Professor Flavio Garcia

School of Computer Science
Professor of Computer Security

Contact details

Email: f.garcia@bham.ac.uk

Address: School of Computer Science
University of Birmingham
Edgbaston
Birmingham
B15 2TT
UK

Flavio Garcia is a Professor of Computer Security and EPSRC Fellow at the Birmingham Centre for Cyber Security and Privacy. His work focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices like smart cards and automotive components.

Flavio research focuses on the design and evaluation of cryptographic primitives and protocols for embedded devices such as automotive key fobs and smart cards. His research has identified security vulnerabilities in secured building access, vehicle security and secure mobile phone apps. This has motivated improvements in operational procedures, product redesign and even policy reform.

His research achievements include the discovery of vulnerabilities in some of the most widely used contactless smart cards, vehicle immobiliser and remote keyless entry systems, implantable cardiac defibrillators and mobile banking apps.

Improving Vehicle Security

Please follow the link below to find out more about Flavio's work:

Professor Flavio Garcia- personal web page

Teaching

Spring 2018, Security Research Seminar (M.Sc.)
Spring 2018, Pentesting (M.Sc.)
Spring 2017, Security Research Seminar (M.Sc.)
Spring 2016, Security Research Seminar (M.Sc.)
Spring 2015, Internet Security Seminar (M.Sc.)
Spring 2014, Internet Security Seminar (M.Sc.)

Postgraduate supervision

PhD Students

Present

Andreea Radu
Chris Hicks
Jan Van Den Herrewegen
Chris McMahon Stone
Georgios Vasilakis
Kerry Murdock
Owen Pemberton
Abdulla Aldoseri
Zitai Chen

Past

Sam Thomas has successfully defended his thesis Backdoor Detection Systems for Embedded Devices (pdf 1.5 MB)
Gerhard de Koning Gans has successfully defended his thesis Outsmarting Smart Cards (pdf 6.7 MB)

Research

Automotive Security
Embedded devices security
Cryptanalysis and reverse engineering
RFID security and privacy
Privacy Enhancing Technologies

Improving Vehicle Security

Publications

Recent publications

Article

Thomas, S, Van Den Herrewegen, J, Vasilakis, G, Chen, Z, Ordean, M & Garcia, F 2021, 'Cutting through the complexity of reverse engineering embedded devices', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 3, pp. 360-389. https://doi.org/10.46586/tches.v2021.i3.360-389

Van Den Herrewegen, J, Oswald, D, Garcia, F & Temeiza, Q 2020, 'Fill your Boots: Enhanced Embedded Bootloader Exploits via Fault Injection and Binary Analysis', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 1. https://doi.org/10.46586/tches.v2021.i1.56-81

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, 'Plundervolt: How a Little Bit of Undervolting Can Create a Lot of Trouble', IEEE Security & Privacy Magazine, vol. 18, no. 5, 9104908, pp. 28-37. https://doi.org/10.1109/MSEC.2020.2990495

Wouters, L, Van Den Herrewegen, J, Garcia, FD, Oswald, D, Gierlichs, B & Preneel, B 2019, 'Dismantling DST80-based Immobiliser Systems', IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2020, no. 2, pp. 99-127. https://doi.org/10.13154/tches.v2020.i2.99-127

Conference article

Cheng, Z, Ordean, M, Garcia, FD, Cui, B & Rys, D 2023, 'Watching your call: breaking VoLTE privacy in LTE/5G networks', Proceedings on Privacy Enhancing Technologies, vol. 2023, no. 2, pp. 282-297. https://doi.org/10.56553/popets-2023-0053

Conference contribution

Chen, Z, Thomas, S & Garcia, F 2022, MetaEmu: an architecture agnostic rehosting framework for automotive firmware. in CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery (ACM), pp. 515–529, CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, California, United States, 7/11/22. https://doi.org/10.1145/3548606.3559338

Moreira-Sanchez, J, Ryan, M & Garcia, F 2022, Protocols for a two-tiered trusted computing base. in V Atluri, R Di Pietro, C D. Jensen & W Meng (eds), Computer Security – ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part III. 1 edn, Lecture Notes in Computer Science, vol. 13556, Springer, Cham, pp. 229–249, 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, 26/09/22. https://doi.org/10.1007/978-3-031-17143-7_12

Hicks, C & Garcia, FD 2020, A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2X. in Proceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020., 9230371, Proceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020, Institute of Electrical and Electronics Engineers (IEEE), pp. 460-473, 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020, Virtual, Genoa, Italy, 7/09/20. https://doi.org/10.1109/EuroSP48549.2020.00036

Hicks, C & Garcia, F 2020, A Vehicular DAA Scheme for Unlinkable ECDSA Pseudonyms in V2X Christopher Hicks. in 5th IEEE European Symposium on Security and Privacy. IEEE Computer Society Press, 5th IEEE European Symposium on Security and Privacy (EuroS&P), Genova, Italy, 7/09/20.

Radu, AI & Garcia, FD 2020, Grey-box analysis and fuzzing of automotive electronic components via control-flow graph extraction. in SN Spencer (ed.), Proceedings - CSCS 2020: ACM Computer Science in Cars Symposium., 3430480, Proceedings - CSCS: Computer Science in Cars, Association for Computing Machinery , 2020 ACM Computer Science in Cars Symposium, CSCS 2020, Feldkirchen, Germany, 2/12/20. https://doi.org/10.1145/3385958.3430480

Murdock, K, Oswald, D, Garcia, F, Van Bulck, J, Gruss, D & Piessens, F 2020, Plundervolt: software-based fault injection attacks against Intel SGX. in 2020 IEEE Symposium on Security and Privacy (SP)., 9152636, IEEE Symposium on Security and Privacy, IEEE Computer Society Press, pp. 1466-1482, 41st IEEE Symposium on Security and Privacy, San Francisco, United States, 17/05/20. https://doi.org/10.1109/SP40000.2020.00057

Chen, Z, Vasilakis, G, Murdock, K, Dean, E, Oswald, D & Garcia, F 2020, VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface. in Proceedings of 30th Usenix Security Symposium (USENIX Security 21). USENIX , 30th USENIX Security Symposium 2021 (USENIX Security 21), Vancouver, Canada, 11/08/21.

Van Bulck, J, Oswald, D, Marin, E, Aldoseri, A, Garcia, FD & Piessens, F 2019, A tale of two worlds: assessing the vulnerability of enclave shielding runtimes. in CCS '19 : Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery (ACM), pp. 1741-1758, 26th ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363206

Verheul, E, Hicks, C & Garcia, FD 2019, IFAL: Issue first activate later certificates for V2X. in Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019., 8806744, Proceedings - 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019, Institute of Electrical and Electronics Engineers (IEEE), pp. 279-293, 4th IEEE European Symposium on Security and Privacy, EURO S and P 2019, Stockholm, Sweden, 17/06/19. https://doi.org/10.1109/EuroSP.2019.00029

Van Den Herrewegen, J & Garcia, F 2018, Beneath the Bonnet: a Breakdown of Diagnostic Security. in Proceedings of the 23rd European Symposium on Research in Computer Security. vol. 11098, Lecture Notes in Computer Science, Springer, 23rd European Symposium on Research in Computer Security, Barcelona, Spain, 3/09/18. https://doi.org/10.1007/978-3-319-99073-6_15

View all publications in research portal