Posts

CTRAPS at Euro S&P'25 and DEF CON 33

This week we presented at IEEE Euro S&P'25 CTRAPS: CTAP Impersonation and API Confusion on FIDO2, a paper about the security and privacy of FIDO2, a widespread standard used for single-factor and multi-factor authentication. We focus on the Client to Authenticator Protocol (CTAP), an application layer protocol spoken by a FIDO2 authenticator (e.g., a YubiKey) and a client (e.g., a smartphone or a laptop). We uncover seven CTAP design issues in the FIDO2 standard, including the lack of Client to Authenticator authentication, and eleven related new attacks we call CTRAPS.

NDSS'26 Artifact Evaluation Comitee Self-Nomination

Mathy Vanhoef and I are co-chairing NDSS'26 Artifact Evaluation (AE).

We are looking for motivated PhD and Postdocs to self-nominate themselves for the NDSS'26 Artifact Evaluation Committee (AEC). Joining it would offer them practical experience and may ease developing artifact submissions for their papers.

KNOB Attack and Crypto 101 by Alfred Menezes

Alfred Menezes has published a fantastic online course on real-world cryptography called Crypto 101: Real-World Deployments.

It is an honor to be featured in the Bluetooth Security Lecture (Lecture 4) which talks about the KNOB attack.

E-Spoofer and BLUFFS Talks at THCON'24

Salut, Marco Casagrande will talk about E-Spoofer and I will talk about BLUFFS at the 2024 Toulouse Hacking Convention (THCON)! Both research works are funded by the ORSHIN Horizon Europe research grant.

  • E-Spoofer talk: 4th April 2024, 10:15-10:45
  • BLUFFS talk: 4th April 2024, 11:15-10:45
  • Where: Marthe Condat auditorium, Paul Sabatier University, Toulouse
  • THCON program

See you in Toulouse 🇫🇷 at THCON'24