Ralf-Philipp Weinmann is a postdoctoral researcher at the LACS (Laboratory of Algorithms, Cryptology and Security) in the FSTC (Faculty of Sciences, Technology and Communication) of the University of Luxembourg. He received both his Diplom and his Ph.D. from the Technical University of Darmstadt in Germany.
He mainly enjoys working in symmetric key cryptography and likes to perform practical cryptanalysis of widely deployed algorithms. He also has a strong interest in the security of mobile devices and enjoys reverse-engineering embedded systems.
- Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann: "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization", In Proceedings of 34th IEEE Symposium on Security & Privacy, to be published.
- Ralf-Philipp Weinmann: Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks, 6th USENIX USENIX Workshop on Offensive Technologies (WOOT 2012), USENIX, 2012
- Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann: TorScan: Tracing Long-lived Connections and Differential Scanning Attacks, In Proceedings of ESORICS 2012, LNCS 7459, Springer-Verlag. Freely available version is [eprint.iacr.org/2012/432.pdf IACR ePrint 2012/432].
- Thomas Dullien, Tim Kornau, Ralf-Philipp Weinmann: A framework for automated architecture-independent gadget search, 4th USENIX Workshop on Offensive Technologies (WOOT 2010).
- Karsten Nohl, Erik Tews, Ralf-Philipp Weinmann: Cryptanalysis of the DECT Standard Cipher. In Revised Selected Papers of FSE 2010, Springer-Verlag, to appear. Freely available version can be found on the deDECTed.org project site.
- Carlos Cid, Ralf-Philipp Weinmann: Block ciphers: algebraic cryptanalysis and Groebner bases. In Massimiliano Sala, Teo Mora, Ludovic Perret, Shojiro Sakata, Carlo Traverso: Gröbner Bases, Coding, and Cryptography, pp. 307-327, Springer-Verlag, 2009, ISBN: 978-3-540-93805-7
- Stefan Lucks, Andreas Schuler, Erik Tews, Ralf-Philipp Weinmann, Matthias Wenzel: Attacks on the DECT authentication mechanisms. In Proceedings of CT-RSA 2009, LNCS 5473, pp. 48-65, Springer-Verlag. Freely available version is IACR ePrint 2009/078.
- Dmitry Khovratovich, Ivica Nikolic, Ralf-Philipp Weinmann: Meet-in-the-Middle Attacks on SHA-3 Candidates. In Revised Selected Papers of FSE 2009, LNCS 5665, pp. 228-245, Springer-Verlag
- Ulrich Kühn, Andrei Pyshkin, Erik Tews, Ralf-Philipp Weinmann: Variants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures. In Proceedings of SICHERHEIT 2008, LNI, pp. 97-109, GI-Verlag
- Erik Tews, Ralf-Philipp Weinmann, Andrei Pyshkin: Breaking 104 bit WEP in less than 60 seconds. In Proceedings of WISA 2007, LNCS 4867, pp. 188-202, Springer-Verlag. Freely available version is IACR ePrint 2007/120.
- Fen Liu, Wen Ji, Lei Hu, Jintai Ding, Shuwang Lv, Andrei Pyshkin, Ralf-Philipp Weinmann: Analysis of the SMS4 block cipher. In Proceedings of ACISP 2007, LNCS 4586, pp. 158-170, Springer-Verlag
- Johannes Buchmann, Andrei Pyshkin, Ralf-Philipp Weinmann: A Zero-Dimensional Groebner Basis for AES-128. In Proceedings of FSE 2006, LNCS 4047, pp. 78-88, Springer-Verlag
- Johannes Buchmann, Andrei Pyshkin, Ralf-Philipp Weinmann: Block Ciphers Sensitive to Groebner Basis Attacks. In Proceedings of CT-RSA 2006, LNCS 3860, pp. 313-331, Springer-Verlag
- Ralf-Philipp Weinmann, Kai Wirt: Analysis of the DVB Common Scrambling Algorithm. In CMS 2004, Proceedings of the 8th IFIP TC-6 TC-11 Conference on Communications and Multimedia Security, Springer-Verlag
Conferences & Workshops
- Ralf-Philipp Weinmann: Algebraic Methods in Block Cipher Cryptanalysis, Ph.D. thesis, TU Darmstadt, 2009 (defended on April 16th, 2008). Placed under Creative Commons, NC-ND 2.0
- Ralf-Philipp Weinmann: Evaluating Algebraic Attacks on the AES, Diplomarbeit, TU Darmstadt, 2003. Placed under Creative Commons, NC-ND 2.0
- Rubberhose is software for creating deniably encrypted filesystem containers that I was involved in a very long time ago (you can see this from the Linux kernel line it is targetting). Although it is a very interesting and controversial concept to resist rubberhose cryptanalysis, it never matured out of the alpha stage. The code name for Rubberhose at the time was Marutukku.
- VileFault decrypts encrypted Mac OS X disk image files. It supports both version 1 and 2 of the non-documented proprietary format. It arose out of a reverse-engineering effort that Jacob Appelbaum and I presented at the 23C3 in Berlin. These days it is mostly used by iPhone hackers and jailbreakers to decrypt encrypted disk images.
- APPLE-SA-2010-11-22-1 iOS 4.2, CVE-2010-3832 therein Heap overflow in GSM baseband stack that can lead to remote code execution on the baseband processor (a.k.a TMSI overflow, presented at DeepSec 2010)
- Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability Advisory on the vulnerability Vincenzo Iozzo and I used to win the PWN2OWN contest in the iPhone category this year. The iPhone was the only mobile platform successfully attacked.
- Advisory on side-channel attacks facilitated by Google Native Client. Unfortunately I overlooked that GOOG excluded side-channel attacks in the contest rules. Nonetheless, I still consider this a very big problem with the Google NaCl and will post reliable code for exploiting this issue soon.
Université du Luxembourg, SnT / FSTC
6, rue Richard Coudenhove-Kalergi
office: Campus Kirchberg, E213
email: ralf-philipp DOT weinmann AT uni DOT LU (PGP encrypted mail preferred)
consultation hours: on request.
- In flux at the moment.