Dr. Kari Kostiainen

Recent

• New external page work on CBDCs with offline payments available online
• Our external page paper on embedded phishing training was presented at external page CCS'24 and it received the external page Distinguished Paper Award
• This year I am part of external page CCS'25, external page FC'25 and external page WiSec'25 program committees

Publications

2024

• external page Content, Nudges and Incentives: A Study on the Effectiveness and Perception of Embedded Phishing Training
  Daniele Lain, Tarek Jost, Sinisa Matetic, Kari Kostiainen, Srdjan Capkun
  ACM Conference on Computer and Communications Security (CCS), October 2024

• external page PayOff: A Regulated Central Bank Digital Currency with Private Offline Payments
  Carolin Beer, Sheila Zingg, Kari Kostiainen, Karl Wüst, Vedran Capkun, Srdjan Capkun
  arxiv, August 2024

2022

• external page Censorship-Resilient and Confidential Collateralized Second-Layer Payments
  Kari Kostiainen, Sven Gnap, Ghassan Karame
  eprint, November 2022
  
  
• external page Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy Preserving Regulation
  Karl Wüst, Kari Kostiainen, Noah Delius, Srdjan Capkun
  ACM Conference on Computer and Communications Security (CCS), November 2022
  
  
• external page Missing Key: The challenge of cybersecurity and central bank digital currency
  Giulia Fanti, Kari Kostiainen, William Howlett, Josh Lipsky, Ole Moehr, John Paul Schnapper-Casteras, Josephine Wolff
  Atlantic Council Report, June 2022

• external page Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
  Daniele Lain, Kari Kostiainen, Srdjan Capkun
  IEEE Symposium on Security & Privacy (S&P), May 2022
  

2021

• external page Composite Enclaves: Towards Disaggregated Trusted Execution
  Moritz Schneider, Aritra Dhar, Ivan Puddu, Kari Kostiainen, Srdjan Capkun
  Transactions on Cryptographic Hardware and Embedded Security (TCHES), November 2021

• external page Bitcontracts: Adding Smart Contracts to Legacy Cryptocurrencies 
  Karl Wüst, Loris Diana, Kari Kostiainen, Ghassan Karame, Sinisa Matetic, Srdjan Capkun
  Network and Distributed System Security Symposium (NDSS), February 2021

2020

• external page ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts
  Karl Wüst, Sinisa Matetic, Silvan Egli, Kari Kostiainen, Srdjan Capkun
  ACM Conference on Computer and Communications Security (CCS), November 2020

• external page 2FE: Two-Factor Encryption for Cloud Storage
  Anders Dalskov, Daniele Lain, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun
  arXiv, October 2020
  
  
• external page Dedicated Security Chips in the Age of Secure Enclaves
  Kari Kostiainen, Aritra Dhar, Srdjan Capkun
  IEEE Security & Privacy magazine, September 2020

• external page Design choices for Central Bank Digital Currency
  Sarah Allen, Srdjan Capkun, Ittay Eyal, Giulia Fanti, Bryan Ford, James Grimmelmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, Eswar Prasad, Karl Wüst, and Fan Zhang
  Brookings Working Paper, July 2020

• external page ProximiTEE: Hardened SGX Attestation by Proximity Verification
  Aritra Dhar, Ivan Puddu, Kari Kostiainen, Srdjan Capkun.
  ACM Conference on Data and Application Security and Privacy (CODASPY), March 2020

• external page ProtectIOn: Root-of-Trust for IO in Compromised Platforms
  Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun.
  Network and Distributed System Security Symposium (NDSS), February 2020

• external page Snappy: Fast On-Chain Payments with Practical Collaterals
  Vasilios Mavroudis, Karl Wüst, Aritra Dhar, Kari Kostiainen, Srdjan Capkun.
  Network and Distributed System Security Symposium (NDSS), February 2020

2019

• external page DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization
  Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, Ahmad-Reza Sadeghi
  Annual Computer Security Applications Conference (ACSAC), December 2019

• external page BITE: Bitcoin Lightweight Client Privacy using Trusted Execution
  Sinisa Matetic, Karl Wust, Moritz Schneider, Kari Kostiainen, Ghassan Karame, Srdjan Capkun
  USENIX Security Symposium (USENIX Security), August 2019

• external page PRCash: Fast, Private and Regulated Transactions for Digital Currencies
  Karl Wust, Kari Kostiainen, Vedran Capkun, Srdjan Capkun
  Financial Cryptography and Data Security (FC), February 2019

• external page ZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution
  Karl Wust, Sinisa Matetic, Moritz Schneider, Ian Miers, Kari Kostiainen, Srdjan Capkun
  Financial Cryptography and Data Security (FC), February 2019

2017

• Hacking in the Blind: (Almost) Invisible Runtime UI Attacks on Safety-Critical Terminals
  Luka Malisa, Kari Kostiainen, Thomas Knell, David Sommer, Srdjan Capkun
  Conference on Cryptographic Hardware and Embedded Systems (CHES), September 2017

• external page ROTE: Rollback Protection for Trusted Execution
  Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun
  USENIX Security Symposium (USENIX Security), August 2017

• external page Software Grand Exposure: SGX Cache Attacks Are Practical
  Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, Ahmad-Reza Sadeghi
  USENIX Workshop on Offensive Technologies (WOOT), August 2017

• external page Detecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perception 
  Luka Malisa, Kari Kostiainen, Srdjan Capkun
  ACM Conference on Data and Application Security and Privacy (CODASPY), March 2017

2016

• external page Hardened Setup of Personalized Security Indicators to Counter Phishing Attacks in Mobile Banking
  Claudio Marforio, Ramya Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
  Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), October 2016

• Mobile Application Impersonation Detection Using Dynamic User Interface Extraction
  Luka Malisa, Kari Kostianien, Michael Och, Srdjan Capkun
  European Symposium on Research in Computer Security (ESORICS), September 2016

• Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone Applications
  Claudio Marforio, Ramya Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
  Conference on Human Factors in Computing Systems (CHI), May 2016

2015

• Logical Partitions on Many-Core Platforms
  Ramya Jayaram Masti, Claudio Marforio, Kari Kostiainen, Claudio Soriente, Srdjan Capkun
  Annual Computer Security Applications Conference (ACSAC), December 2015

2014

• external page Mobile Trusted Computing
  N. Asokan, Jan-Erik Ekberg, Kari Kostiainen, Anand Rajan, Carlos Rozas, Ahmad-Reza Sadeghi, Steffen Schulz, Christian Wachsmann 
  Proceedings of the IEEE, August 2014

• The Untapped Potential of Trusted Execution Environments on Mobile Devices
  Jan-Erik Ekberg, Kari Kostiainen, N. Asokan
  IEEE Security & Privacy magazine, July 2014

• external page Smartphones as Practical and Secure Location Verification Tokens for Payments
  Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
  Network and Distributed System Security Symposium (NDSS), February 2014

2013

• external page Mobile Platform Security
  N. Asokan, Lucas Davi, Alexandra Dmitrienko, Kari Kostiainen, Elena Reshetova, Ahmad-Reza Sadeghi.
  Morgan & Claypool, December 2013

• external page Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments
  Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen and Srdjan Capkun.
  ACM Workshop on Security and Privacy in Smartphones and Mobile devices (SPSM), November 2013

2012

• external page On-board Credentials: An Open Credential Platform for Mobile Devices
  Kari Kostiainen 
  PhD dissertation - Aalto University, May 2012

2011

• Practical Property-Based Attestation on Mobile Devices
  Kari Kostiainen, N. Asokan, Jan-Erik Ekberg
  Conference on Trust and Trustworthy Computing (TRUST) June 2011

• Towards User-Friendly Credential Transfer on Open Credential Platforms
  Kari Kostiainen, N. Asokan, Alexandra Afanasyeva 
  Applied Cryptography and Network Security (ACNS), June 2011

• Secure Device Pairing Based on a Visual Channel: Design and Usability Study
  Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, N. Asokan 
  IEEE Transactions on Information Forensics and Security (TIFS), March 2011

• external page Old, New, Borrowed, Blue – A Perspective on the Evolution of Mobile Platform Security Architectures
  Kari Kostiainen, Elena Reshetova, Jan-Erik Ekberg, N. Asokan 
  ACM Conference on Data and Application Security and Privacy (CODASPY), March 2011

2010

• Key Attestation from Trusted Execution Environments
  Kari Kostiainen, Alexandra Dmitrienko, Jan-Erik. Ekberg, Ahmad Sadeghi, N. Asokan 
  Conference on Trust and Trustworthy Computing (TRUST), June 2010.

• external page Controlling Resource Hogs in Mobile Delay-Tolerant Networks
  John Solis, N. Asokan, Kari Kostiainen, Philip Ginzboorg, Jorg Ott
  Computer Communications, January 2010

2009 and before

• external page On-board Credentials with Open Provisioning
  Kari Kostiainen, Jan-Erik Ekberg, N. Asokan, Aarne Rantala 
  ACM Symposium on Information, Computer and Communications Security (ASIACCS), March 2009

• external page Scheduling Execution of Credentials in Constrained Secure Environments
  Jan-Erik Ekberg, Aarne Rantala, N. Asokan, Kari Kostiainen
  ACM Workshop on Scalable Trusted Computing (STC), October 2008

• external page Applicability of Identity-Based Cryptography for Disruption-Tolerant Networking
  N. Asokan, Kari Kostiainen, Philip Ginzboorg, Jorg Ott, Cheng Luo.
  ACM Workshop on Mobile Opportunistic Networking (MobiOpp), March 2007

• external page Secure Device Pairing Based on a Visual Channel
  Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, N. Asokan
  IEEE Symposium on Security and Privacy (S&P), May 2006