About
I’m a security researcher working at Robert Bosch GmbH, a Tier-1 automotive supplier and manufacturer of industrial, residential and consumer goods. Since 2007, I’m doing applied research in various fields of information security. I started my professional career in 2007 in the area of side channel analysis (SCA), SCA countermeasures and, in particular, SCA evaluation methodologies. From 2011 to 2012, I studied the susceptibility of typical automotive microcontrollers to SCA attacks. In 2014, I got my PhD from the University of Tuebingen on side channel evaluation method tailored for the automotive domain.
Following my SCA investigations, I was involved in the research on physical-layer security (PHYSEC) from 2012 to 2015. In particular, I worked on authenticated key agreement from channel measurements in wireless communications protocols like WiFi. I developed protocols to derive symmetric keys from the reciprocity of wireless channels and performed risk & threat analyses for such systems.
From 2014 to 2017, I supervised a PhD thesis on physical unclonable functions (PUFs). Among other things, PUFs enable highly-secure storage of cryptographic keys on embedded platforms, in particular in the Internet of Things. Being intrinsically tied to the hardware itself, PUFs can be used as digital “fingerprints” to establish the notion of an unclonable identity, even for highly resource-constrained embedded devices.
I was again involved into applied research on SCA attacks from 2015 to 2017. This time, the goal was to develop an completely automated setup for SCA evaluation. This included automating the target hardware using debugger scripts, automating the measurement equipment for unsupervised recording of the side channel traces, and software for the actual SCA calculations.
From 2018 on, my research work revolves around methods & tools for automated detection of security vulnerabilities in C/C++ software. Being a computer scientist by education, I’m deeply concerned with the ramifications of insecure software systems. As an information security professional, I regard software vulnerabilities to be one of the major security threats in practice. More and more electronic devices get connected to the Internet and, as a result, are exposed to remote attacks; these attacks typically exploit software vulnerabilities.
Besides software security, I do research on monitoring, telemetry and intrusion detection, in particular for embedded devices in the Internet of Things. I’m also very interested in methods, software framework and software tools for building fault-tolerant, highly-available and trustworthy embedded systems as well as edge- and cloud-services, in particular using commodity hardware.
In addition to my research work, since 2018 I’m a senior manager responsible for a research group doing research in cybersecurity, privacy and safety. Since 2020, I’m also responsible for the research program on cybersecurity, privacy and cybersafety at Robert Bosch corporate research.
I’m a huge fan of open source and all *nix things, especially Debian/Ubuntu GNU/Linux, as well as emacs (lately, I’m quite into vim, though) and LaTeX (thanks Don!). I used to code quite a lot in Ruby, and still think it’s the best language in terms of its combination of code elegance and language features. However, due to many excellent libraries like numpy, scipy, matplot, scikit.learn, etc., I started using Python couple of years ago. Lately, I’m interested in functional programming languages, too.
I love books, in particular non-fiction, scientific writing. Usually, I’m buying more books than I manage to read. My all-time favorite fiction writers include Paul Auster, Isaac Asimov, and Douglas Adams.
I’m passionate about mathematics, although I don’t have a university-level formal education in this subject (other than couple of introductory classes taken during my computer science studies). I’m primarily interested in number theory, and topics like finite fields and elliptic curves. This is partly related to my job; the other part of me is simply fascinated by the beauty of these fields of mathematics.
The views expressed on this site are my own and do not reflect those of my employer or its clients.