Just a few more days to register to CyberChallenge.IT!
We are looking for the next generation of cyberdefenders! Are you 16-23? Sign up by February 6, 2020.
Author: riccardo
I am Full Professor in Computer Science at the University Ca' Foscari of Venice. My main research interest is computer and network security, from foundations to practical aspects. I coordinate secgroup@cafoscari.
How secure is HTTPS?
Our paper on TLS security analysis in the wild has been presented at IEEE S&P 2019 and covered on wired!
Here is the preview video and the dedicated web page for more detail.
See also my interview (in Italian) on the Ca’ Foscari news.
New attacks on crypto tokens
We performed some experiments on the low-level APDU protocols of several smartcards and authentication tokens. Results include sensitive cryptographic keys in the clear, PINs in the clear or easily reversible, stateless protocols that allow easy injection of commands and restrictions on key use enforced at the PKCS#11 (driver) level that are trivially bypassed at the APDU level.
Our findings will be presented in September at the 19th International Symposium on Research in Attacks, Intrusions and Defenses – RAID 2016 (a preprint of the paper is available here).
We have published a summary of the paper.
Clipperz seminar @ secgroup
On June 11, Giulio Cesare Solaroli, Marco Barulli and Dario Chiappetta have visited our group to talk about the Clipperz system and discuss challenging issues regarding encrypted cloud. Clipperz is a sophisticated system that makes it possible to store sensitive data in the cloud while providing an extremely high level of privacy. All the sensitive operations are performed in the client so that Clipperz backend will never be able to access user’s data in the clear. Interestingly, Clipperz is not even aware of actual usernames so that an attack to the server database would not allow to link (encrypted) data to users.
Thanks to Giulio, Marco and Dario for the very interesting day! We hope to hear more from Clipperz …
ASA Workshop in Verona with IEEE CSF
I’m proud to chair upcoming ASA workshop that will take place in Verona on 13th of July 2015, as satellite of IEEE CSF’15.
Convegno Nazionale Cyber Security
Riccardo Focardi will present Cryptosense at the National Congress on Cyber Security, organized by Centro Studi Difesa e Sicurezza (CESTUDIS) and Centro di Ricerca di Cyber Intelligence e Information Security of University “La Sapienza”, Rome in collaboration with Dipartimento informazione e sicurezza della Presidenza del Consiglio dei Ministri.
The aim of the congress is to support collaboration among government agencies, universities and private companies working in critical infrastructures, finance, economy and security systems.
The meeting is on December 1, 2014 at Aula Magna of University “La Sapienza”. Here you can find the detailed program and on-line registration.
PhD position in Venice and Paris
The information security group at Ca’ Foscari University, Venice, has an open fully funded PhD position on “Automated analysis of cryptographic and hardened systems”. The position is co-funded by the PRIN Research Project “Security Horizons” and by the spin-off Cryptosense.
The PhD student will mainly work on developing models and theories for systems and cryptographic devices that are applicable in practice. The research will be organized in collaboration with Cryptosense, Paris, a spin-off specialized in the development of security analysis software for the financial, industrial and government sectors.
For more information please contact Prof. Riccardo Focardi.
Appication deadline is May 29th, 2014 at 1:00 pm (CEST) and can be done on-line here.
PhD positions in Computer Science
Ca’ Foscari University of Venice announces 10 PhD positions (6 with scholarship) in Computer Science. The programme is three years long in a context where all the graduate programmes (Master and PhD) are taught in English.
PhD students will have the opportunity to do their work inside the well-established research centres:
- ACADIA (AdvanCes in Autonomous, DIstributed and pervAsive systems)
- KIIS (Knowledge, Interaction and Intelligent Systems)
In particular, secgroup@unive proposes PhD research projects on the following topics:
1) Analysis of Security APIs
2) Models and tools for highly secure systems
Research will be done under my guidance in the very stimulating context of secgroup@unive also known as c00kies@venice in hacking competitions. For topic 1 it will be possible a collaboration with the spin-off Cryptosense.
Application deadline is 27th May 2013 – at 12:00 pm (CEST). More information and on-line application available here.
RSA padding oracle hands-on
I’ve published a hands-on guide to Padding Oracle Attacks on RSA that appears in Hakin9 – Defend Yourself! Hands-on Cryptography. It is a practical experience on how to break RSA using a side-channel and contains references to our recent results on real devices.
The “Million Message Attack” in 15,000 Messages
An article on our paper “Efficient Padding Oracle Attacks on Cryptographic Hardware“, to appear at CRYPTO 2012 this August, has been published today on the New-York Times. The news seems to be bouncing back and forth on many blogs, sometimes imprecise and exaggerated. Our FAQ page should clarify any doubt you might have. If you are curious and you don’t want to go through the full paper, Matthew Green’s blog provides a very nice write-up.