Publications

For a quick summary of a paper, I recommend viewing the corresponding presentation!

Publications

M. Vanhoef and F. Piessens. Denial-of-Service Attacks Against the 4-way Wi-Fi Handshake. To appear in 9th International Conference on Network and Communications Security (NCS 2017), Dubai, United Arab Emirates, 25-26 November 2017.

M. Vanhoef and F. Piessens. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communication Security (CCS 2017), Dallas, USA, 30 October - 3 November 2017. Won the real-word impact award! [SLIDES]

M. Vanhoef. WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake. In Black Hat Briefings, USA, 2017. [SLIDES]

M. Vanhoef, D. Schepers, and F. Piessens. Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing. In Proceedings of the 12th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2017), Abu Dhabi, United Arab Emirates, 2017. [PDF, SLIDES]

M. Vanhoef. A Security Analysis of the WPA-TKIP and TLS Security Protocols. PhD dissertation, KU Leuven, July 2016. PhD thesis, accepted summa cum laude. [SLIDES]

M. Vanhoef and F. Piessens. Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys. In USENIX Security Symposium, 2016. [SLIDES, CODE]

T. Van Goethem, M. Vanhoef, F. Piessens, and W. Joosens. Request and Conquer: Exposing Cross-Origin Resource Size. In USENIX Security Symposium, 2016.

M. Vanhoef and T. Van Goethem. HEIST: HTTP Encrypted Information can be Stolen through TCP-windows. In Black Hat Briefings, USA, 2016. [SLIDES]

C. Matte, M. Cunche, F. Rousseau, and M. Vanhoef. Defeating MAC Address Randomization Through Timing Attacks. In 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2016.

M. Vanhoef, C. Matte, M. Cunche, L. S. Cardoso, and F. Piessens. Why MAC Address Randomization is not Enough: An Analysis of Wi-Fi Network Discovery Mechanisms. In Proceedings of the 11th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2016), Xi'an, China, 2016.

M. Vanhoef. A Case For Open Radio Software. Included in a comment submitted to the Federal Register regarding proposed software security rules for radio devices. You can view the formal comment addressing the FCC here.

M. Vanhoef and F. Piessens. All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS. In USENIX Security Symposium, 2015. Won the best student paper award! See www.rc4nomore.com for more info. [SITE, PDF, LIRIAS]

M. Vanhoef and F. Piessens. Advanced WiFi Attacks Using Commodity Hardware. In Annual Computer Security Applications Conference (ACSAC), 2014. [PDF, BIBTEX, LIRIAS, CODE]

W. De Groef, D. Devriese, M. Vanhoef, and F. Piessens, Information flow control for web scripts. In Lecture Notes in Computer Science, volume 8604, 2014. [PDF, BIBTEX, LIRIAS]

M. Vanhoef, W. De Groef, D. Devriese, F. Piessens, and T. Rezk. Stateful Declassification Policies for Event-Driven Programs. In 27th Computer Security Foundations Symposium (CSF 2014), Vienna, Austria, 2014. [PDF, BIBTEX, LIRIAS, FlowFox]

M. Vanhoef and F. Piessens. Practical Verification of WPA-TKIP Vulnerabilities. In Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security (ASIA CCS 2013), Hangzhou, China, 2013. [PDF, BIBTEX, LIRIAS]

M. Vanhoef. Privacy in Databases. Master Thesis, Hasselt University, 2012. Under supervision of Jan Van den Bussche.

Presentations

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, keynote given at Wi-Fi Alliance meeting Bucharest, October 24, 2017.

Securely Implementing Network Protocols: Detecting and Preventing Logical Flaws, given as a Black Hat WebCast, August 24, 2017.

WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake, given at Black Hat Briefings 2017, Las Vegas, Nevada. [PDF]

Discovering Logical Vulnerabilities in the Wi-Fi Handshake Using Model-Based Testing, given at ASIA CCS 2017, 2-6 April, Abu Dhabi, United Arab Emirates. [PDF]

Predicting and Abusing WPA2/802.11 Group Keys, given at the 33rd Chaos Communication Congress (33C3), 27-30 December 2016 in Hamburg, Germany. [PDF]

Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys, given at USENIX Security Symposium 2016, 11-13 August in Austin, Texas. [PDF]

HEIST: HTTP Encrypted Information can be Stolen through TCP-windows, given at Black Hat Briefings 2016, Las Vegas, Nevada. [PDF]

A Security Analysis of the WPA-TKIP and TLS Security Protocols. Public PhD defense, given on 4 July 2016 in Leuven, Belgium. [PDF]

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at USENIX ATC 2016 as an invited speaker, 22-24 June in Denver, Colorado.

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at OWASP Chapter Meeting on 23 May 2016 in Mechelen, Belgium.

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at DRADS 2016, 14-15 April in Leuven, Belgium.

Advanced WiFi Attacks Using Commodity Hardware, given at BruCON 2015, 8-9 October in Ghent, Belgium [PDF]. Extended and more practically oriented presentation of the ACSAC presentation. View on YouTube!

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS, given at USENIX Security 2015, 12-14 August in Washington D.C. [PDF].

Advanced WiFi Attacks Using Commodity Hardware, given at ACSAC 2014, 10-12 December in New Orleans, Louisiana [PDF].

Stateful Declassification Policies for Event-Driven Programs, given at Computer Security Foundations (CSF 2014), 19-22 July in Vienna, Austria [PDF].

The Insecurity of Wi-Fi, given at DRADS 2014, 15-16 May in Leuven, Belgium.

Jammin' Like a Boss: Breaking Bad Wireless, given at HackFu 2013, 28-90 June in Norfolk, United Kingdom.

Practical Verification of TKIP Vulnerabilities, given at ASIA CCS 2013, 7-10 May 2013 in Hangzhou, China.

Stateful Declassification Policies, given at DRADS 2013, 25-26 April in Leuven, Belgium.

Informal Presentation on Vulnerabilities Found in WPA-TKIP, given at KU Leuven, 30 October 2012. This was an informal presentation, and is included here to distribute additional slides.

How you could be hacked, given at AFC café 2012, 25 October in Leuven, Belgium.

New flaws in WPA-TKIP, given at BruCON 2012, 26-27 September in Ghent, Belgium.

How you could be hacked, given at TEDxUhasselt Salon 2012, 23 Februari at UHasselt, Belgium.


Interesting CVEs

Open Source Contributions

Notes