Publications

For a quick summary of a paper, I recommend viewing the corresponding presentation!

Publications

M. Vanhoef, D. Schepers, and F. Piessens. Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing. In Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2017), Abu Dhabi, United Arab Emirates, 2017. [PDF, SLIDES]

M. Vanhoef. A Security Analysis of the WPA-TKIP and TLS Security Protocols. PhD dissertation, KU Leuven, July 2016. PhD thesis, accepted summa cum laude. [SLIDES]

M. Vanhoef and F. Piessens. Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys. In USENIX Security Symposium, 2016. [SLIDES, CODE]

T. Van Goethem, M. Vanhoef, F. Piessens, and W. Joosens. Request and Conquer: Exposing Cross-Origin Resource Size. In USENIX Security Symposium, 2016.

M. Vanhoef and T. Van Goethem. HEIST: HTTP Encrypted Information can be Stolen through TCP-windows. In Black Hat Briefings, USA, 2016. [SLIDES]

C. Matte, M. Cunche, F. Rousseau, and M. Vanhoef. Defeating MAC Address Randomization Through Timing Attacks. In 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2016.

M. Vanhoef, C. Matte, M. Cunche, L. S. Cardoso, and F. Piessens. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. In Proceedings of the 11th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2016), Xi'an, China, 2016.

M. Vanhoef. A Case For Open Radio Software. Included in a comment submitted to the Federal Register regarding proposed software security rules for radio devices. You can view the formal comment addressing the FCC here.

M. Vanhoef and F. Piessens. All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS. In USENIX Security Symposium, 2015. Won the best student paper award! See www.rc4nomore.com for more info. [SITE, PDF, LIRIAS]

M. Vanhoef and F. Piessens. Advanced WiFi Attacks Using Commodity Hardware. In Annual Computer Security Applications Conference (ACSAC), 2014. [PDF, BIBTEX, LIRIAS, CODE]

W. De Groef, D. Devriese, M. Vanhoef, and F. Piessens, Information flow control for web scripts. In Lecture Notes in Computer Science, volume 8604, 2014. [PDF, BIBTEX, LIRIAS]

M. Vanhoef, W. De Groef, D. Devriese, F. Piessens, and T. Rezk. Stateful Declassification Policies for Event-Driven Programs. In 27th Computer Security Foundations Symposium (CSF 2014), Vienna, Austria, 2014. [PDF, BIBTEX, LIRIAS, FlowFox]

M. Vanhoef and F. Piessens. Practical Verification of WPA-TKIP Vulnerabilities. In Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2013), Hangzhou, China, 2013. [PDF, BIBTEX, LIRIAS]

M. Vanhoef. Privacy in Databases. Master Thesis, Hasselt University, 2012. Under supervision of Jan Van den Bussche.

Presentations

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing, given at ASIA CCS 2017, 2-6 April, Abu Dhabi, United Arab Emirates. [PDF]

Predicting and Abusing WPA2/802.11 Group Keys, given at the 33rd Chaos Communication Congress (33C3), 27-30 December 2016 in Hamburg, Germany. [PDF]

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, given at USENIX Security Symposium 2016, 11-13 August in Austin, Texas. [PDF]

HEIST: HTTP Encrypted Information can be Stolen through TCP-windows, given at Black Hat Briefings 2016, Las Vegas, Nevada. [PDF]

A Security Analysis of the WPA-TKIP and TLS Security Protocols. Public PhD defense, given on 4 July 2016 in Leuven, Belgium. [PDF]

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at USENIX ATC 2016 as an invited speaker, 22-24 June in Denver, Colorado.

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at OWASP Chapter Meeting on 23 May 2016 in Mechelen, Belgium.

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at DRADS 2016, 14-15 April in Leuven, Belgium.

Advanced WiFi Attacks Using Commodity Hardware, given at BruCON 2015, 8-9 October in Ghent, Belgium [PDF]. Extended and more practically oriented presentation of the ACSAC presentation. View on YouTube!

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at USENIX Security 2015, 12-14 August in Washington D.C. [PDF].

Advanced WiFi Attacks Using Commodity Hardware, given at ACSAC 2014, 10-12 December in New Orleans, Louisiana [PDF].

Stateful Declassification Policies for Event-Driven Programs, given at Computer Security Foundations (CSF 2014), 19-22 July in Vienna, Austria [PDF].

The Insecurity of Wi-Fi, given at DRADS 2014, 15-16 May in Leuven, Belgium.

Jammin' Like a Boss: Breaking Bad Wireless, given at HackFu 2013, 28-90 June in Norfolk, United Kingdom.

Practical Verification of TKIP Vulnerabilities, given at ASIA CCS 2013, 7-10 May 2013 in Hangzhou, China.

Stateful Declassification Policies, given at DRADS 2013, 25-26 April in Leuven, Belgium.

Informal Presentation on Vulnerabilities Found in WPA-TKIP, given at KU Leuven, 30 October 2012. This was an informal presentation, and is included here to distribute additional slides.

How you could be hacked, given at AFC café 2012, 25 October in Leuven, Belgium.

New flaws in WPA-TKIP, given at BruCON 2012, 26-27 September in Ghent, Belgium.

How you could be hacked, given at TEDxUhasselt Salon 2012, 23 Februari at UHasselt, Belgium.


Interesting CVEs

Open Source Contributions

Notes