René Mayrhofer (Johannes Kepler University Linz (JKU), Austria & Google)
René Mayrhofer is currently heading the Institute of Networks and Security at Johannes Kepler University Linz (JKU), Austria. Between 2017 and 2019, he was the Director of Android Platform Security at Google in Mountain View (US) and helped make recent advances in usable, mobile security research available to the Billions of Android users. Since his return to Linz, he continues to be involved with Android security as a domain expert to foster exchange and collaboration between Android teams at Google and academic research groups. Previously, he held a full professorship for Mobile Computing at Upper Austria University of Applied Sciences, Campus Hagenberg, a guest professorship for Mobile Computing at University of Vienna, and a Marie Curie Fellowship at Lancaster University, UK. His research interests include computer security, mobile devices, network communication, and machine learning, which he currently brings together in his research on securing mobile devices and digital identity. Within the scope of u'smile, the Josef Ressel Center for User-friendly Secure Mobile Environments, his research group looked into full-stack security of mobile devices from hardware through firmware up to user interaction aspect. One particular outcome was a prototype for a privacy conscious Austrian mobile Driving License (AmDL) on Android smartphones supported by tamper-resistant hardware. René has contributed to over 80 peer-reviewed publications and is a reviewer for numerous journals and conferences. He received Dipl.-Ing. (MSc) and Dr. techn. sub ausipiciis praesidentis rei publicae (PhD) degrees from Johannes Kepler University Linz, Austria and his venia docendi for Applied Computer Science from University of Vienna, Austria.
Keynote Title: Digital Authentication in the Real World without Sacrificing Privacy
Abstract: How can we use digital identity for authentication in the physical world without compromising user privacy? This central question is an underlying concern for further developments in ubiquitous computing scenarios: enabling individuals to – for example – use public transport and other payment/ticketing applications, access physical doors, access computing resources on public terminals, or even cross country borders without carrying any form of physical identity document or trusted mobile device. Moving towards such a device-free infrastructure-based authentication could be easily facilitated by centralized databases with full biometric records of all individuals, authenticating and therefore tracking people in all their interactions in the digital and physical worlds. However, such centralized tracking is not compatible with fundamental human rights to data privacy. One option to gain the utility of such digital authentication without sacrificing privacy rights is a fully decentralized approach to digital user authentication in the physical world. An ensemble of biometric sensors, different verifiers, and decentralized personal identity agents gives each individual better control over their digital and physical world interactions and data traces they leave.