Dr David Oswald

School of Computer Science
Lecturer in Computer Security

Contact details

Email: d.f.oswald@bham.ac.uk

Address: School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

David Oswald is a lecturer (assistant professor) in the Security and Privacy Group at the University of Birmingham, UK. His main field of research is the security of embedded systems in the real world. On the one hand, the focus is on attack methods that exploit weaknesses in the physical implementation of mathematically secure cryptographic algorithms. Those techniques include both (passive) side-channel analysis and (active) fault injection, as well as reverse engineering.

On the other hand, David is working on the practical realization of security systems in embedded applications. His research on vulnerabilities of various wide-spread systems (e.g. DESFire RFID smartcards, Yubikey two-factor authentication tokens, electronic locks, and VW/Hitag2 RKE systems) has created awareness for the crucial importance of security among developers of embedded devices.

For more information please visit David's Computer Science profile

Qualifications

PhD (“Dr.-Ing.”) in IT Security (Ruhr-University Bochum) 2013
Combined MSc/BSc in IT Security (“Dipl.-Ing.”) 2009

Postgraduate supervision

Murdock, main supervisor, since 2018: FaultFinder: From Faulty Output to Fault Model --- An Automated Approach
Pemberton, main supervisor, since 2018: BioLeak: Side-Channel Analysis of Fingerprint Matching Algorithms
Aldoseri, main supervisor since 2018: Security of TEEs
Vasilakis, co-supervisor, since 2018: Automotive security
Van de Herrewegen, co-supervisor, since 2016: Automotive penetration testing
Vasile, main supervisor, since 2016: IoT device firmware extraction and analysis

Research

Embedded system security
IoT, RFID and wireless communication
Real-world implementation attacks
Side-channel analysis
Trusted Execution Environments

Publications

Recent publications

Article

Swierczynski, P, Moradi, A, Oswald, D & Paar, C 2014, 'Physical security evaluation of the bitstream encryption mechanism of altera stratix II and stratix III FPGAs', ACM Transactions on Reconfigurable Technology and Systems, vol. 7, no. 4, 34. https://doi.org/10.1145/2629462

Schneider, T, von Maurich, I, Güneysu, T & Oswald, D 2014, 'Cryptographic algorithms on the GA144 asynchronous multi-core processor: implementation and side-channel analysis', Journal of Signal Processing Systems, vol. 77, no. 1-2, pp. 151-167. https://doi.org/10.1007/s11265-014-0872-5

Strobel, D, Oswald, D, Richter, B, Schellenberg, F & Paar, C 2014, 'Microcontrollers as (In)Security Devices for Pervasive Computing Applications', Institute of Electrical and Electronics Engineers. Proceedings , vol. 102, no. 8, pp. 1157-1173. https://doi.org/10.1109/JPROC.2014.2325397

Conference article

Hicks, C, Garcia, FD & Oswald, D 2018, 'Dismantling the AUT64 Automotive Cipher', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 2, pp. 46-69. https://doi.org/10.13154/tches.v2018.i2.46-69

Conference contribution

Van Bulck, J, Oswald, D, Marin, E, Aldoseri, A, Garcia, FD & Piessens, F 2019, A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. in CCS '19 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 1741-1758, 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363206

Vasile, S, Oswald, D & Chothia, T 2019, Breaking all the things: a systematic survey of firmware extraction and modification techniques for IoT devices. in CARDIS 2018: Smart Card Research and Advanced Applications. Lecture Notes in Computer Science, Springer, pp. 171-185, 17th Smart Card Research and Advanced Application Conference, Montpellier, France, 12/11/18. https://doi.org/10.1007/978-3-030-15462-2_12

Chmielewski, L, Nascimento, E, Oswald, D & Schwabe, P 2017, Attacking embedded ECC implementations through cmov side channels. in R Avanzi & H Heys (eds), Selected Areas in Cryptography – SAC 2016: 23rd International Conference, St. John's, NL, Canada, August 10-12, 2016, Revised Selected Papers. Lecture Notes in Computer Science, vol. 10532, Institute of Electrical and Electronics Engineers (IEEE), pp. 99-119, 23rd Conference on Selected Areas in Cryptography (SAC 2016) , St. John's, Newfoundland and Labrador, Canada, 10/08/16. https://doi.org/10.1007/978-3-319-69453-5_6

Reverberi, L & Oswald, D 2017, Breaking (and Fixing) a Widely Used Continuous Glucose Monitoring System. in Proceedings of the 11th USENIX Workshop on Offensive Technologies (WOOT '17). USENIX Association, WOOT '17, 11th USENIX Workshop on Offensive Technologies, Vancouver, Canada, 14/08/17.

Oswald, D 2016, Wireless Attacks on Automotive Remote Keyless Entry Systems. in TrustED’16 - Proceedings of the 6th International Workshop on Trustworthy Embedded Devices. Association for Computing Machinery (ACM), pp. 43-44, 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016), Vienna, Austria, 28/10/16. https://doi.org/10.1145/2995289.2995297

Cox, D & Oswald, D 2016, µProxy: a hardware relay for anonymous and secure internet access. in Radio Frequency Identification and Security, 12th International Workshop, (RFIDSec2016), Hong Kong. Springer, 12th Workshop on Radio Frequency Identification and Security (RFIDSec2016), Hong Kong, 30/11/16.

Dürmuth, M, Oswald, D & Pastewka, N 2016, Side-Channel Attacks on Fingerprint Matching Algorithms. in Proceedings of 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016). 6th International Workshop on Trustworthy Embedded Devices (TrustED 2016), Vienna, Austria, 28/10/16. https://doi.org/10.1145/2995289.2995294

Garcia, F, Oswald, D, Kasper, T & Pavlides, P 2016, Lock It and Still Lose It: On the (In)Security of Automotive Remote Keyless Entry Systems . in Proceedings of the 25th USENIX Security Symposium . USENIX Association, pp. 929-944, 25th USENIX Security Symposium , Austin, Texas, United States, 10/08/16.

Strobel, D, Bache, F, Oswald, D, Schellenberg, F & Paar, C 2015, SCANDALee: A side-ChANnel-based DisAssembLer using local electromagnetic emanations. in 2015 Design, Automation and Test in Europe Conference & Exhibition (DATE), proceedings., 7092372, Institute of Electrical and Electronics Engineers (IEEE), pp. 139-144, 2015 Design, Automation and Test in Europe Conference and Exhibition, DATE 2015, Grenoble, France, 9/03/15. https://doi.org/10.7873/DATE.2015.0639

Oswald, D, Strobel, D, Schellenberg, F, Kasper, T & Paar, C 2014, When reverse-engineering meets side-channel analysis - Digital lockpicking in practice. in T Lange, K Lauter & P Lisoněk (eds), Selected Areas in Cryptography - SAC 2013: 20th International Conference, Burnaby, BC, Canada, August 14-16, 2013, Revised Selected Papers. vol. 8282 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8282 LNCS, Springer, pp. 571-588, 20th International Conference on Selected Areas in Cryptography, SAC 2013, Burnaby, BC, Canada, 14/08/13. https://doi.org/10.1007/978-3-662-43414-7_29

Kasper, T, Oswald, D & Paar, C 2014, Sweet dreams and nightmares: Security in the internet of things. in D Naccache & D Sauveron (eds), Information Security Theory and Practice. Securing the Internet of Things: 8th IFIP WG 11.2 International Workshop, WISTP 2014, Heraklion, Crete, Greece, June 30 – July 2, 2014. Proceedings. vol. 8501 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8501 LNCS, Springer, pp. 1-9, 8th IFIP WG 11.2 International Workshop on Information Security Theory and Practice: Securing the Internet of Things, WISTP 2014, Heraklion, Crete, Greece, 30/06/14. https://doi.org/10.1007/978-3-662-43826-8_1

View all publications in research portal