![]() |
Flavio D. GarciaProfessor of Computer SecurityEPSRC FellowSchool of Computer ScienceUniversity of Birmingham |
Publications
![]() |
Zishuai Cheng, Mihai Ordean, Flavio D. Garcia, Baojiang Cui, and Dominik Rys. Watching your call: Breaking VoLTE Privacy in LTE/5G Networks. In Privacy Enhancing Technologies (PoPETs 2023). Vol. 2023, Issue 2, pages 282-297, 2023. |
![]() |
Zitai Chen, Sam L. Thomas, and Flavio D. Garcia. MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware. In 29th ACM Conference on Computer and Communications Security (CCS 2022). ACM Press, pages 515-529, 2022. |
![]() |
José Moreira, Mark D. Ryan, and Flavio D. Garcia. Protocols for a Two-Tiered Trusted Computing Base. In 27th European Symposium on Research in Computer Security (ESORICS 2022). Lecture Notes in Computer Science, Vol. 13556, pages 229-249, 2022. Springer. |
![]() |
Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, and Flavio D. Garcia. VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface. In 30th USENIX Security Symposium (USENIX Security 2021). USENIX Association, pages 699-716, 2021. |
![]() |
Sam L. Thomas, Jan Van den Herrewegen, Georgios Vasilakis, Zitai Chen, Mihai Ordean, and Flavio D. Garcia. Cutting Through the Complexity of Reverse Engineering Embedded Devices. In Transactions on Cryptographic Hardware and Embedded Systems (TCHES). Vol. 2021, No 3, pages 360-389, 2021. |
![]() |
Jan Van den Herrewegen, David Oswald, Flavio Garcia, and Qais Temeiza. Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis. In Transactions on Cryptographic Hardware and Embedded Systems (TCHES). Vol. 2021, No 1, pages 56-81, 2021. |
![]() |
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. Plundervolt: How a little bit of undervolting can create a lot of trouble. In IEEE Security & Privacy special issue on Hardware-Assisted Security. Vol. 18, No. 5, pages 28-37, 2020. |
![]() |
Christopher Hicks and Flavio D. Garcia. A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2X. In 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020). IEEE, pages 460-473, 2020. |
![]() |
Andreea-Ina Radu and Flavio D. Garcia. Grey-box Analysis and Fuzzing of Automotive Electronic Components via Control-Flow Graph Extraction. In 4th Computer Science in Cars Symposium (CSCS 2020). ACM Press, pages 1-11. 2020. |
![]() |
Lennert Wouters, Jan Van den Herrewegen, Flavio D. Garcia, David Oswald, Benedikt Gierlichs, Bart Preneel. Dismantling DST80-based Immobiliser Systems. In Transactions on Cryptographic Hardware and Embedded Systems (TCHES). Vol. 2020, No.2, pages 99-127, 2020. |
![]() |
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. Plundervolt: Software-based Fault Injection Attacks against Intel SGX In 41st IEEE Symposium on Security and Privacy (S&P 2020). IEEE, pages 859-859. 2020. |
![]() |
Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D. Garcia and Frank Piessens. A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. In 26th ACM Conference on Computer and Communications Security (CCS 2019). ACM Press, pages 1741-1758. 2019. |
![]() |
Eric R. Verheul, Christopher Hicks and Flavio D. Garcia. IFAL: Issue First Activate Later Certificates for V2X. In 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019). IEEE, pages 279-293, 2019. |
![]() |
Jan Van den Herrewegen and Flavio D. Garcia. Beneath the Bonnet: A Breakdown of Diagnostic Security. In 23rd European Symposium on Research in Computer Security (ESORICS 2018). Lecture Notes in Computer Science, Vol. 11098, pages 305-324, 2018. Springer. |
![]() |
Christopher Hicks, Flavio D. Garcia and David Oswald. Dismantling the AUT64 Automotive Cipher. In Transactions on Cryptographic Hardware and Embedded Systems (TCHES). Vol. 2018, No.2, pages 1-24, 2018. |
![]() |
Chris McMahon Stone, Tom Chothia and Flavio D. Garcia. Spinner: Semi-Automatic Detection of Pinning without Hostname Verification. In 33rd Annual Computer Security Applications Conference (ACSAC 2017). ACM, pages 176-188, 2017. |
![]() |
Sam L. Thomas, Tom Chothia, and Flavio D. Garcia. Stringer: Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality. In 22nd European Symposium on Research in Computer Security (ESORICS 2017). Lecture Notes in Computer Science, Vol. 10493, pages 513-531, 2017. Springer. |
![]() |
Sam L. Thomas, Flavio D. Garcia, and Tom Chothia. HumIDIFy: A Tool for Hidden Functionality Detection in Firmware. In 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017). Lecture Notes in Computer Science, Vol. 10327, pages 279-300, 2017. Springer. |
![]() |
Tom Chothia, Flavio D. Garcia, Christopher Heppel, and Chris McMahon-Stone. Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. In 21st International Conference on Financial Cryptography and Data Security (FC 2017). Lecture Notes in Computer Science, Vol. 10322, pages 579-597, 2017. Springer. |
![]() |
Eduard Marin, Dave Singelée, Flavio D. Garcia,
Tom Chothia, Rik Willems and Bart Preneel. On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them. In 32nd Annual Computer Security Applications Conference (ACSAC 2016). ACM, 2016. |
![]() |
Andreea-Ina Radu and Flavio D. Garcia. LeiA: A Lightweight Authentication Protocol for CAN. In 21st European Symposium on Research in Computer Security (ESORICS 2016). Lecture Notes in Computer Science, Vol. 9879, pages 283-300, 2016. Springer. |
![]() |
Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès. Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. In 25th USENIX Security Symposium (USENIX Security 2016). USENIX Association, pages 929-944, 2016. |
![]() |
Flavio D. Garcia and Bart Jacobs. The Fall of a Tiny Star. In P. Ryan, D. Naccache, J.-J. Quisquater, editors, The New Codebreakers: Essays Dedicated to David Kahn on the Occasion of His 85th Birthday. Lecture Notes in Computer Science, Vol. 9100, pages 69-87, 2016. |
![]() |
Roel Verdult and Flavio D. Garcia. Cryptanalysis of the Megamos Crypto Automotive Immobilizer. In USENIX ;login:. USENIX Association, Vol. 40/6, pages 17-22, 2015. |
![]() |
Roel Verdult, Flavio D. Garcia and Baris
Ege. Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer. In 22th USENIX Security Symposium (USENIX Security 2013). USENIX Association, pages 703-718, 2015. |
![]() |
Tom Chothia, Flavio D. Garcia, Joeri de Ruiter, Jordi van den Breekel and Matthew Thompson. Relay Cost Bounding for Contactless EMV Payments. In 19th Financial Cryptography and Data Security (FC 2015). Lecture Notes in Computer Science, Vol. 7459, pages 189-206. 2015 |
![]() ![]() |
Flavio D. Garcia, Gerhard de Koning Gans and
Roel Verdult. Wirelessly Lockpicking a Smart Card Reader. In International Journal of Information Security, Springer Verlag, 2014. |
![]() |
Flavio D. Garcia, Eric R. Verheul and Bart
Jacobs. Cell-based Privacy-friendly Roadpricing. In Computers & Mathematics with Applications, Vol. 65/5, pages 774-785, 2013. |
![]() |
Gerhard de Koning Gans,
Roel Verdult and Flavio D. Garcia. A Toolbox for RFID Protocol Analysis. In 4th International EURASIP Workshop on RFID Technology (EURASIP RFID 2012). IEEE Computer Society, pages 27-34, 2012. |
![]() |
Roel Verdult, Flavio D. Garcia and Josep
Balasch. Gone in 360 Seconds: Hijacking with Hitag2. In 21st USENIX Security Symposium (USENIX Security 2012). USENIX Association, pages 237-252, 2012. |
![]() |
Flavio D. Garcia,
Gerhard de Koning Gans,
Roel Verdult and Milosch Meriac. Dismantling iClass and iClass Elite. In S. Foresti and M. Yung , editors, 17th European Symposium on Research in Computer Security (ESORICS 2012). Lecture Notes in Computer Science, Vol. 7459, 2012. Springer Verlag. |
![]() |
Flavio D. Garcia, Eric R. Verheul and Bart
Jacobs. Cell-based Roadpricing. In S. Petkova-Nikova, A. Pashalidis, G. Pernul, editors, 8th European PKI Workshop (EuroPKI 2011) Lecture Notes in Computer Science, Vol. 7163, pages 106-122, 2012. Springer Heidelberg. |
![]() |
Flavio D. Garcia,
Gerhard de Koning Gans and
Roel Verdult. Exposing iClass Key Diversification. (Best Paper Award) In 5th USENIX Workshop on Offensive Technologies (WOOT 2011) USENIX Association, pages 128-136. 2011. |
![]() |
Flavio D. Garcia and Bart Jacobs. Privacy-friendly Energy-metering via Homomorphic Encryption. In J. Cuellar, J. Lopez, G. Barthe and A. Pretschner, editors, 6th Workshop on Security and Trust Management (STM 2010) Lecture Notes in Computer Science, Vol. 6710, pages 226-238, 2011. Springer Verlag. |
![]() |
Flavio D. Garcia,
Peter van Rossum,
Roel Verdult and Ronny Wichers
Schreur.
Dismantling SecureMemory, CryptoMemory and CryptoRF. In 17th ACM Conference on Computer and Communications Security (CCS 2010). ACM Press, pages 250-259. 2010. ACM. |
![]() |
Gerhard de Koning Gans and Flavio D. Garcia. Towards a Practical Solution to the RFID Desynchronization Problem. In S.B. Ors Yalcin, editor, 6th Workshop on RFID Security (RFIDSec 2010). Lecture Notes in Computer Science, Vol. 6370, pages 203-219, 2010. Springer Verlag. |
![]() |
Flavio D. Garcia and Peter van Rossum. Modeling Privacy for Off-line RFID Systems. In D. Gollmann and J.-L. Lanet, editors, 9th Smart Card Research and Advanced Applications (CARDIS 2010). Lecture Notes in Computer Science, Vol. 6035, pages 194-208, 2010. Springer Verlag. |
![]() |
David Galindo and Flavio D. Garcia. A Schnorr-like Lightweight Identity Based Signature Scheme. In B. Preneel, editor, Progress in Cryptology (AFRICACRYPT 2009). Lecture Notes in Computer Science, Vol. 5580, pages 135-148, 2009. Springer Verlag. |
![]() ![]() |
Flavio D. Garcia,
Peter van Rossum,
Roel Verdult and Ronny Wichers
Schreur. Wirelessly Pickpocketing a Mifare Classic Card. (Outstanding Paper Award) In 30th IEEE Symposium on Security and Privacy (S&P 2009), pages 3-15. 2009. IEEE. |
![]() |
Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur and Bart Jacobs. Dismantling MIFARE Classic. In S. Jajodia, and J. Lopez, editors, 13th European Symposium on Research in Computer Security (ESORICS 2008). Lecture Notes in Computer Science, Vol. 5283, pages 97-114, 2008. Springer Verlag. |
![]() ![]() |
Flavio D. Garcia and
Peter van Rossum. Sound and Complete Computational Interpretation of Symbolic Hashes in the Standard Model. In Theoretical Computer Science, Vol. 394/1-2, pages 112-133, 2008. |
![]() |
Gerhard de Koning Gans,
Jaap-Henk Hoepman and
Flavio D. Garcia. A Practical Attack on the MIFARE Classic. In G. Grimaud and F.-X. Standaert, editors, 8th Smart Card Research and Advanced Application Conference (CARDIS 2008). Lecture Notes in Computer Science, Vol. 5189, pages 267-282, 2008. Springer Verlag. |
![]() |
David Galindo and Flavio D. Garcia. A Lightweight Identity Based Signature Scheme. In 3rd Benelux Workshop on Information and System Security (WISSEC 2008). Eindhoven, The Netherlands. 2008. |
![]() |
David Galindo, Flavio D. Garcia, and
Peter van Rossum.
Computational Soundness of Non-Malleable Commitments. In 4th Information Security Practice and Experience Conference (ISPEC 2008). Lecture Notes in Computer Science, Vol. 4991, pages 361-376. Sydney, Australia, 2008. Springer Verlag. |
![]() |
Flavio D. Garcia and
Peter van Rossum. Sound Computational Interpretation of Symbolic Hashes in the Standard Model. In H. Yoshiura, K. Sakurai, K. Rannenberg, Y. Murayama, S. Kawamura, editors, Advances in Information and Computer Security. International Workshop on Security (IWSEC 2006). Lecture Notes in Computer Science, Vol. 4266, pages 33-47. Kyoto, Japan, October 23-24, 2006. Springer Verlag. |
![]() full: ![]() |
Flavio D. Garcia and
Peter van Rossum. Sound and Complete Computational Interpretation of Formal Hashes (Extended Abstract). In Véronique Cortier and Steve Kremer, editors, Workshop of Formal and Computational Cryptography (FCC 2006). Venice, Italy, July 2006. |
![]() |
Flavio D. Garcia, Ichiro Hasuo,
Wolter Pieters, and
Peter van Rossum. Provable Anonymity. In Ralf Küsters and John Mitchell, editors, 3rd ACM Workshop on Formal Methods in Security Engineering (FMSE 2005). ACM Press, pages 63-72. Alexandria , VA, U.S.A., November 2005. |
![]() |
Flavio D. Garcia and Jaap-Henk Hoepman. Off-line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications. In J. Ioannidis, A. Keromytis, and M. Yung, editors, 3rd Applied Cryptography and Network Security (ACNS 2005), Lecture Notes in Computer Science, Vol. 3531, pages 364-377. New York, NY, USA, June 7-10 2005. Springer Verlag. |
![]() |
Flavio D. Garcia and Jaap-Henk Hoepman. Off-line Karma: A Decentralized Currency for Static Peer-to-peer and Grid Networks. In S. Furnell, P. Dowland, G. Kormentazas, editors, 5th International Network Conference (INC 2005), pages 325-332, Samos, Greece, July 5-7 2005. |
![]() |
Flavio D. Garcia, Jaap-Henk Hoepman, and J. van
Nieuwenhuizen. Spam Filter Analysis. In Y. Deswarte, F. Cuppens, S. Jajodia, and L. Wang, editors, Security and Protection in Information Processing Systems. IFIP TC11 19th International Information Security Conference (SEC2004), pages 395-410, Toulouse, France, August 2004. Kluwer Academic Publishers. |
![]() |
Theses
Preprints/Posters/Reports
Roel Verdult, Flavio D. Garcia and Josep
Balasch. Poster: Gone in 360 Seconds: Hijacking with Hitag2. |
![]() |
Flavio D. Garcia,
Gerhard de Koning Gans and
Roel Verdult. Poster: Dismantling iClass and iClass Elite. Poster at 21st USENIX Security Symposium (USENIX Security 2012). |
![]() |
Flavio D. Garcia,
Gerhard de Koning Gans and
Roel Verdult. Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research. Tutorial at 8th Workshop on RFID Security and Privacy (RFIDSec 2012). Technical Report, Radboud University Nijmegen, 2012. |
![]() |
Ronny Wichers Schreur, Peter van Rossum, Flavio Garcia, Wouter Teepe, Jaap-Henk
Hoepman, Bart Jacobs, Gerhard de Koning Gans, Roel Verdult, Ruben Muijrers,
Ravindra Kali, and Vinesh Kali. Security Flaw in MIFARE Classic. Press release, Digital Security group, Radboud University Nijmegen. March 12, 2008. The Netherlands. |
![]() |
Flavio D. Garcia,
Peter van Rossum and Ana Sokolova. Probabilistic anonymity and admissible schedulers. Arxiv preprint arXiv:0706.1019. 2007. |
![]() |
Flavio D. Garcia. Extending Computational Soundness Further: the case of Non-malleable Commitments. Technical Report, Radboud University Nijmegen, 2008. |
![]() |
Flavio D. Garcia and
Peter van Rossum. Completeness of Formal Hashes in the Standard Model. Technical Report, Radboud University Nijmegen. 2006. |
![]() |
Flavio D. Garcia and Jaap-Henk Hoepman. Off-line Karma: Towards a Decentralized Currency for Peer-to-peer and Grid Applications (Extended Abstract). In Workshop on Secure Multiparty Computations (SMP), Amsterdam, The Netherlands, October 7-8 2004. |
![]() |