Posts
Marco and I talked about CTRAPS with Stephen Sims from Off By One Security about CTRAPS: CTAP Impersonation and API Confusion on FIDO2.
Thank you Stephen and Randall for inviting us and keep up with the awesome content in your YouTube channel!
This week we presented at IEEE Euro S&P'25 CTRAPS: CTAP Impersonation and API Confusion on FIDO2, a paper about the security and privacy of FIDO2, a widespread standard used for single-factor and multi-factor authentication. We focus on the Client to Authenticator Protocol (CTAP), an application layer protocol spoken by a FIDO2 authenticator (e.g., a YubiKey) and a client (e.g., a smartphone or a laptop). We uncover seven CTAP design issues in the FIDO2 standard, including the lack of Client to Authenticator authentication, and eleven related new attacks we call CTRAPS.
Mathy Vanhoef and I are co-chairing NDSS'26 Artifact Evaluation (AE).
We are looking for motivated PhD and Postdocs to self-nominate themselves for the NDSS'26 Artifact Evaluation Committee (AEC). Joining it would offer them practical experience and may ease developing artifact submissions for their papers.
Alfred Menezes has published a fantastic online course on real-world cryptography called Crypto 101: Real-World Deployments.
It is an honor to be featured in the Bluetooth Security Lecture (Lecture 4) which talks about the KNOB attack.
Salut, Marco Casagrande will talk about E-Spoofer and I will talk about BLUFFS at the 2024 Toulouse Hacking Convention (THCON)! Both research works are funded by the ORSHIN Horizon Europe research grant.
- E-Spoofer talk: 4th April 2024, 10:15-10:45
- BLUFFS talk: 4th April 2024, 11:15-10:45
- Where: Marthe Condat auditorium, Paul Sabatier University, Toulouse
- THCON program
See you in Toulouse 🇫🇷 at THCON'24
