SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


ERCIM News – Special Issue on Cybersecurity – Submission Deadline May 17

ERCIM News No. 106 (July 2016)

Please read the guidelines below before submitting an article

The Special Theme and the Research and Innovation sections contain articles presenting a panorama of European research activities. The Special Theme focuses on a sector which has been selected by the editors from a short list of currently “hot” topics whereas the Research and Innovation section contains articles describing scientific activities, research results, and technical transfer endeavours in any sector of Information and Communication Science and Technology (ICST), telecommunications or applied mathematics. Submissions to the Special Theme section are subjected to an external review process coordinated by invited guest editors whereas submissions to the Research and Innovation section are checked and approved by the ERCIM News editorial board.

Special Theme: “Cybersecurity”
Guest editors:

Fabio Martinelli (IIT-CNR, Italy)
Edgar Weippl (SBA Research, Austria)

Browser Fingerprinting: you are (de-facto) alone

Recently there were numerous papers on browser fingerprinting i.e. measuring the entropy of browser configurations to make them uniquely stand out among all others. Usually these methods run analysis on UserAgent strings, canvas fingerprinting, system fonts or the installed plugins. SBA Research has now setup its own fingerprinting website, which includes most methods available until today.

Please visit, and measure how unique your browser configuration is.

In case of questions, don’t hesitate to contact us at

SBA @ Linuxwochen 2016

Researchers from SBA Research are presenting these days at the Linuxwochen Wien 2016:

  • Today at 3:30pm, Katharina Krombholz will present the findings of the user study on security and privacy in Bitcoin.
  • On Saturday, 12am Martin Schmiedecker will talk about digital forensics on Linux and recently published tools that can take investigations to an entirely new level regarding performance and possible insights.

SBA Research at Ruhrsec

Today and tomorrow, researchers from SBA are attending Ruhrsec which is a new & non-profit security conference in Bochum. Well-known presenters from the community include Mario Heiderich, Sebastian Schinzel, Daniel Gruss from IAIK Graz, Marion Marschalek and a keynote from Thorsten Holz.

© RuhrSec
© RuhrSec

RACVIAC CyberSecurity

Edgar Weippl gives a presentation on cybersecurity education and training at the RACVIAC CyberSecurity meeting in Zagreb.


Two papers at DFRWS’16 accepted

Two papers have been accepted at the DFRWS USA ’16 conference on digital forensics, to be held from August 7th to 10th, 2016 in Seattle, WA:

You can find pre-prints of the papers as well as the data sets on the corresponding websites.

Paper accepted @ DBSec16

The paper “Whom You Gonna Trust? A Longitudinal Study on TLS Notary Services” by Georg Merzdovnik, Klaus Falb, Martin Schmiedecker, Artemios Voyiatzis and Edgar Weippl has been accepted for publication in the 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) which takes place from July, 18th-21th, 2016 in Trento, Italy. DBSec 2016 is an A-ranked conference in CORE.

Abstract: TLS is currently the most widely-used protocol on the Internet to facilitate secure communications, in particular secure web browsing. TLS relies on X.509 certificates as a major building block to establish a secure communication channel. Certificate Authorities (CAs) are trusted third parties that validate the TLS certificates and establish trust relationships between communication entities. To counter prevalent attack vectors – like hacked CAs issuing fraudulent certificates and active man-in-the-middle (MitM) attacks – TLS notary services were proposed as a solution to verify the legitimacy of certificates using alternative communication channels.
In this paper, we are the first to present a long-term study on the effectiveness of TLS notary services. We evaluated the services using active performance measurements over a timespan of one year, and discuss the effectiveness of TLS notary services in practice. Based on our findings we propose the usage of multiple notary services in conjunction with a semi-trusted centralized proxy approach, so as to protect arbitrarily-sized networks on the network level without the need to install any software on the client machines. Lastly, we identify multiple issues that prevent the widespread use of TLS notary services in practice, and propose steps to overcome them.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.