Daniel De Almeida Braga

prof_pic.jpg

My research focuses on vulnerabilities in cryptographic implementations, which can be related to the core protocol (if there is an issue in the specification) or implementation-specific (side channels or any information leak). I am also developing a strong interest in microarchitectural security, with practical exploitation.

Starting April 1st, I will be a research engineer at INRIA, team CAPSULE, working on various ways to improve post-quantum cryptography implementations’ security. I got my PhD from the Universisty of Rennes in 2022, with the supervision of Pierre-Alain Fouque and Mohamed Sabt in the SPICY team (former EMSEC) at IRISA in Rennes. My work was awarded the Google PhD fellowship in Privacy & Security, which allowed me to visit Daniel Gruss’s team CoreSec at Graz University of Technology for 4 months in 2023.

Before starting my PhD, I graduated from Rennes 1’s Cryptography Master in 2018, where I acquired the mathematical background needed to understand the underlying mechanisms of cryptography. Then, I worked one year at Amossys (Rennes, France) as a security analyst, where I could get my hands on real-world crypto implementations. It also pushed me to enlarge my CS knowledge and develop more practical skills.

news

May 3, 2023 I was awarded the Best Thesis award in Mathematics/Computer Science from Fondation Rennes.
Sep 30, 2022 I am part of Usenix Security’23 Artifact Review committee.
Sep 2, 2022 I am a recipient of 2022 Google PhD Fellowship in Privacy and Security.
Jul 1, 2022 Our work on recovering passwords from leaky WPA3 implementations was nominated at Pwnie Award.
Nov 5, 2021 I participated to REDOCS 2021: “Risques des objets connectés sur la vie privée” avec la CNIL

awards

May 3, 2023 Best Thesis award in Mathematics/Computer Science from Fondation Rennes.
Sep 2, 2022 Awarded with the Google PhD Fellowship 2022 (Privacy and Security).
Mar 1, 2021 ProtonMail Security Contributor following the disclosure of our PARASITE attack.
Nov 8, 2020 Second place at CSAW Applied Research competition (Europe) 2020

selected publications

  1. A*
    “These results must be false”: A usability evaluation of constant-time analysis tools
    Fourné, Marcel,  De Almeida Braga, Daniel, Jancar, Jan, Sabt, Mohamed, Schwabe, Peter, Barthe, Gilles, Fouque, Pierre-Alain, and Acar, Yasemin
    In USENIX Security Symposium, 2024
  2. A
    Generic and Automated Drive-by GPU Cache Attacks from the Browser
    Giner, Lukas, Czerny, Roland, Gruber, Christoph, Rauscher, Fabian, Kogler, Andreas,  De Almeida Braga, Daniel, and Gruss, Daniel
    In AsiaCCS, 2024
  3. A
    From Dragondoom to Dragonstar: Side-channel Attacks and Formally Verified Implementation of WPA3 Dragonfly Handshake
    De Almeida Braga, Daniel, Kulatova, Natalia, Sabt, Mohamed, Fouque, Pierre-Alain, and Bhargavan, Karthikeyan
    In 2023 IEEE 8th European Symposium on Security and Privacy (EuroSP), Jul 2023
  4. A*
    “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks
    Jancar, Jan, Fourné, Marcel,  De Almeida Braga, Daniel, Sabt, Mohamed, Schwabe, Peter, Barthe, Gilles, Fouque, Pierre-Alain, and Acar, Yasemin
    In IEEE Symposium on Security and Privacy (SP), May 2022
  5. A*
    PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild
    De Almeida Braga, Daniel, Fouque, Pierre-Alain, and Sabt, Mohamed
    In CCS, May 2021
  6. A
    Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild
    De Almeida Braga, Daniel, Fouque, Pierre-Alain, and Sabt, Mohamed
    In ACSAC, May 2020

services and events

  • Artifact Reviewer: Usenix Security 2023
  • Events: Real World Crypto 2022 (author but not speaker), Workshop on Attacks in Cryptography (WAC) 2021 (speaker),
  • Hackathon: REDOCS 2021 (Privacy in IoT devices)