Flavio D. Garcia

Professor of Computer Security

EPSRC Fellow

School of Computer Science

University of Birmingham



Publications

BibTex
Zishuai Cheng, Mihai Ordean, Flavio D. Garcia, Baojiang Cui, and Dominik Rys.
Watching your call: Breaking VoLTE Privacy in LTE/5G Networks.
In Privacy Enhancing Technologies (PoPETs 2023).
Vol. 2023, Issue 2, pages 282-297, 2023.
PDF document
Zitai Chen, Sam L. Thomas, and Flavio D. Garcia.
MetaEmu: An Architecture Agnostic Rehosting Framework for Automotive Firmware.
In 29th ACM Conference on Computer and Communications Security (CCS 2022).
ACM Press, pages 515-529, 2022.
PDF document
José Moreira, Mark D. Ryan, and Flavio D. Garcia.
Protocols for a Two-Tiered Trusted Computing Base.
In 27th European Symposium on Research in Computer Security (ESORICS 2022).
Lecture Notes in Computer Science, Vol. 13556, pages 229-249, 2022. Springer.
PDF document
Zitai Chen, Georgios Vasilakis, Kit Murdock, Edward Dean, David Oswald, and Flavio D. Garcia.
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface.
In 30th USENIX Security Symposium (USENIX Security 2021).
USENIX Association, pages 699-716, 2021.
PDF document
Sam L. Thomas, Jan Van den Herrewegen, Georgios Vasilakis, Zitai Chen, Mihai Ordean, and Flavio D. Garcia.
Cutting Through the Complexity of Reverse Engineering Embedded Devices.
In Transactions on Cryptographic Hardware and Embedded Systems (TCHES).
Vol. 2021, No 3, pages 360-389, 2021.
PDF document
Jan Van den Herrewegen, David Oswald, Flavio Garcia, and Qais Temeiza.
Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis.
In Transactions on Cryptographic Hardware and Embedded Systems (TCHES).
Vol. 2021, No 1, pages 56-81, 2021.
PDF document
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens.
Plundervolt: How a little bit of undervolting can create a lot of trouble.
In IEEE Security & Privacy special issue on Hardware-Assisted Security.
Vol. 18, No. 5, pages 28-37, 2020.
PDF document
Christopher Hicks and Flavio D. Garcia.
A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2X.
In 5th IEEE European Symposium on Security and Privacy (EuroS&P 2020).
IEEE, pages 460-473, 2020.
PDF document
Andreea-Ina Radu and Flavio D. Garcia.
Grey-box Analysis and Fuzzing of Automotive Electronic Components via Control-Flow Graph Extraction.
In 4th Computer Science in Cars Symposium (CSCS 2020).
ACM Press, pages 1-11. 2020.
PDF document
Lennert Wouters, Jan Van den Herrewegen, Flavio D. Garcia, David Oswald,
Benedikt Gierlichs, Bart Preneel.
Dismantling DST80-based Immobiliser Systems.
In Transactions on Cryptographic Hardware and Embedded Systems (TCHES).
Vol. 2020, No.2, pages 99-127, 2020.
PDF document
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens.
Plundervolt: Software-based Fault Injection Attacks against Intel SGX
In 41st IEEE Symposium on Security and Privacy (S&P 2020). IEEE, pages 859-859. 2020.
PDF document
Jo Van Bulck, David Oswald, Eduard Marin, Abdulla Aldoseri, Flavio D. Garcia and Frank Piessens.
A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes.
In 26th ACM Conference on Computer and Communications Security (CCS 2019).
ACM Press, pages 1741-1758. 2019.
PDF document
Eric R. Verheul, Christopher Hicks and Flavio D. Garcia.
IFAL: Issue First Activate Later Certificates for V2X.
In 4th IEEE European Symposium on Security and Privacy (EuroS&P 2019).
IEEE, pages 279-293, 2019.
PDF document
Jan Van den Herrewegen and Flavio D. Garcia.
Beneath the Bonnet: A Breakdown of Diagnostic Security.
In 23rd European Symposium on Research in Computer Security (ESORICS 2018).
Lecture Notes in Computer Science, Vol. 11098, pages 305-324, 2018. Springer.
PDF document
Christopher Hicks, Flavio D. Garcia and David Oswald.
Dismantling the AUT64 Automotive Cipher.
In Transactions on Cryptographic Hardware and Embedded Systems (TCHES).
Vol. 2018, No.2, pages 1-24, 2018.
PDF document
Chris McMahon Stone, Tom Chothia and Flavio D. Garcia.
Spinner: Semi-Automatic Detection of Pinning without Hostname Verification.
In 33rd Annual Computer Security Applications Conference (ACSAC 2017).
ACM, pages 176-188, 2017.
PDF document
Sam L. Thomas, Tom Chothia, and Flavio D. Garcia.
Stringer: Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality.
In 22nd European Symposium on Research in Computer Security (ESORICS 2017).
Lecture Notes in Computer Science, Vol. 10493, pages 513-531, 2017. Springer.
PDF document
Sam L. Thomas, Flavio D. Garcia, and Tom Chothia.
HumIDIFy: A Tool for Hidden Functionality Detection in Firmware.
In 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2017). Lecture Notes in Computer Science, Vol. 10327, pages 279-300, 2017. Springer.
PDF document
Tom Chothia, Flavio D. Garcia, Christopher Heppel, and Chris McMahon-Stone.
Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. In 21st International Conference on Financial Cryptography and Data Security (FC 2017). Lecture Notes in Computer Science, Vol. 10322, pages 579-597, 2017. Springer.
PDF document
Eduard Marin, Dave Singelée, Flavio D. Garcia, Tom Chothia, Rik Willems and Bart Preneel.
On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them. In 32nd Annual Computer Security Applications Conference (ACSAC 2016).
ACM, 2016.
PDF document
Andreea-Ina Radu and Flavio D. Garcia.
LeiA: A Lightweight Authentication Protocol for CAN.
In 21st European Symposium on Research in Computer Security (ESORICS 2016).
Lecture Notes in Computer Science, Vol. 9879, pages 283-300, 2016. Springer.
PDF document
Flavio D. Garcia, David Oswald, Timo Kasper and Pierre Pavlidès.
Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems.
In 25th USENIX Security Symposium (USENIX Security 2016).
USENIX Association, pages 929-944, 2016.
PDF document
Flavio D. Garcia and Bart Jacobs.
The Fall of a Tiny Star.
In P. Ryan, D. Naccache, J.-J. Quisquater, editors,
The New Codebreakers: Essays Dedicated to David Kahn on the Occasion of His 85th Birthday.
Lecture Notes in Computer Science, Vol. 9100, pages 69-87, 2016.
PDF document
Roel Verdult and Flavio D. Garcia.
Cryptanalysis of the Megamos Crypto Automotive Immobilizer.
In USENIX ;login:. USENIX Association, Vol. 40/6, pages 17-22, 2015.
PDF document
Roel Verdult, Flavio D. Garcia and Baris Ege.
Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer.
In 22th USENIX Security Symposium (USENIX Security 2013).
USENIX Association, pages 703-718, 2015.
PDF document
Tom Chothia, Flavio D. Garcia, Joeri de Ruiter, Jordi van den Breekel and Matthew Thompson.
Relay Cost Bounding for Contactless EMV Payments.
In 19th Financial Cryptography and Data Security (FC 2015).
Lecture Notes in Computer Science, Vol. 7459, pages 189-206. 2015
PDF document
PDF document
Flavio D. Garcia, Gerhard de Koning Gans and Roel Verdult.
Wirelessly Lockpicking a Smart Card Reader.
In International Journal of Information Security, Springer Verlag, 2014.
PDF document
Flavio D. Garcia, Eric R. Verheul and Bart Jacobs.
Cell-based Privacy-friendly Roadpricing.
In Computers & Mathematics with Applications, Vol. 65/5, pages 774-785, 2013.
PDF document
Gerhard de Koning Gans, Roel Verdult and Flavio D. Garcia.
A Toolbox for RFID Protocol Analysis.
In 4th International EURASIP Workshop on RFID Technology (EURASIP RFID 2012).
IEEE Computer Society, pages 27-34, 2012.
PDF document
Roel Verdult, Flavio D. Garcia and Josep Balasch.
Gone in 360 Seconds: Hijacking with Hitag2.
In 21st USENIX Security Symposium (USENIX Security 2012).
USENIX Association, pages 237-252, 2012.
PDF document
Flavio D. Garcia, Gerhard de Koning Gans, Roel Verdult and Milosch Meriac.
Dismantling iClass and iClass Elite.
In S. Foresti and M. Yung , editors,
17th European Symposium on Research in Computer Security (ESORICS 2012).
Lecture Notes in Computer Science, Vol. 7459, 2012. Springer Verlag.
PDF document
Flavio D. Garcia, Eric R. Verheul and Bart Jacobs.
Cell-based Roadpricing.
In S. Petkova-Nikova, A. Pashalidis, G. Pernul, editors,
8th European PKI Workshop (EuroPKI 2011)
Lecture Notes in Computer Science, Vol. 7163, pages 106-122, 2012. Springer Heidelberg.
PDF document
Flavio D. Garcia, Gerhard de Koning Gans and Roel Verdult.
Exposing iClass Key Diversification. (Best Paper Award)
In 5th USENIX Workshop on Offensive Technologies (WOOT 2011)
USENIX Association, pages 128-136. 2011.
PDF document
Flavio D. Garcia and Bart Jacobs.
Privacy-friendly Energy-metering via Homomorphic Encryption.
In J. Cuellar, J. Lopez, G. Barthe and A. Pretschner, editors,
6th Workshop on Security and Trust Management (STM 2010)
Lecture Notes in Computer Science, Vol. 6710, pages 226-238, 2011. Springer Verlag.
PDF document
Flavio D. Garcia, Peter van Rossum, Roel Verdult and Ronny Wichers Schreur.
Dismantling SecureMemory, CryptoMemory and CryptoRF.
In 17th ACM Conference on Computer and Communications Security (CCS 2010).
ACM Press, pages 250-259. 2010. ACM.
PDF document
Gerhard de Koning Gans and Flavio D. Garcia.
Towards a Practical Solution to the RFID Desynchronization Problem.
In S.B. Ors Yalcin, editor, 6th Workshop on RFID Security (RFIDSec 2010).
Lecture Notes in Computer Science, Vol. 6370, pages 203-219, 2010. Springer Verlag.
PDF document
Flavio D. Garcia and Peter van Rossum.
Modeling Privacy for Off-line RFID Systems.
In D. Gollmann and J.-L. Lanet, editors,
9th Smart Card Research and Advanced Applications (CARDIS 2010).
Lecture Notes in Computer Science, Vol. 6035, pages 194-208, 2010. Springer Verlag.
PDF document
David Galindo and Flavio D. Garcia.
A Schnorr-like Lightweight Identity Based Signature Scheme.
In B. Preneel, editor, Progress in Cryptology (AFRICACRYPT 2009).
Lecture Notes in Computer Science, Vol. 5580, pages 135-148, 2009. Springer Verlag.
PDF document
PDF document
Flavio D. Garcia, Peter van Rossum, Roel Verdult and Ronny Wichers Schreur.
Wirelessly Pickpocketing a Mifare Classic Card. (Outstanding Paper Award)
In 30th IEEE Symposium on Security and Privacy (S&P 2009), pages 3-15. 2009. IEEE.
PDF document
Flavio D. Garcia, Gerhard de Koning Gans, Ruben Muijrers,
Peter van Rossum, Roel Verdult, Ronny Wichers Schreur and Bart Jacobs.
Dismantling MIFARE Classic.
In S. Jajodia, and J. Lopez, editors,
13th European Symposium on Research in Computer Security (ESORICS 2008).
Lecture Notes in Computer Science, Vol. 5283, pages 97-114, 2008. Springer Verlag.
PDF document PDF document
Flavio D. Garcia and Peter van Rossum.
Sound and Complete Computational Interpretation of Symbolic Hashes in the Standard Model.
In Theoretical Computer Science, Vol. 394/1-2, pages 112-133, 2008.
PDF document
Gerhard de Koning Gans, Jaap-Henk Hoepman and Flavio D. Garcia.
A Practical Attack on the MIFARE Classic.
In G. Grimaud and F.-X. Standaert, editors,
8th Smart Card Research and Advanced Application Conference (CARDIS 2008).
Lecture Notes in Computer Science, Vol. 5189, pages 267-282, 2008. Springer Verlag.
PDF document
David Galindo and Flavio D. Garcia.
A Lightweight Identity Based Signature Scheme.
In 3rd Benelux Workshop on Information and System Security (WISSEC 2008).
Eindhoven, The Netherlands. 2008.
PDF document
David Galindo, Flavio D. Garcia, and Peter van Rossum.
Computational Soundness of Non-Malleable Commitments.
In 4th Information Security Practice and Experience Conference (ISPEC 2008).
Lecture Notes in Computer Science, Vol. 4991, pages 361-376. Sydney, Australia, 2008. Springer Verlag.
PDF document
Flavio D. Garcia and Peter van Rossum.
Sound Computational Interpretation of Symbolic Hashes in the Standard Model.
In H. Yoshiura, K. Sakurai, K. Rannenberg, Y. Murayama, S. Kawamura, editors,
Advances in Information and Computer Security. International Workshop on Security (IWSEC 2006).

Lecture Notes in Computer Science, Vol. 4266, pages 33-47. Kyoto, Japan, October 23-24, 2006. Springer Verlag.
PDF document
full: PDF document
Flavio D. Garcia and Peter van Rossum.
Sound and Complete Computational Interpretation of Formal Hashes (Extended Abstract).
In Véronique Cortier and Steve Kremer, editors,
Workshop of Formal and Computational Cryptography (FCC 2006).
Venice, Italy, July 2006.
PDF document
Flavio D. Garcia, Ichiro Hasuo, Wolter Pieters, and Peter van Rossum.
Provable Anonymity.
In Ralf Küsters and John Mitchell, editors,
3rd ACM Workshop on Formal Methods in Security Engineering (FMSE 2005).
ACM Press, pages 63-72. Alexandria , VA, U.S.A., November 2005.
PDF document
Flavio D. Garcia and Jaap-Henk Hoepman.
Off-line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications.
In J. Ioannidis, A. Keromytis, and M. Yung, editors,
3rd Applied Cryptography and Network Security (ACNS 2005),
Lecture Notes in Computer Science, Vol. 3531, pages 364-377. New York, NY, USA, June 7-10 2005. Springer Verlag.
PDF document
Flavio D. Garcia and Jaap-Henk Hoepman.
Off-line Karma: A Decentralized Currency for Static Peer-to-peer and Grid Networks.
In S. Furnell, P. Dowland, G. Kormentazas, editors,
5th International Network Conference (INC 2005),
pages 325-332, Samos, Greece, July 5-7 2005.
PDF document
Flavio D. Garcia, Jaap-Henk Hoepman, and J. van Nieuwenhuizen.
Spam Filter Analysis.
In Y. Deswarte, F. Cuppens, S. Jajodia, and L. Wang, editors,
Security and Protection in Information Processing Systems. IFIP TC11 19th International Information Security Conference (SEC2004), pages 395-410, Toulouse, France, August 2004. Kluwer Academic Publishers.
PDF document

Theses

Flavio D. Garcia.
Formal and Computational Cryptography: Protocols, Hashes and Commitments.
PhD thesis, Radboud University Nijmegen, 2008.
PDF document
Flavio D. Garcia.
Stereovision with Neural Networks (in Spanish)
MSc thesis, Universidad Nacional de Córdoba, 2002.
PDF document

Preprints/Posters/Reports

Roel Verdult, Flavio D. Garcia and Josep Balasch.
Poster: Gone in 360 Seconds: Hijacking with Hitag2.
PDF document
Flavio D. Garcia, Gerhard de Koning Gans and Roel Verdult.
Poster: Dismantling iClass and iClass Elite.
Poster at 21st USENIX Security Symposium (USENIX Security 2012).
PDF document
Flavio D. Garcia, Gerhard de Koning Gans and Roel Verdult.
Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research.
Tutorial at 8th Workshop on RFID Security and Privacy (RFIDSec 2012).
Technical Report, Radboud University Nijmegen, 2012.
PDF document
Ronny Wichers Schreur, Peter van Rossum, Flavio Garcia, Wouter Teepe, Jaap-Henk Hoepman, Bart Jacobs, Gerhard de Koning Gans, Roel Verdult, Ruben Muijrers, Ravindra Kali, and Vinesh Kali.
Security Flaw in MIFARE Classic.
Press release, Digital Security group, Radboud University Nijmegen. March 12, 2008. The Netherlands.
PDF document
Flavio D. Garcia, Peter van Rossum and Ana Sokolova.
Probabilistic anonymity and admissible schedulers.
Arxiv preprint arXiv:0706.1019. 2007.
PDF document
Flavio D. Garcia.
Extending Computational Soundness Further: the case of Non-malleable Commitments.
Technical Report, Radboud University Nijmegen, 2008.
PDF document
Flavio D. Garcia and Peter van Rossum.
Completeness of Formal Hashes in the Standard Model.
Technical Report, Radboud University Nijmegen. 2006.
PDF document
Flavio D. Garcia and Jaap-Henk Hoepman.
Off-line Karma: Towards a Decentralized Currency for Peer-to-peer and Grid Applications (Extended Abstract). In Workshop on Secure Multiparty Computations (SMP), Amsterdam, The Netherlands, October 7-8 2004.
PDF document