The following is a list of my scientific publications, which are all freely accessible on this website.
-
new!
The User Perspective on Island-Ready 6G Communication: A Survey of Future Smartphone Usage in Crisis-Struck Areas with Local Cellular Connectivity
Leon Janzen, Florentin Putz, Marc-André Kaufhold, Kolja Straub, Matthias Hollick
CHI '25 ACM 2025 CHI Conference on Human Factors in Computing SystemsAbstract
Using smartphone apps during crises is well-established, proving critical for efficient crisis response. However, such apps become futile without an Internet connection, which is a common issue during crises. The ongoing 6G standardization explores the capability to provide local cellular connectivity for areas cut off from the Internet in crises. This paper introduces to the HCI community the concept of cellular island connectivity in isolated areas, promising a seamless transition from normal operation to island operation with local-only cellular connectivity. It presents findings from a survey (N = 857) among adult smartphone users from major German cities regarding their smartphone usage preferences in this model. Results show a shift in app demand, with users favoring general-purpose apps over dedicated crisis apps in specific scenarios. We prioritize smartphone services based on their criticality, distinguishing between apps essential for crisis response and those supporting routines. Our findings provide operators, developers, and authorities insights into making user-centric design decisions for implementing island-ready 6G communication.BibTeX
@inproceedings{chi2025islands, title = {The User Perspective on Island-Ready 6G Communication: A Survey of Future Smartphone Usage in Crisis-Struck Areas with Local Cellular Connectivity}, author = {Janzen, Leon and Putz, Florentin and Kaufhold, Marc-Andr{\'e} and Straub, Kolja and Hollick, Matthias}, publisher = {ACM}, location = {Yokohama, Japan}, eventdate = {26.04.2025-01.05.2025}, year = {2025}, isbn = {979-8-4007-1394-1}, month = {April}, booktitle = {CHI '25: Proceedings of the 2025 CHI Conference on Human Factors in Computing Systems}, doi = {https://doi.org/10.1145/3706598.3714324} }
-
Sounds Good? Fast and Secure Contact Exchange in Groups
Florentin Putz, Steffen Haesler, and Matthias Hollick
CSCW '24 27th ACM Conference on Computer-Supported Cooperative Work and Social ComputingAbstract
Trustworthy digital communication requires the secure exchange of contact information, but current approaches lack usability and scalability for larger groups of users. We evaluate the usability of two secure contact exchange systems: the current state of the art, SafeSlinger, and our newly designed protocol, PairSonic, which extends trust from physical encounters to spontaneous online communication. Our lab study (N=45) demonstrates PairSonic’s superior usability, automating the tedious verification tasks from previous approaches via an acoustic out-of-band channel. Although participants significantly preferred our system, minimizing user effort surprisingly decreased the perceived security for some users, who associated security with complexity. We discuss user perceptions of the different protocol components and identify remaining usability barriers for CSCW application scenarios.BibTeX
@inproceedings{cscw2024soundsgood, title = {Sounds Good? Fast and Secure Contact Exchange in Groups}, author = {Putz, Florentin and Haesler, Steffen and Hollick, Matthias}, publisher = {Association for Computing Machinery}, location = {New York, NY, USA}, year = {2024}, month = nov, booktitle = {Proceedings of the ACM on Human-Computer Interaction 8}, series = {CSCW2}, doi = {https://doi.org/10.1145/3686964} }
-
PairSonic: Helping Groups Securely Exchange Contact Information
Florentin Putz, Steffen Haesler, Thomas Völkl, Maximilian Gehring, Nils Rollshausen, and Matthias Hollick
CSCW '24 27th ACM Conference on Computer-Supported Cooperative Work and Social ComputingAbstract
Securely exchanging contact information is essential for establishing trustworthy communication channels that facilitate effective online collaboration. However, current methods are neither user-friendly nor scalable for large groups of users. In response, we introduce PairSonic, a novel group pairing protocol that extends trust from physical encounters to online communication. PairSonic simplifies the pairing process by automating the tedious verification tasks of previous methods through an acoustic out-of-band channel using smartphones’ built-in hardware. Our protocol not only facilitates connecting users for computer-supported collaboration, but also provides a more user-friendly and scalable solution to the authentication ceremonies currently used in end-to-end encrypted messengers like Signal or WhatsApp. PairSonic is available as open-source software: https://github.com/seemoo-lab/pairsonicBibTeX
@inproceedings{cscw2024pairsonic, title = {{PairSonic: Helping Groups Securely Exchange Contact Information}}, author = {Putz, Florentin and Haesler, Steffen and Völkl, Thomas and Gehring, Maximilian and Rollshausen, Nils and Hollick, Matthias}, publisher = {Association for Computing Machinery}, location = {New York, NY, USA}, year = {2024}, month = nov, booktitle = {Companion {{Publication}} of the 2024 {{Conference}} on {{Computer-Supported Cooperative Work}} \& {{Social Computing}}}, series = {{{CSCW}} '24 {{Companion}}}, doi = {https://doi.org/10.1145/3678884.3681818} }
-
A Data-Driven Evaluation of the Current Security State of Android Devices
Ernst Leierzopf, René Mayrhofer, Michael Roland, Wolfgang Studier, Lawrence Dean, Martin Seiffert, Florentin Putz, Lucas Becker, Daniel R. Thomas
CNS '24 2024 IEEE Conference on Communications and Network Security (CNS)Abstract
Android’s fast-paced development cycles and the large number of devices from different manufacturers do not allow for an easy comparison between different devices’ security and privacy postures. Manufacturers each adapt and update their respective firmware images. Furthermore, images published on OEM websites do not necessarily match those installed in the field. Relevant software aspects do not remain static after initial device release, but need to be measured on real devices that receive these updates. There are various potential sources for collecting such attributes, including webscraping, crowdsourcing, and dedicated device farms. However, raw data alone is not helpful in making meaningful decisions on device security and privacy. We make a website available to access collected data. Our implementation focuses on reproducible requests and supports filtering by OEMs, devices, device models, and attributes. To improve usability, we further propose a security score grounded on the list of attributes. Based on input from Android experts, including a focus group and eight individuals, we have created a method that derives attribute weights from the importance of attributes for mitigating threats on the Android platform. We derive weights for general use cases and suggest possible examples for more specialized weights for groups of confidentiality/privacy-sensitive users and integrity-sensitive users. Since there is no one-size-fits-all setting for Android devices, our website provides the possibility to adapt all parameters of the calculated security score to individual needs.BibTeX
@inproceedings{cns2024datadriven, author={Leierzopf, Ernst and Mayrhofer, René and Roland, Michael and Studier, Wolfgang and Dean, Lawrence and Seiffert, Martin and Putz, Florentin and Becker, Lucas and Thomas, Daniel R.}, booktitle={2024 {{IEEE}} {{Conference}} on {{Communications}} and {{Network Security (CNS)}}}, title={A Data-Driven Evaluation of the Current Security State of Android Devices}, year={2024}, volume={}, number={}, pages={1-9}, doi={10.1109/CNS62487.2024.10735682}} }
-
Introducing FreeSpeaker - A Modular Smart Home Hub Prototyping Platform
Hermann Leinweber*, Jonatan Crystall*, Frank Hessel, Florentin Putz, Matthias Hollick (* = equal contribution)
MobiCom '23 29th Annual International Conference on Mobile Computing and NetworkingAbstract
Smart home speakers have become a commodity item in many households and provide interesting research opportunities in areas like wireless communication and human-computer interaction. Commercial devices do not provide sufficient access for many research tasks. We present a modular smart home hub designed specifically for research purposes. The electronic and mechanical components are designed with reproducibility in mind and can be easily recombined for a project's needs. Additionally, we show applications of the hub in different scenarios.BibTeX
@article{mobicom2023freespeaker, title = {Introducing FreeSpeaker - A Modular Smart Home Hub Prototyping Platform}, location = {Madrid, Spain}, language = {en}, author = {Hermann Leinweber and Jonatan Crystall and Frank Hessel and Florentin Putz and Matthias Hollick}, eventdate = {02.-05.10.2023}, year = {2023}, month = {October}, doi = {https://doi.org/10.1145/3570361.3614080}, booktitle = {ACM MobiCom '23: Proceedings of the 29th Annual International Conference on Mobile Computing and Networking}, isbn = {978-1-4503-9990-6} }
-
A Large-Scale Data Collection and Evaluation Framework for Android Device Security Attributes
Ernst Leierzopf, Michael Roland, René Mayrhofer, Florentin Putz
IDIMT '23 31st Interdisciplinary Information Management TalksAbstract
Android’s fast-lived development cycles and increasing amounts of manufacturers and device models make a comparison of relevant security attributes, in addition to the already difficult comparison of features, more challenging. Most smartphone reviews only consider offered features in their analysis. Smartphone manufacturers include their own software on top of the Android Open Source Project (AOSP) to improve user experience, to add their own pre-installed apps or apps from third-party sponsors, and to distinguish themselves from their competitors. These changes affect the security of smartphones. It is insufficient to validate device security state only based on measured data from real devices for a complete assessment. Promised major version releases, security updates, security update schedules of devices, and correct claims on security and privacy of pre-installed software are some aspects, which need statistically significant amounts of data to evaluate. Lack of software and security updates is a common reason for shorter lifespans of electronics, especially for smartphones. Validating the claims of manufacturers and publishing the results creates incentives towards more sustainable maintenance and longevity of smartphones. We present a novel scalable data collection and evaluation framework, which includes multiple sources of data like dedicated device farms, crowdsourcing, and webscraping. Our solution improves the comparability of devices based on their security attributes by providing measurements from real devices.BibTeX
@article{idimt2023large, title = {A Large-Scale Data Collection and Evaluation Framework for Android Device Security Attributes}, location = {Hradec Kr{\'a}lov{\'e}, Czech Republic}, language = {en}, author = {Ernst Leierzopf and Michael Roland and Ren{\'e} Mayrhofer and Florentin Putz}, eventdate = {06.-08.09.2023}, year = {2023}, month = {September}, doi = {https://doi.org/10.35011/IDIMT-2023-63}, booktitle = {IDIMT-2023: New Challenges for ICT and Management: 31st Interdisciplinary Information Management Talks}, isbn = {978-3-99151-176-2}, pages = {63--72} }
-
DEMO: Secure Bootstrapping of Smart Speakers Using Acoustic Communication
Markus Scheck, Florentin Putz, Frank Hessel, Hermann Leinweber, Jonatan Crystall, Matthias Hollick
WiSec '23 16th ACM Conference on Security and Privacy in Wireless and Mobile NetworksAbstract
Smart speakers are highly privacy-sensitive devices: They are located in our homes and provide an Internet-enabled microphone, making them a prime target for attackers. The pairing between a client device and the speaker must be protected to prohibit adversaries from accessing the device. Most commercial protocols are vulnerable to nearby adversaries as they do not probe for human presence at the speaker or proximity between both devices. In addition to security, the protocol must provide a user-friendly way for initial bootstrapping of the speaker. We design an open pairing protocol for the establishment of a shared secret between both devices using acoustic messaging to guarantee proximity, and release our implementation for the smart speaker as well as Android and Linux clients as open-source software on GitHub.BibTeX
@article{wisec2023secure, title = {DEMO: Secure Bootstrapping of Smart Speakers Using Acoustic Communication}, language = {en}, author = {Scheck, Markus and Putz, Florentin and Hessel, Frank and Leinweber, Hermann and Crystall, Jonatan and Hollick, Matthias}, eventdate = {29.05. - 01.06.2023}, year = {2023}, location = {Guildford, Surrey, United Kingdom}, doi = {https://doi.org/10.26083/tuprints-00024180}, note = {Demo presented at the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2023)} }
-
FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones
Leon Würsching*, Florentin Putz*, Steffen Haesler, Matthias Hollick (* = equal contribution)
CHI '23 ACM 2023 CHI Conference on Human Factors in Computing SystemsAbstract
Modern smartphones support FIDO2 passwordless authentication using either external security keys or internal biometric authentication, but it is unclear whether users appreciate and accept these new forms of web authentication for their own accounts. We present the first lab study (N=87) comparing platform and roaming authentication on smartphones, determining the practical strengths and weaknesses of FIDO2 as perceived by users in a mobile scenario. Most participants were willing to adopt passwordless authentication during our in-person user study, but closer analysis shows that participants prioritize usability, security, and availability differently depending on the account type. We identify remaining adoption barriers that prevent FIDO2 from succeeding password authentication, such as missing support for contemporary usage patterns, including account delegation and usage on multiple clients.BibTeX
@inproceedings{chi2023fido, title = {FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones}, author = {W{\"u}rsching, Leon and Putz, Florentin and Haesler, Steffen and Hollick, Matthias}, publisher = {ACM}, location = {Hamburg, Germany}, eventdate = {23.-28.04.2023}, year = {2023}, isbn = {978-1-4503-9421-5}, month = {April}, booktitle = {CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems}, doi = {https://doi.org/10.1145/3544548.3580993} }
-
Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions
Florentin Putz, Steffen Schön, Matthias Hollick
ETAA '21 4th International Workshop on Emerging Technologies for Authorization and AuthenticationAbstract
The FIDO2 standards for strong authentication on the Internet define an extension interface, which allows them to flexibly adapt to future use cases. The domain of establishing new FIDO2 extensions, however, is currently limited to web browser developers and members of the FIDO alliance. We show how researchers and developers can design and implement their own extensions for using FIDO2 as a well-established and secure foundation to demonstrate innovative authentication concepts or to support custom deployments. Our open-source implementation targets the full FIDO2 stack, such as the Chromium web browser and hardware tokens, to enable tailor-made authentication based on the power of the existing FIDO2 ecosystem. To give an overview of existing extensions, we survey all published FIDO2 extensions by manually inspecting the source code of major web browsers and authenticators. Their current design, however, hinders the implementation of custom extensions, and they only support a limited number of extensions out of the box. We discuss weaknesses of current implementations and identify the lack of extension pass-through as a major limitation in current FIDO2 clients.BibTeX
@inproceedings{putz2021futureproof, author = {Putz, Florentin and Sch\"{o}n, Steffen and Hollick, Matthias}, title = {Future-Proof Web Authentication: Bring Your Own {FIDO2} Extensions}, year = {2021}, isbn = {978-3-030-93746-1}, publisher = {Springer-Verlag}, address = {Berlin, Heidelberg}, url = {https://doi.org/10.1007/978-3-030-93747-8_2}, doi = {10.1007/978-3-030-93747-8_2}, pages = {17–32}, numpages = {16}, series = {ETAA '21} }
-
Connected Self-Organized Citizens in Crises: An Interdisciplinary Resilience Concept for Neighborhoods
Steffen Haesler, Ragnark Mogk, Florentin Putz, Kevin T. Logan, Nadja Thiessen, Katharina Kleinschnitger, Lars Baumgärtner, Jan-Philipp Stroscher, Christian Reuter, Michele Knodt, Matthias Hollick
CSCW '21 24th ACM Conference on Computer-Supported Cooperative Work and Social Computing (Conference Companion Publication)Abstract
When facing major crisis events, such as earthquakes, flooding, or attacks on infrastructure, people start to organize within their neighborhoods. While this has historically been an analog process, people now use collaboration or messenger apps to support their self-organization. Unfortunately, these apps are not designed to be resilient and fail with communication infrastructure outages when servers are no longer available. We provide a resilience concept with requirements derived from an interdisciplinary view enabling citizens to communicate and collaborate in everyday life and during crisis events. Our human-centered prototype integrates concepts of nudging for crisis preparedness, decentralized and secure communication, participation, smart resource management, historical knowledge, and legal issues to help guide further research.BibTeX
@inproceedings{haesler2021connected, author = {Haesler, Steffen and Mogk, Ragnar and Putz, Florentin and Logan, Kevin T. and Thiessen, Nadja and Kleinschnitger, Katharina and Baumg\"{a}rtner, Lars and Stroscher, Jan-Philipp and Reuter, Christian and Knodt, Michele and Hollick, Matthias}, title = {Connected Self-Organized Citizens in Crises: An Interdisciplinary Resilience Concept for Neighborhoods}, year = {2021}, isbn = {9781450384797}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3462204.3481749}, doi = {10.1145/3462204.3481749}, booktitle = {Companion Publication of the 2021 Conference on Computer Supported Cooperative Work and Social Computing}, pages = {62–66}, numpages = {5}, series = {CSCW '21} }
-
Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication
Florentin Putz, Flor Álvarez, Jiska Classen
WiSec '20 13th ACM Conference on Security and Privacy in Wireless and Mobile NetworksAbstract
Secure Device Pairing (SDP) relies on an out-of-band channel to authenticate devices. This requires a common hardware interface, which limits the use of existing SDP systems. We propose to use short-range acoustic communication for the initial pairing. Audio hardware is commonly available on existing off-the-shelf devices and can be accessed from user space without requiring firmware or hardware modifications. We improve upon previous approaches by designing Acoustic Integrity Codes (AICs): a modulation scheme that provides message authentication on the acoustic physical layer. We analyze their security and demonstrate that we can defend against signal cancellation attacks by designing signals with low autocorrelation. Our system can detect overshadowing attacks using a ternary decision function with a threshold. In our evaluation of this SDP scheme's security and robustness, we achieve a bit error ratio below 0.1% for a net bit rate of 100 bps with a signal-to-noise ratio (SNR) of 14 dB. Using our open-source proof-of-concept implementation on Android smartphones, we demonstrate pairing between different smartphone models.BibTeX
@inproceedings{putz2020acoustic, author = {Putz, Florentin and \'{A}lvarez, Flor and Classen, Jiska}, title = {Acoustic Integrity Codes: Secure Device Pairing Using Short-Range Acoustic Communication}, year = {2020}, isbn = {9781450380065}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/3395351.3399420}, doi = {10.1145/3395351.3399420}, booktitle = {Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks}, pages = {31–41}, numpages = {11}, series = {WiSec '20} }