Security Lunch ☀️ Ed. — Wednesday, July 1st, 2026, 12:00 pm @ CoDa E160
Trace: Complete Client-Side Account Access Logging
Paul Gerhart
Can't make it in person? Join us on
zoom.
See our past & upcoming events on our
website!
Abstract:
Despite improvements to authentication mechanisms, account compromise remains frequent and users need a trustworthy way to determine what devices have accessed their accounts. Doing so, however, is in tension with privacy goals on the modern web, which mandate
that web services not learn static device identifiers. Recent work aims to address this tension via client-side encrypted access logging (CSAL), but their approach does not allow retrieving all log entries and users may miss information about adversarial accesses.
This talk presents Trace, a new CSAL system that achieves complete logging while preserving privacy. Trace records verifiable evidence of each authentication in an encrypted log stored by an independent logging service, ensuring that only the user can inspect
it. The web service remains unaware of the logging, preserving backward compatibility with existing authentication infrastructures.
Bio:
Paul Gerhart is a fourth-year PhD student at TU Wien, supervised by Dominique Schröder. His research involves designing and analysing advanced cryptographic protocols, including advanced signatures, distributed key generation and authentication protocols.