Publications

Last updated

Academic papers, books, patents and my Circuit Cellar columns. The columns are marked Trade magazine — they aren’t peer reviewed. My Google Scholar page has citation counts and PDFs for the academic work, though it doesn’t know about the columns or the talks.

159 publications & talks · 2002–2026 — filter by kind

2026

  1. The Tireless Intern: LLM Coding Agents for Embedded Work: Using AI Speeds Security Tooling

    Circuit Cellar · no. 432 · p. 44 · July 2026 · Embedded System Essentials column. Most recent instalment as of July 2026

  2. Using MapleLink for IoT Device Scanning: A Simple Tool for Probing On-Board Data

    Circuit Cellar · no. 430 · p. 52 · May 2026 · Embedded System Essentials column

  3. From Buffer Overflows to Control Flow Attacks

    Circuit Cellar · no. 428 · p. 54 · March 2026 · Embedded System Essentials column

  4. Hands-On Buffer Overflow: Experimenting with Embedded System Vulnerabilities

    Circuit Cellar · no. 426 · p. 52 · January 2026 · Embedded System Essentials column

2025

  1. Using a Desktop Laser Engraver to Probe into Chip Silicon

    Circuit Cellar · no. 424 · p. 54 · November 2025 · Embedded System Essentials column

  2. EMFI-Triggered Software Faults: Can They Drive a Car Crazy?

    Circuit Cellar · no. 422 · p. 52 · September 2025 · Embedded System Essentials column

  3. A Roboheist Challenge: Teaching the Next Generation of Embedded Engineers

    Circuit Cellar · no. 420 · p. 52 · July 2025 · Embedded System Essentials column

    Abstract

    Embedded security taught through an undergraduate robotics course themed as a heist: IR beam sensors, RFID access control and magnetic locks.

  4. Experimenting with CHERI on the Sonata Board

    Circuit Cellar · no. 418 · p. 42 · May 2025 · Embedded System Essentials column

  5. Exploring the RP2350 Security: Raspberry Pi's Novel "Security through Transparency" Approach

    Circuit Cellar · no. 416 · p. 52 · March 2025 · Embedded System Essentials column

    Abstract

    The RP2350's security features versus the RP2040: an open-source boot ROM, OTP memory, and a Redundancy Coprocessor defending against control-flow and fault-injection attacks.

  6. Attacking IoT Light Bulbs

    Embedded Cryptography 3 (ISTE/Wiley) · pp. 279–295 · February 5, 2025 · Chapter 14 — continues the Philips Hue / IoT Goes Nuclear line of work

  7. Embedded Cryptography 3

    ISTE Ltd / Wiley · p. 338 · February 2025 · ISBN 9781789452150

    Abstract

    Volume 3 of the three-volume set covers white-box cryptography, randomness and key generation, and real-world applications and attacks in the wild.

  8. Embedded Cryptography 2

    ISTE Ltd / Wiley · p. 418 · February 2025 · ISBN 9781789452143

    Abstract

    Volume 2 of the three-volume set covers masking, cryptographic implementations, and hardware security.

  9. Embedded Cryptography 1

    ISTE Ltd / Wiley · p. 396 · February 2025 · ISBN 9781789452136

    Abstract

    Volume 1 of the three-volume set covers software side-channel attacks, hardware side-channel attacks and fault injection attacks.

  10. Holiday Hangover Hardware Hacking: Using a Raspberry Pi Pico to Hack an IP Camera

    Circuit Cellar · no. 414 · p. 46 · January 2025 · Embedded System Essentials column. The subject is a Tapo C200 camera

2024

  1. Academia or Industry: Challenges of Building Open-Source Research Tools

    OPTIMIST Workshop 2024 (co-located with CHES 2024) · Halifax, Canada · September 4, 2024

    Abstract

    A case study of ChipWhisperer's evolution from an academic project into a tool used in both industry and research, and of sustaining open-source work beyond grant funding.

  2. Power Analysis Over JTAG Ports: Hidden Debug Dangers: Block Side-Channel Analysis Attacks

    Circuit Cellar · no. 410 · p. 42 · September 2024 · Embedded System Essentials column

  3. Phase Modulation Side Channels: Jittery JTAG for On-Chip Voltage Measurements

    IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) · vol. 2024 · no. 4 · pp. 382–424 · September 2024

  4. Dump Flash Memory Devices with Glasgow Interface Explorer

    Circuit Cellar · no. 408 · p. 40 · July 2024 · Embedded System Essentials column

  5. Touching the Unknown With JTAG

    Circuit Cellar · no. 406 · p. 34 · May 2024 · Embedded System Essentials column

  6. It's About Time: When Timing Attacks Reveal Power Usage

    Circuit Cellar · no. 404 · p. 48 · March 2024 · Embedded System Essentials column

  7. Binary Breakthrough: Extracting Secrets from Linux Binaries

    Circuit Cellar · no. 402 · p. 46 · January 2024 · Embedded System Essentials column

2023

  1. How CHERI Helps Secure Your C/C++ Code: On an FPGA

    Circuit Cellar · no. 400 · p. 52 · November 2023 · Embedded System Essentials column

  2. Method and apparatus for analyzing side channel-related security vulnerabilities in digital devices

    United States Patent · no. US 11,809,570 B2 · NewAE Technology Inc. · November 2023 · Granted 7 November 2023; filed 6 October 2020

    Abstract

    A method and apparatus for analyzing side-channel security vulnerabilities in a digital device. A first time sequence of measurements of side-channel related phenomena of the digital device, such as power draw or electromagnetic emissions, is obtained.

  3. PicoEMP: A Low-Cost EMFI Platform Compared to BBI and Voltage Fault Injection using TDC & External VCC Measurements

    2023 Workshop on Fault Detection and Tolerance in Cryptography (FDTC) · pp. 60–71 · September 2023

  4. Advanced Hardware Hacking: Power Analysis & Fault Injection with the ChipWhisperer

    Black Hat USA 2023 — Trainings · Las Vegas, USA · August 2023 · Training

    Abstract

    A two-day in-person training on power analysis and fault injection using the ChipWhisperer-Husky and ChipSHOUTER/PicoEMP; run as two sessions across August 2023.

  5. Running an Ibex RISC-V Core: On an FPGA

    Circuit Cellar · no. 396 · p. 46 · July 2023 · Embedded System Essentials column

  6. Adventures of My Oven (Pinocchio) with ChipWhisperer

    RECON 2023 · Montreal, Canada · June 9, 2023

    Abstract

    Reverse engineering a Samsung oven with ChipWhisperer.

  7. Fault Injection and Power Analysis: Part of Your Appliance Repair Toolkit?

    Circuit Cellar · no. 394 · p. 32 · May 2023 · Embedded System Essentials column

  8. (Adversarial) Electromagnetic Disturbance in the Industry

    IEEE Transactions on Computers · vol. 72 · no. 2 · pp. 414–422 · February 2023

  9. Keeping Your Memories Secret: SRAM Read-Back Attacks

    Circuit Cellar · no. 390 · p. 46 · January 2023 · Embedded System Essentials column

  10. Hardware Security Analysis on Soft-Core RISC-V Processors

    Embedded Online Conference 2023 · Online · Recording is on the conference platform (paywalled), so no public video link

2022

  1. Exploring RSA Power Analysis (Again): Capturing an RSA-1024 Power Trace in One Shot

    Circuit Cellar · no. 388 · p. 54 · November 2022 · Embedded System Essentials column

  2. Building Open Hardware Security Ecosystems

    ICMC 2022 (International Cryptographic Module Conference) · Arlington, Virginia, USA · September 14, 2022

  3. Breaking the Loop with Fault Injection: A Simple Experiment on an Embedded System's Code

    Circuit Cellar · no. 386 · p. 58 · September 2022 · Embedded System Essentials column

    Abstract

    How EMFI can skip a bootloader signature check, why compiler optimisation makes "secure" code vulnerable, and entangling data with control flow as a countermeasure.

  4. Revisiting Code Readout Protection Claims

    Circuit Cellar · no. 384 · p. 64 · July 2022 · Embedded System Essentials column

  5. Taking a Look at RISC-V Power Analysis

    Circuit Cellar · no. 382 · p. 64 · May 2022 · Embedded System Essentials column

  6. Hands on with Non-Invasive Hardware Security Tooling

    New England Hardware Security Day 2022 (NEHWS'22) · Worcester, USA · April 1, 2022 · Workshop

    Abstract

    Three demos: differential fault analysis on RSA against a Raspberry Pi using PicoEMP for the fault injection; a NEORV32 RISC-V soft-core on an iCE40 FPGA target; and hardware ECC attacks on a ChipWhisperer CW305 against the open-source CrypTech ECC core.

  7. Build Your Own EMFI Tool: The PicoEMP Project

    Circuit Cellar · no. 380 · p. 70 · March 2022 · Embedded System Essentials column

  8. Testing Timing Attacks on Access Control: Premises Protection

    Circuit Cellar · no. 378 · p. 52 · January 2022 · Embedded System Essentials column

  9. Constructive Side-Channel Analysis and Secure Design — 13th International Workshop, COSADE 2022, Leuven, Belgium

    Lecture Notes in Computer Science, vol. 13211, Springer · Proceedings editorship — programme co-chair

  10. Electromagnetic Fault Injection Made Easy with PicoEMP

    Embedded Online Conference 2022 · Online · Recording is on the conference platform (paywalled)

    Abstract

    An introduction to the low-cost open-source PicoEMP EMFI tool — the theory and its real-world use.

2021

  1. The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks

    No Starch Press · p. 512 · December 2021 · ISBN 9781593278748

  2. Ark of the ECC: An open-source ECDSA power analysis attack on a FPGA based Curve P-256 implementation

    IACR Cryptology ePrint Archive · no. 2021/1520 · November 22, 2021 · Preprint — no conference or journal version

  3. Building the ChipWhisperer-Husky: Upgraded Design

    Circuit Cellar · no. 376 · p. 56 · November 2021 · Embedded System Essentials column

  4. AirTag Teardown and Security Analysis: Hacker vs. Tracker

    Circuit Cellar · no. 374 · p. 63 · September 2021 · Embedded System Essentials column

  5. Short Paper: EMFI for Safety-Critical Testing of Automotive Systems

    2021 Workshop on Fault Detection and Tolerance in Cryptography (FDTC) · pp. 61–66 · September 2021

  6. Bam the BAM: Electromagnetic Fault Injection & Automotive Systems

    Black Hat USA 2021 · Las Vegas, USA · August 5, 2021 · The Black Hat productisation of the ESCAR Europe 2020 work; the papers are eprint.iacr.org/2020/937 and 2021/1217

    Abstract

    Using EMFI to bypass the security that prevents ECU modification on a 2019-model-year automotive ECU, and how to validate and harden against it.

  7. Power Analysis of ECC Hardware Implementations: Curves and Keys

    Circuit Cellar · no. 372 · p. 52 · July 2021 · Embedded System Essentials column

  8. The Cheapskate Revolution: Hardware Attacks from Millions to Tens of Dollars

    hardwear.io USA 2021 · Virtual · July 2021

    Abstract

    How hardware attacks have dropped from needing million-dollar labs to tens of dollars of gear.

  9. Bringing JTAG Boundary Scan into 2021: A Relic Reloaded

    Circuit Cellar · no. 370 · p. 60 · May 2021 · Embedded System Essentials column

  10. Voltage Fault Injection on a Modern RPi SBC: Glitching Raspberry Pi 3B+

    Circuit Cellar · no. 368 · p. 70 · March 2021 · Embedded System Essentials column

  11. Finding a $Billion Dollar Fault Mode: Using EMFI Analysis

    Circuit Cellar · no. 366 · p. 52 · January 2021 · Embedded System Essentials column

  12. Selected Areas in Cryptography — SAC 2020, 27th International Conference, Halifax, NS, Canada

    Lecture Notes in Computer Science, vol. 12804, Springer · Proceedings editorship. Conference held October 2020 in Halifax; proceedings published 2021

  13. The $5 Wrench: Realistic Embedded Security Threats

    Embedded Online Conference 2021 · Online · Recording is on the conference platform (paywalled)

2020

  1. Low-Level Automotive ECU Security: Vehicle Vulnerabilities

    Circuit Cellar · no. 364 · p. 56 · November 2020 · Embedded System Essentials column

  2. BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks

    Embedded Security in Cars (ESCAR) Europe 2020 · November 2020

    Abstract

    Certain NXP chips and GM ECUs have a hardware bootloader that asks for a password. EMFI bypasses the password check so an incorrect password is accepted. Presented as a way to help automotive system designers understand the real threat to their systems.

  3. IC Packaging and Physical Security: Do They Affect One Another?

    Circuit Cellar · no. 362 · p. 58 · September 2020 · Embedded System Essentials column. The web page title reads "IC Packaging and Security"; this is the printed title

  4. Fast-Tracking Your DPA Testing

    ICMC 2020 (International Cryptographic Module Conference) · Virtual · September 2020 · His speaking slot is confirmed (billed as CEO, NewAE); the exact title is from a search summary and was not confirmed on the page — verify it before relying on it.

  5. Building the ChipJabber-Unplugged: Old-School Glitching

    Circuit Cellar · no. 360 · p. 60 · July 2020 · Embedded System Essentials column

  6. Broad Market Secure MCUs: Spotlight on the MAX32520

    Circuit Cellar · no. 358 · p. 64 · May 2020 · Embedded System Essentials column

  7. USB Attacks and More with GreatFET: Facedancer Fun

    Circuit Cellar · no. 356 · p. 46 · March 2020 · Embedded System Essentials column

  8. Building Against Fault Injection Attacks: Cautious Coding

    Circuit Cellar · no. 354 · p. 50 · January 2020 · Embedded System Essentials column

  9. Low-Cost Body Biasing Injection (BBI) Attacks on WLCSP Devices

    19th Smart Card Research and Advanced Application Conference (CARDIS 2020)

  10. BAM BAM!! On Reliability of EMFI for in-situ Automotive ECU Attacks

    Embedded Security in Cards (ESCAR) Europe Conference

  11. Hardware Hacking: Hands-On

    Embedded Online Conference 2020 · Online · Recording is on the conference platform (paywalled)

2019

  1. Embedded System Security Live: Coverage of Two Security Events

    Circuit Cellar · no. 352 · p. 45 · November 2019 · Embedded System Essentials column

  2. Electromagnetic Fault Injection: A Closer Look

    Circuit Cellar · no. 350 · p. 62 · September 2019 · Embedded System Essentials column

  3. MINimum Failure: Stealing Bitcoins with EMFI

    Black Hat USA 2019 · Las Vegas, USA · August 7, 2019 · Also delivered at RECON 2019 (a separate entry). The WOOT '19 paper is in the publications list

    Abstract

    The Trezor EMFI attack, generalised. Almost every USB stack contains a length check whose bound comes from the host, so fault injection can force that path and read data out of the target device.

  4. A Call for Time Travel Resistant Cryptography (TTRC)

    CHES 2019 — rump session · August 2019 · A rump-session joke talk

    Abstract

    A parody of Post Quantum Cryptography, arguing that Time Travel Resistant Cryptography is a hugely important area of research that has been widely ignored: if time travel requires creating a Closed Timelike Curve and is only possible from that point onward, crypto breaks the moment a CTC is created — so we must build TTRC now, since we cannot know when CTCs could be created.

  5. A Look at Cores with TrustZone-M: Security Scrutinized

    Circuit Cellar · no. 348 · p. 58 · July 2019 · Embedded System Essentials column

  6. MINimum Failure: Stealing Bitcoins with EMFI

    RECON 2019 · Montreal, Canada · June 29, 2019

    Abstract

    The USB-stack EMFI attack. Also given at Black Hat USA 2019 (a separate entry); the peer-reviewed version is the WOOT '19 paper in the publications list.

  7. Attacking USB Gear with EMFI: Pitching a Glitch

    Circuit Cellar · no. 346 · p. 44 · May 2019 · Embedded System Essentials column

  8. ChipWhisperer workshop

    FICHSA 2019 · May 2019 · Workshop

    Abstract

    A short workshop on ChipWhisperer using the ChipWhisperer-Nano.

  9. Side-Channel Power Analysis: Easy Path to Proof

    Circuit Cellar · no. 344 · p. 48 · March 2019 · Embedded System Essentials column

  10. Breaking Security: Power Analysis & Fault Injection Attacks

    Embedded World 2019 (session 4.3I) · Nuremberg, Germany · February 2019 · This is the talk the Scholar export listed, undated and venue-less, as "Breaking Security: Power Analysis & Fault Injection Attacks" — resolved to Embedded World 2019 from the recovered session title.

    Abstract

    This paper will introduce side-channel power analysis and fault injection attacks and their relevance to embedded systems. Examples of attacks are given, along with a short discussion of countermeasures and effectiveness. The use of open-source tools is highlighted, allowing the reader the chance to better understand these attacks with hands-on examples.

  11. Power Analysis Capture with an MCU: Low-Cost Approach

    Circuit Cellar · no. 342 · p. 62 · January 2019 · Embedded System Essentials column

  12. MIN()imum Failure: EMFI Attacks against USB Stacks

    13th USENIX Workshop on Offensive Technologies (WOOT 19)

  13. On-Device Power Analysis Across Hardware Security Domains.

    IACR Transactions on Cryptographic Hardware and Embedded Systems · pp. 126–153

2018

  1. Embedded System Security: Live from Las Vegas

    Circuit Cellar · no. 340 · p. 49 · November 2018 · Embedded System Essentials column

  2. Recreating Code Protection Bypass: An LPC MCU Attack

    Circuit Cellar · no. 338 · p. 54 · September 2018 · Embedded System Essentials column

  3. Verifying Code Readout Protection Claims: Think Like an Attacker

    Circuit Cellar · no. 336 · p. 48 · July 2018 · Embedded System Essentials column

  4. The Populist Side-Channel Attack: An Overview of Spectre

    Circuit Cellar · no. 334 · p. 50 · May 2018 · Embedded System Essentials column

  5. Pick and Place Made Easier: Open-Source Tool Project

    Circuit Cellar · no. 332 · p. 50 · March 2018 · Embedded System Essentials column

  6. Five Fault Injection Attacks: Knowledge is Power

    Circuit Cellar · no. 330 · p. 62 · January 2018 · Embedded System Essentials column

  7. IoT Goes Nuclear: Creating a Zigbee Chain Reaction

    IEEE Security & Privacy · vol. 16 · no. 1 · pp. 54–62 · January 2018 · Magazine version of the 2017 IEEE S&P conference paper — a distinct record, not a duplicate

  8. Power Analysis and Fault Attacks against Secure CAN: How Safe Are Your Keys?

    SAE International Journal of Transportation Cybersecurity and Privacy · vol. 1 · no. 11-01-01-0001 · pp. 3–18

  9. I, For One, Welcome Our New Power Analysis Overlords

    Presented at Black Hat USA · vol. 2018

2017

  1. Power Analysis Attack on RSA: Asymmetric Adventures

    Circuit Cellar · no. 328 · p. 50 · November 2017 · Embedded System Essentials column

  2. Power Analysis of a Software DES Encryption Routine

    Circuit Cellar · no. 325 · p. 42 · August 2017 · Embedded System Essentials column

  3. Breaking Electronic Door Locks Like You're on CSI: Cyber

    Black Hat USA 2017 · Las Vegas, USA · July 26, 2017

    Abstract

    The front panel of a residential electronic door lock can be removed from the outside, exposing a connector. A brute-force board then emulates the keypad, sends guesses in quick succession, and resets the backend lock to bypass the too-many-wrong-guesses timeout — recovering the 4-digit code in about 85 minutes.

  4. Breaking a Password with Power Analysis Attacks

    Circuit Cellar · no. 323 · p. 60 · June 2017 · Embedded System Essentials column

    Abstract

    A DPA attack recovering a PIN from an Atmel XMEGA MCU using the open-source ChipWhisperer-Lite, with Python examples.

  5. Timing and Power Attacks

    Circuit Cellar · no. 321 · p. 54 · April 2017 · Embedded System Essentials column. First instalment of the column

  6. Method and Apparatus for Detection of Counterfeit, Defective or Damaged Devices

    Google Patents · March 9, 2017 · US Patent App. 14/846,065

  7. IoT goes nuclear: Creating a ZigBee chain reaction

    2017 IEEE Symposium on Security and Privacy (SP) · pp. 195–212 · IEEE

  8. A framework for embedded hardware security analysis

    Dalhousie University

2016

  1. Insertion of faults into computer systems

    Google Patents · December 20, 2016 · US Patent 9,523,737

  2. Experimenting with Glitch Attacks on FPGAs

    Circuit Cellar · no. 317 · p. 50 · December 2016 · Programmable Logic in Practice column. Final instalment of the column

  3. FPGA Board Design Tips

    Circuit Cellar · no. 315 · p. 52 · October 2016 · Programmable Logic in Practice column

  4. Synchronous sampling of internal state for investigation of digital systems

    Google Patents · August 30, 2016 · US Patent 9,429,624

  5. A Lightbulb Worm?

    Black Hat USA 2016 · Las Vegas, USA · August 4, 2016 · The "Long Range Take Over" reported in the press at the time was Eyal Ronen's separate research, not this work.

    Abstract

    Reverse engineering of the Philips Hue. In Colin's own words he did not make a worm — the title was a question someone asked him, and the talk is about the security of the Hue, which he assesses Philips did "a rather good job" of. The one called-out trade-off is the reuse of encryption keys across all firmware updates for all devices, which is what makes a theoretical worm possible.

  6. Brute-Forcing Lockdown Harddrive PIN Codes

    Black Hat USA 2016 · Las Vegas, USA · August 3, 2016

    Abstract

    Brute-forcing PIN codes on a PIN-protected hard drive enclosure using the MB86C311A. Builds on Czarny & Rigo's HardWear.io 2015 work, which found the stream-mode cipher used by all manufacturers on the MB86C311A and that secrets are stored on the drive.

  7. Breaking Unbreakable Cryptography with Power Analysis Attacks

    Circuit Cellar · no. 313 · p. 42 · August 2016 · Programmable Logic in Practice column

  8. Optimizing Clock Resources in FPGAs

    Circuit Cellar · no. 311 · p. 58 · June 2016 · Programmable Logic in Practice column

  9. Revisiting Vivado HLS

    Circuit Cellar · no. 309 · p. 44 · April 2016 · Programmable Logic in Practice column

  10. Power Analysis Attacks against IEEE 802.15.4 Nodes

    International Workshop on Constructive Side-Channel Analysis and Secure Design · pp. 55–70 · Springer, Cham

  11. Fault Injection using Crowbars on Embedded Systems.

    IACR Cryptol. ePrint Arch. · vol. 2016 · p. 810

  12. A lightbulb worm?

    Details of the Philips Hue Smart Lighting Design Colin O'Flynn–August · vol. 1

2015

  1. Building an FPGA Board

    Circuit Cellar · no. 305 · p. 60 · December 2015 · Programmable Logic in Practice column

  2. USSSSSB: Talking USB From Python

    Hackaday SuperCon 2015 · November 2015 · A second outing of the ESC talk, with a revised deck targeting the SAMD21

  3. Rapid FPGA Design in Python Using MyHDL

    Circuit Cellar · no. 303 · p. 46 · October 2015 · Programmable Logic in Practice column

  4. ChipWhisperer — open-source power analysis and glitching

    SEC-T 2015 · Stockholm, Sweden · September 2015

  5. Don't Whisper my Chips: Sidechannel and Glitching for Fun and Profit

    DEF CON 23 · Las Vegas, USA · August 7, 2015 · Likely the same talk as SEC-T 2015 (shared slide-deck lineage). A YouTube recording may exist on the DEF CON media channel but could not be confirmed — check media.defcon.org.

  6. Just Enough Programmable Logic: The PSoC Advantage

    Circuit Cellar · no. 301 · p. 48 · August 2015 · Programmable Logic in Practice column

  7. Glitching and Side-Channel Analysis for All

    REcon 2015 · Montreal, Canada · June 20, 2015

  8. USB-to-FPGA Communications

    Circuit Cellar · no. 299 · p. 52 · June 2015 · Programmable Logic in Practice column. The web version is subtitled "A Case Study of the ChipWhisperer-Lite"

  9. USSSSSB: Talking USB From Python

    ESC 2015 Silicon Valley · Silicon Valley, USA · June 2015

    Abstract

    Talking to USB devices from Python, with a live demo — raw USB reads and writes via pyusb, and a full PySide GUI example.

  10. Super Speed for FPGAs

    Circuit Cellar · no. 297 · p. 40 · April 2015 · Programmable Logic in Practice column

  11. The DIY Approach to ISE Project Management

    Circuit Cellar · no. 295 · p. 55 · February 2015 · Programmable Logic in Practice column

  12. Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection

    Journal of Cryptographic Engineering · vol. 5 · no. 1 · pp. 53–69

  13. Side channel power analysis of an AES-256 bootloader

    2015 IEEE 28th Canadian Conference on Electrical and Computer Engineering (CCECE) · pp. 750–755 · IEEE

2014

  1. Experimenting with Metastability and Multiple Clocks on FPGAs

    Circuit Cellar · no. 293 · p. 46 · December 2014 · Programmable Logic in Practice column

  2. Build a SoC Over Lunch

    Circuit Cellar · no. 289 · p. 46 · August 2014 · Programmable Logic in Practice column

  3. Partial FPGA Configuration

    Circuit Cellar · no. 287 · p. 52 · June 2014 · Programmable Logic in Practice column. The web version is titled "FPGA Partial Reconfiguration"; this is the printed title

  4. All-Programmable SoC Solution

    Circuit Cellar · no. 285 · p. 46 · April 2014 · Programmable Logic in Practice column

  5. Think Fast: FPGA Design Using High-Level Synthesis

    EELive! (ESC) 2014 · April 2014

  6. AtlSecCon 2014 presentation

    AtlSecCon 2014 · Halifax, Canada · March 27, 2014

  7. Evaluating Oscilloscopes (Part 4)

    Circuit Cellar · February 27, 2014 · Web-only CC Blog series — never ran in print, so it has no issue number

  8. Evaluating Oscilloscopes (Part 3)

    Circuit Cellar · February 20, 2014 · Web-only CC Blog series — never ran in print, so it has no issue number

  9. Evaluating Oscilloscopes (Part 2)

    Circuit Cellar · February 13, 2014 · Web-only CC Blog series — never ran in print, so it has no issue number

  10. Evaluating Oscilloscopes (Part 1)

    Circuit Cellar · February 5, 2014 · Web-only CC Blog series — never ran in print, so it has no issue number

  11. Rapid FPGA Design in C Using High-Level Synthesis

    Circuit Cellar · no. 283 · p. 46 · February 2014 · Programmable Logic in Practice column

  12. Channel Equalization for Side Channel Attacks.

    IACR Cryptol. ePrint Arch. · vol. 2014 · p. 28

  13. Chipwhisperer: An open-source platform for hardware embedded security research

    International Workshop on Constructive Side-Channel Analysis and Secure Design · pp. 243–260 · Springer, Cham

2013

  1. Connecting FPGA Hardware to Virtual Test Benches

    Circuit Cellar · no. 281 · p. 52 · December 2013 · Programmable Logic in Practice column

    Abstract

    Hardware co-simulation, for when a critical piece of a design exists only in hardware.

  2. Using Internal Logic Analyzers for FPGAs

    Circuit Cellar · no. 279 · p. 46 · October 2013 · Programmable Logic in Practice column. First instalment of the column

    Abstract

    Integrated logic analyzers to probe signals inside a running design.

  3. Advanced USB Design Debugging

    Circuit Cellar · no. 277 · p. 64 · August 2013 · From the Archives column. A reprint of the August 2010 feature (issue 241), not new work

  4. Power Analysis Attacks for Cheapskates

    Design West 2013 · April 2013

  5. Power Analysis Attacks for Cheapskates

    Black Hat Europe 2013 · March 2013

  6. The Future of FPGAs

    Circuit Cellar 25th Anniversary Issue · An essay for the 25th anniversary issue, which carried no issue number and published no page-level table of contents — hence no issue, page or month here.

2012

  1. Power Analysis for Cheapskates

    Black Hat Abu Dhabi 2012 · Abu Dhabi, UAE · December 2012

  2. A Case Study of Side-Channel Analysis using Decoupling Capacitor Power Measurement with the OpenADC

    International Symposium on Foundations and Practice of Security (FPS) · vol. LNCS 7743 · pp. 341–356 · Springer, Berlin, Heidelberg · October 2012

  3. FlexibleIP (FIP): IPv6 Stack for Experimental Work on Low-Power Wireless Networks

    2012 IEEE Online Conference on Green Communications (GreenCom) · pp. 145–150 · IEEE · September 2012

  4. Low-Cost Power Trace Acquisition with OpenADC & Decoupling Capacitor Power Measurement

    CHES 2012 · September 2012 · Poster

  5. Power analysis for cheapskates

    Blackhat Abu Dhabi

  6. Poster - Side Channel Analysis

    Dalhousie Electrical & Computer Engineering Graduate Conference

2011

  1. Message Denial and Alteration on IEEE 802.15.4 Low-Power Radio Networks

    2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS) · pp. 1–5 · IEEE · February 2011 · Winner, best paper in the Security track

2010

  1. Advanced USB Design Debugging

    Circuit Cellar · no. 241 · p. 20 · August 2010

    Abstract

    Advanced USB features, then working with a USB MCU.

  2. IPv6 For the (Wireless) Masses

    2010 8th Annual Communication Networks and Services Research Conference (CNSR) · pp. xxxii–xxxii · IEEE · May 2010 · Tutorial

2009

  1. FPGA Implementation of a Novel Compensation Technique for EER Amplifiers

    2009 Seventh Annual Communication Networks and Services Research Conference · pp. 245–251 · IEEE

  2. Demo abstract: seamless sensor network IP connectivity

    6th European Conference on Wireless Sensor Networks (EWSN)

  3. Seamless sensor network ip connectivity: Demo Abstract

    6th European Conference on Wireless Sensor Networks, EWSN 2009, Cork, Ireland, February 2009

2008

  1. Making sensor networks IPv6 ready

    Proceedings of the 6th ACM conference on Embedded network sensor systems · pp. 421–422

2006

  1. Open-Source AVR Development

    Circuit Cellar · no. 196 · p. 32 · November 2006

    Abstract

    An introduction to the AVR-GCC toolchain from a Windows environment.

  2. Robust Bootloader for FPGAs

    Circuit Cellar · no. 187 · p. 44 · February 2006

    Abstract

    The LoonBoard Unified Bootloader (LUB) programs Xilinx FPGAs in 207 words, and self-calibrates its internal RC oscillator.

2005

  1. Digital Video in an Embedded System

    Circuit Cellar · no. 184 · p. 68 · November 2005

    Abstract

    Using low-cost video encoders/decoders to generate studio-quality video.

2004

  1. Downloading, Installing and Configuring WinAVR

    17th Mar

2002

  1. It's a SNAP: A Flexible Communications Protocol

    Circuit Cellar · no. 139 · p. 12 · February 2002

    Abstract

    Surveys network protocol options and settles on SNAP (Scalable Node Address Protocol).

Maintained by hand in data/publications.yaml and data/talks.yaml. Recordings, slides and links are shown where they exist.

{{/* Publications and talks are combined into one glyph-tagged list above (chosen 2026-07-17 — docs/design-options.md §1). To switch back to two separate sections, replace the line above with:

   {{< publications >}}

   ## Talks & Presentations

   Conference talks and presentations, separate from the papers above. Slides,
   recordings and the blog post about each are linked where they exist.

   {{< talks >}}

*/}}