I am a postdoctoral scholar — UCSD CSE fellow
working with Nadia Heninger and Deian Stefan.
I received my PhD in ECE and MSc in CS from WPI under the supervision of Berk Sunar and Thomas Eisenbarth.
I work on computer security and privacy,
side channels and cryptanalysis, and
architectural security primitives.
I have also interned at Cisco Talos working on fuzz testing for
automated vulnerability discovery, and Qualcomm
security initiative (QPSI) working on system-level security of PCIe controllers.
timing conditions in the subsystem for Intel(R) PTT before versions xxx; Intel(R) TXE xxx; Intel(R) SPS before
versions xxx may allow an unauthenticated user to potentially enable information disclosure via network
Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may
allow an authenticated user to potentially enable information disclosure via a side channel with local access.
INTEL-SA-00238/CVE-2019-0162 Memory access in
virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable
information disclosure via local access.
Integrated Performance Primitives Cryptography Library before version 2018 U2.1 does not properly ensure
constant execution time.
SGX SDK and Platform Software (PSW) utilize the Intel IPP Cryptography Library. Vulnerabilities in this
library have been reported that may enable a local attacker utilizing software-based side channels to recover
certain cryptographic keys.
INTEL-SA-00202/CVE-2018-12155 Data leakage in
cryptographic libraries for Intel(R) IPP before 2019 update 1 release may allow an authenticated user to
potentially enable information disclosure via local access.
ST33TPH* TPM 2.0 devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel
timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-19960 In wolfSSL
before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
CVE-2019-19961 In wolfSSL before
4.3.0, RSA key generation uses the non-constant-time BEEA modular inversion algorithm during the generation of
RSA private key parameters, allowing attackers to leak the RSA key via a side-channel attack.
CVE-2019-19962 In wolfSSL before
4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
CVE-2019-19963 In wolfSSL before
4.3.0, DSA signing uses the BEEA algorithm during modular inversion of the nonce without blinding, leading to
a side-channel attack against the nonce.