Daniel De Almeida Braga

prof_pic.jpg

Bat. 12, Office F435

IRISA, Rennes (France)

My research focuses on vulnerabilities in cryptographic implementations, which can be related to the core protocol (if there is an issue in the specification) or implementation-specific (side channels or any information leak). I am also developing a strong interest in microarchitectural security, with practical exploitation.

Since April 1st, I am a research engineer at INRIA, team CAPSULE, working on various ways to improve post-quantum cryptography implementations’ security. I got my PhD from the Universisty of Rennes in 2022, with the supervision of Pierre-Alain Fouque and Mohamed Sabt in the SPICY team (former EMSEC) at IRISA in Rennes. My work was awarded the Google PhD fellowship in Privacy & Security, which allowed me to visit Daniel Gruss’s team CoreSec at Graz University of Technology for 4 months in 2023.

Before starting my PhD, I graduated from Rennes 1’s Cryptography Master in 2018, and worked one year at Amossys (Rennes, France) as a security analyst.

news

Jul 04, 2024 We got Best Paper Award at AsiaCCS 2024 for our paper Generic and Automated Drive-by GPU Cache Attacks from the Browser.
May 03, 2023 I was awarded the Best Thesis award in Mathematics/Computer Science from Fondation Rennes.
Sep 30, 2022 I am part of Usenix Security’23 Artifact Review committee.
Sep 02, 2022 I am a recipient of 2022 Google PhD Fellowship in Privacy and Security.
Jul 01, 2022 Our work on recovering passwords from leaky WPA3 implementations was nominated at Pwnie Award.

selected publications

  1. A*
    “These results must be false”: A usability evaluation of constant-time analysis tools
    Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt , and 4 more authors
    In USENIX Security Symposium , 2024
  2. A
    Generic and Automated Drive-by GPU Cache Attacks from the Browser
    Lukas Giner, Roland Czerny, Christoph Gruber, Fabian Rauscher , and 3 more authors
    In AsiaCCS , 2024
  3. A
    From Dragondoom to Dragonstar: Side-channel Attacks and Formally Verified Implementation of WPA3 Dragonfly Handshake
    Daniel De Almeida Braga, Natalia Kulatova, Mohamed Sabt, Pierre-Alain Fouque , and 1 more author
    In 2023 IEEE 8th European Symposium on Security and Privacy (EuroSP) , Jul 2023
  4. A*
    “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks
    Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt , and 4 more authors
    In IEEE Symposium on Security and Privacy (SP) , May 2022
  5. A*
    PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild
    Daniel De Almeida Braga, Pierre-Alain Fouque, and Mohamed Sabt
    In CCS , May 2021
  6. A
    Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild
    Daniel De Almeida Braga, Pierre-Alain Fouque, and Mohamed Sabt
    In ACSAC , May 2020

services and events

  • Artifact Reviewer: Usenix Security 2023
  • Events: Real World Crypto 2022 (author but not speaker), Workshop on Attacks in Cryptography (WAC) 2021 (speaker)
  • Hackathon: REDOCS 2021 (Privacy in IoT devices)