Katharina Kohls, PhD

Assistant Professor
Radboud University, Nijmegen, NL

Call me Maybe

Because if an implementation flaw, some LTE networks introduce a keystream reuse. An adversary can exploit this to decrypt VoLTE phone calls. All this needs is a subsequent call after the initial one. Call me maybe!


Integrity protection for user plane data is not mandatory in LTE, which introduces malleable encryption. Along with a reflection attack, an adversary can fully impersonate users in uplink and downlink direction.

Geographical Avoidance

Traffic analysis attacks against Tor are a persisting problem, and countermeasures are expensive. Instead, you can also circumvent an area you don't trust. However, things are not so easy in a decentralized system.

Lost Traffic Encryption

Website fingerprinting attacks are a well-known problem and allow an adversary to derive accessed websites even from encrypted traffic. However, little do we know about such attacks on mobile phones and the LTE protocol stack.

All Layers are Beautiful!

The second layer of LTE provides key security features, yet, it received little attention in the past. We take a closer look and identify three open attack vectors on layer two that open the door for follow-up attacks.

Tor Mix or not Tor Mix?

Mixing protects against end-to-end correlation attacks, but it was only used in high-latency situations so far. We create a cirtual private network and test whether a low-latency mix provides realistic protection for Tor.