Christina Pöpper's research while affiliated with New York University Abu Dhabi and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (46)
Short Message Service (SMS) remains one of the most popular communication channels since its introduction in 2G cellular networks. In this paper, we demonstrate that merely receiving silent SMS messages regularly opens a stealthy side-channel that allows other regular network users to infer the whereabouts of the SMS recipient. The core idea is tha...
Security flaws and vulnerabilities in cellular networks lead to severe security threats given the data-plane services that are involved, from calls to messaging and Internet access. While the 5G Standalone (SA) system is currently being deployed worldwide, practical security testing of User Equipment (UE) has only been conducted and reported public...
Mobile instant messengers such as WhatsApp use delivery status notifications in order to inform users if a sent message has successfully reached its destination. This is useful and important information for the sender due to the often asynchronous use of the messenger service. However, as we demonstrate in this paper, this standard feature opens up...
The Public Warning System (PWS) is an essential part of cellular networks and a country's civil protection. Warnings can notify users of hazardous events (e.g., floods, earthquakes) and crucial national matters that require immediate attention. PWS attacks disseminating fake warnings or concealing precarious events can have a serious impact, causin...
Automatic Dependent Surveillance Broadcast (ADS-B) sensors deployed on the ground are central to observing aerial movements of aircraft. Their unsystematic placement, however, results in over-densification of sensor coverage in some areas and insufficient sensor coverage in other areas. ADS-B sensor coverage has so far been recognized and analyzed...
In mobile networks, IMSI-Catchers identify and track users simply by requesting all users’ permanent identities (IMSI) in range. The 5G standard attempts to fix this issue by encrypting the perma- nent identifier (now SUPI) and transmitting the SUCI. Since the encrypted SUCI is re-generated with an ephemeral key for each use, an attacker can no lon...
In the Arab region where political tensions are recurrent, the strive for security is crucial. This applies equally to the cyberspace, where the need for cyber security is magnified by the level of digitization and technical penetration that the Arab region is experiencing. The Internet penetration rate is generally higher than 90% and in some case...
Automatic Dependent Surveillance-Broadcast (ADS-B) has been widely adopted as the de facto standard for air-traffic surveillance. Aviation regulations require all aircraft to actively broadcast status reports containing identity, position, and movement information. However, the lack of security measures exposes ADS-B to cyberattacks by technically...
Over the past decade, research has explored managing the availability of shared personal online data, with particular focus on longitudinal aspects of privacy. Yet, there is no taxonomy that takes user perspective and technical approaches into account. In this work, we systematize research on longitudinal privacy management of publicly shared perso...
Unmanned Aerial Vehicles (UAVs), better known as drones, have significantly advanced fields such as aerial surveillance, military reconnaissance, cadastral surveying, and disaster monitoring. However, UAVs rely on civilian (unauthenticated) GPS for navigation which can be trivially spoofed. In this paper, we present DeepSIM, a satellite imagery mat...
As automatic dependent surveillance–broadcast (ADS-B) becomes more prevalent, the placement of on-ground sensors is vital for Air Traffic Control (ATC) to control the airspace. However, the current sensors are placed in an unstructured way that keeps some areas without coverage, and others are over-densified by sensors. Therefore, areas with covera...
Contemporary mobile messaging provides rich text and multimedia functionality leaving detailed trails of sensitive user information that can span long periods of time. Allowing users to manage the privacy implications both on the sender and the receiver side can help to increase confidence in the use of communication applications. In October 2017,...
Once personal data is published online, it is out of the control of the user and can be a threat to users’ privacy. Retroactively deleting data after it has been published is notoriously unreliable due to the distributed and open nature of the Internet. Cryptographic approaches implementing data revocation address this problem, but have serious lim...
Long Term Evolution (LTE) is the de-facto standard for mobile communication. It provides effective security features but leaves room for misunderstandings in its configuration and implementation. In particular, providers face difficulties when maintaining network configurations.
In this paper, we analyze the security configuration of commercial LT...
Long Term Evolution (LTE) provides the communication infrastructure for both professional and private use cases and has become an integral part of our everyday life. Even though LTE/4G overcomes many security issues of previous standards, recent work demonstrates several attack vectors on the physical and network layers of the LTE stack. We do, how...
The Tor anonymity network represents a rewarding target for de-anonymization attacks, in particular by large organizations and governments. Tor is vulnerable to confirmation attacks, in which powerful adversaries compromise user anonymity by correlating transmissions between entry and exit nodes. As the experimental evaluation of such attacks is ch...
Digital forgetting deals with the unavailability of content uploaded to web and storage servers after the data has served its purpose. The content on the servers can be deleted manually, but this does not prevent data archival and access at different storage locations. This is problematic since then the data may be accessed for unintended or even m...
Over the last decades, numerous security and privacy issues in all three active mobile network generations have been revealed that threaten users as well as network providers. In view of the newest generation (5G) currently under development, we now have the unique opportunity to identify research directions for the next generation based on existin...
In this paper, we report on recent advancements in attacking satellite-based positioning systems and on shortcomings of proposed countermeasures. Applications based on satellite positioning and navigation systems make use of a deployed infrastructure that is challenging to protect and secure against attacks. Many of the proposed protection mechanis...
Systems relying on satellite positioning techniques such as GPS can be targeted by spoofing attacks, where attackers try to inject fake positioning information. With the growing spread of flying drones and their usage of GPS for localization, these systems become interesting targets of attacks with the purpose of hijacking or to distract air safety...
With more than 1.7 million daily users, Tor is a large-scale anonymity network that helps people to protect their identities in the Internet. Tor provides low-latency transmissions that can serve a wide range of applications including web browsing, which renders it an easily accessible tool for a large user base. Unfortunately, its wide adoption ma...
Spoofing is a serious threat to the widespread use of Global Navigation Satellite Systems (GNSSs) such as GPS and can be expected to play an important role in the security of many future IoT systems that rely on time, location, or navigation information. In this paper, we focus on the technique of multi-receiver GPS spoofing detection, so far only...
![Table 1 : Achievable data rate [bps] of DSSS- modulation scheme without...](profile/Dorothea-Kolossa/publication/299368066/figure/tbl1/AS:667033997934623@1536044706828/Achievable-data-rate-bps-of-DSSS-modulation-scheme-without-audio-codec_Q320.jpg)
Internet censorship is used in many parts of the world to prohibit free access to online information. Different techniques such as IP address or URL blocking, DNS hijacking, or deep packet inspection are used to block access to specific content on the Internet. In response, several censorship circumvention systems were proposed that attempt to bypa...
Once data is released to the Internet, there is little hope to successfully delete it, as it may have been duplicated, reposted, and archived in multiple places. This poses a significant threat to users' privacy and their right to permanently erase their very own data. One approach to control the implications on privacy is to assign a lifetime valu...
Eduroam offers secure access to the Internet at participating institutions, using authentication via IEEE 802.1X and secure forwarding of authentication data to the authentication server of the user's institution. Due to erroneous configuration manuals and a lack of knowledge on the user side, though, a big share of client devices lack the required...
Uncoordinated spread spectrum (USS) protocols have been proposed for anti-jamming communication in wireless settings without shared secrets. The existing USS protocols assume that fragments of hundreds of bits can be transmitted on different channels in order to identify fragments that belong to the same message. However, such long transmissions ar...
An increasing number of wireless applications rely on GPS signals for localization, navigation, and time synchronization. However, civilian GPS signals are known to be susceptible to spoofing attacks which make GPS receivers in range believe that they reside at locations different than their real physical locations. In this paper, we investigate th...
We explore the suitability of Dolev-Yao-based attacker models for the security analysis of wireless communication. The Dolev-Yao model is commonly used for wireline and wireless networks. It is defined on abstract messages exchanged between entities and includes arbitrary, real-time modification of messages by the attacker. In this work, we aim at...
We address the problem of confidentiality in scenarios where the attacker is not only able to observe the communication between principals, but can also fully compromise the communicating parties (their devices, not only their long term secrets) after the confidential data has been exchanged. We formalize this problem and explore solutions that pro...
In this work, we study the security of public WLAN-based positioning systems. Specifically, we investigate the Sky- hook positioning system, available on PCs and used on a number of mobile platforms, including Apple's iPod touch and iPhone. By implementing and analyzing several kinds of attacks, we demonstrate that this system is vulnerable to loca...
We address the problem of jamming-resistant communica- tion in scenarios in which the communicating parties do not share secret keys. This includes scenarios where the commu- nicating parties are not known in advance or where not all parties can be trusted (e.g., jamming-resistant key establish- ment or anti-jamming broadcast to a large set of unkn...
In Switzerland, more than in other European countries, girls have rarely chosen to study computer-or technology-related subjects. Currently, women comprise only 10% of the com-puter science students at the Swiss Federal Institute of Tech-nology Zurich (ETH), the largest technical university in Swi-tzerland. In this work, we analyse the enrolment of...
Jamming-resistant broadcast communication is crucial for safety-critical applications such as emergency alert broadcasts or the dissemination of navigation signals in adversarial settings. These applications share the need for guaranteed authenticity and availability of messages which are broadcasted by base stations to a large and unknown number o...
Time synchronization is critical in sensor networks at many layers of their design. It enables better duty-cycling of the radio, accurate and secure localization, beamforming, and other collaborative signal processing tasks. These benefits make time-synchronization protocols a prime target of malicious adversaries who want to disrupt the normal ope...
Citations
... Third, the adversary can reduce the chances of unknown classes by expanding the measurement campaign to more potential locations that are not routinely tied to the victim (e. g., famous landmarks). There are research works (focusing on WiFi) that collect data from various places within cities and areas [47,48], while targeting either Access Points (APs) or smartphone devices. Additionally, the attacker can focus on utilizing areas instead of fixed positions to expand the coverage. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/469623452770305-1488978364685_Q64/Katharina-Kohls.jpg)
... In our numerical simulations, 'mitigation' refers to efforts that aim to counter mis/disinformation, such as fact-checking, verification, public awareness campaigns, collaborative initiatives, research, and global programs, rather than banning communities. These strategies have been implemented to address false narratives related to topics like COVID-19, public health, elections, and climate change 12,[21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38] . For instance, Facebook has funded internal efforts like adding misinformation labels to posts, while the Mercury Project has conducted vaccine promotion campaigns 25,28 . ...
... Our work differs in that we do not target the communication channels, use false base stations or sniffers, and are not geographically constrained. Deploying false base stations [25] may prove not only complex in many scenarios but also less stealthy, especially for active attackers that leverage malicious attachments and MitM [12,13,45,46]. Passive attackers may require proximity to the target, especially with 5G SA, where beamforming imposes additional positioning constraints. ...
... Unlike SESSs, MESSs can travel flexibly on the transportation network, which poses some difficulties to cyber-attacks. A MESS may be on the way from one bus to another, but the attackers have limited scope to launch attacks by using the configuration of fake base stations or other methods (Bitsikas and Pöpper, 2021). However, compared with the number of buses in the whole DN, the number of MESS candidate buses is greatly reduced, since although it is an ideal goal to realize plug-and-play of MESSs, the DN does not have enough budget so far. ...
... The presence of these "IMSI-Catchers" has been noted since the 2G era, posing a global concern with reports of suspicious devices appearing in major cities and instances of law enforcement using similar equipment for surveillance [10,11]. And some security researchers have been working on the topic of 5G fake base stations [12]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272407155965965-1441958335520_Q64/Thorsten-Holz.jpg)
... Також у дослідженні були використані праці фахівців: Farid Gasmi, Dorgyles C.M. Kouakou, Paul Noumba Um, and Pedro Rojas Milla [6], Pöpper C., Maniatakos M. and Di Pietro R. [12], Nong Zhu and Xubei Luo [11], Shahjahan Bhuiyan and Ali Farazmand [14], також використовувались матеріали колективної праці вчених з Georgetown Universityin in Qatar та Northwestern University in Qatar під назвою -Цифровий Близький Схід: держава та суспільство в інформаційну епоху (The Digital Middle East: State and Society in the Information Age [16]). ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/11431281166883749-1686480631990_Q64/Roberto-Pietro.jpg)
... However, ADS-B is slow to be deployed due to different countries' regulations and the scale on which a modification has to be rolled out. Therefore, a change in protocol is unlikely to happen any time soon [7]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/974123387867136-1609260522078_Q64/Nian-Xue.jpg)
... Current approaches to deletion often leave users with limited or no understanding of the actual consequences of their actions [54,59], the extent or completeness of the deletion process [40,54,60,63], and the potential risks of system failures in effectively removing their data [63,66,87]. By addressing the need for explainability in data deletion, we aim to contribute to advancing security practices, and fostering user trust in technology systems. ...
Reference: ExD: Explainable Deletion
... In another study, [45] used genetic algorithm to optimize the placement of security cameras, providing maximum coverage of user-defined priority areas and minimizing the probability of occlusion due to moving objects by covering each priority area with multiple cameras. [46] proposed a solution for determining the optimal placement of ADS-B receivers on the ground. In [46], a genetic algorithm was utilized to determine the optimal placement of ADS-B receivers on the ground in the vicinity of Frankfurt airport in Germany. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/11431281085348885-1663746923027_Q64/Ala-Darabseh.jpg)
... In [14], the authors proposed another supervised DL model, namely LSTM that monitors the derived PVT information from the GPS signal using this DL model. In [15], the authors used a supervised CNN-based model, namely Residual Neural Network to detect GPS spoofing attacks, using the satellite imagery matching approach. The DL-based detection techniques discussed above have shown an improvement in performance compared to ML-based detection techniques, especially in terms of decreasing the false alarm rate. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/436145889779713-1480996691554_Q64/Xianbin-Hong.jpg)
