University of Cambridge logo
Hello there! I've left the Computer Lab in June 2010, and am now working for my company, boldport. What you see under http://www.saardrimer.com/sd410 is a mirror of what used to be at http://www.cl.cam.ac.uk/~sd410. These pages will rarely be updated from now on, so you may want to visit saardrimer.com for the most recent information.

Saar Drimer

Welcome.

saar drimer

I am a post-doc ("Research Associate") with the Computer Architecture Group at the Computer Laboratory, University of Cambridge; I've earned my PhD on "Security for volatile FPGAs" in September 2009. I'm also a member of Darwin College. I am mainly interested in the security attributes of programmable logic devices, though I've been involved with several interesting projects on banking systems security.

I was born and raised in Israel, most of the years living in Jerusalem. Every now and then I write personal observations about the world on my (now-not-so-active) weblog, "Side Channels". See also my LinkedIn profile, and attempts at being witty on Twitter.

Years ago I started the FPGA design security bibliography, which isn't maintained anymore.

Contact Info

saardrimer@gmail.com (email is by far the best way to reach me)

Saar Drimer
University of Cambridge
Computer Laboratory
15 JJ Thomson Avenue
Cambridge CB3 0FD
United Kingdom

paper trail:

Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond:
Chip and PIN is broken
31st IEEE Symposium on Security & Privacy, 5/2010. Awarded "Best Practical Paper".
[blog article][press release][FAQ][BBC Newsnight video/YouTube]

Saar Drimer, Tim Güneysu and Christof Paar:
DSPs, BRAMs and a pinch of logic: extended recipes for AES on FPGAs,
ACM Transactions on Reconfigurable Technology and Systems, Issue 3, Volume 1, 1/2010
[source code]

Saar Drimer, Steven J. Murdoch and Ross Anderson:
Failures of tamper-proofing in PIN entry devices,
IEEE Security & Privacy magazine (invited), 11-12/2009

Saar Drimer:
Security for volatile FPGAs
PhD dissertation, 9/2009
[source code] [bibtex]

Saar Drimer and Markus Kuhn:
A protocol for secure remote updates of FPGA configurations,
5th International Workshop on Applied Reconfigurable Computing, 3/2009.
[slides]

Saar Drimer, Steven J. Murdoch and Ross Anderson:
Optimised to fail: card readers for online banking,
13th International Conference on Financial Cryptography and Data Security, 2/2009.
[related BBC video]

Gerhard P. Hancke and Saar Drimer:
Secure proximity identification for RFID
Book chapter in "Security in RFID and Sensor Networks", Zhang and Kitsos (Eds), Auerbach Publications, Taylor & Francis Group 4/2009.

Saar Drimer, Tim Güneysu, Markus G. Kuhn and Christof Paar:
Protecting multiple cores in a single FPGA design,
Draft, written 5/2008, available on-line 8/2008.

Saar Drimer, Steven J. Murdoch and Ross Anderson:
Thinking inside the box: system-level failures of tamper proofing,
IEEE Symposium on Security and Privacy, 5/2008. Awarded "Best Practical Paper".
[bibtex] [extended version] [poster] [FAQ] [related BBC video]

Saar Drimer, Tim Güneysu and Christof Paar:
DSPs, BRAMs and a pinch of logic: new recipes for AES on FPGAs,
IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM), 4/2008.
[bibtex] [source code]

Saar Drimer:
Volatile FPGA design security -- a survey,
unpublished, 4/2008 (version 0.96).
[bibtex]

Saar Drimer and Steven J. Murdoch:
Keep your enemies close: distance bounding against smartcard relay attacks,
16th USENIX Security Symposium, 8/2007. Awarded "Best Student Paper".
[bibtex] [slides] [poster] [related BBC video]

Saar Drimer:
Authentication of FPGA bitstreams: why and how,
3rd International Workshop on Applied Reconfigurable Computing, 3/2007.
[bibtex]

Austin Lesea, Saar Drimer, Joe Fabula, Carl Carmichael and Peter Alfke:
The Rosetta experiment: atmospheric soft error rate testing in differing technology FPGAs,
IEEE Transactions on Device and Materials Reliability (invited paper), 9/2005.
[bibtex]

talks:

Chip & PIN -- notes on a dysfunctional security system,
The Institution of Engineering and Technology (IET), Cambridge, UK, 2010-03-05 (60 minutes)

Three years of EMV: attacks and lessons,
SEC-T 2009, Stockholm, Sweden, 2009-09-10, (60 minutes)

Reproducing and benchmarking FPGA designs,
Workshop on Cryptographic Hardware and Embedded Systems (CHES), panelist, EPFL, Lausanne, Switzerland, 2009-09-08 (15 minutes)

On the security of EMV payment systems,
Université de Bretagne-Sud Lorient, France, 2009-07-01, (60 minutes)

A protocol for secure remote updates of FPGA configurations,
5th International Workshop on Applied Reconfigurable Computing, Karlsruhe Institute of Technology, Germany 2009-03-16 (20 minutes)

Volatile FPGA security -- current problems and possible solutions,
Computer Science Department, University of Bristol, UK, 2008-10-30, (60 minutes)

Security vulnerabilities of Chip and PIN,
Computer Laboratory "Show and Tell Event", Cambridge, UK, 2008-09-30, (15 minutes)

Securing SRAM FPGA designs in distribution and in operation,
CryptArchi, Trégastel, France, 2008-06-02 (50 minutes)

Keep your enemies close: distance bounding against smartcard relay attacks,
16th USENIX Security Symposium, Boston, US, 2007-08-08 (20 minutes)

patents:

Saar Drimer:
Random sequence generation using alpha particle emission,
US Patent #7550858, issued 6/2009 (filed 7/2005). [USPTO]

Saar Drimer:
True random number generator and method of generating true random numbers,
US Patent #7502815, issued 3/2009 (filed 2/2004). [USPTO]

Saar Drimer:
Radio frequency identification (RFID) and programmable logic device (PLD) integration and applications,
US Patent #7429926, issued 9/2008 (filed 6/2005). [USPTO]

Saar Drimer, Jason Moore and Austin Lesea:
Circuit for and method of implementing a plurality of circuits on a programmable logic device,
US Patent #7408381, issued 8/2008 (filed 2/2006). [USPTO]

Saar Drimer:
Total configuration memory cell validation built in self test (BIST) circuit,
US Patent #7409610, issued 8/2008 (filed 7/2005). [USPTO]

Austin Lesea, Saar Drimer:
Method of measuring the performance of a transceiver in a programmable logic device,
US Patent #7218670, issued 5/2007 (filed 11/2003). [USPTO]

professional activities:

I am/was on the program committee of:
   ReConFig 2008, 2009.

I Reviewed manuscripts for:
   ACM Transactions on Reconfigurable Technology and Systems, IEEE Transactions on Circuits and Systems I, IEEE Design & Test of Computers, IEEE Transactions on Information Forensics and Security, Workshop on Cryptographic Hardware and Embedded Systems (CHES 2008, 2009), IEEE International Conference on Pervasive Computing and Communications (2007).

Media:

BBC has filmed a segment of us demonstrating a practical attack using CAP readers.

The Times asked me to write a commentary on the vulnerabilities of Chip and PIN, after a court ruling in the Patel case.

I gave some comments on a PED tampering case to The Register, 8/2008.

BBC Two's "Newsnight" segment on vulnerabilities in Chip and PIN "PIN entry devices" (PEDs), 2/2008.

BBC One's "Watchdog" segment on Chip and PIN relay attacks, 2/2007

Chip and PIN payment terminal playing Tetris (yes, that's my hand!), 12/2006

I sometimes write articles for our group's weblog, Light Blue Touch Paper [my posts].

last updated 2011-10-11