Professor Flavio Garcia

Professor Flavio Garcia

School of Computer Science
Professor of Computer Security

Contact details

Email
f.garcia@bham.ac.uk
View my research portal
Address
School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

Flavio Garcia is a Professor of Computer Security and EPSRC Fellow at the Birmingham Centre for Cyber Security and Privacy. His work focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices like smart cards and automotive components.

Flavio research focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices such as automotive key fobs and smart cards. His research has identified security vulnerabilities in secured building access, vehicle security and secure mobile phone apps. This has motivated improvements in operational procedures, product redesign and even policy reform. 

His research achievements include the discovery of vulnerabilities in some of the most widely used contactless smart cards, vehicle immobiliser and remote keyless entry systems, implantable cardiac defibrillators and mobile banking apps.

Improving Vehicle Security

Please follow the link below to find out more about Flavio's work:

Professor Flavio Garcia- personal web page

Teaching

  • Spring 2018, Security Research Seminar (M.Sc.)

  • Spring 2018, Pentesting (M.Sc.)

  • Spring 2017, Security Research Seminar (M.Sc.)

  • Spring 2016, Security Research Seminar (M.Sc.)

  • Spring 2015, Internet Security Seminar (M.Sc.)

  • Spring 2014, Internet Security Seminar (M.Sc.)

Postgraduate supervision

PhD Students

Present

  • Andreea Radu

  • Chris Hicks

  • Jan Van Den Herrewegen

  • Chris McMahon Stone

  • Georgios Vasilakis

  • Kerry Murdock

  • Owen Pemberton

  • Abdulla Aldoseri

  • Zitai Chen

Past

Research

  • Automotive Security

  • Embedded devices security

  • Cryptanalysis and reverse engineering

  • RFID security and privacy

  • Privacy Enhancing Technologies

Improving Vehicle Security

Publications

Recent publications

Article

Thomas, S, Van Den Herrewegen, J, Vasilakis, G, Chen, Z, Ordean, M & Garcia, F 2021, 'Cutting through the complexity of reverse engineering embedded devices', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 3, pp. 360-389. https://doi.org/10.46586/tches.v2021.i3.360-389

Van Den Herrewegen, J, Oswald, D, Garcia, F & Temeiza, Q 2020, 'Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 1. https://doi.org/10.46586/tches.v2021.i1.56-81

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, 'Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble', IEEE Security & Privacy Magazine, vol. 18, no. 5, pp. 28-37. https://doi.org/10.1109/MSEC.2020.2990495

Wouters, L, Van Den Herrewegen, J, Garcia, FD, Oswald, D, Gierlichs, B & Preneel, B 2019, 'Dismantling DST80-based Immobiliser Systems', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 2, pp. 99-127. https://doi.org/10.13154/tches.v2020.i2.99-127

Conference article

Hicks, C, Garcia, FD & Oswald, D 2018, 'Dismantling the AUT64 Automotive Cipher', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 2, pp. 46-69. https://doi.org/10.13154/tches.v2018.i2.46-69

Conference contribution

Hicks, C & Garcia, FD 2020, A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2X. in Proceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020., 9230371, Proceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020, Institute of Electrical and Electronics Engineers (IEEE), pp. 460-473, 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020, Virtual, Genoa, Italy, 7/09/20. https://doi.org/10.1109/EuroSP48549.2020.00036

Hicks, C & Garcia, F 2020, A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2X Christopher Hicks. in 5th IEEE European Symposium on Security and Privacy. IEEE Computer Society Press, 5th IEEE European Symposium on Security and Privacy (EuroS&P), Genova, Italy, 7/09/20.

Radu, AI & Garcia, FD 2020, Grey-box analysis and fuzzing of automotive electronic components via control-flow graph extraction. in SN Spencer (ed.), Proceedings - CSCS 2020: ACM Computer Science in Cars Symposium., 3430480, Proceedings - CSCS: Computer Science in Cars, Association for Computing Machinery , 2020 ACM Computer Science in Cars Symposium, CSCS 2020, Feldkirchen, Germany, 2/12/20. https://doi.org/10.1145/3385958.3430480

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, Plundervolt: software-based fault injection attacks against Intel SGX. in 2020 IEEE Symposium on Security and Privacy (SP)., 9152636, IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 1466-1482, 41st IEEE Symposium on Security and Privacy, San Francisco, United States, 17/05/20. https://doi.org/10.1109/SP40000.2020.00057

Chen, Z, Vasilakis, G, Murdock, K, Dean, E, Oswald, D & Garcia, F 2020, VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface. in Proceedings of 30th Usenix Security Symposium (USENIX Security 21). USENIX , 30th USENIX Security Symposium 2021 (USENIX Security 21), Vancouver, Canada, 11/08/21.

Van Bulck, J, Oswald, D, Marin, E, Aldoseri, A, Garcia, FD & Piessens, F 2019, A tale of two worlds: assessing the vulnerability of enclave shielding runtimes. in CCS '19 : Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 1741-1758, 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363206

Verheul, E, Hicks, C & Garcia, FD 2019, IFAL: Issue first activate later certificates for V2X. in Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019., 8806744, Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019, Institute of Electrical and Electronics Engineers (IEEE), pp. 279-293, 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019, Stockholm, Sweden, 17/06/19. https://doi.org/10.1109/EuroSP.2019.00029

Van Den Herrewegen, J & Garcia, F 2018, Beneath the Bonnet: a Breakdown of Diagnostic Security. in Proceedings of the 23rd European Symposium on Research in Computer Security. vol. 11098, Lecture Notes in Computer Science, Springer, 23rd European Symposium on Research in Computer Security, Barcelona, Spain, 3/09/18. https://doi.org/10.1007/978-3-319-99073-6_15

Thomas, S, Garcia, FD & Chothia, T 2017, HumIDIFy: A Tool for Hidden Functionality Detection in Firmware. in 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '17), Proceedings. Lecture Notes in Computer Science, vol. 10327, Springer, pp. 279-300, 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '17), Bonn, Germany, 6/07/17. https://doi.org/10.1007/978-3-319-60876-1_13

McMahon Stone, C, Chothia, T & Garcia, FD 2017, Spinner: Semi-Automatic Detection of Pinning without Hostname Verification (or why 10M bank users were vulnerable). in Proceedings of 33rd Annual Computer Security Applications Conference (ACSAC 2017). Association for Computing Machinery , pp. 176-188, 33rd Annual Computer Security Applications Conference (ACSAC 2017), Orlando, Florida, United States, 4/12/17. https://doi.org/10.1145/3134600.3134628

View all publications in research portal