Welcome to my blog
This is my blog on (mostly) cybersecurity, IoT and related subjects. It contains some historic stuff from LinkedIn and other places, as well as new thoughts that I’ll collect here. I’ll also occasionally talk about research work, including publications or other academic engagements.
For more information about me, visit my personal website.
GPG: My go-to example for teaching cryptography all-in-one π§π
The glue in my lessons on encryption
Password managers are still a good thing. Here's why...
When the compromised service can offer faster fixes
Research in brief: Stealing fingerprints with smart locks π
It can't be that easy, can it?
In August, I attended the IEEE iThings 2022 conference to present a paper titled “IoT Droplocks: Wireless Fingerprint Theft Using Hacked Smart Padlocks”. If you have access to the IEEE Xplore library you can view the published version. I’ve made an arXiv preprint available as well. If you want a shorter, simpler version, read on below.
[Read More]The real reason why you shouldn't share OTP codes
It might not be what you think
Do we want software supply chain security or not? βπ©π½βπ»π₯
Our actions do not match our words
In detail: SCRAM with channel binding
Visualising the process, discussing its shortcomings
In January, I asked whether TLS channel binding with strong authentication was the solution to defend against MITM or proxy style phishing attacks. The answer was “yes, but also no”. I will look beyond SCRAM soon, but first I want to fulfil a promise to go into more detail about how SCRAM works, especially with channel binding.
[Read More]My smart TV remote broke, so I took it apart πΊπ
Why do BLE remotes have to be so complicated?
This is a story of frustration, confusion and so far no happy ending. It’s a chance for me to wax lyrical about some of the problems I see with modern “smart” consumer devices, but also, give a bit of insight into how things are put together. Let’s start, as many stories do, at the beginning…
[Read More]