Logo
Florentin Putz
Research Associate
TU Darmstadt, Germany

I am a software engineer and researcher from the Frankfurt Rhine-Main area in Germany, working at the Technical University of Darmstadt. I’m interested in all sorts of technology; my current focus is on crafting authentication systems that are not only user-friendly but also seamlessly fit into existing hardware and software requirements.

Education

Ongoing
PhD Candidate in Computer Science
TU Darmstadt đŸ‡©đŸ‡Ș
2019
M.Sc. Computer Engineering German name: Informationssystemtechnik. This degree program was offered jointly by TU Darmstadt's EE and CS departments.
TU Darmstadt đŸ‡©đŸ‡Ș
2017
Visiting Graduate Student
University of British Columbia 🇹🇩
2016
B.Sc. Computer Engineering German name: Informationssystemtechnik. This degree program was offered jointly by TU Darmstadt's EE and CS departments.
TU Darmstadt đŸ‡©đŸ‡Ș

Awards

2023
Best research paper at ACM CHI, the top conference on human-computer interaction, for our paper on FIDO2 usability
2023
emergenCITY Collaboration Award
First place, for our interdisciplinary paper on FIDO2 usability
2020
Nationwide award for the best Master's thesis in Germany on communication and distributed systems
2020
For an outstanding Master's thesis in STEM at TU Darmstadt
2020
Award for the best Master's degree at TU Darmstadt's electrical engineering department

Early Life

My fascination with technology began during primary school when I started programming with Pascal and Delphi, as an autodidact using books from the local library.

In high school, I co-founded a computer science club with friends and a supportive teacher, where we worked on fun projects and shared our knowledge. A standout project was building a Lego Mindstorms robot for the 2008 First Lego League, for which we even got some training from researchers at the local university. Although we didn’t get far in the competition, it was a fun experience.

As I explored web development (HTML, CSS, JS, SQL, PHP), I began creating websites for friends, which later turned into a part-time job. I also expanded my programming skills to include Java and C#, which were great for developing Windows GUIs, reminding me of my earlier experiences with Delphi. My preference shifted to Linux over time, and Python quickly became my favorite programming language.

Computer Engineering

After high school, I chose to study Computer Engineering (“Informationssystemtechnik”) at TU Darmstadt, driven by my curiosity about the hardware side of technology – understanding the inner workings of a computer. While I was already comfortable with software development, diving into the electrical engineering components was a challenging yet rewarding leap.

I studied a wide range of topics: from functional programming in Racket and Lisp, building computer architectures out of NAND gates, diving deep into mathematics (particularly statistics was important later on), signals & systems, communication technology, electronics & embedded systems, software engineering & design patterns, statistical machine learning, some robotics, IT security, and more.

I was actively involved in the Computer Engineering student council, organizing events like the orientation week for freshmen and our annual summer barbecue. Additionally, I contributed to our student magazine and managed our IT infrastructure.

IT Security & HCI

During my university years, particularly when I specialized in IT security, I recognized that practical problems aren’t just technological; they also demand solutions that are user-friendly and genuinely beneficial. It became clear to me that even software with impressive features could suffer from poor usability – GPG being a notorious example. This made me interested in human-computer interaction, motivating me to study and improve how people interact with technology.

During my PhD at SEEMOO, my research has focused on bridging the gap between IT security and human-computer interaction. This collaborative effort culminated in a paper presented at CHI ‘23, the leading international conference on human-computer interaction. Our study on usable security was well-received, earning a Best Paper Award, which has been encouraging and motivates further research in this important area.

Selected Projects
All · Auth · Usability · SW · Teaching

Authentication is the foundation for trustworthy communication over the Internet. I have worked on several projects evaluating and improving the deployability and usability of device pairing protocols as well as web authentication systems.

Usability is an often overlooked aspect of user-facing technology, especially in the security domain. But what good is such technology if users cannot successfully interact with it? Practical problems aren't just technological; they also demand solutions that are user-friendly and genuinely beneficial.

Teaching students was one of my tasks while working at TU Darmstadt. Besides the projects listed below, this website also contains an overview of my teaching activities.

I have been developing software for more than 15 years. This includes programming small tools, contributing to open-source software projects, but also building larger new software projects.

Major Projects

2024
2024
Auth
Usability
SW
Flutter
Dart
Android
Mobile
R
Auth
Usability
SW

Setting up secure chats in messenger apps such as Signal is often a pain, as users have to manually verify the public keys of their contacts to ensure end-to-end encryption. Especially in larger groups, this process is cumbersome and can take a lot of time.

We have developed PairSonic, which is an open-source smartphone app that enables two or more users meeting in person to spontaneously exchange or verify their contact information. PairSonic simplifies the pairing process by automating the tedious verification tasks of previous methods through an acoustic out-of-band channel using smartphones’ built-in hardware. It does not rely on external key management infrastructure, prior associations, or shared secrets.

But is PairSonic really more user-friendly than current approaches? To answer this question, we conducted a user study where 45 participants compared PairSonic to the current state of the art. The questionnaires and subsequent interviews showed that participants significantly preferred our system PairSonic.

2023
Auth
Usability
Mobile
iOS
Web
FIDO2
R
HTML
CSS
JS
Auth
Usability

Passwords are the de-facto standard for user authentication, but they are hard to memorize and vulnerable to phishing/reuse attacks. Wouldn’t it be great if there was a standard way to use phishing-resistant public-key crypto for user authentication? Previous attempts suffered from poor usability, but FIDO2 and WebAuthn are promising.

We analyzed the usability of FIDO2 passwordless authentication by conducting a lab study with 87 participants. We compared platform authentication (biometric) with roaming authentication (security key) to determine the practical tradeoffs as perceived by users in a mobile scenario.

🏆 This study won a best paper award at CHI’23, the top international conference for human-computer interaction.

2021
Auth
SW
Web
FIDO2
HTML
Python
C
WebAuthn
CTAP
Auth
SW

The FIDO2 standards for strong authentication on the Internet are now well-established in all major web browsers, allowing users to securely log in to websites without memorizing a password. But how can developers customize FIDO2 for their own use cases? Currently, there exists almost no information on custom FIDO2 deployments.

We documented the process of designing and implementing custom extensions for the FIDO2 web authentication protocol. Our open-source implementation targets the full FIDO2 stack, such as the Chromium web browser and hardware tokens. To give an overview of existing extensions, we survey all published FIDO2 extensions by manually inspecting the source code of major web browsers and authenticators. We propose methods to make it easier for developers to deploy custom FIDO2 extensions.

2020
Auth
IoT
Mobile
Android
Java
Kotlin
DSP
MATLAB
Auth
IoT

How can ordinary smartphones be used to securely exchange data with nearby devices? I designed a wireless physical layer that achieves message authentication using the acoustic interface, which is commonly available on smartphones and IoT devices. My open-source prototype implementation demonstrates device pairing with off-the-shelf smartphones and runs from user space without requiring firmware or hardware modifications.

🏆 This project started with my Master’s thesis, which has received two awards: The KuVS award 2020 (nationwide award for the best Master’s thesis on communication systems in Germany) and the Datenlotsen award 2020 (one of the best three STEM Master’s theses at TU Darmstadt).

2016
IoT
SW
Kotlin
C
ARM
Assembler
Java
Android
Mobile
MATLAB
IoT
SW

For my Bachelor’s thesis, I demonstrated a severe privacy vulnerability that affected most modern smartphones at the time, allowing for tracking and inferring location history of a user. I developed an Android app that can passively track wireless devices based on the WiFi probe requests they broadcast, showing tracking results in real-time.

The tracking data comes directly from the Broadcom WiFi chip, because I modified its firmware using the Nexmon reverse engineering framework (created by my thesis supervisor). Probe requests are special WiFi frames that are usually not accessible from user space. The tracking code therefore runs on a separate ARM chip instead of the host CPU, allowing continous tracking in the background without affecting normal smartphone usage and with minimal impact on battery usage.

Using this tracking system, I ran a measurement campaign to study the impact of this vulnerability by analyzing the probing behaviour of different smartphone models. Most devices were vulnerable and regularly sent probe requests, some even containing SSIDs of recently connected networks. As a response to such tracking approaches, Android and iOS nowadays randomize the MAC address to protect user privacy, but this was uncommon back when I evaluated this.

Minor Projects

FreeSpeaker: Open Smart Speaker Platform #
2023
2023
IoT
Auth
Python
Kotlin
Java
Android
Mobile
DSP
IoT
Auth

My colleagues and I at SEEMOO designed a modular smart speaker that can be 3D printed (open-source electronic + mechanical components). We demonstrate practical device bootstrapping using an authentication protocol combining radio and acoustic signals.

2021 – 2022
2021 – 2022
SW
Clojure
GraalVM
JVM
J (jlang)
SW

The Advent of Code is an annual programming competition with fun problems for each day in December leading up to Christmas. Usually, I team up with some colleagues from work to participate, seeing each day who has the fastest or most creative solutions. I like to use this event as an opportunity to try out new programming languages.

2022
SW
Jekyll
Ruby
HTML
Sass
CSS
JS
SW

The website you are visiting right now. I’m particularly proud of the responsive layout and responsive images. I did the web design from scratch, using the static site generator Jekyll with some custom plugins that I wrote in Ruby.

Teaching Signal Processing Using Audio #
2022
2022
Teaching
DSP
MATLAB
Teaching

TU Darmstadt’s course on physical layer security includes many practical exercises where students come to our lab and experiment with radio signals using SDRs. During the COVID19 pandemic, this was no longer possible and we suddenly had to shift our course to an online offering.

It was still important for us to find a way to let students get hands-on experience (this is one of the main reasons students like the course), so I created a lab exercise which allowed students to experiment with the physical layer from home, entireley with their own hardware. Instead of radio signals, they generated acoustic signals which can be used to transmit and receive data using just their smartphones or laptops.

2021
Teaching
DSP
Teaching

I created teaching material and a video tutorial to explain the Hilbert transform and how it relates to single-sideband modulation. In the past, our PhySec students particularly struggled with this topic.  I’ve received great feedback: students claim that this tutorial helped them actually understand how it works and why it is useful in a visual way.

2018
SW
Python
Docker
SW

I have developed a bot that queries new mails from an IMAP server and mirrors them to a Zulip server. We used it back in the days at TU Darmstadt’s Computer Engineering student council to discuss incoming mails and coordinate actions/responses.