Conference Programme

September 18-20, 2018
Rennes, France


Registration >>
Venue >>
Social Event >>





The programme consists of 16 invited talks (45 minutes) and two sessions devoted to 5-min talks about the Cryptacus’ book written in 2018.



Invited Speakers (45-minute talks):

Lejla Batina
Radboud University Nijmegen, The Netherlands
Title Physical attacks on EdDSA
Abstract Physical attacks are a continuous and present threat for embedded devices. In this talk I will present some recent attacks on real-world implementations and in particular I will explain how to break an Ed25519 implementation in WolfSSL, which is a use case for IoT applications. I will describe two recent attacks on the scheme, one of which is based on power analysis and the other one relies on fault injection by glitching techniques.
Biography Lejla Batina is a professor in the Institute of Computer and Information Sciences at the Radboud University in Nijmegen, the Netherlands. Her research focuses on applied cryptography and hardware security, and in particular on public-key cryptography. She is the recipient of a VIDI grant by the Dutch government, which allowed her to start her own research group working on different aspects of applied cryptography and embedded security. She received her Ph.D. in cryptography from Katholieke Universiteit Leuven, Belgium in 2005. She has also studied at the Eindhoven University of Technology,(Mathematics for industry, Professional Doctorate in Engineering in 2001) and worked as a cryptographer for SafeNet B.V. (2001-2003).

She has published more than 100 refereed papers and served at 70+ program committees and gave more than 40 invited talks at conferences and summer schools. She has chaired RFIDSec09 and CHES 2012 (as general co-chair) and she was the general chair of RFIDSec12 in Nijmegen. She was a program co-chair of CHES 2014 (the IACR flagship conference on cryptographic hardware) in Busan, Korea.

Srdjan Capkun
ETH Zurich, Switzerland
Title On Secure Positioning and Location-Based Security
Abstract In this talk I will review security issues in today’s navigation and close-range positioning systems. I will discuss why GNS systems like GPS are hard to fully secure and will present novel solutions that can be used to improve the robustness of GNS systems to attacks. I will then show how a different design of a positioning system can enable secure positioning, but also that this requires solving a set of relevant physical- and logical- layer challenges. Finally I will present a design and implementation of a fully integrated IR UWB secure distance measurement (distance bounding) system that solves these challenges and enables secure distance measurement and secure positioning in IoT applications. Finally, I will review possible uses of positioning in security applications such as authentication and access control.
Biography Srdjan Capkun (Srđan Čapkun) is a Full Professor in the Department of Computer Science, ETH Zurich and Director of the Zurich Information Security and Privacy Center (ZISC). He was born in Split, Croatia. He received his Dipl.Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998, and his Ph.D. degree in Communication Systems from EPFL in 2004. Prior to joining ETH Zurich in 2006 he was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modelling Department, Technical University of Denmark (DTU). His research interests are in system and network security. One of his main focus areas is wireless security. He is a co-founder of 3db Access, a company focusing on secure distance measurement and proximity-based access control, and of Sound-Proof a spin-off focusing on usable on-line authentication. In 2016 he received an ERC Consolidator Grant for a project on securing positioning in wireless networks.
Orr Dunkelman
University of Haifa, Israel
Title Old Attacks and Tricks on New Lightweight Designs
Abstract Lightweight cryptographic designs try to push the security/efficiency tradeoff to the point of maximal efficiency which is still secure. This optimization sometimes leads to successful cryptanalytic attacks against the newly proposed schemes. In this talk we will show how this aggresive optimization allows for “old” attacks such as meet in the middle attacks and fixed-point based attacks.
Biography Orr Dunkelman is an associate professor in the Computer Science department at the University of Haifa. His research focuses on cryptanalysis, cryptography, security, and privacy. He is best known for his work on symmetric-key cryptanalysis, mostly of block ciphers, and the introduction of new cryptanalytic techniques. Orr has worked on many of the most widely deployed ciphers such as the AES, KASUMI (used in 3G mobile networks), A5/1 (used in GSM networks), and IDEA, publishing more than 90 papers in international venues.

He served in more than 80 conference committees, five times as the program chair (FSE 2009, CT-RSA 2012, SAC 2015, INDOCRYPT 2016, and LATINCRYPT 2017), and has won several distinctions and awards (e.g., best paper awards in Crypto 2012 and FSE 2012). In addition, he has served as the general chair of EUROCRYPT 2018. Orr obtained his Ph.D. in computer science in 2006 from the Technion and a B.A. in computer science in 2000 from the Technion.

aurel Aurélien Francillon
Eurecom, France
Title Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Abstract The drive for ever smaller and cheaper components in microelectronics has popularized so-called “mixed-signal circuits,” in which analog and digital circuitry are residing on the same silicon die. A typical example is WiFi chips which include a microcontroller (digital logic) where crypto and protocols are implemented together with the radio transceiver (analog logic). The special challenge of such designs is to separate the “noisy” digital circuits from the sensitive analog side of the system.

In this talk, we show that although isolation of digital and analog components is sufficient for those chips to work, it’s often insufficient for them to be used securely. This leads to novel side-channel attacks that can break cryptography implemented in mixed-design chips over potentially large distances. This is crucial as the encryption of wireless communications is essential to widely used wireless technologies, such as WiFi or Bluetooth, in which mixed-design circuits are prevalent on consumer devices.

The key observation is that in mixed-design radio chips the processor’s activity leaks into the analog portion of the chip, where it is amplified, up-converted and broadcast as part of the regular radio output. While this is similar to electromagnetic (EM) side-channel attacks which can be mounted only in close proximity (millimeters, and in a few cases a meter), we show that it is possible to recover the original leaked signal over large distances on the radio. As a result, variations of known side-channel analysis techniques can be applied, effectively allowing us to retrieve the encryption key by just listening on the air with a software defined radio (SDR).

Biography Aurélien Francillon is an assistant professor in the Networking and Security department at EURECOM, in the System and Software Security group ( Before this he received PhD degree in 2009 from INRIA and Grenoble INP, then, he was a postdoctoral researcher in the System Security Group at ETH Zurich. He is mainly interested in practical aspects of the security of embedded devices. In this context he has worked on topics such as code injection, code attestation, random number generation, hardware support for software security, bug finding techniques as well as on broader security and privacy topics.
aurel Yanick Fratantonio
Eurecom, France
Title Betrayed by the Android User Interface: why a Trusted UI Matters
Abstract In the latest years, the Android platform went through a lot of changes and security enhancements. Most of these improvements relate to low-level mechanisms and current devices are significantly more difficult to compromise than ever before. This talk will show, however, that without a “trusted UI” many of these mechanisms can be bypassed. In particular, we will cover two main UI-related open problems, clickjacking and phishing, and we will discuss possible solutions.
Biography Yanick Fratantonio is an assistant professor in the Digital Security department within the Software and System Security group at Eurecom. He obtained a PhD in Computer Science from University of California, Santa Barbara (2017). His research interests span many areas of systems and software security, such as mobile system security, program analysis, malware detection, and vulnerability analysis. Yanick has published more than 20 papers, many of which appeared in top-tier academic and industry conferences, such as IEEE Security & Privacy, USENIX Security, ACM CCS, NDSS, and Black Hat. His work has received the Distinguish Practical Paper Award from IEEE Security & Privacy 2017 and a Pwnie Award for Best Privilege Escalation. He is serving on the program committee of leading systems security conferences and workshops, such as USENIX Enigma, ACSAC, and USENIX WOOT. Yanick is also a member of the “Order of the Overflow” team, the current DEF CON CTF organizers.
Kevin Fu
The University of Michigan, USA
Title Analog Cybersecurity and Transduction Attacks
Abstract Medical devices, autonomous vehicles, and the Internet of Things depend on the integrity and availability of trustworthy data from sensors to make safety-critical, automated decisions. How can such cyberphysical systems remain secure against an adversary using intentional interference to fool sensors? Building upon classic research in cryptographic fault injection and side channels, research in analog cybersecurity explores how to protect digital computer systems from physics-based attacks. Analog cybersecurity risks can bubble up into operating systems as bizarre, undefined behavior. For instance, transduction attacks exploit vulnerabilities in the physics of a sensor to manipulate its output. Transduction attacks using audible acoustic, ultrasonic, or radio interference can inject chosen signals into sensors found in devices ranging from fitbits to implantable medical devices to drones and smartphones.

Why do microprocessors blindly trust input from sensors, and what can be done to establish trust in unusual input channels in cyberphysical systems? Why are students taught to hold the digital abstraction as sacrosanct and unquestionable? Come to this talk to learn about undefined behavior in basic building blocks of computing. I will discuss how to design out analog cybersecurity risks by rethinking the computing stack from electrons to bits.

Biography Kevin Fu is Associate Professor of EECS at the University of Michigan where he directs the SPQR lab ( and the Archimedes Center for Medical Device Security ( His research focuses on analog cybersecurity—how to model and defend against threats to the physics of computation and sensing. His embedded security research interests span from the physics of cybersecurity through the operating system to human factors. Past research projects include MEMS sensor security, pacemaker/defibrillator security, cryptographic file systems, web authentication, RFID security and privacy, wirelessly powered sensors, medical device safety, and public policy for information security & privacy.

Kevin was recognized as an IEEE Fellow, Sloan Research Fellow, MIT Technology Review TR35 Innovator of the Year. He received best paper awards from USENIX Security, IEEE S&P, and ACM SIGCOMM. He co-founded healthcare cybersecurity startup Virta Labs. He is a member the Computing Community Consortium Council, ACM Committee on Computers and Public Policy, and the USENIX Security Steering Committee. Kevin previously served as program chair of USENIX Security, a member of the U.S. NIST Information Security and Privacy Advisory Board, a visiting scientist at the U.S. Food & Drug Administration, and an advisor for Samsung’s Strategy and Innovation Center. Kevin received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute.

Flavio Garcia
University of Birmingham, UK
Title Beneath the Bonnet: a Breakdown of Automotive Diagnostic Security
Biography Flavio Garcia is a Professor of Computer Security at the Birmingham Centre for Cyber Security and Privacy, University of Birmingham. His work focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices like smart cards and automotive components. His research achievements include breakthroughs such as the discovery of vulnerabilities in four of the most widely used contactless smart cards in electronic payment (e.g. Oyster Card) and access control systems (e.g. Amsterdam Airport).

In the field of automotive security, Garcia has found critical security vulnerabilities in the HiTag2 and Megamos Crypto immobilizer key fobs. Furthermore, his research shows that many automotive remote keyless entry systems have serious vulnerabilities that allow an adversary to wirelessly open the vehicle’s doors (without having the key).

Over the last few years, Garcia has been working on the development of semi-automated security analysis tools, some of which have been able to detect MITM TLS vulnerabilities in several banking apps.

Daniel Gruss
Graz University of Technology, Austria
Title Recent Developments in Microarchitectural Attacks: Meltdown, Spectre, and Rowhammer.
Abstract In this talk, we will discuss software-based microarchitectural attacks, with a focus on Meltdown and Spectre. We will discuss memory timing and cache attacks. After building our first cache attack we will directly continue with Meltdown and Spectre. The talk will provide a detailed explanation of how these attacks fundamentally work. We will discuss countermeasures to protect against these attacks. Finally, we will discuss how we got into this situation with microarchitectural attacks and what we can learn from this development.
Biography Daniel Gruss (@lavados) is a PostDoc at Graz University of Technology. He has been involved in teaching undergraduate courses since 2010. Daniel’s research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating systems. He implemented the first remote fault attack running in a website, known as Rowhammer.js. He spoke at top international venues, including Black Hat USA 2016, Usenix Security 2015 & 2016, ACM CCS 2016, IEEE S&P 2018, the Chaos Communication Congress 2015, and many more. His research team was one of the four teams that found the Meltdown and Spectre bugs published in early 2018.
Mirosław Kutyłowski
Wroclaw University of Technology, Poland
Title Emerging security challenges for ubiquitous devices
Abstract Creation of widespread systems composed of presumably low cost devices brings new and severe security challenges.

The first challenge discussed is loosing strict control over device production and distribution — they have to be considered as retail market products of an uncertain origin. Consequently, we cannot assume that they do not contain trapdoors and weaknesses (both intentional as well as unintentional ones). Our approach proposed is to deploy watchdog devices that secure protocol execution. The strategy is not to redesign the protocols from scratch, but to replace problematic basic components of these protocols by their secure versions controlled by the watchdog.

The second challenge concerned is privacy is ad hoc networks. In most situations we require identification of at least one of the protocol partners and transmitting its identifier in clear. As communication is frequently over a public channel, this inevitably creates a good opportunity for a Big Brother. Unfortunately, in this area there are only some partial solutions, especially if only symmetric cryptography is concerned.

Biography Mirosław Kutyłowski is a full professor at Wrocław University of Science and Technology. Graduated at Wrocław University, later a Humboldt Fellow at Technical University Darmstadt and Hochschuldozent at Paderborn University. Currently elected to the state Commission for Academic Degrees in Poland. He is a visiting professor at Xidian University. He specializes in technologies devoted to personal data protection, such as anonymous communication protocols, e-voting, pseudonymous signatures, as well as privacy protection mechanisms for electronic identity documents and IoT. He also focuses on protection against malicious cryptography and subversion resilience.
Annelie Heuser
Title Side-channel assessment of lightweight ciphers for IoT
Abstract Due to the new challenges in the arising Internet of Things (IoT), lightweight cryptography has become one of the “hot topics” in symmetric cryptography.
A large number of lightweight algorithms have been published, standardized and pushed forward for commercial use.
Yet, their side-channel security has not been evaluated, nor compared against each other.
This talk will consider various side-channel analysis metrics which should provide an insight on the resistance of lightweight ciphers against side-channel attacks.
In particular, we will cover non-profiled scenarios using the theoretical confusion coefficient and empirical optimal distinguisher as well as profiled side-channel analysis using various machine learning attacks.
Biography Annelie Heuser is a permanent researcher of the French National Center for Scientific Research (CNRS) at IRISA, Rennes, France. She was a postdoctoral researcher at TELECOM- ParisTech, where she also obtained her PhD in 2016. Prior to that, she was an associated researcher at the Center for Advanced Security Research Darmstadt (CASED) in Germany. Her main research interests lie in the area of side-channel analysis, machine learning, hardware security, and malware detection/classification.
Stjepan Picek
TU Delft, The Netherlands
Title Machine Learning for Side-channel Analysis
Abstract Recent years showed that machine learning techniques can be a powerful paradigm for side-channel attacks (SCA), especially profiling SCA. Still, despite all the success, we are limited in our understanding when and how to select appropriate machine learning techniques. Additionally, the results we can obtain are empirical and valid for specific cases where generalization is often difficult. We start this talk with a short introduction to side-channel analysis and profiling attacks. Next, we discuss several well-known ML techniques, the results obtained, and their limitations. We cover not only the classification part of the attack but also topics like feature selection, pre-processing of data, and hyper-parameter tuning. Finally, the last part of the talk concentrates on deep learning techniques and potential benefits such techniques can bring to SCA.
Biography Stjepan Picek is an assistant professor at the Cyber Security group of the Faculty of Electrical Engineering, Mathematics and Computer Science, TU Delft, The Netherlands.
In July 2015, he completed his PhD at Radboud University Nijmegen, The Netherlands, and Faculty of Electrical Engineering and Computing, Zagreb, Croatia. Following that, he first worked as a postdoctoral researcher at KU Leuven, Belgium and after that, at CSAIL/MIT, USA. Stjepan also worked for a number of years in the industry.
His research interests are at the intersection of cryptography, cybersecurity, evolutionary computation, and machine learning. He currently serves as a president of IEEE CIS Croatia chapter and program committee member and reviewer for a number of conferences and journals.
Bart Preneel
KU Leuven, Belgium
Title Challenges for Embedded Cryptography
Agusti Solanas
Universitat Rovira i Virgili, Spain
Title An Introduction to Privacy-Preserving Process Mining: A Study in the Healtcare Sector
Abstract In this invited talk we will recall the idea of Process Mining (PM) and, we will revise its origins and current state of development. Since PM has been applied to a variety of fields, we will focus on its use in the healthcare sector, and explore its main applications in this field. After identifying the most relevant challenges that PM has to face, we will concentrate on one of the most relevant: Privacy, and we’ll propose the notion of Privacy-Preserving Process Mining (3PM). We will show some simple privacy vulnerabilities of common process mining techniques and suggest possible countermeasures. We will illustrate those vulnerabilities with real examples from the healthcare sector, and show some preliminary analyses and experimental results. The talk will be introductory in nature and might be of interest to researchers in the field of privacy protection, data science, and hospital management.
Biography Dr. Solanas is the head of the Smart Health Research Group and Associate Professor at the Rovira i Virgili University (URV), Catalonia. He obtained an M.Sc. degree in Computer Engineering from URV in 2004 with honours (Outstanding Graduation Award). He received a Diploma of Advanced studies (M.Sc.) in Telematics from Technical University of Catalonia (UPC) in 2006. He obtained a Ph.D. in Telematics Engineering from UPC in 2007 with honours (A cum laude). In 2012 and 2013, he was visiting researcher in the Department of Mathematics and Physics of the University of Rome Tre (Italy), and in the Department of Mathematics of the University of Padua (Italy), respectively. His fields of activity are mobile health, smart health, privacy, ubiquitous computing, and artificial intelligence specifically: clustering, pattern recognition and evolutionary computation. He has participated and led several research projects, and authored over 150 publications. He is senior member of the IEEE.
Ingrid Verbauwhede
KU Leuven, Belgium
Title The need for Hardware roots of trust
Abstract Electronics make our environment smart: we talk about smart homes, smart city, smart energy, smart cars, and many more. However, making something smart and connected, also makes it vulnerable to a wide range of attacks. Adding security and cryptography to these often very resource constraint devices is a challenge. Security functionality can often be added as software, however there will always be the need for hardware roots of trust, such as secure key storage and the generation of true random numbers. This presentation will focus design methods for hardware roots of trust and more specifically on Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNG), two essential roots of trust.
Biography Dr. Ir. Ingrid Verbauwhede is a Professor in the research group COSIC of the Electrical Engineering Department of the KU Leuven. She is also adjunct professor at the University of California Los Angeles. At COSIC, she leads the embedded systems and hardware group. She joined KU Leuven in 2003 and UCLA in 1998. She is a Member of IACR and a fellow of IEEE. She was elected as member of the Royal Flemish Academy of Belgium for Science and the Arts in 2011. She is a recipient of an ERC Advanced Grant in 2016 and received the IEEE 2017 Computer Society Technical Achievement Award.

She is a pioneer in the field of efficient and secure implementations of cryptographic algorithms in embedded context on ASIC, FPGA and embedded SW. She is the author and co-author of more than 300 publications at conferences, journals, book chapters and books. She graduated 34 PhD students since 2004. They now have positions in academia and industry, all over the world. Her list of publications and patents is available at

Edgar Weippl
TU Wien, Austria
Title Distributed Ledger Technology, Blockchain & Crypto Currencies – Hype & an Opportunity for Interdisciplinary Research
Abstract With the increase of interconnectivity and ubiquitous data access, new services have emerged. Distributed Ledger Technologies and their underlying principles can be used to reach agreement or consensus upon a distributed state in a highly distributed environment. They have many different aspects and can therefore be viewed from various angles, including the financial and economic, legal, political, and sociological perspective, as well as considering technical and socio-technical points of view.

In the presentation I will show three aspects that are important in our research: (1) theoretical foundations, (2) understanding real world phenomena, and (3) impact. For instance, proof-of-work (PoW) as used in Bitcoin is not only relevant to achieving consensus but also serves as a source of randomness. Without it leader selection becomes an issue. Finally, understanding economic incentives and malicious behavior to undermine consensus in public blockchains is important to create a stable cryptocurrency environment upon which new services can be built.

Biography Edgar R. Weippl is Research Director of SBA Research and Privatdozent at the Vienna University of Technology and teaches at several universities of applied sciences. He focuses on (1) fundamental and applied research on blockchain and distributed ledger technologies and (2) security of production systems engineering.
He is on the editorial board of Elsevier’s Computers & Security journal (COSE), PC chair of ESORICS 2015, general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.
Wenyuan Xu
Zhejiang University, China
Title Analog Cybersecurity of Cyber-Physical Systems—from 0101 to Mixed Signals
Abstract Much security research focuses on protecting the digitalized information, e.g., securing communication via cryptographic methods. Nevertheless, hardware implementation and its internal signal conditioning path could undermine the otherwise secure mechanisms, e.g., attackers can extract secret keys via side channels. As the emerging cyber-physical systems depend on sensors to make automated decisions, it is critical to examine analog cybersecurity, i.e., analyzing the integrity and dependability of information prior to its digitalization. Such a problem is especially important in cyber-physical systems because they depend on sensors to make automated decisions. In this talk, we illustrate a few analog signal injection attacks that utilize the build-in hardware vulnerabilities of various commodity sensing systems as well as proposing the defense strategies. Our work calls into questioning the wisdom of allowing microprocessors and embedded systems to blindly trust that hardware abstractions alone will ensure the integrity of sensor outputs.
Biography Wenyuan Xu is currently a professor in the College of Electrical Engineering at Zhejiang University. She received her B.S. degree in Electrical Engineering from Zhejiang University in 1998, an M.S. degree in Computer Science and Engineering from Zhejiang University in 2001, and the Ph.D. degree in Electrical and Computer Engineering from Rutgers University in 2007. Her research interests include wireless networking, embedded systems security, and IoT security. Dr. Xu received the NSF Career Award in 2009 and was selected as a young professional of the thousand talents plan in China in 2012. She was granted tenure (an associate professor) in the Department of Computer Science and Engineering at the University of South Carolina in the U.S. She has served on the technical program committees for several IEEE/ACM conferences on wireless networking and security, and she is an associated editor of Transactions on Sensor Networks (TOSN). She has published over 60 papers and her papers have been cited over 4000 times (Google Scholar).