Über mich

Ich bin promovierter Forscher im Bereich der IT-Sicherheit. Aktuell forsche ich in Bereichen der Authentifizierung, Usability und Privacy. Unter anderem erforsche ich, wie man die Sicherheit von Passwörtern verbessern kann, ohne die Usability dadurch zu verringern. Über meine Arbeit wurde in Schneier on Security, The Daily Swig, t-online.de, GIGA.de, Heise, Golem.de, Kölner Stadtanzeiger und anderen Medien berichtet.

Meine Expertise im Bereich der Usable Security & Privacy habe ich bereits erfolgreich in die Industrie einbringen dürfen (z.B. Meta, Telenor). Darüber hinaus arbeite ich als Senior Software Engineer bei Vodafone.

Außerdem habe ich am Buch Programmieren trainieren mitgeschrieben, welches im Hanser Verlag erschienen ist.

Forschungsinteressen

  • Risikobasierte Authentifizierung
  • Usable Security and Privacy
  • Mobile Authentifizierung
  • Gebrauchstaugliche Passwörter
  • Privacy Dashboards
  • Developer-Centered Security
  • Mensch-Computer-Interaktion

Auszeichnungen

Open Data Impact Award 2022
Verliehen von: Stifterverband für die Deutsche Wissenschaft e.V.
Best ACSAC Video Production 2020
Verliehen von: Annual Computer Security Applications Conference (ACSAC)
RISE Germany Scholarship 2019, 2020
Verliehen von: Deutscher Akademischer Austauschdienst (DAAD)
Jahrgangsbester 2018/2019, Master Medientechnologie
Verliehen von: Technische Hochschule Köln

Ausbildung

Informatik (Dr.-Ing.)
Ruhr-Universität Bochum, Horst-Görtz-Institut für IT-Sicherheit (2018 - 2023)
Begutachtet von Markus Dürmuth, Martina Angela Sasse und Luigi Lo Iacono
Dissertation Verteidigungsfolien
Medientechnologie (M. Sc.)
Technische Hochschule Köln (2015 - 2018)
Medientechnik (B. Eng.)
Fachhochschule Köln (2011 - 2015)

Ausgewählte Publikationen


Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication ()
und UbiSec ’23. Springer.
PDF Website
@inproceedings{article_ubisec2023_buettner,
  author = {Büttner, Andre and Pedersen, Andreas Thue and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
  title  = {Is {It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication}},
  booktitle = {Ubi{Sec} '23},
  location = {Exeter, United Kingdom},
  doi = {10.1007/978-981-97-1274-8_26},
  publisher = {Springer},
  month = mar,
  year   = {2024},
}

Programmieren trainieren - Mit über 150 Workouts in Java und Python (3. Auflage) ()
und Carl Hanser Verlag.
PDF [Leseprobe] Website
@book{book_hanser2023_LoIacono,
  title = {Programmieren trainieren - Mit über 150 Workouts in Java und Python (3. Auflage)},
  author = {Lo Iacono, Luigi and Wiefling, Stephan and Schneider, Michael},
  year = {2023},
  publisher = {Carl Hanser Verlag GmbH & Co. KG},
  url = {https://www.hanser-fachbuch.de/fachbuch/artikel/9783446477667},
}

Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example ()
und CODASPY ’23. ACM.
PDF
@inproceedings{inproceedings_codaspy2023_unsel,
  title = {Risk-{Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example}},
  author = {Unsel, Vincent and Wiefling, Stephan and Gruschka, Nils and {Lo Iacono}, Luigi},
  booktitle = {13th {ACM Conference on Data and Application Security and Privacy}},
  year = {2023},
  series = {C{ODASPY} '23},
  location = {Charlotte, NC, USA},
  publisher = {ACM},
  doi = {10.1145/3577923.35836},
  month = apr,
  year = {2023}
}

Data Protection Officers’ Perspectives on Privacy Challenges in Digital Ecosystems ()
und SPOSE ’22. Springer.
PDF PDF [Verlag]
@inproceedings{article_spose2022_wiefling,
  author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
  title = {Data {Protection} {Officers}' {Perspectives} on {Privacy} {Challenges9 in {Digital} {Ecosystems}},
  booktitle = {4th {Workshop} on {Security}, {Privacy}, {Organizations}, and {Systems} {Engineering}},
  series = {SPOSE '22},
  location = {Copenhagen, Denmark},
  doi = {10.1007/978-3-031-25460-4_13},
  publisher = {Springer},
  year = {2023}
}

Pump Up Password Security! Evaluating and Enhancing Risk-Based Authentication on a Real-World Large-Scale Online Service ()
und ACM TOPS. ACM.
PDF
@article{article_tops2023_wiefling,
  author = {Wiefling, Stephan and Jørgensen, Paul René and Thunem, Sigurd and {Lo Iacono}, Luigi},
  title  = {Pump {Up} {Password} {Security}! {Evaluating} and {Enhancing} {Risk}-{Based} {Authentication} on a {Real}-{World} {Large}-{Scale} {Online} {Service}},
  journal = { {ACM} {Transactions} on {Privacy} and {Security}},
  doi = {10.1145/3546069},
  publisher = {ACM},
  volume = {26},
  number = {1},
  articleno = {6},
  issn = {2471-2566},
  month = {feb},
  year   = {2023}
}

Privacy Considerations for Risk-Based Authentication Systems ()
und IWPE ’21. IEEE.
PDF
@inproceedings{article_iwpe2021_wiefling,
  author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
  title = {Privacy {Considerations} for {Risk}-{Based} {Authentication} {Systems}},
  booktitle = {2021 {International} {Workshop} on {Privacy} {Engineering}},
  series = {IWPE '21},
  location = {Vienna, Austria},
  doi = {10.1109/EuroSPW54576.2021.00040},
  pages = {320--327},
  publisher = {IEEE},
  month = sep,
  year = {2021}
}

"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices ()
und IEEE TSE. IEEE.
PDF
@article{journals_tse2021_gorski,
  author = {Gorski, Peter Leo and Möller, Sebastian and Wiefling, Stephan and Lo Iacono, Luigi},
  journal = {IEEE Transactions on Software Engineering},
  title = {"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices},
  year = {2021},
  publisher = {IEEE},
  doi = {10.1109/TSE.2021.3094171}
}

Verify It’s You: How Users Perceive Risk-based Authentication ()
und IEEE Security & Privacy. IEEE.
PDF
@article{journals_spm2021_wiefling,
  title = {Verify {It}'s {You}: {How} {Users} {Perceive} {Risk}-based {Authentication}},
  journal = {IEEE Security & Privacy},
  author = {Wiefling, Stephan and Dürmuth, Markus and Lo Iacono, Luigi},
  month = nov,
  volume = {19},
  number = {6},
  pages = {47--57},
  year = {2021},
  publisher = {IEEE},
  doi = {10.1109/MSEC.2021.3077954}
}

What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics ()
und FC ’21. Springer.
PDF
@inproceedings{article_fc2021_wiefling,
  author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
  title = {What’s in {Score} for {Website} {Users}: {A} {Data}-{Driven} {Long}-{Term} {Study} on {Risk}-{Based} {Authentication} {Characteristics}},
  booktitle = {25th {International} {Conference} on {Financial} {Cryptography} and {Data} {Security} ({FC} '21)},
  pages = {361--381},
  location = {Grenada},
  month = mar,
  year = {2021}
  publisher = {Springer},
  doi = {10.1007/978-3-662-64331-0_19}
}

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication ()
und ACSAC ’20. ACM.
PDF
@inproceedings{article_acsac2020_wiefling,
  title = {More {Than} {Just} {Good} {Passwords}? A {Study} on {Usability} and {Security} {Perceptions} of {Risk-based} {Authentication}},
  booktitle = {36th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '20)},
  author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
  publisher = {ACM},
  location = {Austin, USA},
  month = dec,
  year = {2020},
  doi = {10.1145/3427228.3427243},
  pages = {203--218},
  isbn = {978-1-4503-8858-0/20/12},
}

Evaluation of Risk-based Re-Authentication Methods ()
und IFIP SEC ’20. Springer.
PDF
@inproceedings{article_ifipsec2020_wiefling,
  title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}},
  booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi },
  publisher = {Springer International Publishing},
  location = {Maribor, Slovenia},
  volume = {580},
  pages = {280--294},
  isbn = {978-3-030-58200-5},
  doi = {10.1007/978-3-030-58201-2_19},
  month = sep,
  year = {2020},
}

Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services ()
und NordSec ’19. Springer Nature.
PDF
@inproceedings{article_nordsec2019_wiefling,
  title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}},
  booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)},
  series = { {Lecture} {Notes} in {Computer} {Science}},
  author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
  volume = {11875},
  pages = {188--203},
  isbn = {978-3-030-35055-0},
  doi = {10.1007/978-3-030-35055-0_12},
  publisher = {Springer Nature},
  location = {Aalborg, Denmark},
  month = nov,
  year = {2019}
}

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild ()
und IFIP SEC ’19. Springer.
PDF
@inproceedings{article_ifipsec2019_wiefling,
  title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}},
  booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus},
  volume = {562},
  pages = {134--148},
  isbn = {978-3-030-22311-3},
  doi = {10.1007/978-3-030-22312-0_10},
  publisher = {Springer International Publishing},
  location = {Lisbon, Portugal},
  month = jun,
  year = {2019}
}