Published:
We found five attacks on the Master Lock Deadbolt D1000 that allow the adversary to open the lock without authorization, bypass access revocation, forge log entries, and mount a denial of service attack against authorized users.
Published:
The European Cyber Security Challenge 2021 in Prague is over! This is a yearly reoccuring event with around 20 (mostly) European countries. Every year, a different state hosts the onsite CTF competition. This year, we had two competition days with over 50 challenges in the categories crypto, reversing, web, forensics, misc, and hardware. Furthermore, there was an escape room and international team challenges.
Published:
The European Cyber Security Challenge 2021 in Prague is over! This is a yearly reoccuring event with around 20 (mostly) European countries. Every year, a different state hosts the onsite CTF competition. This year, we had two competition days with over 50 challenges in the categories crypto, reversing, web, forensics, misc, and hardware. Furthermore, there was an escape room and international team challenges.
Published:
HECO is an end-to-end compiler for FHE that aims to enable non-experts to develop secure and efficient FHE applications.
Published:
We present multiple attacks against Multi-Factor Key Derivation Function, a novel cryptographic primitive presented at USENIX’23.
Published:
The European Cyber Security Challenge 2021 in Prague is over! This is a yearly reoccuring event with around 20 (mostly) European countries. Every year, a different state hosts the onsite CTF competition. This year, we had two competition days with over 50 challenges in the categories crypto, reversing, web, forensics, misc, and hardware. Furthermore, there was an escape room and international team challenges.
Published:
Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.
Published:
Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.
Published:
For my Bachelor’s thesis I investigated instruction time measurements with the System Security Group at ETH Zurich. Our findings led to various improvements over existing measurement tools and the discovery of a new side-channel attack, the Frontal Attack.
Published:
The European Cyber Security Challenge 2021 in Prague is over! This is a yearly reoccuring event with around 20 (mostly) European countries. Every year, a different state hosts the onsite CTF competition. This year, we had two competition days with over 50 challenges in the categories crypto, reversing, web, forensics, misc, and hardware. Furthermore, there was an escape room and international team challenges.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
WAC is an affiliated event with Crypto that gives a platform to the most exiting cryptanalytic attacks of the year.
Published:
CAW is an affiliated event with Eurocrypt that focuses on the construction and analysis of cryptography built for practice.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
We found five attacks on the Master Lock Deadbolt D1000 that allow the adversary to open the lock without authorization, bypass access revocation, forge log entries, and mount a denial of service attack against authorized users.
Published:
We present multiple attacks against Multi-Factor Key Derivation Function, a novel cryptographic primitive presented at USENIX’23.
Published:
Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.
Published:
In this course, our task was to implement a typical IT system based on a set of functional and security requirements in a team of four people. For this purpose, we needed to design a certificate authority for a fictional company while analyzing the security and take appropriate measures. Furthermore, we needed to introduce two backdoors in the system. In the middle of the semester, we switched to analyze another team’s system and assess their security. This, of course, included finding their backdoors as well as any other vulnerabilities.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
In this course, our task was to implement a typical IT system based on a set of functional and security requirements in a team of four people. For this purpose, we needed to design a certificate authority for a fictional company while analyzing the security and take appropriate measures. Furthermore, we needed to introduce two backdoors in the system. In the middle of the semester, we switched to analyze another team’s system and assess their security. This, of course, included finding their backdoors as well as any other vulnerabilities.
Published:
We designed an E2EE cloud storage protocol and prove it secure in novel game-based confidentiality and integrity notions that capture real-world complexities and malicious servers.
Published:
Copyright notice. This article is accepted to IEEE Security and Privacy. DOI: 10.1109/MSEC.2024.3352788. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Published:
We show that the cryptographic design of the cloud storage system MEGA does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files.
Published:
HECO is an end-to-end compiler for FHE that aims to enable non-experts to develop secure and efficient FHE applications.
Published:
CAW is an affiliated event with Eurocrypt that focuses on the construction and analysis of cryptography built for practice.
Published:
WAC is an affiliated event with Crypto that gives a platform to the most exiting cryptanalytic attacks of the year.
Published:
We show that the cryptographic design of the cloud storage system MEGA does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files.
Published:
We designed an E2EE cloud storage protocol and prove it secure in novel game-based confidentiality and integrity notions that capture real-world complexities and malicious servers.
Published:
We present multiple attacks against Multi-Factor Key Derivation Function, a novel cryptographic primitive presented at USENIX’23.
Published:
We collect and analyze public information on National Security Letters.
Published:
We collect and analyze public information on National Security Letters.
Published:
We found five attacks on the Master Lock Deadbolt D1000 that allow the adversary to open the lock without authorization, bypass access revocation, forge log entries, and mount a denial of service attack against authorized users.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
In this course, our task was to implement a typical IT system based on a set of functional and security requirements in a team of four people. For this purpose, we needed to design a certificate authority for a fictional company while analyzing the security and take appropriate measures. Furthermore, we needed to introduce two backdoors in the system. In the middle of the semester, we switched to analyze another team’s system and assess their security. This, of course, included finding their backdoors as well as any other vulnerabilities.
Published:
In this course, our task was to implement a typical IT system based on a set of functional and security requirements in a team of four people. For this purpose, we needed to design a certificate authority for a fictional company while analyzing the security and take appropriate measures. Furthermore, we needed to introduce two backdoors in the system. In the middle of the semester, we switched to analyze another team’s system and assess their security. This, of course, included finding their backdoors as well as any other vulnerabilities.
Published:
We found five attacks on the Master Lock Deadbolt D1000 that allow the adversary to open the lock without authorization, bypass access revocation, forge log entries, and mount a denial of service attack against authorized users.
Published:
We designed an E2EE cloud storage protocol and prove it secure in novel game-based confidentiality and integrity notions that capture real-world complexities and malicious servers.
Published:
We present multiple attacks against Multi-Factor Key Derivation Function, a novel cryptographic primitive presented at USENIX’23.
Published:
Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.
Published:
Copyright notice. This article is accepted to IEEE Security and Privacy. DOI: 10.1109/MSEC.2024.3352788. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Published:
We collect and analyze public information on National Security Letters.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
For my Bachelor’s thesis I investigated instruction time measurements with the System Security Group at ETH Zurich. Our findings led to various improvements over existing measurement tools and the discovery of a new side-channel attack, the Frontal Attack.
Published:
We show that the cryptographic design of the cloud storage system MEGA does not protect its users against a malicious server and present five distinct attacks, which together allow for a full compromise of the confidentiality of user files.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
For my Bachelor’s thesis I investigated instruction time measurements with the System Security Group at ETH Zurich. Our findings led to various improvements over existing measurement tools and the discovery of a new side-channel attack, the Frontal Attack.
Published:
This project revisits cache side-channels on contemporary hardware and contributes CacheSC, a tool for L1 and L2 Prime+Probe attacks. Furthermore, we apply it to AES lookup tables, AES key scheduling, and acquire first insights on Argon2.
Published:
For my Bachelor’s thesis I investigated instruction time measurements with the System Security Group at ETH Zurich. Our findings led to various improvements over existing measurement tools and the discovery of a new side-channel attack, the Frontal Attack.
Published:
WAC is an affiliated event with Crypto that gives a platform to the most exiting cryptanalytic attacks of the year.
Published:
CAW is an affiliated event with Eurocrypt that focuses on the construction and analysis of cryptography built for practice.