Daniel De Almeida Braga

I am happy to announce that Collide+Power, our new and generic software-based power side-channel technique, has been accepted at @USENIXSecurity 2023 #usesec23. collidepower.com

68 (UK affiliated) researchers working on security and privacy have raised alarms about provisions in the UK #OnlineSafetyBill: "our concern is that surveillance technologies are deployed in the spirit of providing online safety." Read our letter here: haddadi.github.io/UKOSBOpenlette…

I guess our advertisements worked too well. We're in dire need of additional evaluators, due to a record high number of registrations. If you or someone in your group is eager to join the team, please fill out the self-nomination form before the weekend: forms.gle/wp5XpF5EmHJEZP…

Fantastic news! @faulst got the First Prix of the @FondationR1

I will be defending my PhD Thesis "Leveraging side-channel signals for IoT malware classification and rootkit detection" in @irisa_lab tomorrow (13/01) at 9:30. Youtube livestream: youtu.be/pLkD8wglrFg

Are paper deadlines approaching too quickly, and do you need more time to polish your paper? DIMVA allows updating the body of your paper up to one week after submission! Submit until December 7, and polish until December 14

I will be defending my PhD Thesis entitled "Side Channels in Web Browsers: Applications to Security and Privacy" in @irisa_lab tomorrow (29/11) at 2pm! I will host a livestream for remote viewers, feel free to come take a look: youtube.com/watch?v=C55s7k…

Users of glassess beware! You may be leaking secret data during Zoom/Skype/etc videoconferences. Screen reflected in glasses, then visible during a videoconferencing. School-grade physics/optics sufficient to understand the exploit equations. arxiv.org/pdf/2205.03971…

Blog post on the SIDH attack ellipticnews.wordpress.com/2022/07/31/bre…

Do you contribute to software that improves #security and/or #privacy? We’d love to chat with you about impacts of your software in a 45-ish minute interview study. 80USD gift card for qualifying participants. To join our research, sign up here: gwusec.seas.gwu.edu/ethicalimpactp…

@spicy_irisa @PwnieAwards @irisa_lab Seems like a good reason to procrastinate writing my manuscript :p

Wow! Dragondoom appears in the @PwnieAwards nominations for the category "Best Cryptography" Attack. Now @faulst is compelled to design a logo ;) @irisa_lab

"What do cryptographic library developers think about timing attacks?" Come to our talk at @IEEESSP, Ballroom BC in ~20 minutes! It's not an attack paper, but we have "attack" in the name.

If you'are @IEEESSP, don't miss the presentation of our work "They're not that hard to mitigate": What Cryptographic Library Developers Think About Timing Attacks. A joint work with @j08ny, M. Fourné, @faulst, M. Sabt, @cryptojedi, G. Barthe, PA Fouque and @yazz_acar

What do cryptographic library developers think about timing attacks? We asked and got responses from 44 in our IEEE S&P 2022 paper co-authored with Marcel Fourné, @faulst, Mohamed Sabt, @cryptojedi, Gilles Barthe, Pierre-Alain Foque and @yazz_acar. is.muni.cz/go/d54huq 1/4

🎥#Interview de Gwendal Patat (@avalonswanderer), ancien étudiant du master #informatique parcours #cybersécurité, et aujourd’hui #doctorant à l'@irisa_lab. Gwendal témoigne de son expérience de #doctorat : son parcours, sa thèse, la suite de sa carrière… youtube.com/watch?v=5NzRW8…

Workshop on Attacks on Cryptography (WAC4) is about to start, crypto.iacr.org/2021/wac.php Session I, "Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)" @ic0nz1 and "PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild" @faulst

Join me on August 15, 2021 for the 4th IACR Workshop on Attacks on Cryptography (WAC4): crypto.iacr.org/2021/wac.php Lots of exciting talks by @ic0nz1 @faulst @vanhoefm #JuliaLen @elie @lucawilkeUzL @PPessl @OmerShlomovits @victorlomne @IACR_News #CryptoNews

My students @maxzks and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption”. 1/

@skrobotmarjan @vanhoefm FYI, OPAQUE also needs a hash-to-curve procedure, and also use a secure one (the draft reference the same IETF hash-to-curve document, which is being created to avoid the issues we had with Dragonfly)

@vanhoefm What about CPace protocol? If I recall well, they also need a “hash-to-curve” procedure. Is there a similar issue as with Dragonfly?

More evidence that WPA3 and its Dragonfly handshake is hard to implement securely: IWD was still vulnerable to side-channel leaks. Additionally, the patch for FreeRADIUS was not backported to their v3 branch. This confirms our warning that Dragonfly is hard to implement securely