Shalom and welcome!
Yossi Oren is an associate professor in the Department of Software and Information Systems Engineering at Ben Gurion University of the Negev, and a member of BGU's Cyber Security Research Center. Prior to joining BGU, Yossi was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City of New York and a member of the security lab at Samsung Research Israel. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University (thesis), and an M.Sc. in Computer Science from the Weizmann Institute of Science (thesis).
His research interests include implementation security (side-channel attacks, micro-architectural attacks, power analysis and other hardware attacks and countermeasures; low-resource cryptographic constructions for lightweight computers) and cryptography in the real world (consumer and voter privacy in the digital era; web application security). He has been recognized by The Register as a Top Boffin.
The Oren Lab (and how to join it!)
Here are the various social networks I have a profile on:
-
Yossi Oren on LinkedIn
-
Yossi Oren
on Twitter
-
Yossi Oren
on Facebook (not in active use – please don't poke me with your mafia farms)
Publications
My more recent publications can be found on the lab webpage. Here are the works I published before joining BGU:
| Title |
Presented At |
|---|---|
| All newer publications... | ... can be found on the Oren Lab webpage. |
| The Remanence Decay Side-Channel: The PUF Case | IEEE Transactions on Information Forensics and Security Volume 11, Issue 6 (June 2016) |
| ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks | 21st International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2016 |
| Side-Channel Cryptographic Attacks using pseudo-Boolean Optimization | Constraints International Journal Volume 21, Issue 4 (October 2016) |
| The Spy in the Sandbox -- Practical Cache Attacks in Javascript and their Implications | 22nd ACM Conference on Computer and Communications Security (CCS), 2015 |
| The Spy in the Sandbox -- Practical Cache Attacks in Javascript | arXiv preprint CoRR abs/1502.07373, 2015 |
|
Attacking the Internet using Broadcast Digital Television |
ACM Transactions on Information and System Security Volume 17, Issue 4 (April 2015) |
|
A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks |
16th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2014 |
|
From the Aether to the Ethernet - Attacking the Internet using Broadcast Digital Television |
23rd USENIX Security Symposium, 2014 |
|
Implementing public-key cryptography on passive RFID tags is practical |
International Journal of Information Security Volume 14, Issue 1 (February 2015) |
|
A Secure Supply-Chain RFID System that Respects your Privacy |
IEEE Pervasive Computing Volume 13, Issue 2 (April-June 2014) |
|
HTML5 - is it good for your battery? (Hint: yes) |
Unofficial Technical Report, 2013 |
| Range Extension Attacks on Contactless Smart cards | 18th European Symposium on Research in Computer Security (ESORICS), 2013 |
| On the Effectiveness of the Remanence Decay Side-Channel to Clone Memory-based PUFs | 15th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2013 |
| Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity | Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2013 |
| Algebraic Side-Channel Analysis Beyond the Hamming Weight Leakage Model | 14th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2012 |
| RFID Jamming and Attacks on Israeli e-Voting | European Conference on Smart Objects, Systems and Technologies (Smart SysTech), 2012 |
| Tolerant Algebraic Side-Channel Analysis of AES | IACR Cryptology ePrint Archive, Report 2012/092, 2012 |
| Toward Practical Public Key Anti-Counterfeiting for Low-Cost EPC Tags | 5th International IEEE Conference on RFID, 2011 |
| Algebraic Side-Channel Analysis in the Presence of Errors | 12th Workshop on Cryptographic Hardware and Embedded Systems (CHES), 2010 |
| RFID-Based Electronic Voting: What Could Possibly Go Wrong? | 4th International IEEE Conference on RFID, 2010 |
| Relay Attacks on RFID-Based Electronic Voting Systems | IACR Cryptology ePrint Archive, Report 2009/422, 2009 |
| A Low-Resource Public-Key Identification Scheme for RFID Tags and Sensor Nodes | 2nd ACM Conference on Wireless Network Security (WiSec), 2009 |
| WIPR — Public Key Identification on Two Grains of Sand | 4th Workshop on RFID Security (RFIDSec), 2008 |
|
Remote Power Analysis of RFID Tags |
Master's Thesis, later posted to IACR Cryptology ePrint Archive as Report 2007/330, 2007 |
|
How Not to Protect PCs from Power Analysis |
CRYPTO 2006 Rump Session |
|
Remote Password Extraction from RFID
Tags
|
IEEE Transactions on Computers Volume 56, Issue 9 (September 2007) |
Other Academic Achievements
- News of our attack on the Israeli e-voting system is making the news - please check out Avishai's RFID page for the latest information.
-
If you like security and cookies, perhaps you'd like to join us every Sunday at the Security Theater video seminar.
- Initial results regarding power analysis attacks against RFID tags were announced by Adi Shamir at the RSA Conference 2006 . Here is the official web page describing these attacks.
- You can watch an online version of a talk about action recognition which I gave together with Moshe Blank at the Advanced Topics in Computer Vision course in 2005.
- You can also see the talk about Shannon's contributions to cryptography which I gave together with Gilad Tsur at Moni Naor's Key Papers in Computer Science course in 2006.
My employer for 9 years, Proxy Software Systems, went bankrupt in late 2008. I put up a little tribute page.