Publications

MEGA: Malleable Encryption Goes Awry

Published in IEEE Symposium on Security and Privacy, 2023

We show that the cryptographic design of the cloud storage system MEGA does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files.

Recommended citation: Matilda Backendal, Miro Haller and Kenneth G. Paterson. (2023). "MEGA: Malleable Encryption Goes Awry" 44th IEEE Symposium on Security and Privacy. https://eprint.iacr.org/2022/959

Frontal Attack: Leaking Control-​Flow in SGX via the CPU Frontend

Published in USENIX Security, 2021

We introduce a timing side-channel attack in the Frontend of Intel CPU processors, which uncovers measurable differences between instructions that only differ in their adjacent instructions and virtual addresses.

Recommended citation: Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Čapkun. (2021). "Frontal Attack: Leaking Control-​Flow in SGX via the CPU Frontend" USENIX Security 2021. https://www.usenix.org/system/files/sec21-puddu.pdf