General audience texts
Besides the scholarly publications listed below, I have written many texts in English and German. My more notable German texts appeared by DNIP.ch. I also maintain document collections intended for a broad audience:
Scholarly publications
Up-to-date citation counts (provided by Google Scholar). List of patents granted.
2017
Marcel Waldvogel; Thomas Zink
X.509 User Certificate-based Two-Factor Authentication for Web Applications Proceedings Article
In: Müller, Paul; Neumair, Bernhard; Reiser, Helmut; Dreo Rodosek, Gabi (Ed.): 10. DFN-Forum Kommunikationstechnologien, 2017.
Abstract | BibTeX | Tags: Federated Services, Identity Management, Passwords, Security, Usability, Web Applications, X.509 | Links:
@inproceedings{Waldvogel-X509,
title = {X.509 User Certificate-based Two-Factor Authentication for Web Applications},
author = {Marcel Waldvogel and Thomas Zink},
editor = {Paul Müller and Bernhard Neumair and Helmut Reiser and Dreo Rodosek, Gabi},
url = {https://netfuture.ch/wp-content/uploads/2018/05/x509auth.pdf
},
year = {2017},
date = {2017-05-30},
urldate = {1000-01-01},
booktitle = {10. DFN-Forum Kommunikationstechnologien},
abstract = {An appealing property to researchers, educators, and students is the openness of the physical environment and IT infrastructure of their organizations. However, to the IT administration, this creates challenges way beyond those of a single-purpose business or administration. Especially the personally identifiable information or the power of the critical functions behind these logins, such as financial transactions or manipulating user accounts, require extra protection in the heterogeneous educational environment with single-sign-on. However, most web-based environments still lack a reasonable second-factor protection or at least the enforcement of it for privileged operations without hindering normal usage.
In this paper we introduce a novel and surprisingly simple yet extremely flexible way to implement two-factor authentication based on X.509 user certificates in web applications. Our solution requires only a few lines of code in web server configuration and none in the application source code for basic protection. Furthermore, since it is based on X.509 certificates, it can be easily combined with smartcards or USB cryptotokens to further enhance security.},
keywords = {Federated Services, Identity Management, Passwords, Security, Usability, Web Applications, X.509},
pubstate = {published},
tppubtype = {inproceedings}
}
An appealing property to researchers, educators, and students is the openness of the physical environment and IT infrastructure of their organizations. However, to the IT administration, this creates challenges way beyond those of a single-purpose business or administration. Especially the personally identifiable information or the power of the critical functions behind these logins, such as financial transactions or manipulating user accounts, require extra protection in the heterogeneous educational environment with single-sign-on. However, most web-based environments still lack a reasonable second-factor protection or at least the enforcement of it for privileged operations without hindering normal usage.
In this paper we introduce a novel and surprisingly simple yet extremely flexible way to implement two-factor authentication based on X.509 user certificates in web applications. Our solution requires only a few lines of code in web server configuration and none in the application source code for basic protection. Furthermore, since it is based on X.509 certificates, it can be easily combined with smartcards or USB cryptotokens to further enhance security.
In this paper we introduce a novel and surprisingly simple yet extremely flexible way to implement two-factor authentication based on X.509 user certificates in web applications. Our solution requires only a few lines of code in web server configuration and none in the application source code for basic protection. Furthermore, since it is based on X.509 certificates, it can be easily combined with smartcards or USB cryptotokens to further enhance security.
2014
Marcel Waldvogel; Jürgen Kollek
SIEGE: Service-Independent Enterprise-GradE protection against password scans Journal Article
In: DFN-Mitteilungen, no. 87, pp. 40–46, 2014, ISSN: 0177-6894.
Abstract | BibTeX | Tags: Federated Services, Intrusion Detection, Security | Links:
@article{Waldvogel2014SIEGE-DFN,
title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans},
author = {Marcel Waldvogel and Jürgen Kollek},
editor = {Kai Hoelzner},
url = {https://netfuture.ch/wp-content/uploads/2014/12/SIEGE-DFN.pdf
https://www.dfn.de/fileadmin/5Presse/DFNMitteilungen/DFN_Mitteilungen_87.pdf},
issn = {0177-6894},
year = {2014},
date = {2014-11-30},
urldate = {1000-01-01},
journal = {DFN-Mitteilungen},
number = {87},
pages = {40--46},
abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common de- fenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many net- work services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense for our infrastructure against one of the strongest threats.},
keywords = {Federated Services, Intrusion Detection, Security},
pubstate = {published},
tppubtype = {article}
}
Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common de- fenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many net- work services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense for our infrastructure against one of the strongest threats.
Marcel Waldvogel; Jürgen Kollek
SIEGE: Service-Independent Enterprise-GradE protection against password scans Proceedings Article
In: Müller, Paul; Neumair, Bernhard; Reiser, Helmut; Dreo Rodosek, Gabi (Ed.): 7. DFN-Forum Kommunikationstechnologien — Beiträge der Fachtagung, Gesellschaft für Informatik, 2014.
Abstract | BibTeX | Tags: Federated Services, Identity Management, Intrusion Detection, Passwords, Peer, Security | Links:
@inproceedings{Waldvogel2014SIEGE,
title = {SIEGE: Service-Independent Enterprise-GradE protection against password scans},
author = {Marcel Waldvogel and Jürgen Kollek},
editor = {Paul Müller and Bernhard Neumair and
Helmut Reiser and Dreo Rodosek, Gabi},
url = {https://netfuture.ch/wp-content/uploads/2014/08/Waldvogel2014SIEGE.pdf
https://netfuture.ch/wp-content/uploads/2014/08/Waldvogel2014SIEGE-slides.pdf},
year = {2014},
date = {2014-06-16},
urldate = {1000-01-01},
booktitle = {7. DFN-Forum Kommunikationstechnologien -- Beiträge der Fachtagung},
publisher = {Gesellschaft für Informatik},
series = {Lecture Notes in Informatics},
abstract = {Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.},
keywords = {Federated Services, Identity Management, Intrusion Detection, Passwords, Peer, Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Security is one of the main challenges today, complicated significantly by the heterogeneous and open academic networks with thousands of different applications. Botnet-based brute-force password scans are a common security threat against the open academic networks. Common defenses are hard to maintain, error-prone and do not reliably discriminate between user error and coordinated attack. In this paper, we present a novel approach, which allows to secure many network services at once. By combining in-app tracking, local and global crowdsourcing, geographic information, and probabilistic user-bot distinction through differential password analysis, our PAM-based detection module can provide higher accuracy and faster blocking of botnets. In the future, we aim to make the mechanism even more generic and thus provide a distributed defense against one of the strongest threats against our infrastructure.
Marcel Waldvogel; Klaus Herberth; Daniel Scharon
Chat in Forschung und Lehre? Sicher! Journal Article
In: DFN-Mitteilungen, no. 86, pp. 38-41, 2014, ISSN: 0177-6894.
Abstract | BibTeX | Tags: Federated Services, Privacy, Security, Social Networks, Video Chat, Web Applications, XMPP | Links:
@article{Waldvogel2014Chat,
title = {Chat in Forschung und Lehre? Sicher!},
author = {Marcel Waldvogel and Klaus Herberth and Daniel Scharon},
url = {https://netfuture.ch/wp-content/uploads/2014/05/Waldvogel2014Chat.pdf
https://www.dfn.de/publikationen/dfnmitteilungen/},
issn = {0177-6894},
year = {2014},
date = {2014-05-23},
urldate = {1000-01-01},
journal = {DFN-Mitteilungen},
number = {86},
pages = {38-41},
abstract = {Instant Messaging, Audio- und Videoanrufe, kurz Chat, ist aus unserem täglichen Leben nicht mehr wegzudenken. Die meisten nutzen dafür geschlossene Systeme, die für den Privatgebrauch bequem sind, für den dienstlichen Einsatz in Forschung und Lehre aber an Datenschutz und Privatsphäre scheitern. Das muss nicht so sein: Auf Basis des offenen, föderierten Extensible Messaging and Presence Protocols (XMPP) bietet WISEchat webbasiert und -integriert die Sicherheit, den Komfort und die Erweiterbarkeit, die eine moderne Hochschule braucht. Die Hintergründe, Vorteile und Zukunftssicherheit erläutern wir anhand einiger konkreter Beispiele.},
keywords = {Federated Services, Privacy, Security, Social Networks, Video Chat, Web Applications, XMPP},
pubstate = {published},
tppubtype = {article}
}
Instant Messaging, Audio- und Videoanrufe, kurz Chat, ist aus unserem täglichen Leben nicht mehr wegzudenken. Die meisten nutzen dafür geschlossene Systeme, die für den Privatgebrauch bequem sind, für den dienstlichen Einsatz in Forschung und Lehre aber an Datenschutz und Privatsphäre scheitern. Das muss nicht so sein: Auf Basis des offenen, föderierten Extensible Messaging and Presence Protocols (XMPP) bietet WISEchat webbasiert und -integriert die Sicherheit, den Komfort und die Erweiterbarkeit, die eine moderne Hochschule braucht. Die Hintergründe, Vorteile und Zukunftssicherheit erläutern wir anhand einiger konkreter Beispiele.
