Raphael Spreitzer
Group Manager
Bio
I am a Group Manager | Principal Security Expert at SGS (Connectivity & Products). Before joining SGS, I was a postdoctoral researcher (2017–2018) and a research assistant (2012–2017) in the Secure Systems group at IAIK, Graz University of Technology. I obtained a PhD degree (Dr. techn.) in computer science with distinction from Graz University of Technology in 2017. My main research interests are information security with a special focus on software-based side-channel attacks (e.g., microarchitectural attacks, cache-timing attacks, and attacks exploiting public resources on Android), and practical applications of privacy-enhancing technologies (e.g., group signature schemes and revocation mechanisms).
For information about my professional activites, such as reviewing activites and teaching activites, please refer to the Professional Activites section.
Publications
Below you can find a list of my publications.
Full Version Publisher Version Slides Web Bibtex Additional Material
| Conference Papers | ||||||||
|---|---|---|---|---|---|---|---|---|
| 2020 | Samuel Weiser, David Schrammel, Lukas Bodner, Raphael Spreitzer - "Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations" - USENIX Security 2020. |
|
||||||
| 2018 | Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, Georg Sigl - "DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries" - USENIX Security 2018. |
|
||||||
| 2018 | Raphael Spreitzer, Gerald Palfinger, Stefan Mangard - "SCAnDroid: Automated Side-Channel Analysis of Android APIs" - WISEC 2018. |
|
||||||
| 2018 | Johannes Feichtner, David Missmann, Raphael Spreitzer - "Automated Binary Analysis on iOS - A Case Study on Cryptographic Misuse in iOS Applications" - WISEC 2018. |
|
||||||
| 2018 | Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, Stefan Mangard - "ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android" - ASIACCS 2018, CVE-2019-9277. |
|
||||||
| 2018 | Samuel Weiser, Raphael Spreitzer, Lukas Bodner - "Single Trace Attack Against RSA Key Generation in Intel SGX SSL" - ASIACCS 2018. |
|
||||||
| 2018 | Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard - "KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks" - NDSS 2018. |
|
||||||
| 2016 | Daniel Slamanig, Raphael Spreitzer, Thomas Unterluggauer - "Linking-Based Revocation for Group Signatures: A Pragmatic Approach for Efficient Revocation Checks" - Mycrypt 2016. |
|
||||||
| 2016 | Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard - "ARMageddon: Cache Attacks on Mobile Devices" - USENIX Security 2016. |
|
||||||
| 2016 | Raphael Spreitzer, Simone Griesmayr, Thomas Korak, Stefan Mangard - "Exploiting Data-Usage Statistics for Website Fingerprinting Attacks on Android" - WISEC 2016. |
|
||||||
| 2016 | Olivier Blazy, David Derler, Daniel Slamanig, Raphael Spreitzer - "Non-Interactive Plaintext (In-)Equality Proofs and Group Signatures with Verifiable Controllable Linkability" - CT-RSA 2016. |
|
||||||
| 2015 | Hannes Gross, Marko Hölbl, Daniel Slamanig, Raphael Spreitzer - "Privacy-Aware Authentication in the Internet of Things" - CANS 2015. |
|
||||||
| 2015 | Lukas Zoscher, Jasmin Grosinger, Raphael Spreitzer, Ulrich Muehlmann, Hannes Gross, Wolfgang Bösch - "Concept for a Security Aware Automatic Fare Collection System Using HF/UHF Dual Band RFID Transponders" - ESSDERC 2015. |
|
||||||
| 2015 | Daniel Gruss, Raphael Spreitzer, Stefan Mangard - "Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches" - USENIX Security 2015. |
|
||||||
| 2014 | Raphael Spreitzer - "PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices" - SPSM@CCS 2014. |
|
||||||
| 2014 | Daniel Slamanig, Raphael Spreitzer, Thomas Unterluggauer - "Adding Controllable Linkability to Pairing-Based Group Signatures for Free" - ISC 2014. |
|
||||||
| 2014 | Raphael Spreitzer, Benoît Gérard - "Towards More Practical Time-Driven Cache Attacks" - WISTP 2014. |
|
||||||
| 2014 | Raphael Spreitzer, Jörn-Marc Schmidt - "Group-Signature Schemes on Constrained Devices: The Gap Between Theory and Practice" - CS2@HiPEAC 2014. |
|
||||||
| 2013 | Raphael Spreitzer, Thomas Plos - "On the Applicability of Time-Driven Cache Attacks on Mobile Devices" - NSS 2013. |
|
||||||
| 2013 | Raphael Spreitzer, Thomas Plos - "Cache-Access Pattern Attack on Disaligned AES T-Tables" - COSADE 2013. |
|
||||||
| Journal Papers | ||||||||
|---|---|---|---|---|---|---|---|---|
| 2018 | Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, Stefan Mangard - "Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices" - IEEE Communications Surveys & Tutorials, 20(1), 2018. |
|
||||||
| 2016 | Lukas Zoscher, Raphael Spreitzer, Hannes Gross, Jasmin Grosinger, Ulrich Muehlmann, Dominik Amschl, Hubert Watzinger, Wolfgang Bösch - "HF/UHF Dual Band RFID Transponders for an Information-Driven Public Transportation System" - Elektrotechnik und Informationstechnik, 133(3), 2016. |
|
||||||
| Talks (w/o Proceedings) | ||||||||
|---|---|---|---|---|---|---|---|---|
| 2022 | Raphael Spreitzer - "Cybersecurity Evaluations of Medical Devices and Support Activities" - European Medical Device Cybersecurity Conference, Brussels, Belgium, May 18, 2022. |
|
||||||
| 2021 | Raphael Spreitzer - "Determining a Minimum Set of Cybersecurity Requirements for Medical Devices" - European Medical Device Cybersecurity Virtual Conference, Virtual Conference, October 6, 2021. |
|
||||||
| 2020 | Raphael Spreitzer - "Certifying IoT Devices: Challenges from the Real World" - International Common Criteria Conference 2020, Virtual Conference, November 18, 2020. |
|
||||||
| 2019 | Raphael Spreitzer - "Security Testing: Fuzzing - How to Break Things with Random Input" - Graz Security Days for Industry 2019, Graz, Austria, September 19, 2019. |
|
||||||
| 2016 | Raphael Spreitzer - "Android Side-Channel Attacks and Defenses" - Panel discussion at WISEC 2016, Darmstadt, Germany, July 18, 2016. |
|
||||||
| 2014 | Raphael Spreitzer - "PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices" - Summer School on Smart & Mobile Device Security and Privacy 2014, Padua, Italy, September 5, 2014. |
|
||||||
| 2014 | Raphael Spreitzer - "Attack Scenarios in RFID Applications" - RFIDeas 2014, Graz, Austria, May 21, 2014. |
|
||||||
| Theses | ||||||||
|---|---|---|---|---|---|---|---|---|
| 2017 | Raphael Spreitzer - "Enhancements for Group Signatures and Side-Channel Attacks on Mobile Devices" - PhD Thesis, Graz University of Technology, 2017. |
|
||||||
| 2012 | Raphael Spreitzer - "On the Applicability of Cache Attacks on Mobile Devices" - Master's Thesis, Graz University of Technology, 2012. |
|
||||||
Professional Activities
Below you can find a list of professional activities and teaching activites.
Program Committee
- Security Standardisation Research 2020
- Workshop on Industrial Security and IoT @ ARES 2020
- Workshop on Industrial Security and IoT @ ARES 2019
- SICHERHEIT 2018
Conference Refereeing
- 2018: ICDCS, ISC
- 2017: SPACE
- 2016: ARES, ASIACRYPT
- 2015: EUROCRYPT, FSE
- 2014: CHES, DATE, EUROCRYPT, INTRUST
- 2013: CARDIS, COSADE, IEEE RFID, SAC
- 2012: CARDIS
Journal Refereeing
- Computers & Security
- IEEE Access
- IEEE Control Systems Letters
- IEEE Transactions on Information Forensics and Security
- Journal of Information Security and Applications
- Pervasive and Mobile Computing
- The Computer Journal (Oxford University Press)
Teaching Activites
- Secure Product Lifecycle, at Graz University of Technology (2020–2021)
- Embedded Security, at Graz University of Technology (2016–2018)
- Supervision of seminar projects, Bachelor's Theses, and Master's Theses, at Graz University of Technology (2012–2018)