top of page

Refereed Conference Papers

[C1] D. Peleg, G. Schechtman, and A. Wool. Approximating bounded 0-1 integer linear programs. In Proc. 2nd Israel Symp. Theory of Computing Sys., pages 69–77, Netanya, Israel, 1993. Preliminary version of [J4].


[C2] M. Naor and A. Wool. The load, capacity and availability of quorum systems. In Proc. 35th IEEE Symp. Foundations of Comp. Sci. (FOCS), pages 214–225, Santa Fe, 1994. Preliminary version of [J8].


[C3] D. Peleg and A. Wool. Crumbling walls: A class of practical and efficient quorum systems. In Proc. 14th ACM Symp. Princip. of Distributed Computing (PODC), pages 120–129, Ottawa, Canada, 1995.

Preliminary version of [J2].


[C4] O. Gerstel, A. Wool, and S. Zaks. Optimal layouts on a chain ATM network. In Paul Spirakis, editor, Proc. 3rd Euro. Symp. Algorithms (ESA), LNCS 979, pages 508–522, Corfu, Greece, 1995. Springer Verlag. Preliminary version of [J6].


[C5] M. Naor and A. Wool. Access control and signatures via quorum secret sharing. In Proc. 3rd ACM Conf. Computer and Communications Security (CCS), pages 157–168, New Delhi, India, 1996. Preliminary version of [J9].


[C6] D. Peleg and A. Wool. How to be an efficient snoop, or the probe complexity of quorum systems. In Proc. 15th ACM Symp. Princip. of Distributed Computing (PODC), pages 290–299, Philadelphia, 1996. Preliminary version of [J16]


[C7] Y. Amir and A. Wool. Evaluating quorum systems over the Internet. In Proc. 26’th IEEE Symp. Fault-Tolerant Computing (FTCS), pages 26–35, Sendai, Japan, 1996.


[C8] O. Gerstel, A. Wool, and S. Zaks. Optimal average-case layouts on chain networks. In Workshop on Algorithmic Aspects of Communication, Bologna, Italy, July 1997.


[C9] D. Malkhi, M. Reiter, and A. Wool. The load and availability of Byzantine quorum systems. In Proc. 16th ACM Symp. Princip. of Distributed Computing (PODC), pages 249–257, August 1997. Preliminary version of [J12].


[C10] D. Beaver and A. Wool. Quorum-based secure multi-party computation. In K. Nyberg, editor, Advances in Cryptology – EUROCRYPT’98, LNCS 1403, pages 375–390, Espoo, Finland, May 1998. Springer Verlag.


[C11] T. Anderson, Y. Breitbart, H. F. Korth, and A. Wool. Replication, consistency, and practicality: Are these mutually exclusive? In Proc. ACM SIGMOD Inter. Conf. Management of Data, pages 484–495, Seattle, June 1998.


[C12] E. Gabber and A. Wool. How to prove where you are: Tracking the location of customer equipment. In Proc. 5th ACM Conf. Computer and Communications Security (CCS), pages 142–149, San Francisco, November 1998. Preliminary version of [J11].


[C13] A. Wool. Key management for encrypted broadcast. In Proc. 5th ACM Conf. Computer and Communications Security (CCS), pages 7–16, San Francisco, November 1998. Preliminary version of [J14].


[C14] M. Abdalla, Y. Shavitt, and A. Wool. Towards making broadcast encryption practical. In M. Franklin, editor, Proc. Financial Cryptography’99, LNCS 1648, pages 140–157, Anguilla, BWI, February 1999. Springer-Verlag. Preliminary version of [J13].


[C15] Y. Bartal, A. Mayer, K. Nissim, and A. Wool. Firmato: A novel firewall management toolkit. In Proc. IEEE Symp. on Security and Privacy, pages 17–31, Oakland, CA, May 1999. Preliminary version of [J25].


[C16] Y. Song, A. Wool, and B. Yener. The performance of routing and control protocols on virtual rings. In IEEE Global Communication Conf. – GLOBECOM’99, pages 603–610, Rio de Janeiro, Brazil, December 1999. Preliminary version of [J19].


[C17] Y. Shavitt, P. Winkler, and A. Wool. On the economics of multicasting. In 5th INFORMS Telecommunications Conference, Boca Raton, FL, March 2000. Preliminary version of [J21]


[C18] A. Mayer, A. Wool, and E. Ziskind. Fang: A firewall analysis engine. In Proc. IEEE Symp. on Security and Privacy, pages 177–187, Oakland, CA, May 2000. Preliminary version of [J28].


[C19] J. A. Garay, J. Staddon, and A. Wool. Long-lived broadcast encryption. In M. Bellare, editor, Advances in Cryptology – CRYPTO’2000, LNCS 1880, pages 333–352. Springer-Verlag, 2000.


[C20] Y. Shavitt, X. Sun, A. Wool, and B. Yener. Computing the unmeasured: An algebraic approach to Internet mapping. In IEEE INFOCOM’2001, Anchorage, Alaska, April 2001. Preliminary version of [J20].


[C21] A. Wool. Architecting the Lumeta firewall analyzer. In 10th USENIX Security Symposium, pages 85–97, Washington, D.C., August 2001. Preliminary version of [J28]


[C22] N. Kogan, Y. Shavitt, and A. Wool. A practical revocation scheme for broadcast encryption using smart cards. In Proc. IEEE Symp. on Security and Privacy, pages 225–235, Oakland, CA, May 2003. Preliminary version of [J29].


[C23] S. Bar, M. Gonen, and A. Wool. An incremental super-linear preferential Internet topology model. In Proc. 5th Annual Passive & Active Measurement Workshop (PAM), LNCS 3015, pages 53–62, Antibes Juan-les-Pins, France, April 2004. Springer-Verlag.


[C24] D. Nebenzahl and A. Wool. Install-time vaccination of Windows executables to defend against stack smashing attacks. In Proc. 19th IFIP International Information Security Conference, pages 225–240, Toulouse, France, August 2004. Kluwer. Preliminary version of [J27]


[C25] G. Sagie and A. Wool. A clustering approach for exploring the Internet structure. In Proc. 23rd IEEE Convention of Electrical & Electronics Engineers in Israel (IEEEI), pages 149–152, September 2004. Here is a local copy (pdf).

[C26] D. Rovniagin and A. Wool. The geometric efficient matching algorithm for firewalls. In Proc. 23rd IEEE Convention of Electrical & Electronics Engineers in Israel (IEEEI), pages 153–156, September 2004. Preliminary version of [J35].


[C27] Y. Shaked and A. Wool. Cracking the Bluetooth PIN. In Proc. 3rd USENIX/ACM Conf. Mobile Systems, Applications, and Services (MobiSys), pages 39–50, Seattle, WA, June 2005. Here is the paper on the MobiSys site.


[C28] Z. Kfir and A. Wool. Picking virtual pockets using relay attacks on contactless smartcard systems. Proc. 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), pages 47–58, Athens, Greece, September 2005.


[C29] O. Levy and A. Wool. A uniform framework for cryptanalysis of the Bluetooth E0 cipher. Proc. 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks (SecureComm), pages 365–373, Athens, Greece, September 2005.


[C30] S. Bar, M. Gonen, and A. Wool. A geographic directed preferential Internet topology model. Proc. 13th IEEE Symp. Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pages 325–328, Atlanta, GA, September 2005. Preliminary version of [J30].


[C31] D. Naor, A. Shenhav, and A. Wool. Toward securing untrusted storage without public-key operations. Proc. ACM International Workshop on Storage Security and Survivability (StorageSS), pages 51–56, Fairfax, VA, November 2005.

Here is a local copy (pdf).


[C32] I. Kirschenbaum and A. Wool. How to build a low-cost, extended-range RFID skimmer. In 15th USENIX Security Symposium, pages 43–57, Vancouver, Canada, August 2006. Here is a local copy (pdf)


[C33] Y. Shaked and A. Wool. Cryptanalysis of the Bluetooth E0 cipher using OBDD’s. In Proc. 9th Information Security Conference, LNCS 4176, pages 187–202, Samos, Greece, August 2006.


[C34] Y. Berger, A. Wool, and A. Yeredor. Dictionary attacks using keyboard acoustic emanations. In Proc. 13th ACM Conf. Computer and Communications Security (CCS), pages 245–254, Alexandria, VA, October 2006. Here is a local copy (pdf). See me explain the highlights in a short YouTube video.


[C35] D. Naor, A. Shenhav, and A. Wool. One-time signatures revisited: Practical fast signatures using fractal merkle tree traversal. In Proc. 24th IEEE Convention of Electrical & Electronics Engineers in Israel (IEEEI), pages 255–259, November 2006. Full technical report available as Cryptology ePrint Archive, Report 2005/442.

Here is a local copy (pdf).

Free software: Here is the C source code (zip).


[C36] N. Bar-Yosef and A. Wool. Remote algorithmic complexity attacks against randomized hash tables. In Proc. International Conference on Security and Cryptography (SECRYPT), pages 117–124, Barcelona, Spain, July 2007. Also in E-business and Telecommunications, volume 23 of Communications in Computer and Information Science, pages 162–174. Springer Berlin Heidelberg, 2009.

Here is a local copy (pdf).


[C37] R. Cohen, M. Gonen, and A. Wool. Bounding the bias of tree-like sampling in IP topologies. Proc. Euro. Conference on Complex Systems (ECCS), Dresden, Germany, 2007. Preliminary version of [J31].


[C38] E. Geron and A. Wool. CRUST: Cryptographic remote untrusted storage without public keys. In Proc. 4th IEEE Security in Storage Workshop (SISW), pages 3–14, San Diego, 2007. Preliminary version of [J33].


[C39] M. Gonen, D. Ron, U. Weinsberg, and A. Wool. Finding a dense-core in Jellyfish graphs. In Proc. 5th Workshop on Algorithms and Models for the Web-Graph (WAW), LNCS 4863, pages 29–40, San Diego, CA, December 2007. Springer Verlag. Preliminary version of [J32].


[C40] O. Ben-Cohen and A. Wool. Korset: Automated, zero false-alarm intrusion detection for Linux. In Ottawa Linux Symposium, July 2008.


[C41] O. Ben-Cohen and A. Wool. No more 0-days (or code-based intrusion detection by Korset). In Black Hat Briefings, August 2008.


[C42] Y. Oren and A. Wool. RFID-based electronic voting: What could possibly go wrong? In IEEE International Conference on RFID, pages 118–125, Orlando, FL, April 2010. Watch zapping in action in a short YouTube video.

Here is a local copy (pdf).


[C43] Y. Oren, M. Kirschbaum, T. Popp, and A. Wool. Algebraic power analysis in the presence of errors. In S. Mangard and F.-X. Standaert, editors, Workshop on Cryptographic Hardware and Embedded Systems (CHES), LNCS 6225, pages 428–442, Santa Barbara, CA, August 2010. Springer Verlag.

Here is a local copy (pdf).


[C44] A. Arbit, Y. Oren, and A. Wool. Toward practical public key anti-counterfeiting for low-cost EPC tags. In IEEE International Conference on RFID, pages 184–191, Orlando, FL, April 2011. Preliminary version of [J40].


[C45] A. Wool. Trends in firewall configuration errors: Measuring the holes in Swiss cheese. In 7th Symposium On Usable Privacy and Security (SOUPS), Pittsburgh, PA, July 2011. Full version is [J34].


[C46] Y. Oren, D. Schirman, and A. Wool. RFID jamming and attacks on Israeli e-voting. Smart SysTech 2012, Munich, June 2012.

Here is a local copy (pdf).


[C47] Y. Oren, M. Renauld, F.-X. Standaert, and A. Wool. Algebraic side-channel analysis beyond the Hamming weight leakage model. In Workshop on Cryptographic Hardware and Embedded Systems (CHES), LNCS 7428, pages 140–154, Leuven, Belgium, September 2012. Springer Verlag. Here is a local copy (pdf).


[C48] O. Samorodnitzky, E. Tromer, and A. Wool. Analyzing unique-bid auction sites for fun and profit. 20th Annual Network & Distributed System Security Symposium (NDSS’2013), San Diego, CA, February 2013. Here is a local copy (pdf), and the slides from NDSS.


[C49] N. Goldenberg and A. Wool. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. 7th Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA, March 2013. Preliminary version of [J37]


[C50] Y. Oren, O. Weisse, and A. Wool. Practical template-algebraic side channel attacks with extremely low data complexity. In 2nd Workshop on Hardware and Architectural Support for Security and Privacy (HASP’2013), Tel Aviv, Israel, June 2013.

Here is a local copy (pdf)


[C51] Y. Oren, D. Schirman, and A. Wool. Range extension attacks on contactless smart cards. In Proc. 18th European Symposium on Research in Computer Security (ESORICS), LNCS 8134, pages 646–663, London, September 2013. Here is a local copy (pdf).


[C52] Y. Oren, O. Weisse, and A. Wool. A new framework for constraint-based probabilistic template side channel attacks. In Workshop on Cryptographic Hardware and Embedded Systems (CHES), LNCS 8731, pages 17–34, Busan, Korea, September 2014. Springer Verlag. Here is a local copy (pdf).


[C53] A. Kleinmann and A. Wool. Accurate modeling of the Siemens S7 SCADA protocol for intrusion detection and digital forensics. In 6th International Conference on Digital Forensics & Cyber Crime (ICDF2C), New Haven, CT, September 2014. Preliminary version of [J39]


[C54] N. Erez and A. Wool. Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA networks. In 9th Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA, March 2015. Preliminary version of [J41]


[C55] A. Kleinmann and A. Wool. A statechart-based anomaly detection model for multi-threaded SCADA systems. In 10th International Conference on Critical Information Infrastructures Security (CRITIS), pages 139–150, Berlin, October 2015. Fraunhofer IAIS. Here is a local copy (pdf).


[C56] M. Markovitz and A. Wool. Field classification, modeling and anomaly detection in unknown CAN bus networks. In 13th Embedded Security in Cars (ESCAR’15), Cologne, Germany, November 2015. Preliminary version of [J45].


[C57] E. Carmon, J.-P. Seifert, and A. Wool. Simple photonic emission attack with reduced data complexity. In Proc. 7’th Constructive Side-Channel Analysis and Secure Design (COSADE’16), LNCS 9689, pages 35–51, Graz, Austria, April 2016. Full technical report available in Cryptology ePrint Archive, Report 2015/1206.


[C58] E. Itkin and A Wool. A security analysis and revised security extension for the precision time protocol. In IEEE Symposium on Precision Clock Synchronization for Measurement, Control and Communication (ISPCS’16), pages 12–17, Stockholm, Sweden, September 2016. Preliminary version of [J46].


[C59] U. Kanonov and A Wool. Secure containers in Android: the Samsung KNOX case study. In 6th ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), pages 3–12, Vienna, Austria, October 2016. ACM. Here is a local copy (pdf). Full technical report available in arXiv:1605.08567 [cs.CR].. Media coverage by The Register.


[C60] A. Kleinmann and A. Wool. Automatic construction of statechart-based anomaly detection models for multi-threaded SCADA via spectral analysis. In 2nd ACM CCS Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC), pages 1–12, Vienna, Austria, October 2016. ACM. Here is a local copy (pdf).


[C61] M. Faisal, A. A. Cardenas, and A. Wool. Modeling Modbus TCP using specification-based intrusion detection. In Workshop on Cyber-Physical Systems Security (CPS-Sec), IEEE Conference on Communications and Network Security, Philadelphia, October 2016.

Here is a local copy (pdf).


[C62] T. Dagan and A. Wool. Parrot, a software-only anti-spoofing defense system for the CAN bus. In 14th Embedded Security in Cars (ESCAR’16), Munich, Germany, November 2016.

Here is a local copy (pdf).


[C63] L. David and A. Wool. A bounded-space near-optimal key enumeration algorithm for multi-subkey side-channel attacks. In Proc. RSA Conference Cryptographers Track (CT-RSA’17), LNCS 10159, pages 311–327, San Francisco, February 2017. Springer Verlag. Full technical report available in Cryptology ePrint Archive, Report 2015/1236.


[C64] E. Carmon, J.-P. Seifert, and A. Wool. Photonic side channel attacks against RSA. In IEEE Symposium on Hardware Oriented Security and Trust (HOST), pages 151–155, McLean, VA, May 2017.


Here is a local copy (pdf).

[C65] T. Dagan and A. Wool. Testing the boundaries of the Parrot anti-spoofing defense system. In 5th Embedded Security in Cars (ESCAR USA’17), Ann Arbor, MI, USA, June 2017.

Here is a local copy (pdf).


[C66] A. Kleinmann, O. Amichay, A. Wool, D. Tenenbaum, O. Bar, and L. Lev. Stealthy deception attacks against SCADA systems. In 3rd Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS), LNCS 10683, pages 93–109, Oslo, Norway, September 2017.

Here is a local copy (pdf).


[C67] T. Dagan, M. Marchetti, D. Stabili, M. Colajanni, and A. Wool. Vehicle safe-mode: Limp-mode in the service of cyber security. 15th Embedded Security in Cars (ESCAR’17), Berlin, Germany, November 2017.

Here is a local copy (pdf). Preliminary version of [J47]


[C68] C. Markman, A. Wool, and A. A. Cardenas. A new burst-DFA model for SCADA anomaly detection. In 3rd ACM CCS Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC), pages 1–12, Dallas, TX, November 2017. ACM.


[C69] B. Lapid and A. Wool. Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. In Proc. 25th Conference on Selected Areas in Cryptography (SAC), LNCS 11349, pages 235–256, Calgary, August 2018. Full technical report available in Cryptology ePrint Archive, Report 2018/621.


[C70] D. Fledel and A. Wool. Sliding-window correlation attacks against encryption devices with an unstable clock. In Proc. 25th Conference on Selected Areas in Cryptography (SAC), LNCS 11349, pages 193–215, Calgary, August 2018. Full technical report available in Cryptology ePrint Archive, Report 2018/317.


[C71] B. Lapid and A. Wool. Navigating the Samsung TrustZone with applications to cache-attacks on AES-256 in the Keymaster trustlet. In Proc. 23rd European Symposium on Research in Computer Security (ESORICS), LNCS 11098, pages 175–196, Barcelona, September 2018.


[C72] C. Markman, A. Wool, and A. A. Cardenas. Temporal phase shifts in SCADA networks. In 4th ACM CCS Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC), Toronto, ON, Canada, October 2018. ACM. Full technical report available in arXiv:1808.05068 [cs.CR].


[C73] T. Dagan and A. Wool. Woodpecker, a software-only true random generator for the CAN bus. In 16th Embedded Security in Cars (ESCAR’18), Brussels, November 2018.

Here is a local copy (pdf).

[C74] L. David and A. Wool. Poly-logarithmic side channel rank estimation via exponential sampling. In Proc. RSA Conference Cryptographers Track (CT-RSA’19), LNCS 11405, pages 330–349, San Francisco, March 2019. Springer Verlag. Preliminary version of [J49]


[C75] L. David and A. Wool. PRank: Fast analytical rank estimation via Pareto distributions. In 10’th Constructive Side-Channel Analysis and Secure Design (COSADE’19), LNCS 11421, pages 168–190, Darmstat, Germany, April 2019. Full technical report available in Cryptology ePrint Archive, Report 2018/550.


[C76] T. Dagan, Y. Montvelisky, and A. Wool. Vehicle safe-mode: An after-market proof-of-concept. In 7th Embedded Security in Cars (ESCAR USA’19), Ann Arbor, MI, USA, June 2019. Preliminary version of [J47]


[C77] E. Biham, S. Bitan, A. Carmel, A. Dankner, U. Malin, and A. Wool. Rogue7: Rogue engineering-station attacks on S7 Simatic PLCs. In Black Hat Briefings, Las Vegas, August 2019.


[C78] N. Gilboa Markevich and A. Wool. Hardware fingerprinting for the ARINC 429 avionic bus. In Proc. 25th European Symposium on Research in Computer Security (ESORICS), LNCS 12309 Part II, pages 42–62, University of Surrey, UK, September 2020. Full technical report available in arXiv:2003.12456 [cs.CR].


[C79] L. David and A. Wool. An explainable online password strength estimator. In Proc. 26th European Symposium on Research in Computer Security (ESORICS), LNCS 12972, pages 285–304, Darmstadt, Germany, October 2021. Preliminary version of [J50].


[C80] E. Zuberi and A. Wool. Characterizing GPU overclocking faults. In Proc. 26th European Symposium on Research in Computer Security (ESORICS), LNCS 12972, pages 110–130, Darmstadt, Germany, October 2021.


[C81] R. Komissarov and A. Wool. Spoofing attacks against vehicular FMCW radar. In 5th Workshop on Attacks and Solutions in Hardware Security (ASHES’21), Seoul, South Korea, November 2021. Preliminary version of [J52].


[C82] A. Shakevsky, E. Ronen, and A. Wool. Trust dies in darkness: Shedding light on Samsung’s TrustZone keymaster design. In 31st USENIX Security Symposium, Boston, August 2022. Also in Real World Crypto’2022. Full technical report available in Cryptology ePrint Archive, Report 2022/208.


[C83] A. Engelberg and A. Wool. Classification of encrypted IoT traffic despite padding and shaping. Proc. 21st Workshop on Privacy in the Electronic Society (WPES'22), pages 1–13, Los Angeles, November 2022.


[C84] T. Avrahami, O. Amrani, and A.Wool. Let's shake on it: Extracting secure shared keys from Wi-Fi CSI. In 20th IEEE Conference on Mobile Ad-Hoc and Smart Systems (MASS'2023), Toronto, September 2023. Full technical report available in arXiv:2307.05423.


[C85]  N. Ortiz, A. A. Cardenas, and A. Wool. SCADA world: An exploration of the diversity in power grid. ACM SIGMETRICS / IFIP Performance, Venice, Italy, June 2024. Published as [J53].

bottom of page