Projects

Scan-Then-Strike — CAN Bus Bus-Off Attack

Reproduced the timing-critical core of the Scan-Then-Strike CAN attack (USENIX Security ’21): the Single Frame Bus-Off (SFBO) primitive and its escalation into a Persistent Bus-Off DoS. 3-node ESP32-C3 testbed on a 500 kbps CAN bus with a Linux orchestrator/logger over SocketCAN. ~83% single-shot bus-off, ~78% sustained victim suppression.

CAN BusAutomotive SecurityESP32-C3C / C++Embedded
View on GitHub →

BMS LV — Battery Management System in Rust (RaceUP)

Low-voltage Battery Management System firmware for the RaceUP Formula SAE car, rewritten from scratch in Rust on the Embassy async framework (no_std). Reads per-cell voltages and temperatures from an LTC6811 over SPI with DMA, runs over/under-voltage and temperature fault detection with debouncing, passive balancing and CAN telemetry at 500 kbps. Concurrent task architecture on STM32F405, logging over USB-CDC and defmt.

RustEmbassySTM32LTC6811CAN BusEmbedded
View on GitHub →

Remote Attestation — SIMPLE Protocol

Authenticated challenge–response remote attestation workflow (SIMPLE, WiSec ’20) across a PC verifier (Python), an ESP32 gateway (ESP-IDF) and an STM32 Nucleo-H503RB prover. SHA-256/HMAC measurement of flash, RAM and configuration isolated by MPU and GTZC and protected by MAC and freshness checks. Validated tamper detection, replay rejection, ~0.93 ms privileged crypto path.

Remote AttestationSTM32ESP32PythonIoT Security
View on GitHub →