite

CableAuth: a biometric second factor authentication scheme for electric vehicle charging

Jack Sturgess, Sebastian Köhler, Simon Birnbach, Ivan Martinovic.

Proc. Inaugural Symposium on Vehicle Security and Privacy (VehicleSec 2023). 2023.

Abstract:

Under embargo

Publication

Cite

BROKENWIRE: wireless disruption of CCS electric vehicle charging

Sebastian Köhler, Richard Baker, Martin Strohmeier, Ivan Martinovic.

In Proc. Network and Distributed System Security (NDSS) Symposium 2023. 2023.

Abstract:

Currently under embargo; please check back later.

Publication

Cite

Fingerprinting and personal information leakage from touchscreen interactions

Martin Georgiev, Simon Eberz, Ivan Martinovic.

In Proc. 21st Workshop on Privacy in the Electronic Society (WPES 2022). 2022.

Abstract:

The study aims to understand and quantify the privacy threat landscape of touch-based biometrics. Touch interactions from mobile devices are ubiquitous and do not require additional permissions to collect. Two privacy threats were examined - user tracking and personal information leakage. First, we designed a practical fingerprinting simulation experiment and executed it on a large publicly available touch interactions dataset. We found that touch-based strokes can be used to fingerprint users with high accuracy and performance can be further increased by adding only a single extra feature. The system can distinguish between new and returning users with up to 75% accuracy and match a new session to the user it originated from with up to 74% accuracy. In the second part of the study, we investigated the possibility of predicting personal information attributes through the use of touch interaction behavior. The attributes we investigated were age, gender, dominant hand, country of origin, height, and weight. We found that our model can predict the age group and gender of users with up to 66% and 62% accuracy respectively. Finally, we discuss countermeasures, limitations and provide suggestions for future work in the field.

PDF Publication DOI

Cite

Exorcist: automated differential analysis to detect compromises in closed-source software supply chains

Frederick Barr-Smith, Richard Baker, Tim Blazytko, Ivan Martinovic.

In Proc. ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED '22). 2022.

Abstract:

The insertion of trojanised binaries into supply chains are a particularly subtle form of cyber-attack that require a multi-staged and complex deployment methodology to implement and execute. In the years preceding this research there has been a spike in closedsource software supply chain attacks used to attack downstream clients or users of a company. To detect this attack type, we present an approach to detecting the insertion of malicious functionality in supply chains via differential analysis of binaries. This approach determines whether malicious functionality has been inserted in a particular build by looking for indicators of maliciousness. We accomplish this via automated comparison of a known benign build to successive potentially malicious versions. To substantiate this approach we present a system, Exorcist, that we have designed, developed and evaluated as capable of detecting trojanised binaries in Windows software supply chains. In evaluating this system we analyse 12 samples from high-profile APT attacks conducted via the software supply chain.

PDF Publication DOI

Cite

Techniques for continuous touch-based authentication

Martin Georgiev, Simon Eberz, Ivan Martinovic.

In Proc. 17th International Conference on Information Security Practice and Experience (ISPEC 2022). 2022.

Abstract:

The field of continuous touch-based authentication has been rapidly developing over the last decade, creating a fragmented and difficult-to-navigate area for researchers and application developers alike. In this study, we perform a systematic literature analysis of 30 studies on the techniques used for feature extraction, classification, and aggregation in continuous touch-based authentication systems as well as the performance metrics reported by each study. Based on our findings, we design a set of experiments to compare the performance of the most frequently used techniques in the field under clearly defined conditions. In addition, we introduce two new techniques for continuous touch-based authentication: an expanded feature set (consisting of 149 unique features) and a multi-algorithm ensemble-based classifier. The comparison includes 13 feature sets, 11 classifiers, and 5 aggregation methods. In total, 204 model configurations are examined and we show that our novel techniques outperform the current state-of-the-art in each category. The results are also validated across three different publicly available datasets. Our best performing model achieves 4.8% EER using 16 consecutive strokes. Finally, we discuss the findings of our investigation with the aim of making the field more understandable and accessible for researchers and practitioners.

PDF Publication DOI

Cite

On the security of the wireless electric vehicle charging communication

Sebastian Köhler, Simon Birnbach, Richard Baker, Ivan Martinovic.

Proc. Workshop Cybersecurity of Electric Vehicle Charging and Smart Grid Resources (SECEVC). 2022.

Abstract:

The adoption of fully Electric Vehicles (EVs) is happening at a rapid pace. To make the charging as fast and convenient as possible, new charging approaches are developed constantly. One such approach is wireless charging, also known as Wireless Power Transfer (WPT). Instead of charging an EV via a charging cable, the battery is charged wirelessly. For safety and efficiency reasons, the vehicle and the charging station continuously exchange critical information about the charging process. This includes, e.g., the maximum voltage and current, battery temperature, and State of Charge (SoC). Since there is no physical connection between the vehicle and the charging station, this necessary control communication has to be implemented as a wireless connection. However, if the communication is interrupted, the charging process is aborted for safety reasons. In this paper, we analyze the attack surface of EV charging standards that use such a wireless control communication. More specifically, we discuss potential wireless attacks that can violate the availability and analyze the implemented security features of a real-world wireless charging station that has already been deployed. We found that the tested charging station does not implement even simple security measures, such as IEEE 802.11w, that can protect the communication from denial-ofservice attacks. Finally, we discuss potential countermeasures, and give recommendations to improve the security and increase the resilience of wireless charging.

PDF Publication DOI

Cite

WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch

Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic.

Proc. 7th IEEE European Symposium on Security and Privacy (EuroS&P). 2022.

Cite

WatchAuth: user authentication and intent recognition in mobile payments using a smartwatch

Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic.

Proc. 7th IEEE European Symposium on Security and Privacy (IEEE 2022). 2022.

Abstract:

In this paper, we show that the tap gesture, performed when a user ‘taps’ a smartwatch onto an NFC-enabled terminal to make a payment, is a biometric capable of implicitly authenticating the user and simultaneously recognising intent-to-pay. The proposed system can be deployed purely in software on the watch without requiring updates to payment terminals. It is agnostic to terminal type and position and the intent recognition portion does not require any training data from the user. To validate the system, we conduct a user study (n=16) to collect wrist motion data from users as they interact with payment terminals and to collect long-term data from a subset of them (n=9) as they perform daily activities. Based on this data, we identify optimum gesture parameters and develop authentication and intent recognition models, for which we achieve EERs of 0.08 and 0.04, respectively.

PDF Publication DOI

Cite

Biometric identification system based on object interactions in Internet of Things environments

Klaudia Krawiecka, Simon Birnbach, Simon Eberz, Ivan Martinovic.

Proc. IEEE Workshop on the Internet of Safe Things: SafeThings 2022. 2022.

Abstract:

Attributing interactions with Internet of Things (IoT) devices to specific users in smart environments is extremely important as it enables personalized configurations and access control. This requirement is particularly stringent when it comes to parental control measures designed to protect children from contact with dangerous machinery or viewing materials that are inappropriate for their age. To this end, we show that naturally occurring interactions with objects in smart environments can be used as a behavioral biometric in order to identify users. The heterogeneous nature of smart devices enables the collection of a wide variety of inputs from such interactions. In addition, this system model allows for seamless identification, without the need for active user participation or rearrangement of the IoT devices. We conduct a remote study taking place in six households composed of 25 participants. We demonstrate that our system can identify users in multi-user environments with an average accuracy of at least 91% for a single object interaction without requiring any sensors on the object itself. This accuracy rises to 100% when six or more consecutive interactions are considered.

Publication

Cite

Security and Privacy Issues of Satellite Communication in the Aviation Domain

Georg Baselt, Martin Strohmeier, James Pavur, Vincent Lenders, Ivan Martinovic.

Cyber Conflict (CYCON), 2022 14th International Conference on. May 2022.

Cite

Common Evaluation Pitfalls in Touch-Based Authentication Systems

Martin Georgiev, Simon Eberz, Henry Turner, Giulio Lovisotto, Ivan Martinovic.

Proc. 2022 ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2022). 2022.

Abstract:

In this paper, we investigate common pitfalls affecting the evaluation of authentication systems based on touch dynamics. We consider different factors that lead to misrepresented performance, are incompatible with stated system and threat models or impede reproducibility and comparability with previous work. Specifically, we investigate the effects of (i) small sample sizes (both number of users and recording sessions), (ii) using different phone models in training data, (iii) selecting non-contiguous training data, (iv) inserting attacker samples in training data and (v) swipe aggregation. We perform a systematic review of 30 touch dynamics papers showing that all of them overlook at least one of these pitfalls. To quantify each pitfall's effect, we design a set of experiments and collect a new longitudinal dataset of touch dynamics from 470 users over 31 days comprised of 1,166,092 unique swipes. We make this dataset and our code available online. Our results show significant percentage-point changes in reported mean EER for several pitfalls: including attacker data (2.55%), non-contiguous training data (3.8%), phone model mixing (3.2%-5.8%). We show that, in a common evaluation setting, cumulative effects of these evaluation choices result in a combined difference of 8.9% EER. We also largely observe these effects across the entire ROC curve. Furthermore, we validate the pitfalls on four distinct classifiers - SVM, Random Forest, Neural Network, and kNN. Based on these insights, we propose a set of best practices that, if followed, will lead to more realistic and comparable reporting of results in the field.

PDF Publication DOI

Cite

99% false positives: A qualitative study of SOC analysts' perspectives on security alarms

Bushra AlAhmadi, Louise Axon, Ivan Martinovic.

Proc. 31st USENIX Security Symposium. 2022.

Abstract:

In this work, we focus on the prevalence of False Positive (FP) alarms produced by security tools, and Security Operation Centers (SOCs) practitioners' perception of their quality. In an online survey we conducted with security practitioners (n = 20) working in SOCs, practitioners confirmed the high FP rates of the tools used, requiring manual validation. With these findings in mind, we conducted a broader, discovery-orientated, qualitative investigation with security practitioners (n = 21) of the limitations of security tools, particularly their alarms' quality and validity. Our results highlight that, despite the perceived volume of FPs, most are attributed to benign triggers---true alarms, explained by legitimate behavior in the organization's environment, which analysts may choose to ignore. To properly evaluate security tools' adequacy and performance, it is critical that vendors and researchers are able make such distinctions between types of FP. Alarm validation is a tedious task that can cause alarm burnout and eventually desensitization. Therefore, we investigated the process of alarm validation in SOCs, identifying factors that may influence the outcome of this process. To improve security alarm quality, we elicit five properties (Reliable, Explainable, Analytical, Contextual, Transferable) required to foster effective and quick validation of alarms. Incorporating these requirements in future tools will not only reduce alarm burnout but improve SOC analysts' decision-making process by generating interpretable and meaningful alarms that enable prompt reaction.

PDF Publication

Cite

Signal injection attacks against CCD image sensors

Sebastian Kohler, Richard Baker, Ivan Martinovic.

Proc. 2022 ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2022). 2022.

PDF

Cite

Inferring User Height and Improving Impersonation Attacks in Mobile Payments using a Smartwatch

Jack Sturgess, Simon Eberz, Ivo Sluganovic, Ivan Martinovic.

Proc. WristSense 2022: Workshop on Sensing Systems and Applications Using Wrist Worn Smart Devices. 2022.

Cite

On detecting deception in space situational awareness

James Pavur, Ivan Martinovic.

Proc. 16th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2021). 2021.

PDF Publication DOI

Cite

#PrettyFlyForAWiFi: real-world detection of privacy invasion attacks by drones

Simon Birnbach, Richard Baker, Simon Eberz, Ivan Martinovic.

ACM Transactions on Privacy and Security. 2021.

PDF Publication DOI

Cite

Plug-and-play: Framework for remote experimentation in cyber security

Klaudia Krawiecka, Jack Sturgess, Alina Petrova, Ivan Martinovic.

Proc. 2021 European Symposium on Usable Security (EuroUSEC 2021). 2021.

PDF Publication DOI

Cite

They see me rollin': inherent vulnerability of the rolling shutter in CMOS image sensors

Sebastian Köhler, Giulio Lovisotto, Simon Birnbach, Richard Baker, Ivan Martinovic.

Proc. Annual Computer Security Applications Conference (ACSAC 2021). 2021.

PDF Publication DOI

Cite

Haunted house: physical smart home event verification in the presence of compromised sensors

Simon Birnbach, Simon Eberz, Ivan Martinovic.

ACM Transactions on Internet of Things. 2021.

PDF Publication

Cite

Generating identities with mixture models for speaker anonymization

Henry Turner, Giulio Lovisotto, Ivan Martinovic.

Computer Speech and Language 72. 2021.

PDF Publication DOI

Cite

QPEP: An Actionable Approach to Secure and Performant Broadband From Geostationary Orbit

James Pavur, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

The Network and Distributed System Security Symposium (NDSS). February 2021.

PDF Video Publication

Cite

In the Same Boat: On Small Satellites, Big Rockets, and Cyber-Trust

James Pavur, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

13th International Conference on Cyber Conflict (CyCon). May 2021.

PDF Publication DOI

Cite

Studying Neutrality in Cyber-Space: A Comparative Geographical Analysis of Honeypot Responses

Martin Strohmeier, James Pavur, Ivan Martinovic, Vincent Lenders.

International Conference on Critical Information Infrastructures Security. September 2021.

PDF Publication DOI

Cite

OpenSky Report 2021: Insights on ADS-B Mandate and Fleet Deployment in Times of Crisis

Junzi Sun, Xavier Olive, Martin Strohmeier, Matthias Schäfer, Ivan Martinovic, Vincent Lenders.

2021 IEEE/AIAA 40th Digital Avionics Systems Conference (DASC). October 2021.

PDF Publication DOI

Cite

MalPhase: Fine-Grained Malware Detection Using Network Flow Data

Michal Piskozub, Fabio De Gaspari, Freddie Barr-Smith, Luigi Mancini, Ivan Martinovic.

Proceedings of the 16th ACM Asia Conference on Computer and Communications Security. 2021.

PDF

Cite

Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land

Frederick Barr-Smith, Xabier Ugarte-Pedrero, Mariano Graziano, Riccardo Spolaor, Ivan Martinovic.

2021 IEEE Symposium on Security and Privacy (SP). 2021.

PDF Video Github

Cite

You talkin' to me? Exploring Practical Attacks on Controller Pilot Data Link Communications

Joshua Smailes, Daniel Moser, Matthew Smith, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

Proceedings of the 7th ACM Cyber-Physical System Security Workshop (CPSS 2021). June 2021.

Cite

Classi-Fly: Inferring Aircraft Categories from Open Data

Martin Strohmeier, Matthew Smith, Vincent Lenders, Ivan Martinovic.

ACM Transactions on Intelligent Systems and Technology (TIST). December 2021.

Abstract:

In recent years, air traffic communication data has become easy to access, enabling novel research in many fields. Exploiting this new data source, a wide range of applications have emerged, from weather forecasting to stock market prediction, or the collection of intelligence about military and government movements. Typically, these applications require knowledge about the metadata of the aircraft, specifically its operator and the aircraft category. armasuisse Science + Technology, the R&D agency for the Swiss Armed Forces, has been developing Classi-Fly, a novel approach to obtain metadata about aircraft based on their movement patterns. We validate Classi-Fly using several hundred thousand flights collected through open source means, in conjunction with ground truth from publicly available aircraft registries containing more than 2 million aircraft. We show that we can obtain the correct aircraft category with an accuracy of greater than 88%. In cases, where no metadata is available, this approach can be used to create the data necessary for applications working with air traffic communication. Finally, we show that it is feasible to automatically detect particular sensitive aircraft such as police and surveillance aircraft using this method.

PDF Publication DOI

Cite

SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations

Giulio Lovisotto, Henry Turner, Ivo Sluganovic, Martin Strohmeier, Ivan Martinovic.

30th USENIX Security Symposium (USENIX Security 21). August 2021.

PDF Publication

Cite

Understanding Realistic Attacks on Airborne Collision Avoidance Systems

Matthew Smith, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

arXiv preprint arXiv:2010.01034. 2020.

Abstract:

Airborne collision avoidance systems provide an onboard safety net should normal air traffic control procedures fail to keep aircraft separated. These systems are widely deployed and have been constantly refined over the past three decades, usually in response to near misses or mid-air collisions. Recent years have seen security research increasingly focus on aviation, identifying that key wireless links---some of which are used in collision avoidance---are vulnerable to attack. In this paper, we go one step further to understand whether an attacker can remotely trigger false collision avoidance alarms. Primarily considering the next-generation Airborne Collision Avoidance System X (ACAS X), we adopt a modelling approach to extract attacker constraints from technical standards before simulating collision avoidance attacks against standardized ACAS X code. We find that in 44% of cases, an attacker can successfully trigger a collision avoidance alert which on average results in a 590 ft altitude deviation; when the aircraft is at lower altitudes, this success rate rises considerably to 79%. Furthermore, we show how our simulation approach can be used to help defend against attacks by identifying where attackers are most likely to be successful.

PDF Publication

Cite

Biometric Backdoors: A Poisoning Attack Against Unsupervised Template Updating

Giulio Lovisotto, Simon Eberz, Ivan Martinovic.

2020 IEEE European Symposium on Security and Privacy (EuroS&P). September 2020.

PDF Video Publication

Cite

Seeing Red: PPG Biometrics Using Smartphone Cameras

Giulio Lovisotto, Henry Turner, Simon Eberz, Ivan Martinovic.

IEEE 15th Computer Society Workshop on Biometrics. June 2020.

PDF Publication

Cite

A Tale of Sea and Sky: On the Security of Maritime VSAT Communications

James Pavur, Daniel Moser, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

2020 IEEE Symposium on Security and Privacy (S&P). May 2020.

PDF Publication

Cite

A View from the Cockpit: Exploring Pilot Reactions to Attacks on Avionic Systems

Matthew Smith, Martin Strohmeier, Jon Harman, Vincent Lenders, Ivan Martinovic.

The Network and Distributed System Security Symposium (NDSS). February 2020.

PDF Video Publication DOI

Cite

Peeves: Physical Event Verification in Smart Homes

Simon Birnbach, Simon Eberz, Ivan Martinovic.

Proceedings of the 2019 ACM Conference on Computer and Communications Security (CCS). 2019.

PDF Publication

Cite

Losing the Car Keys: Wireless PHY-Layer Insecurity in EV Charging

Richard Baker, Ivan Martinovic.

28th USENIX Security Symposium (USENIX Security 19). 2019.

PDF Video Publication

Cite

Attacking Speaker Recognition Systems with Phoneme Morphing

Henry Turner, Giulio Lovisotto, Ivan Martinovic.

European Symposium on Research in Computer Security (ESORICS). 2019.

PDF Github Publication

Cite

28 Blinks Later: Tackling Practical Challenges of Eye Movement Biometrics

Simon Eberz, Giulio Lovisotto, Kasper B Rasmussen, Vincent Lenders, Ivan Martinovic.

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019.

PDF Publication

Cite

Classi-Fly: Inferring Aircraft Categories from Open Data

Martin Strohmeier, Matthew Smith, Vincent Lenders, Ivan Martinovic.

arXiv preprint arXiv:1908.01061. August 2019.

PDF

Cite

OpenSky Report 2019: Analysing TCAS in the Real World using Big Data

Matthias Schäfer, Xavier Olive, Martin Strohmeier, Matthew Smith, Ivan Martinovic, Vincent Lenders.

2019 IEEE/AIAA 38th Digital Avionics Systems Conference (DASC). September 2019.

PDF Publication

Cite

On the Applicability of Satellite-based Air Traffic Control Communication for Security

Martin Strohmeier, Daniel Moser, Matthias Schäfer, Vincent Lenders, Ivan Martinovic.

IEEE Communications Magazine. September 2019.

Github Publication

Cite

Safety vs. Security: Attacking Avionic Systems with Humans in the Loop

Matthew Smith, Martin Strohmeier, Jon Harman, Vincent Lenders, Ivan Martinovic.

arXiv preprint arXiv:1905.08039. May 2019.

PDF

Cite

EMPower: Detecting Malicious Power Line Networks from EM Emissions

Richard Baker, Ivan Martinovic.

IFIP International Conference on ICT Systems Security and Privacy Protection. 2018.

PDF Publication

Cite

When your fitness tracker betrays you: Quantifying the predictability of biometric features across contexts

Simon Eberz, Giulio Lovisotto, Andrea Patane, Marta Kwiatkowska, Vincent Lenders, Ivan Martinovic.

2018 IEEE Symposium on Security and Privacy (SP). 2018.

PDF Publication

Cite

OpenSky Report 2018: Assessing the Integrity of Crowdsourced Mode S and ADS-B Data

Matthias Schäfer, Martin Strohmeier, Matthew Smith, Markus Fuchs, Vincent Lenders, Ivan Martinovic.

Digital Avionics Systems Conference (DASC), 2018 IEEE/AIAA 37th. September 2018.

PDF Publication

Cite

Undermining Privacy in the Aircraft Communications Addressing and Reporting System (ACARS)

Matthew Smith, Daniel Moser, Martin Strohmeier, Ivan Martinovic, Vincent Lenders.

18th Privacy Enhancing Technologies Symposium (PETS 2018). July 2018.

PDF Publication

Cite

Utilizing Air Traffic Communications for OSINT on State and Government Aircraft

Martin Strohmeier, Matthew Smith, Daniel Moser, Matthias Schäfer, Vincent Lenders, Ivan Martinovic.

Cyber Conflict (CYCON), 2018 10th International Conference on. May 2018.

PDF Publication

Cite

Snoopy: Sniffing Your Smartwatches Passwords via Deep Sequence Learning

Chris Xiaoxuan Lu, Bowen Du, Hongkai Wen, Sen Wang, Andrew Markham, Ivan Martinovic, Yiran Shen, Niki Trigoni.

ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp). 2018.

Cite

The Real First Class? Inferring Confidential Corporate Mergers and Government Relations from Air Traffic Communication

Martin Strohmeier, Matthew Smith, Vincent Lenders, Ivan Martinovic.

IEEE European Symposium on Security and Privacy (EuroS&P) 2018. April 2018.

Cite

A k-NN-based Localization Approach for Crowdsourced Air Traffic Communication Networks

Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

IEEE Transactions on Aerospace and Electronic Systems. June 2018.

Cite

Wi-Fly?: Detecting Privacy Invasion Attacks by Consumer Drones

Simon Birnbach, Richard Baker, Ivan Martinovic.

Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS). 2017.

Cite

HoloPair: Securing Shared Augmented Reality Using Microsoft HoloLens

Ivo Sluganovic, Matej Serbec, Ante Derek, Ivan Martinovic.

Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). December 2017.

Cite

Mobile Biometrics in Financial Services: A Five Factor Framework

Giulio Lovisotto, Raghav Malik, Ivo Sluganovic, Marc Roeschlin, Paul Trueman, Ivan Martinovic.

University of Oxford. 2017.

Cite

Economy Class Crypto: Exploring Weak Cipher Usage in Avionic Communications via ACARS

Matthew Smith, Daniel Moser, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

International Conference on Financial Cryptography and Data Security 2017. April 2017.

Cite

Crowdsourcing Security for Wireless Air Traffic Communications

Martin Strohmeier, Matthew Smith, Matthias Schäfer, Vincent Lenders, Ivan Martinovic.

Cyber Conflict (CYCON), 2017 9th International Conference on. May 2017.

Cite

On Perception and Reality in Wireless Air Traffic Communication Security

Martin Strohmeier, Matthias Schäfer, Rui Pinheiro, Vincent Lenders, Ivan Martinovic.

IEEE Transactions on Intelligent Transportation Systems. June 2017.

Cite

Analyzing Privacy Breaches in the Aircraft Communications Addressing and Reporting System (ACARS)

Matthew Smith, Daniel Moser, Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

ArXiv e-prints. May 2017.

Cite

Exposing Transmitters in Mobile Multi-Agent Games

Ben-Adar Bessos, Mai, Simon Birnbach, Amir Herzberg, Ivan Martinovic.

Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC). 2016.

Cite

Secure location verification with a mobile receiver

Richard Baker, Ivan Martinovic.

Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy. 2016.

Cite

OpenSky Report 2016: Facts and Figures on SSR Mode S and ADS-B Usage

Matthias Schäfer, Martin Strohmeier, Matthew Smith, Markus Fuchs, Rui Pinheiro, Vincent Lenders, Ivan Martinovic.

Digital Avionics Systems Conference (DASC), 2016 IEEE/AIAA 35th. September 2016.

Cite

Assessing the Impact of Aviation Security on Cyber Power

Martin Strohmeier, Matthew Smith, Matthias Schäfer, Vincent Lenders, Ivan Martinovic.

Cyber Conflict (CYCON), 2016 8th International Conference on. May 2016.

Cite

Looks Like Eve: Exposing Insider Threats Using Eye Movement Biometrics

Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, Ivan Martinovic.

ACM Transactions on Privacy and Security. June 2016.

Cite

On the Security of the Automatic Dependent Surveillance-Broadcast Protocol

Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

IEEE Communications Surveys & Tutorials. 2015.

Cite

Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics

Simon Eberz, Kasper B. Rasmussen, Vincent Lenders, Ivan Martinovic.

The Network and Distributed System Security Symposium (NDSS). February 2015.

Cite

Gaining Insight on Friendly Jamming in a Real-world IEEE 802.11 Network

Daniel S. Berger, Francesco Gringoli, Nicolò Facchi, Ivan Martinovic, Jens Schmitt.

Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks. 2014.

Cite

Authentication Using Pulse-Response Biometrics

Kasper Bonne Rasmussen, Marc Roeschlin, Ivan Martinovic, Gene Tsudik.

The Network and Distributed System Security Symposium (NDSS). February 2014.

Cite

Realities and Challenges of NextGen Air Traffic Management: The Case of ADS-B

Martin Strohmeier, Matthias Schäfer, Vincent Lenders, Ivan Martinovic.

Communications Magazine, IEEE. 2014.

Cite

Bringing Up OpenSky: A Large-scale ADS-B Sensor Network for Research

Matthias Schäfer, Martin Strohmeier, Vincent Lenders, Ivan Martinovic, Matthias Wilhelm.

ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN). April 2014.

Cite

SAFE: Secure Authentication with Face and Eyes

Arman Boehm, Dongqu Chen, Mario Frank, Ling Huang, Cynthia Kuo, Tihomir Lolic, Ivan Martinovic, Dawn Song.

Proceedings of the 2013 International Conference on Privacy and Security in Mobile Systems (successor of MobiSec). Proceedings in preparation.. 2013.

Cite

Experimental Analysis of Attacks on Next Generation Air Traffic Communication

Matthias Schäfer, Vincent Lenders, Ivan Martinovic.

Applied Cryptography and Network Security (ACNS’13). 2013.

Cite

Touchalytics: On the Applicability of Touchscreen Input as a Behavioural Biometric for Continuous Authentication

Mario Frank, Ralf Biedert, Eugene Ma, Ivan Martinovic, Dawn Song.

IEEE Transactions on Information Forensics and Security. January 2013.

Cite

Secure Key Generation in Sensor Networks Based on Frequency-selective Channels

Matthias Wilhelm, Ivan Martinovic, Jens Schmitt.

IEEE Journal on Selected Areas in Communications (JSAC) - Signal Processing Techniques for Wireless Physical Layer Security. September 2013.

Cite

Security of ADS-B: State of the Art and Beyond

Martin Strohmeier, Vincent Lenders, Ivan Martinovic.

DCS. 2013.

Cite

Stimuli for Gaze Based Intrusion Detection

Ralf Biedert, Mario Frank, Ivan Martinovic, Dawn Song.

Future Information Technology, Application, and Service. July 2012.

Cite

On the Feasibility of Side-channel Attacks with Brain-computer Interfaces

Ivan Martinovic, Doug Davies, Mario Frank, Daniele Perito, Tomas Ros, Dawn Song.

Proceedings of the 21st USENIX Conference on Security Symposium. August 2012.

Cite

A Practical Man-In-The-Middle Attack on Signal-Based Key Generation Protocols

Simon Eberz, Martin Strohmeier, Matthias Wilhelm, Ivan Martinovic.

17th European Symposium on Research in Computer Security (ESORICS). September 2012.

Cite

Pay Bursts Only Once Holds for (Some) Non-FIFO Systems

Jens B. Schmitt, Nicos Gollan, Steffen Bondorf, Ivan Martinovic.

The 30th IEEE International Conference on Computer Communications (INFOCOM 2011). April 2011.

Cite

Reactive Jamming in Wireless Networks: How Realistic is the Threat?

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, Vincent Lenders.

Proceedings of the Fourth ACM Conference on Wireless Network Security (WiSec '11). June 2011.

Cite

WiFire: A Firewall for Wireless Networks

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, Vincent Lenders.

Proceedings of the ACM SIGCOMM 2011 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM '11). August 2011.

Cite

WiSec 2011 Demo: RFReact—A Real-time Capable and Channel-aware Jamming Platform

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, Vincent Lenders.

SIGMOBILE Mobile Computing and Communications Review. November 2011.

Cite

Secret Keys from Entangled Sensor Motes: Implementation and Analysis

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt.

Proceedings of the Third ACM Conference on Wireless Network Security (WiSec '10). March 2010.

Cite

Experiental Design and Analysis of Transmission Properties in an Indoor Wireless Sensor Network

Dennis Christmann, Ivan Martinovic.

Proceedings of the 6th International Workshop on Wireless Network Measurements (WiNMee), in conjunction with WiOpt 2010. May 2010.

Cite

Key Generation in Wireless Sensor Networks Based on Frequency-selective Channels: Design, Implementation, and Analysis

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt.

ArXiv.org. May 2010.

Cite

SUDOKU: Secure and Usable Deployment of Keys on Wireless Sensors

Matthias Wilhelm, Ivan Martinovic, Ersin Uzun, Jens B. Schmitt.

Proceedings of the 6th Annual Workshop on Secure Network Protocols (NPSec '10). October 2010.

Cite

Pay Bursts Only Once Holds for (Some) Non-FIFO Systems

Jens Schmitt, Nicos Gollan, Steffen Bondorf, Ivan Martinovic.

University of Kaiserslautern, Germany. July 2010.

Cite

AmbiSec: Securing Smart Spaces Using Entropy Harvesting

Paolo Barsocchi, Stefano Chessa, Ivan Martinovic, Gabriele Oligeri.

Proceedings of the First International Joint Conference on Ambient Intelligence (AmI-10). November 2010.

Cite

A Self-Adversarial Approach to Delay Analysis under Arbitrary Scheduling

Jens Schmitt, Hao Wang, Ivan Martinovic.

Proceedings of 4th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2010). October 2010.

Cite

Analysis of Transmission Properties in an Indoor Wireless Sensor Network Based on a Full-Factorial Design

Dennis Christmann, Ivan Martinovic, Jens B. Schmitt.

Special Issue on Wireless Sensor Networks - Designing for Real-world Deployment and Deployment Experiences, Measurement Science and Technology, Institute of Physics. December 2010.

Cite

AmICA – A flexible, compact, easy-to-program, and low-power WSN platform

Sebastian Wille, Norbert Wehn, Ivan Martinovic, Simon Kunz, Peter Göhner.

Proceedings of 7th International Conference on Mobile and Ubiquitous Systems (Mobiqutious). December 2010.

Cite

Dynamic Demultiplexing in Network Calculus – Theory and Application

Jens B. Schmitt, Hao Wang, Ivan Martinovic.

Performance Evaluation, Elsevier. December 2010.

Cite

Chaotic Communication Improves Authentication: Protecting WSNs Against Injection Attacks

Ivan Martinovic, Luc Cappellaro, Nicos Gollan, Jens B. Schmitt.

Security and Communication Networks, Special Issue on Security in Wireless Sensor Networks, Wiley. March 2009.

Cite

A New Service Curve Model to Deal with Non-FIFO Systems

Jens B. Schmitt, Nicos Gollan, Ivan Martinovic.

16. ITG/GI - Fachtagung Kommunikation in Verteilten Systemen (KiVS) 2009, Kassel, Germany. March 2009.

Cite

Turning The Tables: Using Wireless Communication Against An Attacker

Ivan Martinovic, Jens B. Schmitt.

16. ITG/GI - Fachtagung Kommunikation in Verteilten Systemen (KiVS) 2009, Kassel, Germany. March 2009.

Cite

Jamming for Good: A Fresh Approach to Authentic Communication in WSNs

Ivan Martinovic, Paul Pichota, Jens B. Schmitt.

Proceedings of the ACM Conference on Wireless Network Security (WiSec 2009). March 2009.

Cite

Bringing law and order to IEEE 802.11 networks – A case for DiscoSec

Ivan Martinovic, Paul Pichota, Matthias Wilhelm, Frank A. Zdarsky, Jens B. Schmitt.

Pervasive and Mobile Computing (PMC). 2009.

Cite

On Key Agreement in Wireless Sensor Networks based on Radio Transmission Properties

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt.

Proceedings of the 5th Annual Workshop on Secure Network Protocols (NPSec '09). October 2009.

Cite

Light-weight Key Generation based on Physical Properties of Wireless Channels

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt.

Proceedings of the 11. Kryptotag der Gesellschaft f\"ur Informatik e.V.. November 2009.

Cite

Security by Wireless or Why Play Fairer than the Attacker?

Ivan Martinovic.

Proceedings of the 5th ACM SIGCOMM Asian Internet Engineering Conference (AINTEC) 2009. November 2009.

Cite

Demultiplexing in Network Calculus - A Stochastic Scaling Approach

Jens B. Schmitt, Ivan Martinovic.

Proceedings of the 6th International Conference on Quantitative Evaluation of SysTems (QEST) 2009. September 2009.

Cite

Security in IEEE 802.11-based UMA Networks

Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, Jens B. Schmitt.

Unlicensed Mobile Access Technology: Protocols, Architectures, Security, Standards and Applications. 2008.

Cite

Radio Resource Management in IEEE 802.11-based UMA Networks

Frank A. Zdarsky, Ivan Martinovic.

Unlicensed Mobile Access Technology: Protocols, Architectures, Security, Standards and Applications. 2008.

Cite

Wireless Client Puzzles in IEEE 802.11 Networks: Security by Wireless

Ivan Martinovic, Frank A. Zdarsky, Matthias Wilhelm, Christian Wegmann, Jens B. Schmitt.

Proceedings of the ACM Conference on Wireless Network Security (WiSec '08). March 2008.

Cite

The DISCO Network Calculator

Nicos Gollan, Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

14th GI/ITG Conference on Measurement, Modeling, and Evaluation of Computer and Communication Systems (MMB 2008). March 2008.

Cite

Improving Performance Bounds in Feed-Forward Networks by Paying Multiplexing Only Once

Jens B. Schmitt, Frank A. Zdarsky, Ivan Martinovic.

14th GI/ITG Conference on Measurement, Modeling, and Evaluation of Computer and Communication Systems (MMB 2008). March 2008.

Cite

Design, Implementation, and Performance Analysis of DiscoSec – Service Pack for Securing WLANs

Ivan Martinovic, Paul Pichota, Matthias Wilhelm, Frank A. Zdarsky, Jens B. Schmitt.

9th IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WOWMOM 2008). June 2008.

Cite

Firewalling Wireless Sensor Networks: Security by Wireless

Ivan Martinovic, Nicos Gollan, Jens B. Schmitt.

Proceedings of the 33rd IEEE Conference on Local Computer Networks (LCN): Workshop on Practical Issues in Building Sensor Network Applications (SenseApp 2008). October 2008.

Cite

Enabling Authentic Transmissions in WSNs – Turning Jamming against the Attacker

Adam Bachorek, Ivan Martinovic, Jens B. Schmitt.

Proceedings of the IEEE ICNP 4th Annual Workshop on Secure Network Protocols (NPSec 2008). October 2008.

Cite

End-to-End Worst-Case Analysis of Non-FIFO Systems

Jens B. Schmitt, Nicos Gollan, Ivan Martinovic.

University of Kaiserslautern, Germany. August 2008.

Cite

Phishing in the Wireless: Implementation and Analysis

Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, Christian Jung, Jens B. Schmitt.

Proceedings of the 22nd IFIP International Information Security Conference (SEC 2007), Johannesburg, South Africa. May 2007.

Cite

Measurement and Analysis of Handover Latencies in IEEE 802.11i Secured Networks

Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, Jens B. Schmitt.

Proceedings of the 13th European Wireless Conference (EW2007), Paris, France. April 2007.

Cite

Regional-based Authentication Against DoS Attacks in Wireless Networks

Ivan Martinovic, Frank A. Zdarsky, Jens B. Schmitt.

Proceedings of the 3rd ACM International Workshop on Quality of Service & Security for Wireless and Mobile Networks (in conjunction with ACM/IEEE MSWiM'07). October 2007.

Cite

Minimizing Contention through Cooperation between Densely-Deployed Wireless LANs

Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

Wireless Networks, Springer. September 2007.

Cite

Performance Bounds in Feed-Forward Networks under Blind Multiplexing

Jens B. Schmitt, Frank A. Zdarsky, Ivan Martinovic.

University of Kaiserslautern, Germany. April 2006.

Cite

On the Way to IEEE 802.11 DoS Resilience

Ivan Martinovic, Frank A. Zdarsky, Jens B. Schmitt.

Proceedings of IFIP NETWORKING 2006, Workshop on Security and Privacy in Mobile and Wireless Networking, Coimbra, Portugal. May 2006.

Cite

The Case for Virtualized Wireless Access Networks

Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

Proceedings of the International Workshop on Self-Organizing Systems (IWSOS 2006), Passau, Germany. September 2006.

Cite

Self-Protection in P2P Networks: Choosing the Right Neighbourhood

Ivan Martinovic, Christof Leng, Frank A. Zdarsky, Andreas Mauthe, Ralf Steinmetz, Jens B. Schmitt.

Proceedings of the International Workshop on Self-Organizing Systems (IWSOS 2006), Passau, Germany. September 2006.

Cite

On Self-coordination in Wireless Community Networks

Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

Proceedings of the 11th IFIP International Conference on Personal Wireless Communications (PWC'06), Albacete, Spain. September 2006.

Cite

Introduction of IEEE 802.11i and Measuring its Security vs. Performance Tradeoff

Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, Jens B. Schmitt.

University of Kaiserslautern, Germany. October 2006.

Cite

Phishing in the Wireless: Implementation and Analysis

Ivan Martinovic, Frank A. Zdarsky, Adam Bachorek, Christan Jung, Jens B. Schmitt.

University of Kaiserslautern, Germany. October 2006.

Cite

Self-Coordination Mechanisms for Wireless Community Networks

Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

University of Kaiserslautern, Germany. July 2005.

Cite

Lower Bounds for Contention in CSMA/CA-based Wireless LANs

Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

University of Kaiserslautern, Germany. July 2005.

Cite

On Lower Bounds for MAC Layer Contention in CSMA/CA-Based Wireless Networks

Frank A. Zdarsky, Ivan Martinovic, Jens B. Schmitt.

3rd ACM/SIGMOBILE International Workshop on Foundations of Mobile Computing (DIALM-POMC'05). September 2005.

Cite

Digital Heritage Application as an Edutainment Tool

Meehae Song, Thomas Elias, Ivan Martinovic, Wolfgang Müller-Wittig, Tony K.Y. Chan.

Proceedings of the ACM SIGGRAPH International Conference on Virtual Reality Continuum and its Applications in Industry. June 2004.

Cite

A Survey on Dependable Routing in Sensor Networks, Ad hoc Networks, and Cellular Networks

Matthias Hollick, Ivan Martinovic, Tronje Krop, Ivica Rimac.

Proceedings of the 30th IEEE EUROMICRO Conference, Rennes, France. September 2004.

Cite

Trust and Context: Complementary Concepts for Creating Spontaneous Networks and Intelligent Applications

Ivan Martinovic, Manuel Goertz, Ralf Ackermann, Andreas Mauthe, Ralf Steinmetz.

Proceedings of SoftCOM'04, International Conference on Software, Telecommunications and Computer Networks, Croatia. October 2004.

Cite

Web Services zur Unterstützung flexibler Geschäftsprozesse in der Finanzwirtschaft

Ralf Steinmetz, Rainer Berbner, Ivan Martinovic.

Handbuch Industrialisierung der Finanzwirtschaft. December 2004.

Cite

User-Centred Virtual Avatars in Real-time

Meehae Song, Thomas Elias, Ivan Martinovic, Wolfgang Müller-Wittig, Tony K.Y. Chan.

Proceedings of the 9th International Conference on Virtual Systems and Multimedia (VSMM 2003), Montreal, Canada. October 2003.

Cite

Publications

Contact us