Prof. Dr. Ing. Ahmad-Reza Sadeghi

Professor - System Security Lab

Mornewegstrasse 32
D-64293 Darmstadt
GERMANY

Room:4.1.06
Tel:+49 (0)6151 16 - 25328
Email:

ahmad.sadeghi(a-t)trust.tu-darmstadt.de  PGP-Key  S/MIME Certificate

Website:http://​trust.​tu-darmstadt.​de

 

 

Short CV

Ahmad-Reza Sadeghi is a full Professor of Computer Science at the Technische Universität Darmstadt, in Germany, where he heads the System Security Lab.  Since January 2012 he is also the Director of Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU Darmstadt. He is a member of the profile area CYSEC of TU Darmstadt.

He received his PhD in Computer Science with the focus on privacy protecting cryptographic protocols and systems from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericson Telecommunications.  He has been leading and involved in a variety of national and international research and development projects on design and implementation of Trustworthy Computing Platforms and Trusted Computing, Security Hardware, and Applied Cryptography. He has been serving as general or program chair as well as program committee member of major conferences and workshops in Information Security and Privacy. He is Editor-In-Chief of IEEE Security and Privacy Magazine, and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and was guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust).

Prof. Sadeghi has been awarded with the renowned German prize “Karl Heinz Beckurts” for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany. Further, his group received German IT Security Competition Award 2010. 

 

Book: Towards Hardware-Intrinsic Security 

"This book will prove to be very interesting for professionals in the hardware security field. It covers almost every aspect of this area, with excellent papers written by experts."

Javier Castillo, ACM Computing Reviews, June 2011

Academic Activities

 

ACM Books, Area Editor (Security and Privacy)

General Chair

  • ACM Conference on Computer and Communications Security (ACM CCS) 2013
  • International Conference on Trust and Trustworthy Computing (TRUST) 2010

Program (Co-) Chair

  • Financial Cryptography and Data Security (FC) 2013
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) 2013
  • International Conference on Cryptology and Network Security (CANS) 2012
  • International Workshop on Trustworthy Embedded Devices (TrustED) 2012
  • SecureCloud 2012
  • ACM Workshop on Digital Rights Management (ACM DRM) 2011
  • ACM Workshop on Scalable Trusted Computing (ACM STC) 2011
  • International Conference on Trust and Trustworthy Computing (TRUST) 2011

Program Committee

  • IEEE Workshop on Mobile Security Technologies (MoST), co-located with IEEE S&P, 2013
  • IEEE Symposium on Security & Privacy (IEEE S&P) 2013
  • ACM Conference on Computer and Communications Security (ACM CCS) 2012
  • Network & Distributed System Security Symposium (NDSS) 2013, 2012
  • ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec) 2012
  • European Symposium on Research in Computer Security (ESORICS) 2013, 2012, 2011
  • ACM Symposium on Information, Computer and Communications Security (AsiaCCS) 2013, 2012
  • ACM Conference on Data and Application Security and Privacy (CODASPY) 2013
  • ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (ACM SPSM) 2012
  • ACM Cloud Computing Security Workshop (ACM CCSW) 2012
  • Workshop on RFID Security and Privacy (RFIDSec) 2012
  • Conference on Privacy, Security and Trust (PST) 2012
  • ACM SIGHIT International Health Informatics Symposium (IHI) 2012
  • IEEE International Workshop on Information Forensics and Security (WIFS) 2012
  • IEEE Symposium on Hardware-Oriented Security and Trust (HOST) 2012, 2009
  • Information Hiding Conference (IH) 2012, 2011
  • International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM) 2012, 2011
  • International Multidisciplinary Privacy Award (CPDP MPA) 2012, 2011
  • Smart Card Research and Advanced Application Conference (CARDIS) 2012
  • Financial Cryptography and Data Security (FC) 2011, 2006, 2005
  • Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2011, 2005
  • International Conference on Applied Cryptography and Network Security (ACNS) 2011, 2010
  • International Conference on Information Security and Cryptology (ISISC) 2011
  • Computer & Electronics Security Applications Rendez-vous (C&ESAR) 2011
  • International Conference on Network and System Security (NSS) 2011
  • International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2011
  • International Conference on Trusted Systems (INTRUST) 2011, 2010, 2009
  • International Workshop on Trustworthy Embedded Devices (TrustED) 2011
  • Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications (LightSec) 2011
  • Workshop on Real-Life Cryptographic Protocols and Standardization (RLCPS) 2011, 2010
  • Workshop on Secure Data Management (SDM) 2011
  • International Conference on E-voting and Identity (VoteID) 2009
  • ACM Workshop on Scalable Trusted Computing (ACM STC) 2008, 2006
  • Benelux Workshop on Information and System Security 2006
  • International Conference on Cryptology in India (INDOCRYPT) 2006
  • International Workshop on Digital Watermarking (IWDW) 2006
  • International Workshop on Information Security Applications (WISA) 2006
  • Workshop on Advances in Trusted Computing (WATC) 2006
  • ACM Workshop on Digital Rights Management (ACM DRM) 2005, 2004, 2003
  • Information Security and Hiding (ISH) 2005
  • New Security Paradigm Workshop (NSPW) 2005, 2004
  • SKOLIS Conference on Information Security and Cryptography (CISC) 2005
  • European Workshop on Security in Ad-Hoc and Sensor Networks (ESAS) 2004

Publications

Market-driven Code Provisioning to Mobile Secure Hardware

Author Alexandra Dmitrienko, Stephan Heuser, Thien Duc Nguyen, Marcos Silva Ramos, Andre Rein, Ahmad-Reza Sadeghi
Date January 2015
Kind Inproceedings
Book titleFinancial Cryptography and Data Security
KeywordsMobile Platforms, Secure Hardware, Security Architectures, Java Cards
KeyTUD-CS-2015-0005
Research Areas CASED, System Security Lab, - SST - Area Smart Security and Trust, Secure Things, Security
Abstract Today, most smartphones feature different kinds of secure hardware such as processor-based security extensions (e.g., TrustZone) and dedicated secure co-processors, e.g., a SIM card or an embedded secure element available on NFC-enabled devices (e.g., as used by Google Wallet). Unfortunately, the available secure hardware is almost never utilized by commercial third party apps, although their usage would drastically improve the security of security critical apps. The reasons are diverse: secure hardware stakeholders such as phone manufacturers and mobile network operators (MNOs) have full control over the corresponding interfaces and expect high financial revenue; and the current code provisioning schemes are inflexible and impractical since they require developers to collaborate with secure hardware stakeholders, which is hardly affordable for typical developers of mobile apps. In this paper we propose a new paradigm for secure hardware code provisioning. Our solution (i) allows developers to distribute security sensitive code (e.g., trusted apps or applets) as a part of the mobile app package; (ii) supports flexible and dynamic assignment of access rights to secure hardware APIs from mobile apps independently from an OS vendor and a stakeholder; (iii) enables stakeholders of secure hardware to obtain revenue for every provisioned piece of code; (iv) allows for automated and transparent installation and deinstallation of applets on demand in order to permit arbitrary number of applets, e.g., in the constraint Java card environment. Our scheme is compatible with Global Platform (GP) specifications and can be easily incorporated into existing standards. We developed a proof of concept prototype based on a Java card secure element on an Android-based smartphone and smartwatch and evaluated it by deploying a security critical application for access control.
Full paper (pdf)
[Export this entry to BibTeX]
[Back to List-View]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang