Dr David Oswald

Dr David Oswald

School of Computer Science
Lecturer in Computer Security

Contact details

Address
School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering. 

On the other hand, David is working on the practical realization of security systems in embedded applications. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices.

 

For more information please visit David's Computer Science profile

Qualifications

  • PhD (“Dr.-Ing.”) in IT Security (Ruhr-University Bochum) 2013
  • Combined MSc/BSc in IT Security (“Dipl.-Ing.”) 2009

Postgraduate supervision

  • Murdock, main supervisor, since 2018: FaultFinder: From Faulty Output to Fault Model --- An Automated Approach

  • Pemberton, main supervisor, since 2018: BioLeak: Side-Channel Analysis of Fingerprint Matching Algorithms

  • Aldoseri, main supervisor since 2018: Security of TEEs

  • Vasilakis, co-supervisor, since 2018: Automotive security

  • Van de Herrewegen, co-supervisor, since 2016: Automotive penetration testing

  • Vasile, main supervisor, since 2016: IoT device firmware extraction and analysis

Research

  • Embedded system security

  • IoT, RFID and wireless communication

  • Real-world implementation attacks

  • Side-channel analysis

  • Trusted Execution Environments

Publications

Recent publications

Article

Van Den Herrewegen, J, Oswald, D, Garcia, F & Temeiza, Q 2020, 'Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 1. https://doi.org/10.46586/tches.v2021.i1.56-81

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, 'Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble', IEEE Security & Privacy Magazine, vol. 18, no. 5, pp. 28-37. https://doi.org/10.1109/MSEC.2020.2990495

Wouters, L, Van Den Herrewegen, J, Garcia, FD, Oswald, D, Gierlichs, B & Preneel, B 2019, 'Dismantling DST80-based Immobiliser Systems', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 2, pp. 99-127. https://doi.org/10.13154/tches.v2020.i2.99-127

Conference article

Hicks, C, Garcia, FD & Oswald, D 2018, 'Dismantling the AUT64 Automotive Cipher', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 2, pp. 46-69. https://doi.org/10.13154/tches.v2018.i2.46-69

Conference contribution

Alder, F, Van Bulck, J, Oswald, D & Piessens, F 2020, Faulty Point Unit: ABI Poisoning Attacks on Intel SGX. in ACSAC '20: Annual Computer Security Applications Conference 2020. Association for Computing Machinery (ACM), pp. 415-427, ACSAC '20: Computer Security Applications Conference 2020, virtual event, 7/12/20. https://doi.org/10.1145/3427228.3427270

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, Plundervolt: software-based fault injection attacks against Intel SGX. in 2020 IEEE Symposium on Security and Privacy (SP)., 9152636, IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 1466-1482, 41st IEEE Symposium on Security and Privacy, San Francisco, United States, 17/05/20. https://doi.org/10.1109/SP40000.2020.00057

Chen, Z, Vasilakis, G, Murdock, K, Dean, E, Oswald, D & Garcia, F 2020, VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface. in Proceedings of 30th Usenix Security Symposium (USENIX Security 21). USENIX , 30th USENIX Security Symposium 2021 (USENIX Security 21), Vancouver, Canada, 11/08/21.

Lipp, M, Kogler, A, Oswald, D, Schwarz, M, Easdon, C, Canella, C & Gruss, D 2020, With Great Power Comes Great Leakage: Software-based Power Side-Channel Attacks on x86. in Proceedings of 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021). IEEE Computer Society Press, 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021), virtual event, 23/05/21.

Van Bulck, J, Oswald, D, Marin, E, Aldoseri, A, Garcia, FD & Piessens, F 2019, A tale of two worlds: assessing the vulnerability of enclave shielding runtimes. in CCS '19 : Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 1741-1758, 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363206

Vasile, S, Oswald, D & Chothia, T 2019, Breaking all the things: a systematic survey of firmware extraction and modification techniques for IoT devices. in CARDIS 2018: Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, Springer, pp. 171-185, 17th Smart Card Research and Advanced Application Conference, Montpellier, France, 12/11/18. https://doi.org/10.1007/978-3-030-15462-2_12

Chmielewski, L, Nascimento, E, Oswald, D & Schwabe, P 2017, Attacking embedded ECC implementations through cmov side channels. in R Avanzi & H Heys (eds), Selected Areas in Cryptography – SAC 2016: 23rd International Conference, St. John's, NL, Canada, August 10-12, 2016, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10532, Institute of Electrical and Electronics Engineers (IEEE), pp. 99-119, 23rd Conference on Selected Areas in Cryptography (SAC 2016) , St. John's, Newfoundland and Labrador, Canada, 10/08/16. https://doi.org/10.1007/978-3-319-69453-5_6

Reverberi, L & Oswald, D 2017, Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System. in Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17). USENIX Association, WOOT '17, 11th USENIX Workshop on Offensive Technologies, Vancouver, Canada, 14/08/17. <https://www.usenix.org/conference/woot17/workshop-program/presentation/reverberi>

Garcia, F, Oswald, D, Kasper, T & Pavlides, P 2016, Lock it and still lose it: on the (in)security of automotive remote keyless entry systems. in Proceedings of the 25th USENIX Security Symposium . USENIX Association, pp. 929-944, 25th USENIX Security Symposium , Austin, Texas, United States, 10/08/16. https://doi.org/10.5555/3241094.3241166

Dürmuth, M, Oswald, D & Pastewka, N 2016, Side-Channel Attacks on Fingerprint Matching Algorithms. in Proceedings of 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016). 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016), Vienna, Austria, 28/10/16. https://doi.org/10.1145/2995289.2995294

Oswald, D 2016, Wireless Attacks on Automotive Remote Keyless Entry Systems. in TrustED’16 - Proceedings of the 6th International Workshop on Trustworthy Embedded Devices. Association for Computing Machinery (ACM), pp. 43-44, 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016), Vienna, Austria, 28/10/16. https://doi.org/10.1145/2995289.2995297

View all publications in research portal