Prof. Dr. Ing. Ahmad-Reza Sadeghi

Professor - System Security Lab

Mornewegstrasse 32
D-64293 Darmstadt
GERMANY

Room:4.1.06
Tel:+49 (0)6151 16 - 25328
Email:

ahmad.sadeghi(a-t)trust.tu-darmstadt.de  PGP-Key  S/MIME Certificate

Website:http://​trust.​tu-darmstadt.​de

 

 

Short CV

Ahmad-Reza Sadeghi is a full Professor of Computer Science at the Technische Universität Darmstadt, in Germany, where he heads the System Security Lab.  Since January 2012 he is also the Director of Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU Darmstadt. He is a member of the profile area CYSEC of TU Darmstadt.

He received his PhD in Computer Science with the focus on privacy protecting cryptographic protocols and systems from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericson Telecommunications.  He has been leading and involved in a variety of national and international research and development projects on design and implementation of Trustworthy Computing Platforms and Trusted Computing, Security Hardware, and Applied Cryptography. He has been serving as general or program chair as well as program committee member of major conferences and workshops in Information Security and Privacy. He is Editor-In-Chief of IEEE Security and Privacy Magazine, and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and was guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust).

Prof. Sadeghi has been awarded with the renowned German prize “Karl Heinz Beckurts” for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany. Further, his group received German IT Security Competition Award 2010. 

 

Book: Towards Hardware-Intrinsic Security 

"This book will prove to be very interesting for professionals in the hardware security field. It covers almost every aspect of this area, with excellent papers written by experts."

Javier Castillo, ACM Computing Reviews, June 2011

Academic Activities

 

ACM Books, Area Editor (Security and Privacy)

General Chair

  • ACM Conference on Computer and Communications Security (ACM CCS) 2013
  • International Conference on Trust and Trustworthy Computing (TRUST) 2010

Program (Co-) Chair

  • Financial Cryptography and Data Security (FC) 2013
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2013
  • International Conference on Cryptology and Network Security (CANS) 2012
  • International Workshop on Trustworthy Embedded Devices (TrustED) 2012
  • SecureCloud 2012
  • ACM Workshop on Digital Rights Management (ACM DRM) 2011
  • ACM Workshop on Scalable Trusted Computing (ACM STC) 2011
  • International Conference on Trust and Trustworthy Computing (TRUST) 2011

Program Committee

  • IEEE Workshop on Mobile Security Technologies (MoST), co-located with IEEE S&P, 2013
  • IEEE Symposium on Security & Privacy (IEEE S&P) 2013
  • ACM Conference on Computer and Communications Security (ACM CCS) 2012
  • Network & Distributed System Security Symposium (NDSS) 2013, 2012
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec) 2012
  • European Symposium on Research in Computer Security (ESORICS) 2013, 2012, 2011
  • ACM Symposium on Information, Computer and Communications Security (AsiaCCS) 2013, 2012
  • ACM Conference on Data and Application Security and Privacy (CODASPY) 2013
  • ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (ACM SPSM) 2012
  • ACM Cloud Computing Security Workshop (ACM CCSW) 2012
  • Workshop on RFID Security and Privacy (RFIDSec) 2012
  • Conference on Privacy, Security and Trust (PST) 2012
  • ACM SIGHIT International Health Informatics Symposium (IHI) 2012
  • IEEE International Workshop on Information Forensics and Security (WIFS) 2012
  • IEEE Symposium on Hardware-Oriented Security and Trust (HOST) 2012, 2009
  • Information Hiding Conference (IH) 2012, 2011
  • International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM) 2012, 2011
  • International Multidisciplinary Privacy Award (CPDP MPA) 2012, 2011
  • Smart Card Research and Advanced Application Conference (CARDIS) 2012
  • Financial Cryptography and Data Security (FC) 2011, 2006, 2005
  • Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2011, 2005
  • International Conference on Applied Cryptography and Network Security (ACNS) 2011, 2010
  • International Conference on Information Security and Cryptology (ISISC) 2011
  • Computer & Electronics Security Applications Rendez-vous (C&ESAR) 2011
  • International Conference on Network and System Security (NSS) 2011
  • International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2011
  • International Conference on Trusted Systems (INTRUST) 2011, 2010, 2009
  • International Workshop on Trustworthy Embedded Devices (TrustED) 2011
  • Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications (LightSec) 2011
  • Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS) 2011, 2010
  • Workshop on Secure Data Management (SDM) 2011
  • International Conference on E-voting and Identity (VoteID) 2009
  • ACM Workshop on Scalable Trusted Computing (ACM STC) 2008, 2006
  • Benelux Workshop on Information and System Security 2006
  • International Conference on Cryptology in India (INDOCRYPT) 2006
  • International Workshop on Digital Watermarking (IWDW) 2006
  • International Workshop on Information Security Applications (WISA) 2006
  • Workshop on Advances in Trusted Computing (WATC) 2006
  • ACM Workshop on Digital Rights Management (ACM DRM) 2005, 2004, 2003
  • Information Security and Hiding (ISH) 2005
  • New Security Paradigm Workshop (NSPW) 2005, 2004
  • SKOLIS Conference on Information Security and Cryptography (CISC) 2005
  • European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS) 2004

Publications

Security Analysis of Mobile Two-Factor Authentication Schemes

Author Alexandra Dmitrienko, Christopher Liebchen, Christian Rossow, Ahmad-Reza Sadeghi
Date July 2014
Kind Article
JournalIntel Technology Journal, ITJ66 Identity, Biometrics, and Authentication Edition
Number4
KeyTUD-CS-2014-0874
Research Areas CASED, System Security Lab, Secure Things, Security
Abstract Two-factor authentication (2FA) schemes aim at strengthening the security of login password-based authentication by deploying secondary authentication tokens. In this context, mobile 2FA schemes require no additional hardware (e.g., a smartcard) to store and handle the secondary authentication token, and hence are considered as a reasonable trade-off between security, usability and costs. They are widely used in online banking and increasingly deployed by Internet service providers. In this article, we investigate 2FA implementations of several well-known Internet service providers such as Google, Dropbox, Twitter and Facebook. We identify various weaknesses that allow an attacker to easily bypass 2FA, even when the secondary authentication token is not under attacker's control. We then go a step further and present a more general attack against mobile 2FA schemes. Our attack relies on a cross-platform infection that subverts control over both end points (PC and a mobile device) involved in the authentication protocol. We apply this attack in practice and successfully circumvent diverse schemes: SMS-based TAN solutions of four large banks, one instance of a visual TAN scheme, 2FA login verification systems of Google, Dropbox, Twitter and Facebook accounts, and the Google Authenticator app currently used by 32 third-party service providers. Finally, we cluster and analyze hundreds of real-world malicious Android apps that target mobile 2FA schemes and show that banking Trojans already deploy mobile counterparts that steal 2FA credentials like TANs.
Website https://noggin.intel.com/system/files/article/Security%20Analysis%20of%20Mobile%20Two-Factor%20Authentication%20Schemes.pdf
[Export this entry to BibTeX]
[Back to List-View]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang