@inproceedings{Herrewegen2018Breakdown, author = {Jan Van den Herrewegen and Flavio D. Garcia}, title = {Beneath the Bonnet: {A} Breakdown of Diagnostic Security}, booktitle = {23rd European Symposium on Research in Computer Security ({ESORICS} 2018), Proceedings, Part {I}}, pages = {305--324}, series = {Lecture Notes in Computer Science}, volume = {11098}, publisher = {Springer}, year = {2018}, url = {https://doi.org/10.1007/978-3-319-99073-6}, doi = {10.1007/978-3-319-99073-6}, isbn = {978-3-319-99072-9} } @article{HicksGO2018AUT64, author = {Christopher Hicks and Flavio D. Garcia and David Oswald}, title = {Dismantling the {AUT64} Automotive Cipher}, journal = {{IACR} Transactions on Cryptographic Hardware and Embedded Systems (CHES 2018)}, volume = {2018}, number = {2}, pages = {46--69}, year = {2018}, url = {https://doi.org/10.13154/tches.v2018.i2.46-69}, doi = {10.13154/tches.v2018.i2.46-69} } @inproceedings{Stone2017Spinner, title = {Spinner: Semi-Automatic Detection of Pinning without Hostname Verification}, author = {Chris McMahon Stone and Tom Chothia and Flavio D. Garcia}, booktitle = {33rd Annual Computer Security Applications Conference (ACSAC 2017)}, isbn = {978-1-4503-5345-8}, location = {Orlando, FL, USA}, pages = {176--188}, numpages = {13}, url = {http://doi.acm.org/10.1145/3134600.3134628}, doi = {10.1145/3134600.3134628}, publisher = {ACM}, address = {New York, NY, USA}, year = {2017}, } @inproceedings{Thomas2017Stringer, title = {Stringer: Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality}, author = {Sam L. Thomas and Tom Chothia and Flavio D. Garcia}, booktitle = {22st European Symposium on Research in Computer Security (ESORICS 2017)}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, pages = {513--531}, volume = {10493}, year = {2017}, } @inproceedings{Thomas2017HumIDIFy, title = {{HumIDIFy}: A Tool for Hidden Functionality Detection in Firmware}, author = {Sam Thomas and Flavio D. Garcia and Tom Chothia}, booktitle = {14th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment (DIMVA 2017)}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, pages = {279--300}, volume = {10327}, year = {2017}, } @inproceedings{chothia2017FC, title = {Why Banker {Bob} (still) can't get {TLS} right: A Security Analysis of {TLS} in Leading {UK} Banking Apps}, author = {Tom Chothia and Flavio D. Garcia and Christopher Heppel and Christopher McMahon-Stone}, booktitle = {21st International Conference on Financial Cryptography and Data Security (FC 2017)}, volume = {10322}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, pages = {579--597}, doi = {10.1007/978-3-319-70972-7\_33}, year = {2017}, } @inproceedings{marin2016IMD, title = {On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them}, author = {Eduard Marin and Dave Singel\'{e}e and Flavio D. Garcia and Tom Chothia and Rik Willems and Bart Preneel}, booktitle = {32nd Annual Computer Security Applications Conference (ACSAC 2016)}, publisher = {ACM}, year = {2016}, } @inproceedings{radu2016Leia, title = {{LeiA}: A Lightweight Authentication Protocol for {CAN}}, author = {Radu, Andreea-Ina and Garcia, Flavio D.}, booktitle = {21st European Symposium on Research in Computer Security (ESORICS 2016)}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, volume = {9879}, pages = {283--300}, year = {2016}, } @inproceedings{gokp_2016_usenix, author = {Flavio D. Garcia and David Oswald and Timo Kasper and Pierre Pavlid{\`{e}}s}, title = {Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems}, booktitle = {25th USENIX Security Symposium (USENIX Security 2016)}, publisher = {USENIX Association}, pages = {929--944}, year = {2016}, } @Inbook{Garcia2016_tiny_star, author = "Garcia, Flavio D. and Jacobs, Bart", editor = "Ryan, A. Peter Y. and Naccache, David and Quisquater, Jean-Jacques", chapter = "The Fall of a Tiny Star", title = "The New Codebreakers: Essays Dedicated to David Kahn on the Occasion of His 85th Birthday", year="2016", publisher = "Springer Berlin Heidelberg", address = "Berlin, Heidelberg", pages = "69--87", isbn = "978-3-662-49301-4", doi = "10.1007/978-3-662-49301-4_5", url = "http://dx.doi.org/10.1007/978-3-662-49301-4_5" } @article{vg_2015_login, author = {Verdult, Roel and Garcia, Flavio D.}, title = {Cryptanalysis of the {Megamos Crypto} Automotive Immobilizer}, journal = {USENIX ;login:}, publisher = {USENIX Association}, pages = {pp. 17--22}, volume = {40}, number = {6}, year = {2015}, } @inproceedings{vge_2015_usenix, author = {Verdult, Roel and Garcia, Flavio D. and Ege, Bar{\i}\c{s}}, title = {Dismantling {Megamos Crypto}: Wirelessly Lockpicking a Vehicle Immobilizer}, booktitle = {22nd USENIX Security Symposium (USENIX Security 2013)}, publisher = {USENIX Association}, pages = {703--718}, year = {2015}, } @inproceedings{cgrbt_2015_fc, title = {Relay Cost Bounding for Contactless {EMV} Payments}, author = {Tom Chothia and Flavio D. Garcia and Joeri de Ruiter and Jordi van den Breekel and Matthew Thompson}, booktitle = {19th International Conference on Financial Cryptography and Data Security (FC 2015)}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, volume = {7459}, pages = {189-206}, year = {2015}, } @ARTICLE{GKV_2014_IJIS, AUTHOR = {Garcia, Flavio D. and de Koning Gans, Gerhard and Verdult, Roel}, TITLE = {Wirelessly lockpicking a smart card reader}, JOURNAL = {International Journal of Information Security (IJIS)}, YEAR = {2014}, volume = {13}, number = {5}, pages = {403--420}, publisher = {Springer Berlin Heidelberg}, } @inproceedings{verdult2013megamos, author = {Verdult, Roel and Garcia, Flavio D. and Ege, Bar{\i}\c{s}}, title = {Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer}, booktitle = {22nd USENIX Security Symposium (USENIX Security 2013)}, publisher = {USENIX Association}, year = {2013}, note = {(Withdrawn due to interim injunction)} } @ARTICLE{GVJ_2013_CAMWA, AUTHOR = {Flavio D. Garcia and Eric R. Verheul and Bart Jacobs}, TITLE = {Cell-based Privacy-Friendly Roadpricing}, JOURNAL = {Computers \& Mathematics with Applications (CAMWA)}, YEAR = {2013}, volume = {65}, number = {5}, pages = {774--785}, } @inproceedings{verdult2012toolbox, title = {A Toolbox for {RFID} Protocol Analysis}, author = {Verdult, Roel and de Koning Gans, Gerhard and Garcia, Flavio D.}, booktitle = {4th International EURASIP Workshop on RFID Technology (EURASIP RFID 2012)}, publisher = {IEEE Computer Society}, year = {2012}, pages = {27--34} } @inproceedings{garcia2012iclass, title = {Dismantling {iClass and iClass Elite}}, author = {Garcia, Flavio D. and de Koning Gans, Gerhard and Verdult, Roel and Meriac, Milosch}, booktitle = {17th European Symposium on Research in Computer Security (ESORICS 2012)}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, pages = {697--715}, volume = {7459}, year = {2012}, } @inproceedings{verdult2012hitag2, author = {Verdult, Roel and Garcia, Flavio D. and Balasch, Josep}, title = {Gone in 360 Seconds: Hijacking with {Hitag2}}, booktitle = {21st USENIX Security Symposium (USENIX Security 2012)}, publisher = {USENIX Association}, pages = {237--252}, year = {2012}, } @INPROCEEDINGS{GVJ_2011_EuroPKI, AUTHOR = {Flavio D. Garcia and Eric R. Verheul and Bart Jacobs}, TITLE = {Cell-based Roadpricing}, BOOKTITLE = {8th European PKI Workshop (EuroPKI 2011)}, YEAR = {2012}, editor = {S. Petkova-Nikova and A. Pashalidis and G. Pernul}, series = {Lecture Notes in Computer Science}, volume = {7163}, pages = {106--122}, publisher = {Springer Heidelberg}, } @inproceedings{GKV_2011_woot, author = {Flavio D. Garcia and Gerhard de Koning Gans and Roel Verdult}, title = {Exposing {iClass} key diversification}, booktitle = {5th {USENIX} Workshop on Offensive Technologies (WOOT 2011)}, year = {2011}, location = {San Francisco, CA}, pages = {128--136}, publisher = {USENIX Association}, address = {Berkeley, CA, USA}, } @INPROCEEDINGS{GJ2010, AUTHOR = {Flavio D. Garcia and Bart Jacobs}, TITLE = {Privacy-friendly Energy-metering via Homomorphic Encryption}, BOOKTITLE = {6th Workshop on Security and Trust Management (STM 2010)}, YEAR = {2011}, editor = {J. Cuellar et al.}, series = {Lecture Notes in Computer Science}, volume = {6710}, pages = {226--238}, publisher = {Springer Verlag}, } @inproceedings{garcia2010cryptomemory, title = {Dismantling {SecureMemory, CryptoMemory and CryptoRF}}, author = {Garcia, Flavio D. and van Rossum, Peter and Verdult, Roel and Wichers Schreur, Ronny}, booktitle = {17th ACM Conference on Computer and Communications Security (CCS 2010)}, publisher = {ACM}, pages = {250--259}, year = {2010}, } @INPROCEEDINGS{dKGG2010, AUTHOR = {Gerhard de Koning Gans and Flavio D. Garcia}, TITLE = {Towards a Practical Solution to the {RFID} Desynchronization Problem}, BOOKTITLE = {6th Workshop on RFID Security (RFIDSec 2010)}, YEAR = {2010}, editor = {S.B. Ors Yalcin}, volume = {6370}, series = {Lecture Notes in Computer Science}, pages = {203--219}, publisher = {Springer Verlag}, } @INPROCEEDINGS{gr_2010_privacy_cardis, AUTHOR = {Flavio D. Garcia and Peter van Rossum}, TITLE = {Modeling Privacy for Off-line {RFID} Systems}, BOOKTITLE = {9th Smart Card Research and Advanced Applications (CARDIS 2010)}, YEAR = {2010}, editor = {D. Gollmann and J.-L. Lanet}, series = "Lecture Notes in Computer Science", volume = {6035}, pages = {194--208}, publisher = "Springer Verlag", } @INPROCEEDINGS{gg_2009_LightweightIBS, AUTHOR = {David Galindo and Flavio D. Garcia}, TITLE = {A {S}chnorr-like Lightweight Identity-Based Signature Scheme}, BOOKTITLE = {Progress in Cryptology {(AFRICACRYPT 2009)}}, YEAR = {2009}, editor = {Bart Preneel}, series = {Lecture Notes in Computer Science}, publisher = {Springer Verlag}, volume = {5580}, pages = {135--148}, } @INPROCEEDINGS{gvr_2009_privacy_RFIDSec, AUTHOR = {Flavio D. Garcia and Peter van Rossum}, TITLE = {Modeling Privacy for Off-line {RFID} Systems}, BOOKTITLE = {Workshop on {RFID} Security ({RFIDSec} 2009)}, YEAR = {2009}, editor = {Lejla Batina} } @INPROCEEDINGS{grvw_2009_pickpocket, AUTHOR = {Flavio D. Garcia and Peter van Rossum and Roel Verdult and Ronny Wichers Schreur}, TITLE = {Wirelessly pickpocketing a {Mifare Classic} card}, YEAR = {2009}, BOOKTITLE = {IEEE Symposium on Security and Privacy (S\&P 2009)}, publisher = {IEEE}, pages = {3--15}, } @INPROCEEDINGS{GKM+08Dismantling, AUTHOR = {Flavio D. Garcia and Gerhard de K{oning Gans} and Ruben Muijrers and Peter van Rossum and Roel Verdult and Ronny W{ichers Schreur} and Bart Jacobs}, TITLE = {Dismantling {MIFARE Classic}}, BOOKTITLE = {13th European Symposium on Research in Computer Security (ESORICS 2008)}, YEAR = {2008}, editor = {S. Jajodia and J. Lopez}, volume = {5283}, series = {Lecture Notes in Computer Science}, pages = {97--114}, publisher = {Springer Verlag}, } @INPROCEEDINGS{gg08Lightweight, AUTHOR = {David Galindo and Flavio D. Garcia}, TITLE = {A Lightweight Identity Based Signature Scheme}, BOOKTITLE = {3rd Benelux Workshop on Information and System Security (WISSEC 2008)}, YEAR = {2008}, } @inproceedings{dKGHG08Attack, AUTHOR = {Gerhard de K{oning Gans} and Jaap-Henk Hoepman and Flavio D. Garcia}, TITLE = {A Practical Attack on the {MIFARE Classic}}, BOOKTITLE = {8th Smart Card Research and Advanced Application Workshop (CARDIS 2008)}, publisher = "Springer Verlag", series = "Lecture Notes in Computer Science", volume = "5189", pages = "267--282", year = {2008}, } @ARTICLE{GvR08SoundCompl, AUTHOR = {Flavio D. Garcia and Peter van Rossum}, TITLE = {Sound and Complete Computational Interpretation of Symbolic Hashes in the Standard Model}, JOURNAL = {Theoretical Computer Science}, YEAR = {2008}, volume = {394}, number = {1--2}, pages = {112-133}, } @INPROCEEDINGS{ggr_2008_nmcom, AUTHOR = {David Galindo and Flavio D. Garcia and Peter van Rossum}, TITLE = {Computational Soundness of Non-Malleable Commitments}, BOOKTITLE = {4th Information Security Practice and Experience Conference (ISPEC 2008)}, YEAR = {2008}, editor = {Liqun Chen and Yi Mu and Willy Susilo}, series = "Lecture Notes in Computer Science", volume = {4266}, pages = {361--376}, publisher = "Springer Verlag", } @PHDTHESIS{Garcia08Phd, AUTHOR = {Flavio D. Garcia}, TITLE = {Formal and Computational Cryptography: Protocols, Hashes and Commitments}, SCHOOL = {Radboud University Nijmegen}, YEAR = {2008} } @INPROCEEDINGS{GvR06Soundness, AUTHOR = "Flavio D. Garcia and Peter van Rossum", TITLE = "Sound Computational Interpretation of Symbolic Hashes in the Standard Model", BOOKTITLE = "Advances in Information and Computer Security. International Workshop on Security (IWSEC 2006)", YEAR = "2006", editor = "Hiroshi Yoshiura and Kouichi Sakurai and Kai Rannenberg and Yuko Murayama and Shinichi Kawamura", volume = "4266", series = "Lecture Notes in Computer Science", pages = "33---47", month = "Oct 23-24", publisher = "Springer Verlag", } @TECHREPORT{GvR06_tech_rep, AUTHOR = "Flavio D. Garcia and Peter van Rossum", TITLE = "Sound Computational Interpretation of Formal Hashes", INSTITUTION = "Nijmegen Institute for Computing and Information Sciences", YEAR = "2006", address = "\url{http://www.cs.ru.nl/research/reports/info/ICIS-R06001.html}", number = "ICIS-R06001" } @INPROCEEDINGS{GHPvR05, AUTHOR = "Flavio D. Garcia and Ichiro Hasuo and Wolter Pieters and Peter van Rossum", TITLE = "Provable Anonymity", BOOKTITLE = "3rd ACM Workshop on Formal Methods in Security Engineering {(FMSE 2005)}", YEAR = "2005", editor = "Ralf {K\"usters} and John Mitchell", pages = "63--72", month = Nov, publisher = "ACM Press" } @INPROCEEDINGS{garcia2005karma, AUTHOR = "Flavio D. Garcia and Jaap-Henk Hoepman", TITLE = "Off-line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications", BOOKTITLE = "3th Applied Cryptography and Network Security (ACNS 2005)", YEAR = "2005", editor = "J. Ioannidis and A. Keromytis and M. Yung", volume = "3531", series = "Lecture Notes in Computer Science", pages = "364--377", address = "New York, NY, U.S.A.", month = "June 7--10", publisher = "Springer Verlag" } @InProceedings{garcia2005statickarma, author = "Flavio D. Garcia and Jaap-Henk Hoepman", title = "Off-line Karma: A Decentralized Currency for Static Peer-to-peer and Grid Networks", booktitle = "5th International Networking Conference (INC 2005)", editor = "S. Furnell and P. Dowland and G. Kormentazas", pages = "325--332", address = "Samos Island, Greece", month = "jul 5--7", year = "2005" } @InProceedings{garcia2004karmaabstract, author = "Flavio D. Garcia and Jaap-Henk Hoepman", title = "Off-line Karma: Towards a Decentralized Currency for Peer-to-peer and Grid Applications (Extended Abstract)", booktitle = "Workshop on Secure Multiparty Computations (SMP)", address = "Amsterdam, The Netherlands", month = "Oct 7--8", year = "2004" } @INPROCEEDINGS{GarciaHoepmanNieuwenhuizen04, AUTHOR = "Flavio D. Garcia and Jaap-Henk Hoepman and Jeroen van Nieuwenhuizen", TITLE = "Spam Filter Analysis", BOOKTITLE = "Security and Protection in Information Processing Systems. IFIP TC11 19th International Information Security Conference {(SEC 2004)}", YEAR = "2004", editor = "Deswarte and Y. and Cuppens and F. and Jajodia and S. and Wang, L.", address = "Toulouse, France", month = Aug, pages = "395-410", publisher = "Kluwer Academic Publishers" }