Professor Flavio Garcia

School of Computer Science
Professor of Computer Security

Contact details

Email: f.garcia@bham.ac.uk

Address: School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

Flavio Garcia is a Professor of Computer Security and EPSRC Fellow at the Birmingham Centre for Cyber Security and Privacy. His work focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices like smart cards and automotive components.

Flavio research focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices such as automotive key fobs and smart cards. His research has identified security vulnerabilities in secured building access, vehicle security and secure mobile phone apps. This has motivated improvements in operational procedures, product redesign and even policy reform.

His research achievements include the discovery of vulnerabilities in some of the most widely used contactless smart cards, vehicle immobiliser and remote keyless entry systems, implantable cardiac defibrillators and mobile banking apps.

Improving Vehicle Security

Please follow the link below to find out more about Flavio's work:

Professor Flavio Garcia- personal web page

Teaching

Spring 2018, Security Research Seminar (M.Sc.)
Spring 2018, Pentesting (M.Sc.)
Spring 2017, Security Research Seminar (M.Sc.)
Spring 2016, Security Research Seminar (M.Sc.)
Spring 2015, Internet Security Seminar (M.Sc.)
Spring 2014, Internet Security Seminar (M.Sc.)

Postgraduate supervision

PhD Students

Present

Andreea Radu
Chris Hicks
Jan Van Den Herrewegen
Chris McMahon Stone
Georgios Vasilakis
Kerry Murdock
Owen Pemberton
Abdulla Aldoseri
Zitai Chen

Past

Sam Thomas has successfully defended his thesis Backdoor Detection Systems for Embedded Devices (pdf 1.5 MB)
Gerhard de Koning Gans has successfully defended his thesis Outsmarting Smart Cards (pdf 6.7 MB)

Research

Automotive Security
Embedded devices security
Cryptanalysis and reverse engineering
RFID security and privacy
Privacy Enhancing Technologies

Improving Vehicle Security

Publications

Recent publications

Article

Verdult, R & Garcia, F 2015, 'Cryptanalysis of the Megamos Crypto Automotive Immobilizer', ;login: the USENIX magazine, vol. 40, no. 6, pp. 17-22.

Garcia, FD, de Koning Gans, G & Verdult, R 2014, 'Wirelessly lockpicking a smart card reader', International Journal of Information Security, vol. 13, no. 5, pp. 403-420. https://doi.org/10.1007/s10207-014-0234-0

Conference article

Hicks, C, Garcia, FD & Oswald, D 2018, 'Dismantling the AUT64 Automotive Cipher', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 2, pp. 46-69. https://doi.org/10.13154/tches.v2018.i2.46-69

Conference contribution

Van Bulck, J, Oswald, D, Marin, E, Aldoseri, A, Garcia, FD & Piessens, F 2019, A tale of two worlds: assessing the vulnerability of enclave shielding runtimes. in CCS '19 : Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 1741-1758, 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363206

Van Den Herrewegen, J & Garcia, F 2018, Beneath the Bonnet: a Breakdown of Diagnostic Security. in Proceedings of the 23rd European Symposium on Research in Computer Security. vol. 11098, Lecture Notes in Computer Science, Springer, 23rd European Symposium on Research in Computer Security, Barcelona, Spain, 3/09/18. https://doi.org/10.1007/978-3-319-99073-6_15

Chothia, T, Garcia, F, Heppel, C & McMahon Stone, C 2017, Why banker Bob (still) can’t get TLS right: A Security Analysis of TLS in Leading UK Banking Apps. in A Kiayias (ed.), Financial Cryptography and Data Security: 21st International Conference, FC 2017, Sliema, Malta, April 3-7, 2017, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10322, Springer, pp. 579-597, 21st International Conference on Financial Cryptography and Data Security (FC 2017), Sliema, Malta, 3/04/17. https://doi.org/10.1007/978-3-319-70972-7_33

McMahon Stone, C, Chothia, T & Garcia, FD 2017, Spinner: Semi-Automatic Detection of Pinning without Hostname Verification (or why 10M bank users were vulnerable). in Proceedings of 33rd Annual Computer Security Applications Conference (ACSAC 2017). Association for Computing Machinery , pp. 176-188, 33rd Annual Computer Security Applications Conference (ACSAC 2017), Orlando, Florida, United States, 4/12/17. https://doi.org/10.1145/3134600.3134628

Thomas, SL, Chothia, T & Garcia, FD 2017, Stringer: measuring the importance of static data comparisons to detect backdoors and undocumented functionality. in SN Foley, D Gollmann & E Snekkenes (eds), Computer Security - ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II. Lecture Notes in Computer Science, Springer, pp. 513-531, 22nd European Symposium on Research in Computer Security (ESORICS 2017), Oslo, Norway, 11/09/17. https://doi.org/10.1007/978-3-319-66399-9_28

Thomas, S, Garcia, FD & Chothia, T 2017, HumIDIFy: A Tool for Hidden Functionality Detection in Firmware. in 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '17), Proceedings. Lecture Notes in Computer Science, vol. 10327, Springer, pp. 279-300, 14th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '17), Bonn, Germany, 6/07/17. https://doi.org/10.1007/978-3-319-60876-1_13

Marin, E, Singelée, D, Garcia, FD, Chothia, T, Willems, R & Preneel, B 2016, On the (in)security of the latest generation implantable cardiac defibrillators and how to secure them. in Proceedings of 32nd Annual Computer Security Applications Conference (ACSAC 2016). Association for Computing Machinery , pp. 226-236, 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, CA, United States, 5/12/16. https://doi.org/10.1145/2991079.2991094

Garcia, F, Oswald, D, Kasper, T & Pavlides, P 2016, Lock It and Still Lose It: On the (In)Security of Automotive Remote Keyless Entry Systems . in Proceedings of the 25th USENIX Security Symposium . USENIX Association, pp. 929-944, 25th USENIX Security Symposium , Austin, Texas, United States, 10/08/16.

Radu, A-I & Garcia, F 2016, LeiA: A Lightweight Authentication Protocol for CAN. in Computer Security – ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II. Lecture Notes in Computer Science, vol. 9879, Springer, pp. 283-300, 21st European Symposium on Research in Computer Security (ESORICS 2016), Heraklion, Crete, Greece, 26/09/16. https://doi.org/10.1007/978-3-319-45741-3_15

Chothia, T, Garcia, F, De Ruiter, J, van den Breekel, J & Thompson, M 2015, Relay Cost Bounding for Contactless EMV Payments. in R Böhme & T Okamoto (eds), Financial Cryptography and Data Security: 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers. vol. 8975 LNCS, Lecture Notes in Computer Science, vol. 8975, Springer, pp. 189-206, 19th International Conference on Financial Cryptography and Data Security 2015, San Juan, Puerto Rico, 26/01/15. https://doi.org/10.1007/978-3-662-47854-7_11

Verdult, R, Garcia, F & Ege, B 2015, Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer. in Supplement to the Proceedings of the 22nd USENIX Security Symposium. USENIX , pp. 703-718, 22nd USENIX Security Symposium, Washington, D.C., United States, 12/08/13.

View all publications in research portal