Yossi Oren - Implementation Security and Side Channel Attacks

Shalom and welcome!

Yossi Oren is an associate professor in the Department of Software and Information Systems Engineering at Ben Gurion University of the Negev, and a member of BGU's Cyber Security Research Center. Prior to joining BGU, Yossi was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City of New York and a member of the security lab at Samsung Research Israel. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University (thesis), and an M.Sc. in Computer Science from the Weizmann Institute of Science (thesis).

His research interests include implementation security (side-channel attacks, micro-architectural attacks, power analysis and other hardware attacks and countermeasures; low-resource cryptographic constructions for lightweight computers) and cryptography in the real world (consumer and voter privacy in the digital era; web application security). He has been recognized by The Register as a Top Boffin.

The Oren Lab (and how to join it!)

Here are the various social networks I have a profile on:


My more recent publications can be found on the lab webpage. Here are the works I published before joining BGU:

Title Presented At
All newer publications... ... can be found on the Oren Lab webpage.
The Remanence Decay Side-Channel: The PUF Case IEEE Transactions on Information Forensics and Security Volume 11, Issue 6 (June 2016)
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks 21st International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2016
Side-Channel Cryptographic Attacks using pseudo-Boolean Optimization Constraints International Journal Volume 21, Issue 4 (October 2016)
The Spy in the Sandbox -- Practical Cache Attacks in Javascript and their Implications 22nd ACM Conference on Computer and Communications Security (CCS), 2015
The Spy in the Sandbox -- Practical Cache Attacks in Javascript arXiv preprint CoRR abs/1502.07373, 2015
Attacking the Internet using Broadcast Digital Television
ACM Transactions on Information and System Security Volume 17, Issue 4 (April 2015)
A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks
16th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2014
From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television
23rd USENIX Security Symposium, 2014
Implementing public-key cryptography on passive RFID tags is practical
International Journal of Information Security Volume 14, Issue 1 (February 2015)
A Secure Supply-Chain RFID System that Respects your Privacy
IEEE Pervasive Computing Volume 13, Issue 2 (April-June 2014)
HTML5 - is it good for your battery? (Hint: yes)
Unofficial Technical Report, 2013
Range Extension Attacks on Contactless Smart cards 18th European Symposium on Research in Computer Security (ESORICS), 2013
On the Effectiveness of the Remanence Decay Side-Channel to Clone Memory-based PUFs 15th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2013
Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013
Algebraic Side-Channel Analysis Beyond the Hamming Weight Leakage Model 14th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2012
RFID Jamming and Attacks on Israeli e-Voting European Conference on Smart Objects, Systems and Technologies (Smart SysTech), 2012
Tolerant Algebraic Side-Channel Analysis of AES IACR Cryptology ePrint Archive, Report 2012/092, 2012
Toward Practical Public Key Anti-Counterfeiting for Low-Cost EPC Tags 5th International IEEE Conference on RFID, 2011
Algebraic Side-Channel Analysis in the Presence of Errors 12th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2010
RFID-Based Electronic Voting: What Could Possibly Go Wrong? 4th International IEEE Conference on RFID, 2010
Relay Attacks on RFID-Based Electronic Voting Systems IACR Cryptology ePrint Archive, Report 2009/422, 2009
A Low-Resource Public-Key Identification Scheme for RFID Tags and Sensor Nodes 2nd ACM Conference on Wireless Network Security (WiSec), 2009
WIPR — Public Key Identification on Two Grains of Sand 4th Workshop on RFID Security (RFIDSec), 2008
Remote Power Analysis of RFID Tags
Master's Thesis, later posted to IACR Cryptology ePrint Archive as Report 2007/330, 2007
How Not to Protect PCs from Power Analysis
CRYPTO 2006 Rump Session
Remote Password Extraction from RFID Tags
IEEE Transactions on Computers Volume 56, Issue 9 (September 2007)
Legend: Journal, Peer-Reviewed Conference, Technical Report.

Other Academic Achievements

My employer for 9 years, Proxy Software Systems, went bankrupt in late 2008.  I put up a little tribute page.