Stephan Wiefling

Stephan Wiefling
Hochschule Bonn-Rhein-Sieg

Master of Science

About

38
Publications
7,094
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
66
Citations
Introduction
Stephan Wiefling is a PhD student of H-BRS University of Applied Sciences and Ruhr University Bochum. Stephan does research in Risk-based Authentication, Implicit Authentication and Usable Security.

Publications

Publications (38)
Conference Paper
Full-text available
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected. RBA is recommended by the NIST digital identity gu...
Conference Paper
Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical...
Conference Paper
Full-text available
Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usu...
Conference Paper
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to off...
Chapter
Full-text available
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recomm...
Conference Paper
Risk-based authentication (RBA) extends authentication mechanisms to make them more robust against account takeover attacks, such as those using stolen passwords. RBA is recommended by NIST and NCSC to strengthen password-based authentication, and is already used by major online services. Also, users consider RBA to be more usable than two-factor a...
Article
Software developers build complex systems using plenty of third-party libraries. Documentation is key to understand and use the functionality provided via the libraries APIs. Therefore, functionality is the main focus of contemporary API documentation, while cross-cutting concerns such as security are almost never considered at all, especially when...
Conference Paper
Full-text available
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other thing...
Preprint
Full-text available
Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other thing...
Conference Paper
Risk-based authentication (RBA) aims to strengthen password based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recomm...
Preprint
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recomm...
Preprint
Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to off...
Preprint
Full-text available
Risk-based Authentication (RBA) is an adaptive security measure that improves the security of password-based authentication by protecting against credential stuffing, password guessing, or phishing attacks. RBA monitors extra features during login and requests for an additional authentication step if the observed feature values deviate from the usu...
Preprint
Full-text available
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected. RBA is recommended by the NIST digital identity gu...
Conference Paper
Full-text available
Risikobasierte Authentifizierung (RBA) ist eine adaptive Sicherheitsmaßnahme zur Stärkung passwortbasierter Authentifizierung. Sie zeichnet Merkmale während des Logins auf und fordert zusätzliche Authentifizierung an, wenn sich Ausprägungen dieser Merkmale signifikant von den bisher bekannten unterscheiden. RBA bietet das Potenzial für gebrauchstau...
Conference Paper
Full-text available
Software development is a complex task. Merely focussing on functional requirements is not sufficient any more. Developers are responsible to take many non-functional requirements carefully into account. Security is amongst the most challenging, as getting it wrong will result in a large user-base being potentially at risk. A similar situation exis...
Article
Full-text available
Zusammenfassung Der Beitrag stellt Konzepte und Modelle von Blockchain-Anwendungen außerhalb des Finanzbereichs vor. Die Anwendungsgebiete reichen derzeit vom Schutz persönlicher Daten bis zur Sicherung und Überwachung von Nahrungsmittelproduktionsketten.
Article
Full-text available
Audio watermarking is a widely used technology to hide information about the reciever of an audiofile inside the time-or spectral components of the original audiosignal, with the aim of being imperceptible to the human auditory system. If the watermarked audiofile appears illegal on the Inter-net, the unauthorized circulator of the audiomaterial ca...
Conference Paper
Full-text available
The auralization of acoustic environments applying dynamic binaural synthesis can be used for multiple applications. Circular sets of binaural room impulse responses (BRIRs) are often acquired by performing measurements with rotated dummy heads. This procedure is rather costly and therefore not always feasible in practice. Recently, an approach to...
Conference Paper
Full-text available
Für viele Anwendungenim Bereich auditiver virtueller Umgebungenwerden Räume kopfhörerbasiert unter Nutzung der dynamischen Binauralsynthese auralisiert. Hierbei ist nicht immer eine authentische Darbie- tung notwendig, häufig reicht die Erzeugung eines plausiblen Höreindruckes aus. Die messtechnische Erfassung der hierfür erforderlichen Datensätze...

Network

Cited By