Über mich

Ich bin Doktorand in der IT-Sicherheit (Gruppe für Daten- und Anwendungssicherheit, H‑BRS) unter der Betreuung von Luigi Lo Iacono und Markus Dürmuth. Aktuell forsche ich in Bereichen der Authentifizierung und Usability. Unter anderem erforsche ich, wie man die Sicherheit von Passwörtern verbessern kann, ohne die Usability dadurch zu verringern.

Außerdem habe ich am Buch „Programmieren trainieren“ mitgeschrieben, welches im Hanser Verlag erschienen ist.

Forschungsinteressen

  • Risikobasierte Authentifizierung
  • Usable Security and Privacy
  • Mobile Authentifizierung
  • Gebrauchstaugliche Passwörter
  • Developer-Centered Security
  • Mensch-Computer-Interaktion

Auszeichnungen

Best ACSAC Video Production 2020
Verliehen von: Annual Computer Security Applications Conference (ACSAC)
RISE Germany Scholarship 2019, 2020
Verliehen von: Deutscher Akademischer Austauschdienst (DAAD)
Jahrgangsbester 2018/2019, Master Medientechnologie
Verliehen von: Technische Hochschule Köln

Presseartikel (Auswahl)

Ausgewählte Publikationen


Privacy Considerations for Risk-Based Authentication Systems ()
und IWPE ’21. IEEE.
PDF Folien Website
@inproceedings{article_iwpe2021_wiefling,
  author = {Wiefling, Stephan and Tolsdorf, Jan and Lo Iacono, Luigi},
  title = {Privacy {Considerations} for {Risk}-{Based} {Authentication} {Systems}},
  booktitle = {2021 {International} {Workshop} on {Privacy} {Engineering}},
  series = {IWPE '21},
  location = {Vienna, Austria},
  doi = {10.1109/EuroSPW54576.2021.00040},
  pages = {320--327},
  publisher = {IEEE},
  month = sep,
  year = {2021}
}

"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices ()
und IEEE TSE. IEEE.
PDF
@article{journals_tse2021_gorski,
  author = {Gorski, Peter Leo and Möller, Sebastian and Wiefling, Stephan and Lo Iacono, Luigi},
  journal = {IEEE Transactions on Software Engineering},
  title = {"I just looked for the solution!" - On Integrating Security-Relevant Information in Non-Security API Documentation to Support Secure Coding Practices},
  year = {2021},
  publisher = {IEEE},
  doi = {10.1109/TSE.2021.3094171}
}

Verify It’s You: How Users Perceive Risk-based Authentication ()
und IEEE Security & Privacy. IEEE.
PDF
@article{journals_spm2021_wiefling,
  title = {Verify {It}'s {You}: {How} {Users} {Perceive} {Risk}-based {Authentication}},
  journal = {IEEE Security & Privacy},
  author = {Wiefling, Stephan and Dürmuth, Markus and Lo Iacono, Luigi},
  month = nov,
  volume = {19},
  number = {6},
  pages = {47--57},
  year = {2021},
  publisher = {IEEE},
  doi = {10.1109/MSEC.2021.3077954}
}

What’s in Score for Website Users: A Data-Driven Long-Term Study on Risk-Based Authentication Characteristics ()
und FC ’21. Springer.
PDF Vortrag Website
@inproceedings{article_fc2021_wiefling,
  author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
  title = {What’s in {Score} for {Website} {Users}: {A} {Data}-{Driven} {Long}-{Term} {Study} on {Risk}-{Based} {Authentication} {Characteristics}},
  booktitle = {25th {International} {Conference} on {Financial} {Cryptography} and {Data} {Security} ({FC} '21)},
  pages = {361--381},
  location = {Grenada},
  month = mar,
  year = {2021}
  publisher = {Springer},
  doi = {10.1007/978-3-662-64331-0_19}
}

More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication ()
und ACSAC ’20. ACM.
PDF PDF [Verlag] Folien Vortrag Website
@inproceedings{article_acsac2020_wiefling,
  title = {More {Than} {Just} {Good} {Passwords}? A {Study} on {Usability} and {Security} {Perceptions} of {Risk-based} {Authentication}},
  booktitle = {36th {Annual} {Computer} {Security} {Applications} {Conference} ({ACSAC} '20)},
  author = {Wiefling, Stephan and D\"{u}rmuth, Markus and Lo Iacono, Luigi},
  publisher = {ACM},
  location = {Austin, USA},
  month = dec,
  year = {2020},
  doi = {10.1145/3427228.3427243},
  pages = {203--218},
  isbn = {978-1-4503-8858-0/20/12},
}

Evaluation of Risk-based Re-Authentication Methods ()
und IFIP SEC ’20. Springer.
PDF PDF [Verlag] Folien Vortrag Website
@inproceedings{article_ifipsec2020_wiefling,
  title = { {Evaluation} of {Risk-based} {Re}-{Authentication} {Methods}},
  booktitle = {35th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2020)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Patil, Tanvi and D\"{u}rmuth, Markus and Lo Iacono, Luigi },
  publisher = {Springer International Publishing},
  location = {Maribor, Slovenia},
  volume = {580},
  pages = {280--294},
  isbn = {978-3-030-58200-5},
  doi = {10.1007/978-3-030-58201-2_19},
  month = sep,
  year = {2020},
}

Programmieren trainieren - Mit über 130 Workouts in Java und Python (2. Auflage) ()
und Carl Hanser Verlag.
Website
@book{book_hanser2020_LoIacono,
  title = {Programmieren trainieren - Mit über 130 Workouts in Java und Python (2. Auflage)},
  author = {Lo Iacono, Luigi and Wiefling, Stephan and Schneider, Michael},
  year = {2020},
  publisher = {Carl Hanser Verlag GmbH & Co. KG},
  url = {https://www.hanser-fachbuch.de/buch/Programmieren+trainieren/9783446459113}
}

Even Turing Should Sometimes Not Be Able To Tell: Mimicking Humanoid Usage Behavior for Exploratory Studies of Online Services ()
und NordSec ’19. Springer Nature.
PDF PDF [Verlag] Folien Website
@inproceedings{article_nordsec2019_wiefling,
  title = {Even {Turing} {Should} {Sometimes} {Not} {Be} {Able} {To} {Tell}: {Mimicking} {Humanoid} {Usage} {Behavior} for {Exploratory} {Studies} of {Online} {Services}},
  booktitle = {24th {Nordic} {Conference} on {Secure} {IT} {Systems} ({NordSec} 2019)},
  series = { {Lecture} {Notes} in {Computer} {Science}},
  author = {Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi},
  volume = {11875},
  pages = {188--203},
  isbn = {978-3-030-35055-0},
  doi = {10.1007/978-3-030-35055-0_12},
  publisher = {Springer Nature},
  location = {Aalborg, Denmark},
  month = nov,
  year = {2019}
}

Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild ()
und IFIP SEC ’19. Springer.
PDF PDF [Verlag] Folien Vortrag Website
@inproceedings{article_ifipsec2019_wiefling,
  title = {Is {This} {Really} {You}? {An} {Empirical} {Study} on {Risk}-{Based} {Authentication} {Applied} in the {Wild}},
  booktitle = {34th {IFIP} {TC}-11 {International} {Conference} on {Information} {Security} and {Privacy} {Protection} ({IFIP} {SEC} 2019)},
  series = { {IFIP} {Advances} in {Information} and {Communication} {Technology}},
  author = {Wiefling, Stephan and Lo Iacono, Luigi and D\"{u}rmuth, Markus},
  volume = {562},
  pages = {134--148},
  isbn = {978-3-030-22311-3},
  doi = {10.1007/978-3-030-22312-0_10},
  publisher = {Springer International Publishing},
  location = {Lisbon, Portugal},
  month = jun,
  year = {2019}
}