Mathy Vanhoef
YOU?
Author Swipe
View article: LANShield: Analysing and Protecting Local Network Access on Mobile Devices
LANShield: Analysing and Protecting Local Network Access on Mobile Devices Open
Home and workplace networks typically safeguard against external threats but allow internal devices to communicate freely with each other. As a result, malicious code on an internal device can collect sensitive data about other devices or …
View article: Can You Tell Me the Time? Security Implications of the Server-Timing Header
Can You Tell Me the Time? Security Implications of the Server-Timing Header Open
Performing a remote timing attack typically entails the collection of many timing measurements in order to overcome noise due to network jitter. If an attacker can reduce the amount of jitter in their measurements, they can exploit timing …
View article: The Closer You Look, The More You Learn
The Closer You Look, The More You Learn Open
We propose a new approach to infer state machine models from protocol implementations. Our new tool, StateInspector, learns protocol states by using novel program analyses to combine observations of run-time memory and I/O. It requires no …
View article: Let numbers tell the tale
Let numbers tell the tale Open
status: Published
View article: The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning
The Closer You Look, The More You Learn: A Grey-box Approach to Protocol State Machine Learning Open
In this paper, we propose a new approach to infer state machine models from protocol implementations. Our method, STATEINSPECTOR, learns protocol states by using novel program analyses to combine observations of run-time memory and I/O. It…
View article: Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections
Timeless Timing Attacks: Exploiting Concurrency to Leak Secrets over Remote Connections Open
To perform successful remote timing attacks, an adversary typically collects a series of network timing measurements and subsequently performs statistical analysis to reveal a difference in execution time. The number of measurements that m…
View article: Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Open
The WPA3 certification aims to secure home networks, while EAP-pwd is used by certain enterprise Wi-Fi networks to authenticate users. Both use the Dragonfly handshake to provide forward secrecy and resistance to dictionary attacks. In thi…
View article: Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Open
status: Published online
View article: Denial of Service Attacks Against the 4-Way Wi-Fi Handshake
Denial of Service Attacks Against the 4-Way Wi-Fi Handshake Open
The 4-way Wi-Fi handshake is used to negotiate fresh pairwise keys, and authenticates both the client and Access Point (AP).We analyze this handshake, and discover several new denial-ofservice (DoS) attacks against it.Interestingly, our at…
View article: Request and conquer: exposing cross-origin resource size
Request and conquer: exposing cross-origin resource size Open
Numerous initiatives are encouraging website owners to enable and enforce TLS encryption for the communication between the server and their users. Although this encryption, when configured properly, completely prevents adversaries from dis…
View article: Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys
Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys Open
We analyze the generation and management of 802.11 group keys. These keys protect broadcast and multicast Wi-Fi traffic. We discovered several issues and illustrate their importance by decrypting all group (and unicast) traffic of a typica…
View article: Defeating MAC Address Randomization Through Timing Attacks
Defeating MAC Address Randomization Through Timing Attacks Open
MAC address randomization is a common privacy protection measure deployed in major operating systems today. It is used to prevent user-tracking with probe requests that are transmitted during IEEE 802.11 network scans. We present an attack…
View article: Why MAC Address Randomization is not Enough
Why MAC Address Randomization is not Enough Open
We present several novel techniques to track (unassociated) mobile devices by abusing features of the Wi-Fi standard. This shows that using random MAC addresses, on its own, does not guarantee privacy.\n\nFirst, we show that information el…
View article: All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and {TLS}
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and {TLS} Open
We present new biases in RC4, break the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP), and design a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol. To empirically find new biases…