A5037579663- Advanced Malware Detection Techniques
- Privacy, Security, and Data Protection
- Physical Unclonable Functions (PUFs) and Hardware Security
- COVID-19 Digital Contact Tracing
- Electrostatic Discharge in Electronics
- Security and Verification in Computing
- Privacy-Preserving Technologies in Data
- Electromagnetic Compatibility and Noise Suppression
- Satellite Communication Systems
- User Authentication and Security Systems
- Bluetooth and Wireless Communication Technologies
- Opportunistic and Delay-Tolerant Networks
- Speech Recognition and Synthesis
- Information and Cyber Security
- Adversarial Robustness in Machine Learning
- Topic Modeling
- Advanced Memory and Neural Computing
- Cryptographic Implementations and Security
- Mobile Health and mHealth Applications
- Anomaly Detection Techniques and Applications
- Cybersecurity and Cyber Warfare Studies
- IoT Networks and Protocols
- Network Security and Intrusion Detection
- Speech and Audio Processing
- IoT and Edge/Fog Computing
Technical University of Darmstadt
2019-2024
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that real-world scenarios current GAP design is vulnerable (i) profiling possibly de-anonymizing infected persons, (ii) relay-based wormhole attacks basically can generate fake contacts with potential of affecting accuracy app-based contact system. For...
Voice-based virtual personal assistants such as Amazon's Alexa or Google Assistant have become highly popular and are used for diverse daily tasks ranging from querying on-line information, shopping, smart home control a variety of enterprise application scenarios. Capabilities can be enhanced with so-called Skills , i.e., programmatic extensions that allow thirdparty providers to integrate their services the respective voice assistant. In this paper, we show specially crafted malicious use...
Manufacturers of smart home Internet Things (IoT) devices are increasingly adding voice assistant and audio monitoring features to a wide range including speakers, televisions, thermostats, security systems, doorbells. Consequently, many these equipped with microphones, raising significant privacy concerns: users may not always be aware when recordings sent the cloud, or who gain access recordings. In this paper, we present LeakyPick architecture that enables detection stream recorded in...
In the area of Internet Things (IoT), voice assistants have become an important interface to operate smart speakers, smartphones, and even automobiles. To save power protect user privacy, send commands cloud only if a small set preregistered wake-up words are detected. However, shown be vulnerable FakeWake phenomena, whereby they inadvertently triggered by innocent-sounding fuzzy words. this paper, we present systematic investigation phenomena from three aspects. start with, design first...
The security of capacitive touchscreens is crucial since they have become the primary human-machine interface on smart devices. To best our knowledge, this paper presents WIGHT, first wired attack that creates ghost touches via charging cables, and can manipulate victim devices with undesired consequences, e.g., allowing malicious Bluetooth connections, accepting files viruses, etc. Our study calls for attention to a new threat vector against only requires connecting port, which could be...
Capacitive touchscreens have become the primary human-machine interface for personal devices such as smartphones and tablets. In this paper, we present <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">GhostTouch</monospace> , first active contactless attack against capacitive touchscreens. uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without requirement physically it. By tuning parameters of signal...
Voltage Fault Injection (VFI), also known as power glitching, has proven to be a severe threat real-world systems. In VFI attacks, the adversary disturbs power-supply of target-device forcing device illegitimate behavior. Various countermeasures have been proposed address different types fault injection attacks at abstraction layers, either requiring modify underlying hardware or software/firmware machine instruction level. Moreover, only recently, individual chip manufacturers started...
The security of capacitive touchscreens is crucial since they have become the primary human-machine interface on smart devices. This paper presents <monospace xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Marionette</monospace> , first wired attack that creates ghost touches via charging cables and can manipulate victim's devices with undesired consequences, e.g., establishing malicious Bluetooth connections. Our study provides a new threat vector...
The Internet of Things (IoT) market is rapidly growing and expected to double from 2020 2025. increasing use IoT devices, particularly in smart homes, raises crucial concerns as inadequate security designs implementations by vendors can lead significant vulnerabilities endangering the privacy sensitive user information handled these devices. To address device vulnerabilities, institutions organizations have published best practices (BPs) guide manufacturers ensuring their products. However,...
Control-Flow Attestation (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on remote computer system (prover). Existing CFA schemes suffer from impractical assumptions, such as requiring access prover's internal state (e.g., memory or code), complete Graph (CFG) software, large sets measurements, tailor-made hardware. Moreover, current are inadequate for attesting embedded systems due their high computational overhead and resource usage....
Satellite Internet plays an increasingly important role in geopolitical conflicts. This notion was affirmed the Ukrainian conflict escalating at beginning of 2022, with large-scale deployment Starlink satellite service which consequently demonstrated strategic importance a free flow information. Aside from military use, many citizens publish sensitive information on social media platforms to influence public narrative. However, use communication has proven be dangerous, as signals can...
The Internet of Things (IoT) market is rapidly growing and expected to double from 2020 2025. increasing use IoT devices, particularly in smart homes, raises crucial concerns about user privacy security as these devices often handle sensitive critical information. Inadequate designs implementations by vendors can lead significant vulnerabilities. To address device vulnerabilities, institutions, organizations have published best practices (BPs) guide manufacturers ensuring the their products....
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". We demonstrate that real-world scenarios current GAP design is vulnerable (i) profiling possibly de-anonymizing infected persons, (ii) relay-based wormhole attacks basically can generate fake contacts with potential of affecting accuracy app-based contact system. For...
In the area of Internet Things (IoT) voice assistants have become an important interface to operate smart speakers, smartphones, and even automobiles. To save power protect user privacy, send commands cloud only if a small set pre-registered wake-up words are detected. However, shown be vulnerable FakeWake phenomena, whereby they inadvertently triggered by innocent-sounding fuzzy words. this paper, we present systematic investigation phenomena from three aspects. start with, design first...