Edgar Weippl

• Professor
• Professor for Security and Privacy at University of Vienna

Tor provides anonymity to millions of users around the globe which has made it a valuable target for malicious actors. As a low-latency anonymity system, it is vulnerable to traffic correlation attacks from strong passive adversaries such as large autonomous systems (ASes). In preliminary work [18], we have developed a measurement approach utilizin...

HTTPS has been the standard for securing online communications for over 20 years. Despite the availability of tools to make the configuration process easier (e.g., Let’s Encrypt, Certbot), SSL Pulse scans show that still more than 50% of the most popular websites are poorly configured, which emphasizes room for improvement. Although a few recent st...

Today, children have access to the Internet from an early age and are therefore considered digital natives. This paper investigates how children (aged five to eight) and their parents perceive and deal with the Internet and the privacy and security risks of being online. Therefore, we extended prior studies of Internet mental models of children. We...

Systems integrators and vendors of industrial components need to establish a security-by-design approach, which includes the assessment and subsequent treatment of security risks. However, conducting security risk assessments along the engineering process is a costly and labor-intensive endeavor due to the complexity of the system(s) under consider...

The connection between Byzantine fault tolerance and cryptocurrencies, such as Bitcoin, may not be apparent immediately. Byzantine fault tolerance is intimately linked to engineering and design challenges of developing long-running and safety-critical technical systems. Its origins can be traced back to the question of how to deal with faulty senso...

So far, the topic of merged mining has mainly been considered in a security context, covering issues such as mining power centralization or cross-chain attack scenarios. In this work we show that key information for determining blockchain metrics such as the fork rate can be recovered through data extracted from merge mined cryptocurrencies. Specif...

The feasibility of bribing attacks on cryptocurrencies was first highlighted in 2016, with various new techniques and approaches having since been proposed. Recent reports of real world 51% attacks on smaller cryptocurrencies underline the realistic threat bribing attacks present, in particular to permissionless cryptocurrencies. In this paper, bri...

Binary rewriting is changing the semantics of a program without having the source code at hand. It is used for diverse purposes, such as emulation (e.g., QEMU), optimization (e.g., DynInst), observation (e.g., Valgrind), and hardening (e.g., Control flow integrity enforcement). This survey gives detailed insight into the development and state-of-th...

In response, the European Union has adopted the General Data Protection Regulation (GDPR), a legislative framework for data protection empowering individuals to control their data. Since its adoption on May 25th, 2018, its real-world implications are still not fully understood. An often mentioned aspect is Internet browser cookies, used for authent...

So far, the topic of merged mining has mainly been considered in a security context, covering issues such as mining power centralization or crosschain attack scenarios. In this work we show that key information for determining blockchain metrics such as the fork rate can be recovered through data extracted from merge mined cryptocurrencies. Specifi...

Over the last decade, the principle of blockchains has risen from relative obscurity in what was at the time a comparatively small community of Bitcoin users to worldwide prominence. The recent success of Bitcoin has led to extensive news coverage in mainstream media and widespread interest from the general public. Reports, videos and myths surroun...

The loosely defined terms hard fork and soft fork have established themselves as descriptors of different classes of upgrade mechanisms for the underlying consensus rules of (proof-of-work) blockchains. Recently, a novel approach termed velvet fork, which expands upon the concept of a soft fork, was outlined in [22]. Specifically, velvet forks inte...

With respect to power consumption, cryptocurrencies have been discussed in a twofold way: First, the cost-benefit ratio of mining hardware in order to gain revenue from mining that exceeds investment and electricity costs. Second, the overall electric energy consumption of cryptocurrencies to estimate the environmental effects of Proof-of-Work. In...

The increasing number of cryptocurrencies, as well as the rising number of actors within each single cryptocurrency, inevitably leads to tensions between the respective communities. As with open source projects, (protocol) forks are often the result of broad disagreement. Usually, after a permanent fork both communities “mine” their own business an...

In this short editorial we present some thoughts on present and future trends in Artificial Intelligence (AI) generally, and Machine Learning (ML) specifically. Due to the huge ongoing success in machine learning, particularly in statistical learning from big data, there is rising interest of academia, industry and the public in this field. Industr...

The Universal Serial Bus (USB) is becoming a prevalent attack vector. Rubber Ducky and BadUSB are two recent classes of a whole spectrum of attacks carried out using fully-automated keypress injections through innocent-looking USB devices. So far, defense mechanisms are insufficient and rely on user participation in the trust decision. We propose U...

Power grids are a prime example of critical infrastructure, and their reliable operation is of utter importance for life and economy in most parts of the world. To stabilize the nominal frequency, power production and consumption have to be continuously kept in balance. As consumers are predominantly uncontrolled, operators have to adapt power plan...

While the large scale distribution and unprecedented connectivity of embedded systems in the Internet of Things (IoT) has enabled various useful application scenarios, it also poses a risk to users and infrastructure alike. Recent incidents, like the Mirai botnet, have shown that these devices are often not sufficiently protected against attacks an...

In the course of the last years, there has been an established forensic process in place known by every investigator and researcher. This traditional process is regarded to produce valid evidence when it comes to court trials and, more importantly, it specifies on a very precise level how to acquire a suspects machine and handle the data within. Ho...

Electric power grids are among the largest human-made control structures and are considered as critical infrastructure due to their importance for daily life. When operating a power grid, providers have to continuously maintain a balance between supply (i.e., production in power plants) and demand (i.e., power consumption) to keep the power grid's...

Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existin...

Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existin...

Online social networks, such as Facebook, have become popular with people of all ages, and online communication with friends and acquaintances via messages that include photos has become very common. With the increasing ease with which users can take and post photos, the unintentional disclosure of sensitive information of various kinds through mis...

Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Although merged mining has been adopted by a number of cryptocurrencies already, to this date little is known about the effects and implications. We shed light on this topic area by performing a comprehensive analysis of...

Redundant capacity in filesystem timestamps is recently proposed in the literature as an effective means for information hiding and data leakage. Here, we evaluate the steganographic capabilities of such channels and propose techniques to aid digital forensics investigation towards identifying and detecting manipulated filesystem timestamps. Our fi...

Actual poster

The poster corresponding to this summary depicts a proposition of a system able to explain anomalous behavior within a user session by considering anomalies identified through their deviation from a set of baseline process graphs. We adapt star structures, a bipartite representation used to approximate the edit distance between two graphs. Relevant...

We present the first large-scale survey to investigate how users experience the Bitcoin ecosystem in terms of security, privacy and anonymity. We surveyed 990 Bitcoin users to determine Bitcoin management strategies and identified how users deploy security measures to protect their keys and bitcoins. We found that about 46% of our participants use...

In this paper, we quantify the effectiveness of third-party tracker blockers on a large scale. First, we analyze the architecture of various state-of-the-art blocking solutions and discuss the advantages and disadvantages of each method. Second, we perform a two-part measurement study on the effectiveness of popular tracker-blocking tools. Our anal...

Managing risks is of paramount importance for enabling a widespread adoption of cloud computing. Users need to understand the risks associated with the process of migrating applications and data, so that appropriate mechanisms can be taken into consideration. However, risk management in cloud computing differs from risk management in a traditional...

The emergence of the cloud computing paradigm has altered the delivery models for ICT services. Unfortunately, the widespread use of the cloud has a cost, in terms of reduced transparency and control over a user's information and services. In addition, there are a number of well-understood security and privacy challenges that are specific to this e...

Applied and empirical research in information security not only observes and probes technical systems but people are also always involved in these experiments. Therefore ethical considerations are important. Based on our experience and an analysis of well-known papers, we propose the method of ethics case discussions to include ethics consideration...

The cloud concept promises computing as a utility. More and more functions are moved to cloud environments. But this transition comes at a cost: Security and privacy solutions have to be adapted to new challenges in cloud environments. We investigate secret communication possibilities – data transmission concealing its mere existence or some of its...

This book constitutes the refereed proceedings of the IFIP TC 5, WG 8.4, 8.9, 12.9 International Cross-Domain Conference for Machine Learning and Knowledge Extraction, CD-MAKE 2017, held in Reggio, Italy, in August/September 2017. The 24 revised full papers presented were carefully reviewed and selected for inclusion in this volume. The papers dea...

Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organizations collect from their processes and tools, a...

The “doctor in the loop” is a new paradigm in information-driven medicine, picturing the doctor as authority inside a loop supplying an expert system with information on actual patients, treatment results, and possible additional (side-)effects, including general information in order to enhance data-driven medical science, as well as giving back tr...

"Bitcoin is a rare case where practice seems to be ahead of theory." Joseph Bonneau et al. [3] This tutorial aims to further close the gap between IT security research and the area of cryptographic currencies and block chains. We will describe and refer to Bitcoin as an example throughout the tutorial, as it is the most prominent representative of...

Over the last decades, the increasing amount of storage became a pressing problem for forensic investigators. This is caused by the computerization of everyday life and the associated increasing number of different devices in typical households. Considering multi-terabyte storage on the suspects' side, even more storage requirements emerge on the s...

Rate limits, i.e., throttling network bandwidth, are considered to be means of protection; and guarantee fair bandwidth distribution among virtual machines that reside on the same Xen hypervisor. In the absence of rate limits, a single virtual machine would be able to (unintentionally or maliciously) exhaust all resources, and cause a denial-of-ser...

An IMSI Catcher, also known as Stingray or rogue cell, is a device that can be used to not only locate cellular phones, but also to intercept communication content like phone calls, SMS or data transmission unbeknown to the user. They are readily available as commercial products as well as do-it-yourself projects running open-source software, and a...

Today’s increasingly complex information infrastructures represent the basis of any data-driven industries which are rapidly becoming the 21st century’s economic backbone. The sensitivity of those infrastructures to disturbances in their knowledge bases is therefore of crucial interest for companies, organizations, customers and regulating bodies....

Clouds are here to stay, and the same holds for cyber-physical systems—not to forget their combination. In light of these changing paradigms, it is of utter importance to reconsider security as both introduce new challenges. Overcoming the concept of zoned networks, clouds make former internal traffic traveling the Internet. Cyber-physical systems...

Sub-file hashing and hash-based carving are increasingly popular methods in digital forensics to detect files on hard drives that are incomplete or have been partially overwritten/modified. While these techniques have been shown to be usable in practice and can be implemented efficiently, they face the problem that a-priori specific “target files”...

We propose and explore the applicability of file timestamps as a steganographic channel. We identify an information gap between storage and usage of timestamps in modern operating systems that use high-precision timers. Building on this, we describe a layered design of a steganographic system that offers stealthiness, robustness, and wide applicabi...

The security provided to Internet applications by the TLS protocol relies on the trust we put on Certificate Authorities (CAs) issuing valid identity certificates. TLS certificate pinning is a proposed approach to defend against man-in-the-middle (MitM) attacks that are realized using valid albeit fraudulent certificates. Yet, the implementation of...

TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust...

Organizations are now seriously considering adopting cloud into the existing business context, but migrating data, application and services into cloud doesn't come without substantial risks. These risks are the significant barriers for the wider cloud adoption. There are works that consolidate the existing work on cloud migration and technology. Ho...

Smartphones are increasingly used worldwide and are now an essential tool for our everyday tasks. These tasks are supported by smartphone applications (apps) which commonly rely on network communication to provide a certain utility such as online banking. From a security and privacy point of view a properly secured (encrypted) communication channel...

"Bitcoin is a rare case where practice seems to be ahead of theory." Joseph Bonneau et al.[15] This tutorial aims to further close the gap between IT security research and the area of cryptographic currencies and block chains. We will describe and refer to Bitcoin as an example throughout the tutorial, as it is the most prominent representative of...

Software obfuscation has always been a controversially discussed research area. While theoretical results indicate that provably secure obfuscation in general is impossible, its widespread application in malware and commercial software shows that it is nevertheless popular in practice. Still, it remains largely unexplored to what extent today’s sof...

Sophisticated production systems include plenty of information technology (IT) in order to gain more efficiency. However, this on-going development bears the drawback of lacking security. Cyber-physical production systems (CPPS) are likely to be struck by a cyber-launched attack; but might also be themselves the origin of an attack targeting IT inf...

Individuals and corporate users are persistently considering cloud adoption due to its significant benefits compared to traditional computing environments. The data and applications in the cloud are stored in an environment that is separated, managed and maintained externally to the organisation. Therefore, it is essential for cloud providers to de...

The "doctor in the loop" is a new paradigm in information driven medicine, picturing the doctor as authority inside a loop supplying an expert system with data and information. Before this paradigm is implemented in real environments, the trustworthiness of the system must be assured. The “doctor in the loop” is a new paradigm in information driven...

This volume constitutes the refereed proceedings of the IFIP WG 8.4, 8.9, TC 5 International Cross-Domain Conference on Availability, Reliability and Security in Information Systems, CD-ARES 2016, and the Workshop on Privacy Aware Machine Learning for Health Data Science, PAML 2016, co-located with the International Conference on Availability, Reli...

Multitenancy is a key feature of cloud computing which has become a major concept recently. Nevertheless, sharing resources among a number of customers who are unknown to each other implies certain risks. While isolation is a strong means of mitigation, it also challenges a number of the main principles of cloud computing. Cloud computing looks to...

The danger of SQL injections has been known for more than a decade but injection attacks have led the OWASP top 10 for years and still are one of the major reasons for devastating attacks on web sites. As about 24% percent of the top 10 million web sites are built upon the content management system WordPress, it's no surprise that content managemen...

The IPv6 privacy extension introduces temporary addresses to protect against address-based correlation, i.e., the attribution of different transactions to the same origin using addresses, and is considered as state-of-the-art mechanism for privacy protection in IPv6. In this paper, we scrutinize the extension’s capability for protection by analyzin...

The “doctor in the loop” is a new paradigm in information driven medicine, picturing the doctor as authority inside a loop supplying an expert system with information on actual patients, treatment results and possible additional (side-)effects, as well as general information in order to enhance data driven medical science, as well as giving back tr...

At the time of writing, one of the most pressing problems for forensic investigators is the huge amount of data to analyze per case. Not only the number of devices increases due to the advancing computerization of every days life, but also the storage capacity of each and every device raises into multi-terabyte storage requirements per case for for...

Cloud computing is playing an ever larger role in the IT infrastructure. The migration into the cloud means that we must rethink and adapt our security measures. Ultimately, both the cloud provider and the customer have to accept responsibilities to ensure security best practices are followed. Firewalls are one of the most critical security feature...

The digital world is in constant battle for improvement - especially in the security field. Taking into consideration the revelations from Edward Snowden about the mass surveillance programs conducted by governmental authorities, the number of users that raised awareness towards security is constantly increasing. More and more users agree that addi...

QR codes have emerged as a popular medium to make content instantly accessible. With their high information density and robust error correction, they have found their way to the mobile ecosystem. However, QR codes have also proven to be an efficient attack vector, e.g. To perform phishing attacks. Attackers distribute malicious codes under false pr...

Today's capability of fast Internet-wide scanning allows insights into the Internet ecosystem, but the on-going transition to the new Internet Protocol version 6 (IPv6) makes the approach of probing all possible addresses infeasible, even at current speeds of more than a million probes per second. As a consequence, the exploitation of frequent patt...

Due to the propagation of devices with imaging capabilities, the amount of pictures taken in public spaces has risen. Due to this, unintentionally photographed bystanders are often represented in pictures without being aware of it. Social networks and search engines make these images easier accessible due to the available meta-data and the tagging...

Purpose – This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on several new applications. Mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in resea...

Security testing is a fundamental aspect in many common practices in the field of software testing. Still, the used standard security protocols are typically not questioned and not further analyzed in the testing scenarios. In this work we show that due to this practice, essential potential threats are not detected throughout the testing phase and...

In the coming age of wearable computing, devices such as Google Glass will become as ubiquitous as smartphones. Their foreseeable deployment in public spaces will cause distinct implications on the privacy of people recorded by these devices. Particularly the discreet recording capabilities of such devices pose new challenges to consensual image di...

Large databases provide interesting environments for hiding data. These databases store massive amounts of diverse data, they are riddled with internal mechanisms and data pools for enhancing performance, and they contain complex optimization routines that constantly change portions of the underlying file environments. The databases are valuable ta...

The two-volume set, LNCS 9326 and LNCS 9327 constitutes the refereed proceedings of the 20th European Symposium on Research in Computer Security, ESORICS 2015, held in Vienna, Austria, in September 2015. The 59 revised full papers presented were carefully reviewed and selected from 298 submissions. The papers address issues such as networks and Web...

The two-volume set, LNCS 9326 and LNCS 9327 constitutes the refereed proceedings of the 20th European Symposium on Research in Computer Security, ESORICS 2015, held in Vienna, Austria, in September 2015. The 59 revised full papers presented were carefully reviewed and selected from 298 submissions. The papers address issues such as networks and Web...

Intentionally inserted malfunctions in integrated circuits, referred to as Hardware Trojans, have become an emerging threat. Recently, the scientific community started to propose technical approaches to mitigate the threat of unspecified and potentially malicious functionality. However, these detection and prevention mechanisms are still hardly int...

While the resilience of software-only code obfuscation remains unclear and ultimately depends only on available resources and patience of the attacker, hardware-based software protection approaches can provide a much higher level of protection against program analysis. Almost no systematic research has been done on the interplay between hardware an...

IMSI Catchers are used in mobile networks to identify and eavesdrop on phones. When, the number of vendors increased and prices dropped, the device became available to much larger audiences. Self-made devices based on open source software are available for about US$ 1,500. In this paper, we identify and describe multiple methods of detecting artifa...

In recent years mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to the security of these applications. Various security researchers and institutions have performed in-depth analyses of specific applications or vulnerabilities. This paper gives an...

Cloud computing offers a different, affordable approach for supporting the IT needs of organisations. However, despite the unprecedented benefits cloud migration may bring, there are numerous difficulties involved in moving business critical applications, legacy systems or corporate data into the cloud. It is necessary to consider a broad view over...

Social Engineering has long been a very effective means of attacking information systems. The term knowledge worker has been coined by Peter Drucker more than 50 years ago and still describes very well the basic characteristics of many employees. Today, with current hypes such as BYOD (bring your own device) and public cloud services, young profess...

Databases contain an enormous amount of structured data. While the use of forensic analysis on the file system level for creating (partial) timelines, recovering deleted data and revealing concealed activities is very popular and multiple forensic toolsets exist, the systematic analysis of database management systems has only recently begun. Databa...

2D barcodes offer many benefits compared to 1D barcodes, such as high information density and robustness. Before their introduction to the mobile phone ecosystem, they have been widely used in specific applications, such as logistics or ticketing. However, there are multiple competing standards with different benefits and drawbacks. Therefore, read...

Expecting the shipment of 1 billion Android devices in 2017, cyber criminals have naturally extended their vicious activities towards Google's mobile operating system. With an estimated number of 700 new Android applications released every day, keeping control over malware is an increasingly challenging task. In recent years, a vast number of stati...

Social engineering has emerged as a serious threat in virtual communities and is an effective means to attack information systems. The services used by today's knowledge workers prepare the ground for sophisticated social engineering attacks. The growing trend towards BYOD (bring your own device) policies and the use of online communication and col...