Jan Wichelmann

Session #1 "Side channels are everywhere" started with a talk from Jan Wichelmann on dynamic side channel leakage in RISC-V. #DIMVA2023

To appear at @DIMVAConf 2023. Pre-print: arxiv.org/abs/2305.00584 Thank you for the great collaboration Christopher Peredy, @Florian_UzL_ITS, @paetscan and @tomcrypt!

Security RISC ahead and hardware mitigations not (yet) in sight? How about 🎵 A little bit of Microwalk by your side 🎵? Check out our new work - MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V.

I am happy to announce the release of the sev step framework. It provides functionality similar to the famous sgx step but for AMD SEV. While there are still some rough edges, I hope that it facilitates new attack research on AMD SEV. Check it out at github.com/sev-step/sev-s…

Der Walter-Dosch-Lehrpreis für den Nachwuchs wurde gleich zweimal verliehen. In der Sektion Medizin geht der Preis an Dr. med. Daniela Kampmeyer der Medizinischen Klinik I für die Lehrveranstaltung ›Entwicklung des Famulaturreife-Kurses‹

If you are interested, feel free to check out our paper: arxiv.org/abs/2208.14942 Code, templates and examples are available at GitHub: github.com/microwalk-proj… Thanks @Florian_UzL_ITS, @paetscan and @tomcrypt for the great collaboration!

This way, the side-channel analysis is executed each time a new commit is pushed, allowing to quickly identify existing and newly introduced leakages. Finally, we show that the analysis can be applied generically, enabling Microwalk to analyze both C and JavaScript code.

I'm happy to announce that our new work "Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications" got accepted at @acm_ccs'22! We asked us: Is it possible to create a side-channel analysis tool that is both accurate and usable in everyday development?

I am very happy to finally lift the curtain on our paper "undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation" that will appear at @wootsecurity. Thanks @JanWichelmann, Florian Sieck and @tomcrypt for the great collaboration. uzl-its.github.io/undeserved-tru…

Großes Risiko, zu wenig Nutzen: Eine Gruppe führender deutscher IT-Sicherheitsforscherinnen und -forscher kritisiert die #LucaApp in einer gemeinsamen Erklärung deutlich. zeit.de/digital/datens…

Der Deutsche Bundestag möge sich vom Innenministerium dieses Schaubild erklären lassen oder eine Person finden, die dazu in der Lage ist. twitter.com/Elmar_Iachi/st…

Ups, da hat die @CDU mal eben ihr Wahlversprechen von ihrer Website gelöscht, dass es keine #Uploadfilter geben werde. Das Internet vergisst nicht. twitter.com/fragdenstaat/s… #Artikel17 #Urheberechtsreform

Porting Algorithm Substitution Attacks to protocols - or: How a sufficiently powerful state authority can stealthily hijack your Signal communication by registering a malicious device.

@IEEESSP #SP20 presentations for day 3 are already available on youtube, including #SEVurity : youtube.com/watch?v=_y3D8p… Enjoy @lucawilkeUzL dive into how to inject arbitrary code into #SEV-ES protected VMs.

The teaser video for our IEEE S&P 2020 paper "SEVurity: No Security without Integrity" is now online. youtube.com/watch?v=F-cetz… #SP20 @IEEESSP

Happy to announce that I will join the group of @tomcrypt at @UniLuebeck as postdoc starting in April. Looking forward to work on fascinating problems from cryptography and privacy!