This page collects selected academic works - peer-reviewed journal articles, conference proceedings, PhD dissertations, Master's theses, and technical reports - that reference my research, vulnerability disclosures, or tools. Coverage spans from 2004 to 2024 across data privacy and regulation, threat modeling, Bluetooth and wireless security, TLS/SSL security, anti-virus bypass and malware, and online payment vulnerabilities. Inclusion is based on explicit citation or reference to my work or its derivatives; the list is non-exhaustive and continues to grow as new academic output appears.
Sections
- Data Privacy & Regulation
- Threat Modeling & Risk
- Bluetooth & Wireless Security
- Cryptography
- Anti-Virus Bypass, Malware & Fuzzing
- Cashback & Online Payment Vulnerabilities
- Patents
Data Privacy & Regulation
My work on data privacy has spanned academic publication, regulatory litigation, and direct engagement with supervisory authorities. This includes contributions on the extraterritorial enforcement of GDPR - notably the documented dialogue and complaints filed with Luxembourg's CNPD against Rocketreach, Apollo and similar US-based data brokers operating without an EU Article 27 representative - which has been referenced in subsequent legal scholarship and case law commentary on extraterritorial GDPR enforcement.
2024 - Challenges to the Extraterritorial Enforcement of Data Privacy Law - EU Case Study
M. Czerniawski, D. Svantesson - in Dataskyddet 50 år: Historia, aktuella problem och framtid (Data Protection 50 Years: History, Current Problems and Future), Centre for Professional Legal Education, Faculty of Law - ISBN 978-91-89840-02-7
https://doi.org/10.53292/bd1fa11c.f5b3afbe
https://research.bond.edu.au/en/publications/dataskyddet-50-år-historia-aktuella-problem-och-framtid
2022 - Contribution to the Public Consultation on the EDPB Guidelines 05/2021 on the Interplay between Article 3 and Chapter V GDPR International Transfers
Amsterdam Law School Research Paper No. 2022-59
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4185750
Threat Modeling & Risk
The "Attacker Pyramid" / Attacker Classification model first published on this blog and developed further in The Rise of the Vulnerability Markets - History, Impacts, Mitigations (OWASP BENELUX 2011) has been referenced in academic work on cyber threat modeling, malware evolution, and the economics of vulnerability markets.
2013 - Perspectives in Cyber Security: The Future of Cyber Malware
Sandeep Mittal - Indian Journal of Criminology, Vol. 41 (1) & (2)
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2975931
Bluetooth & Wireless Security
Bluetooth research starting in 2006 - including BTCrack (the world's first public Bluetooth PIN and Link-key brute-force tool, co-authored with Eric Sesterhenn; FPGA implementation with David Hulton in 2007; included in BackTrack since 2008), the live demo of a remote root shell over Bluetooth on macOS 10.3.9 / 10.4, custom long-range YAGI antenna work, and the All Your Bluetooth Is Belong To Us (Hack.lu 2006) and 23C3 Bluetooth Hacking Revisited presentations - has been referenced in 30+ peer-reviewed journal articles, IEEE/ACM conference proceedings, and dissertations from 2007 to 2024.
2024 - Low-power Bluetooth/RFID Devices to Track Inventory in the Supply Chain
Asian Journal of Multidisciplinary Research & Review, Vol. 5, Issue 1
https://ajmrr.thelawbrigade.com/article/low-power-bluetooth-rfid-devices-to-track-inventory-in-the-supply-chain/
2022 - Optical Wireless Communications High-Speed Bluetooth Secure Pairing Towards Developing a Trust Protocol
Mantie N. Reid - PhD Thesis, Pace University
https://www.proquest.com/openview/9b6649186a1efd980649355da5c466c8/1
2021 - A Systematic Review of Bluetooth Security Threats, Attacks & Analysis
International Journal of Computer Trends and Technology (IJCTT), vol. 69, no. 7
https://doi.org/10.14445/22312803/IJCTT-V69I7P101
https://doi.org/10.14445/22312803/IJCTT-V69I7P101
2021 - Bluetooth Device Security
University of Zagreb
https://repozitorij.foi.unizg.hr/islandora/object/foi:6780
2020 - SecWIR: Securing Smart Home IoT Communications via Wi-Fi Routers with Embedded Intelligence
MobiSys '20 - Reference 60
https://doi.org/10.1145/3386901.3388941
2020 - Detecting Bluetooth Attacks Against Smartphones by Device Status Recognition
ICAIS 2020
https://doi.org/10.1007/978-3-030-57884-8_11
2019 - Analysis on Bluetooth Security
International Journal of Research in Engineering, Science and Management
https://www.ijresm.com/Vol.2_2019/Vol2_Iss5_May19/IJRESM_V2_I5_249.pdf
2019 - Wi-Fi Channel Saturation as a Mechanism to Improve Passive Capture of Bluetooth Through Channel Usage Restriction
Journal of Network Technology
https://arxiv.org/abs/2002.05126
2018 - Bluetooth Intrusion Detection System (BIDS)
P. Satam, S. Satam, S. Hariri - AICCSA 2018
https://doi.org/10.1109/AICCSA.2018.8612809
2018 - Seguretat en Bluetooth: Anàlisi de Vulnerabilitats
Universitat Oberta de Catalunya
http://openaccess.uoc.edu/webapps/o2/handle/10609/72388
2017 - Penetration Testing and Testing to Diagnose and Detect Vulnerabilities in Wireless Data Networks
E. Katsadouros
http://okeanis.lib.puas.gr/xmlui/handle/123456789/3683
2016 - Data Security in Telehealth and Smart Home Environment
University of Eastern Finland - Master Thesis
https://epublications.uef.fi/pub/urn_nbn_fi_uef-20160946/urn_nbn_fi_uef-20160946.pdf
2015 - A Review on Bluetooth Security Vulnerabilities and a Proposed Prototype Model for Enhancing Security against MITM Attack
IJRSCSE
https://www.arcjournals.org/pdfs/ijrscse/special-issues/irsmt-2015/13.pdf
2015 - Bluetooth Security and Threats
Norwegian Defence Research Establishment (FFI)
https://ffi-publikasjoner.archive.knowledgearc.net/handle/20.500.12242/1115
2015 - Enhancement of Bluetooth Security Authentication Using HMAC
Diallo Alhassane Saliou - Master Thesis, International Islamic University Malaysia
ResearchGate
2014 - Exploiting Bluetooth 4.0 for Secure, Cloud-Enabled Monitoring of Palliative Care Patients
Will Browne - Master Dissertation, Trinity College Dublin
https://www.scss.tcd.ie/publications/theses/diss/2014/TCD-SCSS-DISSERTATION-2014-073.pdf
2013 - Ubertooth - Bluetooth Monitoring und Injection
Martin Herrmann - Technische Universität München
https://doi.org/10.2313/NET-2013-02-1_03
CiteSeerX
2012 - Bluetooth Security Threats and Solutions: A Survey
International Journal of Distributed and Parallel Systems (IJDPS) - Citation Page 137
https://doi.org/10.5121/ijdps.2012.3110
2012 - Analysis of Bluetooth Threats and v4.0 Security Features
S. Sandhya, K. S. Devi - ICCCA 2012
https://doi.org/10.1109/ICCCA.2012.6179149
Semantic Scholar
2012 - Analysis and Mitigation of Vulnerabilities in Short-Range Wireless Communications for Industrial Control Systems
B. Reaves, T. Morris - International Journal of Critical Infrastructure Protection, Vol. 5, Issues 3–4
https://doi.org/10.1016/j.ijcip.2012.10.001
2012 - Theoretical Analysis of Security Features and Weaknesses of Telecommunication Specifications for Smart Metering
Universitat Politècnica de Catalunya - Master Thesis
https://upcommons.upc.edu/handle/2099.1/16014
2012 - Bluetooth Security Analysis for Mobile Phones
João Alfaiate - CISTI 2012
https://ieeexplore.ieee.org/abstract/document/6263117
2011 - BlueSnarf Revisited: OBEX FTP Service Directory Traversal
A. Moreno, E. Okamoto - NETWORKING 2011 Workshops
https://doi.org/10.1007/978-3-642-23041-7_16
2011 - A Secured Bluetooth Based Social Network
N. B.-N. I. Minar, M. Tarique - International Journal of Computer Applications
https://doi.org/10.5120/3069-4196
2011 - Security in Bluetooth, RFID and Wireless Sensor Networks
ICCCS '11
https://doi.org/10.1145/1947940.1948071
2010 - Battery-Sensing Intrusion Protection System Validation Using Enhanced Wi-Fi and Bluetooth Attack Correlation
2009 IEEE 70th Vehicular Technology Conference Fall
https://ieeexplore.ieee.org/abstract/document/5378889
2010 - Bluetooth Sniffing and the PS3
Luke Vincent - College of Engineering and Computer Science
http://courses.cecs.anu.edu.au/courses/CS_PROJECTS/10S2/Reports/Luke Vincent.pdf
2010 - Effects of Wi-Fi and Bluetooth Battery Exhaustion Attacks on Mobile Devices
IEEE - https://doi.org/10.1109/HICSS.2010.170
2010 - Taming the Blue Beast: A Survey of Bluetooth Based Threats
John Paul Dunning - IEEE Security & Privacy, Vol. 8, Issue 2, pp. 20-27
https://doi.org/10.1109/MSP.2010.3
2010 - Cybersecurity Myths on Power Control Systems: 21 Misconceptions and False Beliefs
IEEE Transactions on Power Delivery, Vol. 26, Issue 1
https://doi.org/10.1109/TPWRD.2010.2061872
2009 - Secure Physical Layer using Dynamic Permutations in Cognitive OFDMA Systems
VTC Spring 2009 - IEEE 69th Vehicular Technology Conference
https://doi.org/10.1109/VETECS.2009.5073843
2009 - Security Issues in Pervasive Computing
L. A. Mohammed, K. Munir - Risk Assessment and Management
https://doi.org/10.4018/978-1-60566-220-6.ch010
2008 - Towards Pervasive Computing Security
Proceedings of the World Congress on Engineering 2008, Vol. I
http://iaeng.org/publication/WCE2008/WCE2008_pp810-815.pdf
2008 - Breaking into Bluetooth
Ken Munro - Network Security, Vol. 2008, Issue 6
https://doi.org/10.1016/S1353-4858(08)70074-6
2007 - Studying Bluetooth Malware Propagation: The BlueBag Project
L. Carettoni, C. Merloni, S. Zanero - IEEE Security & Privacy
https://doi.org/10.1109/MSP.2007.43
2007 - Bluetooth Security & Hacks
Andreas Becker - RUB Seminararbeit
CiteSeerX
Cryptography
Following the 2009 disclosure of the TLS renegotiation vulnerability (CVE-2009-3555), the SSL/TLS Compatibility and Hardening Report 2010/2011 (G-SEC), the SSL Audit tool (the first SSL/TLS scanner with a behavioral fingerprinting engine for SChannel, OpenSSL, NSS, Certicom and RSA BSAFE stacks), and the Harden SSL/TLS tool for Windows SCHANNEL hardening, this work has been cited across journal articles, PhD dissertations, and conference proceedings on protocol security, padding oracle attacks, and TLS hardening - including at ACM CCS.
2018 - TLS Sicherheit: Konzept zum Manipulationsschutz eines Zertifikatsspeichers
Alpen-Adria-Universität Klagenfurt - Master Thesis - Citation Zoll11
https://netlibrary.aau.at/obvuklhs/download/pdf/5470621
2017 - Authentication Techniques for Heterogeneous Telephone Networks
Bradley Galloway Reaves - PhD Dissertation, University of Florida - Reference 134
https://ufdcimages.uflib.ufl.edu/UF/E0/05/15/06/00001/REAVES_B.pdf
2017 - Metodología de Hacking Ético para Instituciones Financieras
Universidad de Cuenca - Master Thesis
http://dspace.ucuenca.edu.ec/bitstream/123456789/28552/1/Trabajo de titulación.pdf
2016 - AuthLoop: End-to-end Cryptographic Authentication for Telephony over Voice Channels
B. Reaves, L. Blue, P. Traynor - 25th USENIX Security Symposium
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/reaves
2016 - Securing Medical Devices and Protecting Patient Privacy in the Technological Age of Healthcare
Paul D. Martin - PhD Thesis, The Johns Hopkins University
https://jscholarship.library.jhu.edu/bitstream/handle/1774.2/39692/MARTIN-DISSERTATION-2016.pdf
2016 - A Comprehensive Survey on SSL/TLS and their Vulnerabilities
International Journal of Computer Applications
ResearchGate
2016 - A Strenuous Macroanalysis on the Substratals of Securing Bluetooth Mobile Workforce Devices
Indian Journal of Science and Technology, Vol. 9(48)
https://doi.org/10.17485/ijst/2016/v9i48/89769
2016 - Avoidable SSLStrip Attack with HSTS Countermeasures
Kanagawa University - Computer Security Symposium 2016
http://www.sci.kanagawa-u.ac.jp/info/matsuo/pub/pdf/IPSJCSS2016107.pdf
2015 - Optimizing TLS for Low Bandwidth Environments
FPS 2014: Foundations and Practice of Security
https://doi.org/10.1007/978-3-319-17040-4_10
2015 - Evaluation of TFTP DDoS Amplification Attack
The Cyber Academy, Edinburgh Napier University
https://doi.org/10.1016/j.cose.2015.09.002
2015 - A Segurança das Comunicações dos Sítios Web Disponibilizados pelo Estado Português
http://comum.rcaap.pt/handle/10400.26/10658
2014 - Visualization of SSL Setting Status Such as the FQDN Mismatch
IMIS 2014
https://doi.org/10.1109/IMIS.2014.88
2014 - Modeling and Analyzing Cryptographic Real World Protocols
Florian Bergsma - PhD Thesis, Ruhr-Universität Bochum
https://d-nb.info/1201554365/34
2013 - On the Security of TLS Renegotiation
F. Giesen, F. Kohlar, D. Stebila - Queensland University - ACM CCS '13
https://doi.org/10.1145/2508859.2516694
2013 - Safe Configuration of TLS Connections - Beyond Default Settings
J. Hötz, T. Holz - 6th Symposium on Security Analytics and Automation
https://doi.org/10.1109/SSA.2013.6682755
2013 - Ataques a las comunicaciones sin hilos y sus principales métodos de mitigación
Laura Rasal Blasco - Master Thesis, UOC
http://openaccess.uoc.edu/webapps/o2/bitstream/10609/23181/3/lrasalTFC0613memoria.pdf
2013 - Cyber-security Defense in Large-scale M2M System: Actual Issues and Proposed Solutions
Technische Universität Berlin - SAM 2013
http://worldcomp-proceedings.com/proc/p2013/SAM9763.pdf
2013 - Classifying Network Protocol Implementation Versions: An OpenSSL Case Study
P. D. Martin, M. Rushanan, A. D. Rubin, M. Green, S. Checkoway - Johns Hopkins University
http://jhir.library.jhu.edu/handle/1774.2/36570
2012 - SSL/TLS Status Survey in Japan - Transitioning Against the Renegotiation Vulnerability and Short RSA Key Length Problem
IEEE Asia JCIS
https://doi.org/10.1109/AsiaJCIS.2012.10
2012 - Attacks on Re-keying and Renegotiation in Key Exchange Protocols
Rati Gelashvili - Bachelor Thesis, ETH Zürich
2012 - Countermeasures and Tactics for Transitioning Against the SSL/TLS Renegotiation Vulnerability
IEEE IMIS 2012
https://doi.org/10.1109/IMIS.2012.138
2012 - Analysis of the Functionality, Risks and Counter-Measures of Current Padding Attacks
Alexander Colin Jüttner - Bachelor Thesis, Frankfurt School of Finance and Management
https://www.cryptool.org/assets/img/ctp/documents/BA_Juettner_Padding-Oracle-Attack.pdf
2011 - TLS and Energy Consumption on a Mobile Device: A Measurement Study
J. Schwenk, N. Gruschka - ISCC 2011
https://doi.org/10.1109/ISCC.2011.5983970
2011 - MITM Attacks on SSL/TLS Related to Renegotiation
Thor Siiger Prentow - Technical University of Denmark
2010 - Problems on the Shifts to a New Specification with Countermeasures of the SSL/TLS Renegotiation Vulnerability
Yuji Suga
IPSJ Repository
2010/2011 - SSL/TLS Compatibility and Hardening Report
G-SEC (Thierry Zoller)
https://www.g-sec.lu/practicaltls.pdf
2009–2011 - TLS/SSL Scanner (SSL Audit)
First SSL/TLS scanner with behavioral SSL stack fingerprinting (IIS SChannel, OpenSSL, NSS, Certicom, RSA BSAFE)
https://www.g-sec.lu/practicaltls.pdf
2005 - Porting and Performance Aspects from IPv4 to IPv6: The Case of OpenH323
International Journal of Communication Systems - Reference 32
https://doi.org/10.1002/dac.735
2004 - Performance Evaluation of an IPv6-capable H323 Application
C. Bouras, A. Gkamas, D. Primpas, K. Stamos - IEEE AINA - Reference 7
https://doi.org/10.1109/AINA.2004.1283954
Anti-Virus Bypass, Malware & Fuzzing
Joint research with Sergio Alvarez on anti-virus parsing engine vulnerabilities - presented as The Death of AV Defense in Depth? (CanSecWest) and resulting in remote code execution, denial-of-service, and detection bypass findings across major AV vendors - together with work on malware auto-update man-in-the-middle attacks and fuzzing methodology, has been referenced in peer-reviewed venues including IEEE Symposium on Security and Privacy, ACM Asia CCS, ESORICS, and multiple PhD theses.
2018 - Study of Security Attacks against IoT Infrastructures
The University of Newcastle - ACSRC
https://www.newcastle.edu.au/__data/assets/pdf_file/0020/552017/TR1-ISIF-ASIA.pdf
2017 - Malware Detection Based on Multiple PE Headers Identification and Optimization for Specific Types of Files
Ton Duc Thang University
https://doi.org/10.25073/JAEC.201712.64
http://jaec.vn/index.php/JAEC/article/view/64
2017 - Automatically Inferring Malware Signatures for Anti-Virus Assisted Attack
ASIA CCS '17
https://doi.org/10.1145/3052973.3053002
2016 - From Malware Signatures to Anti-Virus Assisted Attacks
Technische Universität Braunschweig
https://arxiv.org/pdf/1610.06022.pdf
2016 - A Novel Malware for Subversion of Self-Protection in Anti-Virus
Y. Luo, B. Min, V. Varadharajan, S. Nepal - Software: Practice and Experience
https://doi.org/10.1002/spe.2317
2015 - A Security Analysis Method of Antivirus Software Upgrade Process
Journal of Wuhan University (Science Edition)
http://www.cnki.com.cn/Article/CJFDTotal-WHDY201506002.htm
2015 - Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT)
B. Min, V. Varadharajan - ICECCS 2015
https://doi.org/10.1109/ICECCS.2015.19
2015 - Design, Implementation and Evaluation of a Novel Anti-Virus Parasitic Malware
Y. Luo, B. Min, V. Varadharajan, S. Nepal - SAC '15
https://doi.org/10.1145/2695664.2695683
2015 - Error-Correcting Codes as Source for Decoding Ambiguity
N. Šrndić, P. Laskov - 2015 IEEE Security and Privacy Workshops
https://doi.org/10.1109/SPW.2015.28
2014 - Feature-Distributed Malware Attack: Risk and Defence
B. Min, V. Varadharajan - ESORICS 2014
https://doi.org/10.1007/978-3-319-11212-1_26
2014 - Design and Analysis of a New Feature-Distributed Malware
B. Min, V. Varadharajan - IEEE TrustCom 2014
https://doi.org/10.1109/TrustCom.2014.58
2014 - Fuzzing Analysis: Evaluation of Properties for Developing a Feedback-Driven Fuzzer Tool
Kris Gundersen - Master Thesis
https://www.duo.uio.no/bitstream/handle/10852/42126/Gundersen-Master.pdf
2013 - Using Redundancy to Improve Security and Testing
Hui Xue - University of Illinois at Urbana-Champaign
https://www.proquest.com/openview/9df53a733572c49977fa6958412f4d91/1
2012 - PE-Header-Based Malware Study and Detection
University of Georgia
http://cobweb.cs.uga.edu/~liao/PE_Final_Report.pdf
2012 - Abusing File Processing in Malware Detectors for Fun and Profit
J. Oberheide, E. Cooke, F. Jahanian - 2012 IEEE Symposium on Security and Privacy
https://doi.org/10.1109/SP.2012.15
2011 - Making Information Flow Explicit in HiStar
N. Zeldovich, S. Boyd-Wickizer, E. Kohler, D. Mazières - Communications of the ACM, Vol. 54, Issue 11
https://doi.org/10.1145/2018396.2018419
2009 - Client-side Threats and a Honeyclient-based Defense Mechanism, Honeyscout
Christian Clementson - Master Thesis, Linköping University
https://www.diva-portal.org/smash/record.jsf?pid=diva2:233195
2007 - Man-in-the-Middle Attacks on Auto-updating Software
B. M. Luettmann, A. C. Bender - Bell Labs Technical Journal, Vol. 12, Issue 3, pp. 131-138
https://doi.org/10.1002/bltj.20255
Cashback & Online Payment Vulnerabilities
Research into systemic privacy and integrity flaws in cashback and online payment platforms, originally presented at OWASP, exposed weaknesses in widely-used commercial systems.
2011 - Exposing the Lack of Privacy in File Hosting Services
KU Leuven, Belgium - LEET '11
https://limo.libis.be/primo-explore/fulldisplay?docid=LIRIAS1655651
.png)
.png)
