Publications
2025
International Workshop on Emerging Digital Identities (EDId 2025) - August
2025 -
Ghent, Belgium
Authentication Inconsistencies Across Online Services: A Multi-Scenario Security Analysis
@InProceedings{buttner2025authentication,
author="B{\"u}ttner, Andre and Gruschka, Nils and Broen, Sverre Stafsengen and P{\"o}hn, Daniela",
editor="Coppens, Bart and Volckaert, Bruno and Naessens, Vincent and De Sutter, Bjorn",
title="Authentication Inconsistencies Across Online Services: A Multi-Scenario Security Analysis",
booktitle="Availability, Reliability and Security",
year="2025",
publisher="Springer Nature Switzerland",
address="Cham",
pages="166--180",
isbn="978-3-032-00639-4",
doi="10.1007/978-3-032-00639-4_10"
}
International Conference on Information Systems Security and Privacy
(ICISSP 2025) - February 2025 - Porto, Portugal
Device-Bound vs. Synced Credentials: A Comparative Evaluation of Passkey Authentication
@InProceedings{buttner2025device,
author={Andre Büttner and Nils Gruschka},
title={Device-Bound vs. Synced Credentials: A Comparative Evaluation of Passkey Authentication},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={651-659},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013380600003899},
isbn={978-989-758-735-1},
issn={2184-4356}
}
2024
Ph.D. Thesis - September 2020 - Oslo, Norway
Security of Evolving Authentication Technologies - Multi-Factor Authentication, Passwordless Authentication, and Self-Sovereign Identity
@phdthesis{buttner2024phdthesis,
author={Andre Büttner},
title={Security of Evolving Authentication Technologies -- Multi-Factor Authentication, Passwordless Authentication, and Self-Sovereign Identity},
school={University of Oslo},
year= {2024},
address={Oslo, Norway},
month={September}
}
International Conference on Information Systems Security and Privacy
(ICISSP 2024) - February 2024 - Rome, Italy
Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts
@InProceedings{buttner2024evaluating,
author={Andre Büttner and Nils Gruschka},
title={Evaluating the Influence of Multi-Factor Authentication and Recovery Settings on the Security and Accessibility of User Accounts},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={691-700},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012319000003648},
isbn={978-989-758-683-5}
}
2023
Elsevier Computers & Security Volume 135 - December 2023 - Journal
Publication
A framework for analyzing authentication risks in account networks
@article{pohn2023aframework,
title={A framework for analyzing authentication risks in account networks},
journal={Computers \& Security},
volume={135},
pages={103515},
year={2023},
issn={0167-4048},
doi={10.1016/j.cose.2023.103515},
author={Daniela Pöhn and Nils Gruschka and Leonhard Ziegler and Andre Büttner}
}
Ubiquitous Security (UbiSec '23) - November 2023 - Exeter, United Kingdom
Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication
@InProceedings{buttner2023rbar,
author="B{\"u}ttner, Andre and Pedersen, Andreas Thue and Wiefling, Stephan and Gruschka, Nils and Lo Iacono, Luigi",
editor="Wang, Guojun and Wang, Haozhe and Min, Geyong and Georgalas, Nektarios and Meng, Weizhi",
title="Is It Really You Who Forgot the Password? When Account Recovery Meets Risk-Based Authentication",
booktitle="Ubiquitous Security",
year="2024",
publisher="Springer Nature Singapore",
address="Singapore",
pages="401--419",
isbn="978-981-97-1274-8",
doi="10.1007/978-981-97-1274-8_26"
}
IFIP Summer School on Privacy and Identity Management 2023 - August 2023 -
Oslo, Norway
Secure and Privacy-Preserving Authentication for Data Subject Rights Enforcement
@InProceedings{hansen2023datasubject,
author="Hansen, Malte and B{\"u}ttner, Andre",
editor="Bieker, Felix and de Conca, Silvia and Gruschka, Nils and Jensen, Meiko and Schiering, Ina",
title="Secure and Privacy-Preserving Authentication for Data Subject Rights Enforcement",
booktitle="Privacy and Identity Management. Sharing in a Digital World",
year="2024",
publisher="Springer Nature Switzerland",
address="Cham",
pages="175--191",
isbn="978-3-031-57978-3",
doi="10.1007/978-3-031-57978-3_12"
}
2022
Emerging Technologies for Authorization and Authentication (ETAA 2022) -
September 2022
- Copenhagen, Denmark
Protecting FIDO Extensions Against Man-in-the-Middle Attacks
@inproceedings{buttner2022protecting,
author="B{\"u}ttner, Andre and Gruschka, Nils",
editor="Saracino, Andrea and Mori, Paolo",
title="Protecting FIDO Extensions Against Man-in-the-Middle Attacks",
booktitle="Emerging Technologies for Authorization and Authentication",
year="2023",
publisher="Springer Nature Switzerland",
address="Cham",
pages="70--87",
isbn="978-3-031-25467-3",
doi="10.1007/978-3-031-25467-3_5"
}
IFIP WG 9.4 International Conference on Implications of Information and
Digital Technologies for Development - May 2022 - Lima, Peru (Virtual conference)
Where There is No CISO
@inproceedings{saebo2022where,
title={Where There is No CISO},
author={S{\ae}b{\o}, Johan Ivar and B{\"u}ttner, Andre and Gruschka, Nils and Jolliffe, Bob and McGee, Austin},
booktitle={Freedom and Social Inclusion in a Connected World: 17th IFIP WG 9.4 International Conference on Implications of Information and Digital Technologies for Development, ICT4D 2022, Lima, Peru, May 25--27, 2022, Proceedings},
year={2022},
doi={10.1007/978-3-031-19429-0_12}
}
2021
Norsk IKT-konferanse for forskning og utdanning - December 2021 - Trondheim,
Norway
Enhancing FIDO Transaction Confirmation with Structured Data Formats
@inproceedings{buttner2021enhancing,
title={Enhancing FIDO Transaction Confirmation with Structured Data Formats},
author={B{\"u}ttner, Andre and Gruschka, Nils},
booktitle={Norsk IKT-konferanse for forskning og utdanning},
year="2021",
url={https://www.ntnu.no/ojs/index.php/nikt/article/view/5506}
}
International Conference on ICT Systems Security and Privacy Protection
(IFIP SEC 2021) - June 2021 - Oslo, Norway (Virtual conference)
Less is Often More: Header Whitelisting as Semantic Gap Mitigation in HTTP-Based Software Systems Yves Deswarte Best Student Paper Award
@InProceedings{buttner2021less,
author="B{\"u}ttner, Andre and Nguyen, Hoai Viet and Gruschka, Nils and Lo Iacono, Luigi",
editor="J{\o}sang, Audun and Futcher, Lynn and Hagen, Janne",
title="Less is Often More: Header Whitelisting as Semantic Gap Mitigation in HTTP-Based Software Systems",
booktitle="ICT Systems Security and Privacy Protection",
year="2021",
publisher="Springer International Publishing",
address="Cham",
pages="332--347",
isbn="978-3-030-78120-0",
doi="10.1007/978-3-030-78120-0_22"
}
2020
IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and
Workshops (IEEE VR 2020) - March 2020 - Atlanta, Georgia, United States (Virtual
conference)
The influence of text rotation, font and distance on legibility in VR
@inproceedings{buttner2020influence,
author={Büttner, Andre and Grünvogel, Stefan M. and Fuhrmann, Arnulph},
booktitle={2020 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)},
title={The influence of text rotation, font and distance on legibility in VR},
year={2020},
pages={662-663},
doi={10.1109/VRW50115.2020.00182}
}