Prof. Dr.-Ing. Thomas Eisenbarth
Institutsdirektor
Ratzeburger Allee 160
23562 Lübeck
Gebäude 64, 1. OG,
Raum 043
Email: | thomas.eisenbarth(at)uni-luebeck.de |
Phone: | +49 451 3101 6600 |
Fax: | +49 451 3101 6604 |
About Me
I am Professor for IT Security at University of Lübeck. I received my Ph.D. in ECE from Ruhr University Bochum, Germany, where I worked as a member of the Horst Goertz Institute for IT Security (HGI). From 2010 I spent two years at the Center for Cryptology and Information Security (CCIS) at Florida Atlantic University. In 2012 I joined the Electrical and Computer Engineering Department at WPI. Since August of 2017, I am the Director of the Institute for IT Security at the University of Lübeck.
My research interests are in:
- Applied Cryptology
- Systems security and secure computer architecture
- Side channel analysis, physical attacks and their prevention
- Cloud and virtualization security
Publications
2024
TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX, in Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security , ACM, Oct.2024.
DOI: | 10.1145/3658644.3690230 |
Weblink: | https://uzl-its.github.io/tdxdown/ |
Bibtex: | @INPROCEEDINGS{tdxdownCCS24, author = {Luca Wilke and Florian Sieck and Thomas Eisenbarth}, booktitle = {Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, {CCS} 2024, Salt Lake City, UT, USA, October 14--18, 2024}, title = {{TDXdown}: Single-Stepping and Instruction Counting Attacks against Intel {TDX}}, year = {2024}, doi = {10.1145/3658644.3690230} } |
Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments, in 9th IEEE European Symposium on Security and Privacy, EuroS&P 2024 , IEEE, 2024. pp. 327-344.
DOI: | 10.1109/EUROSP60621.2024.00025 |
Weblink: | https://doi.ieeecomputersociety.org/10.1109/EuroSP60621.2024.00025 |
Weblink: | https://doi.org/10.48550/arXiv.2404.10715 |
Bibtex: | @inproceedings{DBLP:conf/eurosp/DiptaTGME24, author = {Debopriya Roy Dipta and Thore Tiemann and Berk G{\"{u}}lmezoglu and Eduard Marin and Thomas Eisenbarth}, title = {Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments}, booktitle = {9th {IEEE} European Symposium on Security and Privacy, EuroS{\&}P 2024, Vienna, Austria, July 8-12, 2024}, pages = {327--344}, publisher = {{IEEE}}, year = {2024}, url = {https://doi.org/10.1109/EuroSP60621.2024.00025}, doi = {10.1109/EUROSP60621.2024.00025} } |
Obelix: Mitigating Side-Channels Through Dynamic Obfuscation, in 2024 IEEE Symposium on Security and Privacy (S&P) , San Francisco, CA, USA: IEEE, 2024. pp. 4182-4199.
DOI: | 10.1109/SP54263.2024.00261 |
Weblink: | https://doi.ieeecomputersociety.org/10.1109/SP54263.2024.00261 |
Polynomial sharings on two secrets: Buy one, get one free, in IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) , 2024. pp. 671-706.
DOI: | 10.46586/tches.v2024.i3.671-706 |
File: | 11691 |
SEV-Step: A Single-Stepping Framework for AMD-SEV, in IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) , 2024. pp. 180-206.
DOI: | 10.46586/tches.v2024.i1.180-206 |
File: | 10792 |
SWAT: Modular Dynamic Symbolic Execution for Java Applications using Dynamic Instrumentation (Competition Contribution), in Tools and Algorithms for the Construction and Analysis of Systems - 30th International Conference, TACAS 2024, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2024, Luxembourg City, Luxembourg, April 6-11, 2024, Proceedings, Part III , Bernd Finkbeiner and Laura Kovács, Eds. Springer, 2024. pp. 399-405.
DOI: | 10.1007/978-3-031-57256-2_28 |
File: | 978-3-031-57256-2_28 |
Microarchitectural Vulnerabilities Introduced, Exploited, and Accelerated by Heterogeneous FPGA-CPU Platforms, in Security of FPGA-Accelerated Cloud Computing Environments , Szefer, Jakub and Tessier, Russell, Eds. Cham: Springer International Publishing, 2024, pp. 203-237.
DOI: | 10.1007/978-3-031-45395-3_8 |
ISBN: | 978-3-031-45395-3 |
Bibtex: | @inbook{tiemann2024fpgaplatform, author = {Tiemann, Thore and Weissman, Zane and Eisenbarth, Thomas and Sunar, Berk}, editor = {Szefer, Jakub and Tessier, Russell}, title = {Microarchitectural Vulnerabilities Introduced, Exploited, and Accelerated by Heterogeneous {FPGA-CPU} Platforms}, bookTitle = {Security of FPGA-Accelerated Cloud Computing Environments}, year = {2024}, publisher = {Springer International Publishing}, pages = {203--237}, isbn = {978-3-031-45395-3}, doi = {10.1007/978-3-031-45395-3_8}, url = {https://doi.org/10.1007/978-3-031-45395-3_8}, } |
2023
TeeJam: Sub-Cache-Line Leakages Strike Back, in IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) , Dec.2023. pp. 457-500.
DOI: | 10.46586/tches.v2024.i1.457-500 |
Weblink: | https://tches.iacr.org/index.php/TCHES/article/view/11259 |
Bibtex: | @article{Sieck_Zhang_Berndt_Chuengsatiansup_Eisenbarth_Yarom_2023, title={TeeJam: Sub-Cache-Line Leakages Strike Back}, volume={2024}, url={https://tches.iacr.org/index.php/TCHES/article/view/11259}, DOI={10.46586/tches.v2024.i1.457-500}, number={1}, journal={IACR Transactions on Cryptographic Hardware and Embedded Systems}, author={Sieck, Florian and Zhang, Zhiyuan and Berndt, Sebastian and Chuengsatiansup, Chitchanok and Eisenbarth, Thomas and Yarom, Yuval}, year={2023}, month={Dec.}, pages={457–500} } |
SystemC Model of Power Side-Channel Attacks Against AI Accelerators: Superstition or not?, in 2023 IEEE/ACM International Conference on Computer Aided Design (ICCAD) , IEEE/ACM, Nov.2023. pp. 1-8.
DOI: | 10.1109/ICCAD57390.2023.10323687 |
Weblink: | https://arxiv.org/abs/2311.13387 |
Combined Fault and Leakage Resilience: Composability, Constructions and Compiler, in Advances in Cryptology - CRYPTO 2023 - 43rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20-24, 2023, Proceedings, Part III , Helena Handschuh and Anna Lysyanskaya, Eds. Cham: Springer, 2023. pp. 377-409.
DOI: | 10.1007/978-3-031-38548-3_13 |
ISBN: | 978-3-031-38548-3 |
File: | 978-3-031-38548-3_13 |
Madvex: Instrumentation-based Adversarial Attacks on Machine Learning Malware Detection, in Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) - 20th International Conference , Daniel Gruss and Federico Maggi and Mathias Fischer and Michele Carminati, Eds. Springer, 2023. pp. 69-88.
DOI: | 10.1007/978-3-031-35504-2_4 |
Weblink: | https://arxiv.org/abs/2305.02559 |
MAMBO-V: Dynamic Side-Channel Leakage Analysis on RISC-V, in Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) - 20th International Conference , Daniel Gruss and Federico Maggi and Mathias Fischer and Michele Carminati, Eds. Springer, 2023. pp. 3-23.
DOI: | 10.1007/978-3-031-35504-2_1 |
Weblink: | https://arxiv.org/abs/2305.00584 |
Okapi: A Lightweight Architecture for Secure Speculation Exploiting Locality of Memory Accesses, 2023.
Weblink: | https://arxiv.org/abs/2312.08156 |
Bibtex: | @misc{schmitz2023okapi, author = {Philipp Schmitz and Tobias Jauch and Alex Wezel and Mohammad R. Fadiheh and Thore Tiemann and Jonah Heller and Thomas Eisenbarth and Dominik Stoffel and Wolfgang Kunz}, title = {Okapi: A Lightweight Architecture for Secure Speculation Exploiting Locality of Memory Accesses}, year = {2023}, eprint = {2312.08156}, archivePrefix = {arXiv}, primaryClass = {cs.CR}, url = {https://doi.org/10.48550/arXiv.2312.08156}, doi = {10.48550/arXiv.2312.08156}, } |
Overcoming the Pitfalls of HPC-based Cryptojacking Detection in Presence of GPUs, in Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy, CODASPY 2023, Charlotte, NC, USA, April 24-26, 2023 , Mohamed Shehab and Maribel Fernandez and Ninghui Li, Eds. ACM, 2023. pp. 177-188.
DOI: | 10.1145/3577923.3583655 |
File: | 3577923.3583655 |
Subversion-Resilient Authenticated Encryption Without Random Oracles, in Applied Cryptography and Network Security - 21st International Conference, ACNS 2023, Kyoto, Japan, June 19-22, 2023, Proceedings, Part II , Mehdi Tibouchi and Xiaofeng Wang, Eds. Springer, 2023. pp. 460-483.
DOI: | 10.1007/978-3-031-33491-7_17 |
File: | 978-3-031-33491-7_17 |
"Act natural!": Exchanging Private Messages on Public Blockchains, in 8th IEEE European Symposium on Security and Privacy, EuroS&P 2023 , IEEE, 2023. pp. 292-308.
DOI: | 10.1109/EuroSP57164.2023.00026 |
Weblink: | https://doi.ieeecomputersociety.org/10.1109/EuroSP57164.2023.00026 |
Weblink: | https://eprint.iacr.org/2021/1073 |
File: | Dateilink |
Bibtex: | @inproceedings{tiemann2023actnatural, author = {Thore Tiemann and Sebastian Berndt and Thomas Eisenbarth and Maciej Liskiewicz}, title = {"Act natural!": Exchanging Private Messages on Public Blockchains}, booktitle = {8th {IEEE} European Symposium on Security and Privacy, EuroS{\&}P 2023, Delft, Netherlands, July 3-7, 2023}, pages = {292--308}, publisher = {{IEEE}}, year = {2023}, url = {https://doi.org/10.1109/EuroSP57164.2023.00026}, doi = {10.1109/EUROSP57164.2023.00026} } |
Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software, in 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9-11, 2023 , Joseph A. Calandrino and Carmela Troncoso, Eds. USENIX Association, 2023. pp. 6789-6806.
DOI: | 10.48550/arXiv.2210.13124 |
File: | wichelmann |
IOTLB-SC: An Accelerator-Independent Leakage Source in Modern Cloud Systems, in Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2023 , Joseph K. Liu and Yang Xiang and Surya Nepal and Gene Tsudik, Eds. ACM, 2023. pp. 827-840.
DOI: | 10.1145/3579856.3582838 |
Weblink: | https://arxiv.org/abs/2202.11623 |
File: | Dateilink |
Bibtex: | @inproceedings{tiemann2023iotlbsc, author = {Thore Tiemann and Zane Weissman and Thomas Eisenbarth and Berk Sunar}, editor = {Joseph K. Liu and Yang Xiang and Surya Nepal and Gene Tsudik}, title = {{IOTLB-SC:} An Accelerator-Independent Leakage Source in Modern Cloud Systems}, booktitle = {Proceedings of the 2023 {ACM} Asia Conference on Computer and Communications Security, {ASIA} {CCS} 2023, Melbourne, VIC, Australia, July 10-14, 2023}, pages = {827--840}, publisher = {{ACM}}, year = {2023}, url = {https://doi.org/10.1145/3579856.3582838}, doi = {10.1145/3579856.3582838} } |
2022
A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP, in 2022 IEEE Symposium on Security and Privacy (SP) , San Francisco, CA, USA: IEEE, 2022. pp. 337-351.
DOI: | 10.1109/SP46214.2022.9833768 |
Weblink: | https://doi.ieeecomputersociety.org/10.1109/SP46214.2022.9833768 |
ASAP: Algorithm Substitution Attacks on Cryptographic Protocols, in Proceedings of the 2022 ACM Asia Conference on Computer and Communications Security , ACM, 2022. pp. 712-726.
DOI: | 10.1145/3488932.3517387 |
ISBN: | 9781450391405 |
File: | 3488932.3517387 |
Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications, in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, November 7-11, 2022 , Heng Yin and Angelos Stavrou and Cas Cremers and Elaine Shi, Eds. ACM, 2022. pp. 2915-2929.
DOI: | 10.1145/3548606.3560654 |
File: | 3548606.3560654 |
2021
Nano Security: From Nano-Electronics to Secure Systems, in Design, Automation & Test in Europe Conference & Exhibition, DATE 2021, Grenoble, France, February 1-5, 2021 , IEEE, 2021. pp. 1334-1339.
DOI: | 10.23919/DATE51398.2021.9474187 |
Util: : Lookup: Exploiting Key Decoding in Cryptographic Libraries, in CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security , Yongdae Kim and Jong Kim and Giovanni Vigna and Elaine Shi, Eds. ACM, 2021. pp. 2456-2473.
DOI: | 10.1145/3460120.3484783 |
File: | 3460120.3484783 |
undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation, in 2021 IEEE Security and Privacy Workshops (SPW) , 2021. pp. 456-466.
DOI: | 10.1109/SPW53761.2021.00064 |
File: |
Side-Channel Protections for Picnic Signatures, IACR Transactions on Cryptographic Hardware and Embedded Systems , vol. 2021, no. 4, pp. 239-282, 2021.
DOI: | 10.46586/tches.v2021.i4.239-282 |
File: | 9066 |
- Staff
- Thomas Eisenbarth
- Esfandiar Mohammadi
- Paula Arnold
- Jeremy Boy
- Finn Burmester
- Till Eifert
- Tim Gellersen
- Jonah Heller
- Kristoffer Hempel
- Timothy Imort
- Moritz Kirschte
- Marven Kummerfeldt
- Johannes Liebenow
- Nils Loose
- Felix Mächtle
- Felix Maurer
- Sebastian Meiser
- Anna Pätschke
- Pajam Pauls
- Thorsten Peinemann
- Christopher Peredy
- Tammo Polle
- Yannik Potdevin
- Claudius Pott
- Anja Rabich
- Jonas Sander
- Ines Schiebahn
- Yara Schütt
- Jan-Niclas Serr
- Florian Sieck
- Annika Strang
- Thore Tiemann
- Alexander Treff
- Jan Wichelmann
- Luca Wilke