2021 in numbers

My year in numbers for 2021.

Tenure at CISPA

In December 2021, I was awarded tenure at CISPA. My new W3-equivalent position starts on Jan 1st 2022.

CfP: ACNS 2021

The second submission deadline for ACNS is coming up on Jan 15. Consider submitting your work!

2020 in numbers

My year in numbers for 2020.

CfP: CPSS 2021

The Call for Papers for CPSS 2021 was just released.

CfP: CPSS 2021

The deadline for CPSS 2021 is coming up on Jan 27.

Serving as CPSS 2021 Program Co-Chair

Together with the program chair Mauro Conti, I will serve as program co-chair for the 7th ACM Cyber-Physical System Security Workshop in 2021, to be held in Hong Kong (or online).

CfP ACNS 2021 deadline extension

ACNS'21 Deadline extended until Sept 7

Keynote at CPSS 2020

I will give a keynote talk at CPSS, October 6 (online). The tentative title is “Trust, but verify? Perspectives On Industrial Device Security”.

CfP: ACNS 2021

The first submission deadline for ACNS is coming up on Sept 4. Consider submitting your work!

Google’s Security Conference/Journal ranking 2020

An analysis of the Google Metrics 2020 for security venues.

Serving as ACNS 2021 Program Co-Chair

Together with the program chair Kazue Sako, I will serve as program co-chair for the 19th International Conference on Applied Cryptography and Network Security (ACNS) in 2021, to be held in Japan.

SeCon 2020

I will be teaching one day of classes at CISPA’s 2nd edition of the Young Researcher Security Convention in March 2020. My classes will provide an overview of Hot topics in Cyber-Physical Security, for example current approaches to security in practical Industrial Control Systems, and recent research directions to improve the state of the art.

2019 in numbers

My year in numbers for 2019.

Conversion of page to Hugo/Academic

I now finished converting this page (and in particular, the ~80 news posts) to use the Hugo framework with Academic theme.

Public Disclosure of KNOB Attack

We are finally able to announce our KNOB attack work, a project with Daniele Antonioli (SUTD) and Kasper Rasmussen (Oxford). In the work, we show that the Bluetooth protocol as used by billions of devices is broken from a security perspective, and attackers can eavesdrop and manipulate communication in a stealthy way.

Google’s Security Conference/Journal ranking 2019

An analysis of the Google Metrics 2019 for security venues.

Successful PhD Defenses by Daniele and Hamid

My two first PhD students, Daniele Antonioli and Hamid Ghaeini, successfully defended their PhD in Singapore yesterday. Daniele presented his thesis with the title “Design, Implementation, and Evaluation of Secure Cyber-Physical and Wireless Systems”, which included two recent tier one publications. Hamid’s thesis has the title “Threats to Industrial Control Systems and Process-based Countermeasures”, and included a recent RAID paper.

CfP: CPS-SPC 2019

The Call for Papers for CPS-SPC 2019 was just released.

Cyber-Physical System Security School

I will be teaching one day of classes at the Cyber-Physical System Security School at the University of Padova in July 2019.

2018 in numbers

My year in numbers for 2018.

Google’s Security Conference/Journal ranking 2018

An analysis of the Google Metrics 2018 for security venues.

Joining CISPA in August

In August 2018, I will leave SUTD and join CISPA as faculty member. CISPA is a German research center focusing on world-class security research, headed by Michael Backes..

CfP: CPS-SPC 2018

The Call for Papers for CPS-SPC 2018 was just released.

Accepted: CPS-SPC 2018

Our proposal to CCS to co-locate CPS-SPC 2018 was accepted.

Meetup of TUHH Alumni Singapore Chapter + Guests from TUHH

We plan to have another meetup of the local TUHH Alumni chapter on March 27th, 7 pm at Restaurant Brotzeit at Harbourfront!

TPC Service in 2018

In 2018, I was asked to serve as TPC member for three security conferences that are quite important to me: CCS, Esorics, and Wisec.

2017 in numbers

My year in numbers for 2017.

Visit by Ralph Holz

Prof. Ralph Holz from Syndey University will visit SUTD on 7 Nov. At 3pm in LT3, he will give a public talk on the following topic.

Meetup of TUHH Alumni Singapore Chapter + Special Guest

I’m organizing a meetup of TUHH’s Singapore Alumni chapter on Nov 8, 4:30pm-6pm at SUTD. The plan is to give TUHH Alumni a chance to get to know each other, briefly show them the campus, and present research projects we do (e.g., and security research). Afterwards, we can have dinner nearby for everyone interested (self paid). For everyone interested: please write me a quick mail, so I can make sure to keep you updated.

Visit by Debdeep Mukhopadhyay

We are hosting Prof. Debdeep Mukhopadhyay on Oct 12 at SUTD. He will give a public talk with the title Break one link and the whole chain falls apart!: Embedding Security in Things to Cloud. Abstract: With the advent of Internet of Things (IoT) the need and challenges of security have increased manifold. Starting from the miniature devices, which are often resource constrained, to the pervasive omni-present cloud, all avenues for a potential attack need to be mitigated.

Finals of NSE Data Challenge 2017

We held our finals for the National Science Experiment Data Challenge 2017 at SUTD on September 13.

SUTD’s FIRST Industry Workshop 2017

I am happy to announce that my PhD students Hamid and Daniele both won an award each at the FIRST industry workshop, held at SUTD.

Google’s Security Conference/Journal ranking 2017

An analysis of the Google Metrics 2017 for security venues.

SCy-Phy Systems Week 2017 completed

We just concluded our main event for this year, the Secure Cyber-Physical Systems Week at SUTD.

Think-In event at SCy-Phy Systems Week

We have finalized our selection of panelists for the 2-day Think-In event at next week’s SCy-Phy Systems week.

Kopipacket ranks first in Cross-CTF qualifiers

A three-member selection of our Kopipacket team scored first place at the Cross-CTF qualifiers. Congratulations Flavio, John, and Randy!

First place for kopipacket at ICS/SCADA Hacking Competition

Kopipacket placed first in ICS/SCADA Hacking Competition at the 2017 Singapore ICS Cyber Security Conference. Congratulations to our members Eric, Juan and Athul (all working with Prof. Ochoa)!

Best Paper award at CPSS’17

Our paper “SIPHON: Towards Scalable High-Interaction Physical Honeypots” won the best paper award at the 3rd ACM Cyber-Physical System Security Workshop (CPSS), co-located with AsiaCCS.

CfP: CANS 2017

The Call for Papers for CANS 2017 was just released.

SCy-Phy Systems Week 2017

We will organize the third SCy-Phy systems week in June, from 5 June 2017 to 9 June 2017. As part of the event, we will have a 2 day Think-In session with panelists and interactive discussions, and another iteration of the S3 event.

Visit by Ahmad-Reza Sadeghi

We are hosting Professor Ahmad-Reza Sadeghi from TU Darmstadt at SUTD on March 23. He will give a talk at 3:30 in LT3, titled Things, Trouble, Trust: On Building Trust in IoT Systems.

BATADAL Finished

Our Battle of the Attack Detection Algorithms (BATADAL) competition finished yesterday, and we now released the true labels to the participants.


As part of the exercises for my 50.020 Security class, we needed a simple setup to test XSS, SQL injection, and command injection attacks. Instead of using solutions such as the standard OWASP webserver, this year I decided to write my own minimal application (using Python/Flask) which I called YAVW.

2016 in numbers

My year in numbers for 2016.

CfP: Esorics 2017

The Call for Papers for Esorics 2017 was just released.

CfP: Esorics 2017

The Call for Papers for Esorics 2017 was just released.

Kopipacket 2016

Together with Martin Ochoa, I founded SUTD’s first CTF team Kopipacket in January 2016. While we were pretty busy with other things for most of the summer, we still managed to participate in 12 CTF events (with placements between 11th and 893rd). Overall, we end the year on place 209 of the global CTF team leaderboard.

CfP: WiSec 2017

The Call for Papers for WiSec 2017 was just released.

CfP: SEMS 2017

The Call for Papers for SEMS 2017 was just released.

Keynote at RFIDsec 2016

I will give a keynote talk at RFIDsec, December 1, in Hong Kong. The tentative title is “IT+OT=IOT? On Security for Industrial Control Systems”.

Open Positions in NSE project

We have several open positions in the National Science Experiment: Research Assistant (Data analytics, Python), Web Dev (MEAN stack), Research Assistant/PostDoc (Data analytics).

10+ Years of System Security Circus

Davide Balzarotti released the following very nice analysis of academic research on security as published in the Top4 venues in the last 10 years.

CfP: CPSS 2017

The Call for Papers for CPSS 2017 was just released.

TUHH Alumni Chapter in Singapore founded

Yesterday, we met with delegates from my alma mater, the Hamburg University of Technology (TUHH) to officially found the Singaporean Alumni Chapter.

Batadal announced

We have now officially announced the BATADAL competition.

SVN over SSH

I use SVN for my personal documents, research and teaching material. I finally got around to configure the server in what I expect to be a secure and usuable setup for multiple users.

bibrest – RESTful bibtex server

I recently got bibrest into a usable state, a pet project that is aimed at providing dynamic .bib files for websites.


The Call for Papers for RFIDSEC 2016 was just released.

CfP: APS-CPS 2016

The Call for Papers for APS-CPS 2016 was just released.

CfP: SG-CRC 2017

The Call for Papers for SG-CRC 2017 was just released.

Open Positions

My SCy-Phy group is currently looking for at least one Post-Doc from October 2016 onwards. Potential projects are ASPIRE and ReSILIoT.

Google’s Security Conference/Journal ranking 2017

An analysis of the Google Metrics 2017 for security venues.

SCy-Phy Systems week 2016

We are currently preparing for the SCy-Phy Systems week 2016, on July 25-29 2016. The SCy-Phy Systems week is an invitation-only event including one day of panel discussions, two days of practical security assessment and defences using our SWaT testbed, and further outreach activites.

Visit by Prof. Adrian Perrig

I’m hosting Prof. Adrian Perrig from ETH Zurich at SUTD on May 11 2016. He will give a public talk with the following details.

NSE wins SG Mark award

Our National Science Experiment team at SUTD was awarded the SG Mark 2016 from the Design Business Chamber Singapore. More information here.

Visit by Prof. Dieter Gollmann

I’m hosting Prof. Dieter Gollmann from TUHH on March 17 2016. He will give a public talk with the following details.

Google scholar milestone

At the beginning of February 2016, my publications reached 500 citations according to Google scholar.


Together with Asst. Prof. Martín Ochoa, I am currently setting up a team of researchers and students to compete in capture-the-flag (CTF) competitions.

Writing Presentations in Org-mode Markup

For two years now, I am almost exclusively using the toolchain of org-mode+emacs+beamer+pdflatex to prepare my presentations for conferences and lectures. In this post, I want to share the basic setup to quickly reproduce for others.

Call for Papers: SCSP-W 2016

The Call for Papers for SCSP-W 2016 was just released.

National Science Experiment Coverage

Our National Science experiment was recently featured in the Straits Times, our national newspaper. More info here.

Call for Papers: IFIP SEC 2016

The Call for Papers for IFIP Sec 2016 was just released.

Skyhook article on the National Science Project

Skyhook is the localization service we use to determine locations of measurements taken in the National Science Experiment. They did a quick interview on the project with me.

First run of National Science Experiment underway

This week, the first run of the National Science Experiment started with about 15,000 sensor nodes distributed to schools all over Singapore.

SCy-Phy Site Online

We now have a website for the SCy-Phy group at SUTD, follow this link. We will use it to provide updates on our research projects, and the group members.

CfP: SG-CRC 2016

The Call for Papers for SG-CRC 2016 was just released.

Call for Papers: CPSS 2016

The Call for Papers for CPSS 2016 was just released.

ISTD India Recruitment trip

I will visit India (Delhi/Mumbai/Chennai) in September with a SUTD delegation to recruit PhD candidates and researchers.

Challenges and Opportunities in Practical Industrial Control System Security Research

I willl visit the SVA group of Prof. Dieter Gollmann at TUHH. On August 20, 10.30am, I will give an invited talk with the title “Challenges and Opportunities in Practical Industrial Control System Security Research”.

Searching Google Scholar for institution publications/profiles

I recently discovered that you can also use Google scholar to search for all articles hosted by an institution, and all faculty members with a Scholar profile at that institution.

Google’s Security Conference/Journal ranking

An analysis of the Google Metrics for security venues.

SUTD Beamer Theme

For teaching and other presentations, I tend to use LaTeX+ beamer. Unfortunately, the default beamer themes are in my opinion all somewhat overloaded and outdated. I spent some time to built two themes for personal use, I call them the SUTD light and SUTD dark theme.

Secure Water Treatment Testbed launched

SWaT, our testbed for security research on industrial control systems, was launched this week. SWaT faithfully replicates a water treatment system, including the physical process with pipes, tanks, filter, and chemical treatment.

New PhD Student: Hamid

Hamid Reza Ghaeini joined my group as PhD student in January. He earned his MSc from Tarbiat Modares University, Teheran.

National Experiment Grant accepted

Our national experiment proposal was announced by President Dr Tony Tan. This project is led by Prof. Erik Wilhelm of the EPD pillar at SUTD. The project aims to provide Singaporean school students with smart sensors that can be used for scientific experiments at school. In total, it will involve 250,000 students over the next three years.

SUTD-ASPIRE proposal accepted by NRF

NRF has announced the 7 accepted proposals (out of 20) for the National Cybersecurity Research programme, for a total funding of S$42M.

Connecting to SUTD VPN from Ubuntu/Linux

This short post summarizes the settings required to connect to SUTD’s Juniper VPN box from Ubuntu (other distros might slightly differ). This is enabled due to MadScientist’s perl scripting magic, and some trial & error on my side.

Joining CYPRO / iTrust stage 1

I will join the CYPRO project of the iTrust centre as Co-PI. In particular, I will be responsible for the research task Defending against physical attacks. For that grant, I will work together with Dr. He Liang from SUTD.

Project SAFE accepted

My proposal for Project SAFE was accepted by SUTD last week. The project will start in August’14 and is planned to run for three years. Overall funding is 100k SGD.

Website Updated

I started to put of preliminary information on 50.020 Security for Fall term 2014 here. I also added the contact info with some directions.