Joeri de Ruiter

Learn More
We describe a largely automated and systematic analysis of TLS implementations by what we call ‘protocol state fuzzing’: we use state machine learning to infer state machines from protocol implementations, using only blackbox testing, and then inspect the inferred state machines to look for spurious behaviour which might be an indication of flaws in the(More)
IMSI catching is a problem on all generations of mobile telecommunication networks, i.e., 2G (GSM, GPRS), 3G (HDSPA, EDGE, UMTS) and 4G (LTE, LTE+). Currently, the SIM card of a mobile phone has to reveal its identity over an insecure plaintext transmission, before encryption is enabled. This identifier (the IMSI) can be intercepted by adversaries that(More)
Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smartcards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes(More)
We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device – a smartcard reader with a display and numeric keyboard – to authorise transactions with their bank card and PIN code. Such a set-up could provide a very strong defence against online attackers,(More)
cMix is a cryptographic protocol for mix networks that uses precomputations of a group-homomorphic encryption function to avoid all real-time public-key operations by the senders, mix nodes, and receivers. Like other mix network protocols, cMix can enable an anonymity service that accepts inputs from senders and delivers them to an output buffer, in a way(More)
State machine learning is a useful technique for automating reverse engineering. In essence, it involves fuzzing different sequences of inputs for a system. We show that this technique can be successfully used to reverse engineer hand-held smartcard readers for Internet banking, by using a Lego robot to operate these devices. In particular, the state(More)
This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa’s payWave and MasterCard’s PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low(More)
Mobile phones are increasingly used for security sensitive activities such as online banking or mobile payments. This usually involves some cryptographic operations, and therefore introduces the problem of securely storing the corresponding keys on the phone. In this paper we evaluate the security provided by various options for secure storage of key(More)
This paper introduces the Smart Logic, which is a flexible smart card research tool that gives complete control over the smart card communication channel for eavesdropping, man-in-the-middle attacks, relaying and card emulation. The hardware is available off-the-shelf at a price of about 100 euros. Furthermore, the necessary firm- and software is open(More)