About

My research and work is influenced by my moral beliefs. They are based on the Cypherpunk's Manifesto (Eric Hughes, 1993) and modern critiques of our research field, such as The Moral Character of Cryptographic Work (Phillip Rogaway, 2015):

“Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.
The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field.
I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plead for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work.”

Research

My research interests focus on these topics:

Contextual Security for Device-to-Device Pairings based on Human Gait, Ambient Audio
End-to-End Encrypted Communication: API for NFC Cryptography, ZRTP Analysis, Usability of Key-Fingerprints
Security in Delay-Tolerant Networks: Forward Secure DTNs, µDTNSec, RAIM: Redundant Array of Motes
Trustworthy Transportation Systems: Cooperative Charging, Trustworthy Parking Communities

I published over 15 papers on international conferences and journals.

Vulnerabilities

Flinkster Hack
CVE-2016-2425 - Surreptitious sharing on Android, 2016
Bug in AOSP Mail, GMail, WEB.DE Mail, K-9 Mail, Telegram, Threema, Signal
CVE-2016-6271 - Linphone, 2016
No verification of hash commitment in ZRTP
Signature verification bypass in Android's in-app billing, 2013
Google In-App Billing Example

Android

In the past, I maintained the following Android projects:

OpenKeychain
Hardware Security SDK
Birthday Calendar
Calendar Import/Export
Offline Calendar (now part of Etar calendar)
Document Viewer
AdAway
FasterGPS
NTPSync

And contributed to these projects: