Logo des Repositoriums

Auflistung nach Autor:in "Ullmann, Markus"

1 - 4 von 4
  • Konferenzbeitrag
    Evaluation of Account Recovery Strategies with FIDO2-based Passwordless Authentication
    (Open Identity Summit 2021, 2021) Kunke, Johannes; Wiefling, Stephan; Ullmann, Markus; Lo Iacono, Luigi
    Threats to passwords are still very relevant due to attacks like phishing or credential stuffing. One way to solve this problem is to remove passwords completely. User studies on passwordless FIDO2 authentication using security tokens demonstrated the potential to replace passwords. However, widespread acceptance of FIDO2 depends, among other things, on how user accounts can be recovered when the security token becomes permanently unavailable. For this reason, we provide a heuristic evaluation of 12 account recovery mechanisms regarding their properties for FIDO2 passwordless authentication. Our results show that the currently used methods have many drawbacks. Some even rely on passwords, taking passwordless authentication ad absurdum. Still, our evaluation identifies promising account recovery solutions and provides recommendations for further studies.
  • Konferenzbeitrag
    Improvement of fuzzy vault for multiple fingerprints with angles
    (Biosig 2016, 2016) Neu, Matthias; Korte, Ulrike; Ullmann, Markus
  • Konferenzbeitrag
    Merging the cryptographic security analysis and the algebraic-logic security proof of PACE
    (SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Cheikhrouhou, Lassaad; Stephan, Werner; Dagdelen, Özgür; Fischlin, Marc; Ullmann, Markus
    In this paper we report on recent results about the merge of the cryptographic security proof for the Password Authenticated Connection Establishment (PACE), used within the German identity cards, with the algebraic-logic symbolic proof for the same protocol. Both proofs have initially been carried out individually, but have now been combined to get “the best of both worlds”: an automated, errorresistant analysis with strong cryptographic security guarantees.
  • Konferenzbeitrag
    ”On-card“ user authentication for contactless smart cards based on gesture recognition
    (SICHERHEIT 2012 – Sicherheit, Schutz und Zuverlässigkeit, 2012) Ullmann, Markus; Breithaupt, Ralph; Gehring, Frank
    Smart cards are widely used for security purposes. To protect smart cards against misuse an authentication process (e.g. entering a pin or password) is necessary. Due to missing input interfaces “on-card”, an external terminal is required to input the password. Unfortunately the required external hardware (e.g. keypads, etc.) opens up new security issues by being vulnerable against attacks like side channel, forgery & tampering, man in the middle, eavesdropping and others. An elegant solution for such problems is an authentication process “on-card” without the need for external devices. This paper presents a new class of contactless, ISO 14443 compliant smart cards which are equipped with a multipurpose user input interface as 2D gesture recognition sensor together with an optical feedback component. This offers new “on-card” authentication, card configuration and even front end interface capabilities. We will describe the basics of the general hardware design and discuss the gesture recognition process.