Dr. Kari Kostiainen
Institut f. Informationssicherheit
Universitätstrasse 6
8092
Zürich
Switzerland
Summary
Kari Kostiainen is Senior Scientist at ETH Zurich and Director of Zurich Information Security Center (ZISC). Before joining ETH, Kari was a researcher at external pageNokiacall_made. He has a PhD in computer science from external pageAaltocall_made. Kari's research focuses on system security. Recent topics include trusted computing, blockchain security, and human factors of security.
You can find Kari also on external pageGoogle Scholarcall_made and external pageLinkedIncall_made.
Recent
- external pageNew papercall_made on censorship-resilience in second-layer payments
- I contributed to a external pagereport on CBDCscall_made published by the external pageAtlantic Councilcall_made
- Our paper external pagePlatypuscall_made appears at external pageCCS'22call_made and was nominated for the ETH SparkAward — see related short external pagevideocall_made
- This year I am on external pageUSENIX Security’23call_made and external pageASIACCS'23call_made program committees
Publications
2022
- external pageCensorship-Resilient and Confidential Collateralized Second-Layer Paymentscall_made
Kari Kostiainen, Sven Gnap, Ghassan Karame
eprint, November 2022
- external pagePlatypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy Preserving Regulationcall_made
Karl Wüst, Kari Kostiainen, Noah Delius, Srdjan Capkun
ACM Conference on Computer and Communications Security (CCS), November 2022
- external pageMissing Key: The challenge of cybersecurity and central bank digital currencycall_made
Giulia Fanti, Kari Kostiainen, William Howlett, Josh Lipsky, Ole Moehr, John Paul Schnapper-Casteras, Josephine Wolff
Atlantic Council Report, June 2022
- external pagePhishing in Organizations: Findings from a Large-Scale and Long-Term Studycall_made
Daniele Lain, Kari Kostiainen, Srdjan Capkun
IEEE Symposium on Security & Privacy (S&P), May 2022
2021
- external pageComposite Enclaves: Towards Disaggregated Trusted Executioncall_made
Moritz Schneider, Aritra Dhar, Ivan Puddu, Kari Kostiainen, Srdjan Capkun
Transactions on Cryptographic Hardware and Embedded Security (TCHES), November 2021
- external pageBitcontracts: Adding Smart Contracts to Legacy Cryptocurrenciescall_made
Karl Wüst, Loris Diana, Kari Kostiainen, Ghassan Karame, Sinisa Matetic, Srdjan Capkun
Network and Distributed System Security Symposium (NDSS), February 2021
2020
- external pageACE: Asynchronous and Concurrent Execution of Complex Smart Contractscall_made
Karl Wüst, Sinisa Matetic, Silvan Egli, Kari Kostiainen, Srdjan Capkun
ACM Conference on Computer and Communications Security (CCS), November 2020
- external page2FE: Two-Factor Encryption for Cloud Storagecall_made
Anders Dalskov, Daniele Lain, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun
arXiv, October 2020
- external pageDedicated Security Chips in the Age of Secure Enclavescall_made
Kari Kostiainen, Aritra Dhar, Srdjan Capkun
IEEE Security & Privacy magazine, September 2020
- external pageDesign choices for Central Bank Digital Currencycall_made
Sarah Allen, Srdjan Capkun, Ittay Eyal, Giulia Fanti, Bryan Ford, James Grimmelmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, Eswar Prasad, Karl Wüst, and Fan Zhang
Brookings Working Paper, July 2020
- external pageProximiTEE: Hardened SGX Attestation by Proximity Verificationcall_made
Aritra Dhar, Ivan Puddu, Kari Kostiainen, Srdjan Capkun.
ACM Conference on Data and Application Security and Privacy (CODASPY), March 2020
- external pageProtectIOn: Root-of-Trust for IO in Compromised Platformscall_made
Aritra Dhar, Enis Ulqinaku, Kari Kostiainen, Srdjan Capkun.
Network and Distributed System Security Symposium (NDSS), February 2020
- external pageSnappy: Fast On-Chain Payments with Practical Collateralscall_made
Vasilios Mavroudis, Karl Wüst, Aritra Dhar, Kari Kostiainen, Srdjan Capkun.
Network and Distributed System Security Symposium (NDSS), February 2020
2019
- external pageDR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomizationcall_made
Ferdinand Brasser, Srdjan Capkun, Alexandra Dmitrienko, Tommaso Frassetto, Kari Kostiainen, Ahmad-Reza Sadeghi
Annual Computer Security Applications Conference (ACSAC), December 2019
- external pageBITE: Bitcoin Lightweight Client Privacy using Trusted Executioncall_made
Sinisa Matetic, Karl Wust, Moritz Schneider, Kari Kostiainen, Ghassan Karame, Srdjan Capkun
USENIX Security Symposium (USENIX Security), August 2019
- external pagePRCash: Fast, Private and Regulated Transactions for Digital Currenciescall_made
Karl Wust, Kari Kostiainen, Vedran Capkun, Srdjan Capkun
Financial Cryptography and Data Security (FC), February 2019
- external pageZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Executioncall_made
Karl Wust, Sinisa Matetic, Moritz Schneider, Ian Miers, Kari Kostiainen, Srdjan Capkun
Financial Cryptography and Data Security (FC), February 2019
2017
- Hacking in the Blind: (Almost) Invisible Runtime UI Attacks on Safety-Critical Terminals
Luka Malisa, Kari Kostiainen, Thomas Knell, David Sommer, Srdjan Capkun
Conference on Cryptographic Hardware and Embedded Systems (CHES), September 2017
- external pageROTE: Rollback Protection for Trusted Executioncall_made
Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun
USENIX Security Symposium (USENIX Security), August 2017
- external pageSoftware Grand Exposure: SGX Cache Attacks Are Practicalcall_made
Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, Ahmad-Reza Sadeghi
USENIX Workshop on Offensive Technologies (WOOT), August 2017
- external pageDetecting Mobile Application Spoofing Attacks by Leveraging User Visual Similarity Perceptioncall_made
Luka Malisa, Kari Kostiainen, Srdjan Capkun
ACM Conference on Data and Application Security and Privacy (CODASPY), March 2017
2016
external pageHardened Setup of Personalized Security Indicators to Counter Phishing Attacks in Mobile Bankingcall_made
Claudio Marforio, Ramya Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), October 2016- Mobile Application Impersonation Detection Using Dynamic User Interface Extraction
Luka Malisa, Kari Kostianien, Michael Och, Srdjan Capkun
European Symposium on Research in Computer Security (ESORICS), September 2016
- Evaluation of Personalized Security Indicators as an Anti-Phishing Mechanism for Smartphone Applications
Claudio Marforio, Ramya Masti, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
Conference on Human Factors in Computing Systems (CHI), May 2016
2015
Logical Partitions on Many-Core Platforms
Ramya Jayaram Masti, Claudio Marforio, Kari Kostiainen, Claudio Soriente, Srdjan Capkun
Annual Computer Security Applications Conference (ACSAC), December 2015
2014
- external pageMobile Trusted Computingcall_made
N. Asokan, Jan-Erik Ekberg, Kari Kostiainen, Anand Rajan, Carlos Rozas, Ahmad-Reza Sadeghi, Steffen Schulz, Christian Wachsmann
Proceedings of the IEEE, August 2014
- The Untapped Potential of Trusted Execution Environments on Mobile Devices
Jan-Erik Ekberg, Kari Kostiainen, N. Asokan
IEEE Security & Privacy magazine, July 2014
- external pageSmartphones as Practical and Secure Location Verification Tokens for Paymentscall_made
Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen, Srdjan Capkun
Network and Distributed System Security Symposium (NDSS), February 2014
2013
- external pageMobile Platform Securitycall_made
N. Asokan, Lucas Davi, Alexandra Dmitrienko, Kari Kostiainen, Elena Reshetova, Ahmad-Reza Sadeghi.
Morgan & Claypool, December 2013
- external pageSecure Enrollment and Practical Migration for Mobile Trusted Execution Environmentscall_made
Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen and Srdjan Capkun.
ACM Workshop on Security and Privacy in Smartphones and Mobile devices (SPSM), November 2013
2012
- external pageOn-board Credentials: An Open Credential Platform for Mobile Devicescall_made
Kari Kostiainen
PhD dissertation - Aalto University, May 2012
2011
- Practical Property-Based Attestation on Mobile Devices
Kari Kostiainen, N. Asokan, Jan-Erik Ekberg
Conference on Trust and Trustworthy Computing (TRUST) June 2011
- Towards User-Friendly Credential Transfer on Open Credential Platforms
Kari Kostiainen, N. Asokan, Alexandra Afanasyeva
Applied Cryptography and Network Security (ACNS), June 2011
- Secure Device Pairing Based on a Visual Channel: Design and Usability Study
Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, N. Asokan
IEEE Transactions on Information Forensics and Security (TIFS), March 2011
- external pageOld, New, Borrowed, Blue – A Perspective on the Evolution of Mobile Platform Security Architecturescall_made
Kari Kostiainen, Elena Reshetova, Jan-Erik Ekberg, N. Asokan
ACM Conference on Data and Application Security and Privacy (CODASPY), March 2011
2010
- Key Attestation from Trusted Execution Environments
Kari Kostiainen, Alexandra Dmitrienko, Jan-Erik. Ekberg, Ahmad Sadeghi, N. Asokan
Conference on Trust and Trustworthy Computing (TRUST), June 2010.
- external pageControlling Resource Hogs in Mobile Delay-Tolerant Networkscall_made
John Solis, N. Asokan, Kari Kostiainen, Philip Ginzboorg, Jorg Ott
Computer Communications, January 2010
2009 and before
- external pageOn-board Credentials with Open Provisioningcall_made
Kari Kostiainen, Jan-Erik Ekberg, N. Asokan, Aarne Rantala
ACM Symposium on Information, Computer and Communications Security (ASIACCS), March 2009
- external pageScheduling Execution of Credentials in Constrained Secure Environmentscall_made
Jan-Erik Ekberg, Aarne Rantala, N. Asokan, Kari Kostiainen
ACM Workshop on Scalable Trusted Computing (STC), October 2008
- external pageApplicability of Identity-Based Cryptography for Disruption-Tolerant Networkingcall_made
N. Asokan, Kari Kostiainen, Philip Ginzboorg, Jorg Ott, Cheng Luo.
ACM Workshop on Mobile Opportunistic Networking (MobiOpp), March 2007
- external pageSecure Device Pairing Based on a Visual Channelcall_made
Nitesh Saxena, Jan-Erik Ekberg, Kari Kostiainen, N. Asokan
IEEE Symposium on Security and Privacy (S&P), May 2006