My research and work is influenced by my moral beliefs. They are based on the Cypherpunk's Manifesto (Eric Hughes, 1993) and modern critiques of our research field, such as The Moral Character of Cryptographic Work (Phillip Rogaway, 2015):

“Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension.

The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field.

I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plead for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work.”

Research

My research interests focus on these topics:

• Contextual Security for Device-to-Device Pairings based on Human Gait, Ambient Audio
• End-to-End Encrypted Communication: API for NFC Cryptography, ZRTP Analysis, Usability of Key-Fingerprints
• Security in Delay-Tolerant Networks: Forward Secure DTNs, µDTNSec, RAIM: Redundant Array of Motes
• Trustworthy Transportation Systems: Cooperative Charging, Trustworthy Parking Communities

I published over 15 papers on international conferences and journals.

Vulnerabilities

• CVE-2016-2425 - Surreptitious sharing on Android, 2016
  Bug in AOSP Mail, GMail, WEB.DE Mail, K-9 Mail, Telegram, Threema, Signal
• CVE-2016-6271 - Linphone, 2016
  No verification of hash commitment in ZRTP
• Signature verification bypass in Android's in-app billing, 2013
  Google In-App Billing Example

Android

You can support my work on Android projects via PayPal.

I actively maintain the following Android projects:

• OpenKeychain
• Hardware Security SDK

Sometimes I contribute to these projects:

• Etar Calendar
• F-Droid
• K-9 Mail

I am currently working on getting the features of Birthday Calendar, Calendar Import/Export and Offline Calendar into the Etar Calendar. Then I will probably deprecate the old apps.

• Birthday Calendar
• Calendar Import/Export
• Offline Calendar (now part of Etar calendar)
• Document Viewer

I started some apps where I am no longer actively participating in their development:

• FasterGPS
• NTPSync
• AdAway

Standards

I sometimes contribute to open standards, such as Autocrypt.