Srdjan Čapkun
Professor
Department of Computer Science
ETH Zurich
srdjan.capkun@inf.ethz.ch
twitter / linkedin /
mastodon: ioc.exchange/@capkuns
publications
My research interests span a range of topics in computer security and privacy, including trusted computing, distributed ledgers, wireless network security (GNSS, UWB, cellular) and user authentication.
I am lucky to be able to work with some exceptional students and postdoctoral researchers (former students and postdocs). For a comprehensive overview of research and teaching see my research group (System Security Group @ETH Zurich).
Short Bio:
Srdjan Capkun (Srđan Čapkun) is a full professor in the Department of Computer Science, ETH Zurich and Chair of the Zurich Information Security and Privacy Center (ZISC). Originally from Split, Croatia, he received his Dipl. Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998, and his Ph.D. degree in Communication Systems from EPFL in 2004. His research interests are in system and network security. His focus areas are wireless security (in particular secure positioning), and system security where he focuses on trusted computing and blockchain technologies. He is a co-founder of 3db Access (acquired by Infineon in 2023), which focused on secure distance measurement and proximity-based access control, and of Futurae, a company focusing on usable on-line authentication. In 2016 he received an ERC Consolidator Grant for a project dedicated to securing positioning in wireless networks (www.securepositioning.com). He is a fellow of the ACM and of the IEEE.
[how to pronounce Srđan (Srdjan)]
Selected recent publications:
Ivan Puddu, Moritz Schneider, Daniele Lain, Stefano Boschetto, Srdjan Capkun
On (the Lack of) Code Confidentiality in Trusted Execution Environments Authors: in IEEE S&P 2024 [PDF] (preprint)
Daniele Coppola, Giovanni Camurati, Claudio Anliker, Xenia Hofmeier, Patrick Schaller, David Basin, Srdjan Capkun
PURE: Payments with UWB RElay-protection,
in Usenix Security 2024 [PDF]
Claudio Anliker, Giovanni Camurati, Srdjan Čapkun
Time for Change: How Clocks Break UWB Secure Ranging
https://arxiv.org/abs/2305.09433, in Usenix Security 2023
Daniele Lain, Kari Kostiainen, Srdjan Čapkun
Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
in IEEE Symposium on Security and Privacy (S&P), 2022
[BIB | PDF | DOI]
Friederike Groschupp, Mark Kuhne, Moritz Schneider, Ivan Puddu, Shweta Shinde, Srdjan Capkun
It’s TEEtime: Bringing User Sovereignty to Smartphones
https://arxiv.org/abs/2211.05206, 2022
Martin Kotuliak, Simon Erni, Patrick Leu, Marc Röschlin, Srdjan Čapkun
LTrack: Stealthy Tracking of Mobile Phones in LTE
in USENIX Security 2022 [PDF]
Karl Wüst, Kari Kostiainen, Noah Delius, Srdjan Capkun
Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy Preserving Regulation, In ACM Conference on Computer and Communications Security (CCS), 2022 [PDF]
Patrick Leu, Giovanni Camurati*, Alexander Heinrich, Marc Roeschlin, Claudio Anliker, Matthias Hollick, Srdjan Capkun, and Jiska Classen
Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging
in USENIX Security 2022
https://securepositioning.com/ghost-peak/
Friederike Groschupp, Moritz Schneider, Ivan Puddu, Shweta Shinde, Srdjan Čapkun
Sovereign Smartphone: To Enjoy Freedom We Have to Control Our Phones
in Arxiv e-print (arXiv:2102.02743), 2021 [PDF]
Ivan Puddu, Moritz Schneider, Miro Haller, Srdjan Čapkun
Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend
in USENIX Security 2021 [PDF]
Enis Ulqinaku and Hala Assal and AbdelRahman Abdou and Sonia Chiasson and Srdjan Čapkun
Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols, in Usenix Security 2021 [PDF]
Decentralized Privacy-Preserving Proximity Tracing.
Carmela Troncoso, Mathias Payer, Jean-Pierre Hubaux, Marcel Salathé, James Larus, Edouard Bugnion, Wouter Lueks, Theresa Stadler, Apostolos Pyrgelis, Daniele Antonioli, Ludovic Barman, Sylvain Chatel, Kenneth Paterson, Srdjan Capkun, David Basin, Jan Beutel, Dennis Jackson, Marc Roeschlin, Patrick Leu, Bart Preneel, Nigel Smart, Aysajan Abidin, Seda Gürses, Michael Veale, Cas Cremers, Michael Backes, Nils Ole Tippenhauer, Reuben Binns, Ciro Cattuto, Alain Barrat, Dario Fiore, Manuel Barbosa, Rui Oliveira, José Pereira.
in arXiv, 2020 [PDF] [github]
Design choices for central bank digital currency: Policy and technical considerations
Sarah Allen, Srdjan Capkun, Ittay Eyal, Giulia Fanti, Bryan Ford, James Grimmelmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, Eswar Prasad, Karl Wüst, and Fan Zhang, in Brookings/NBER, Working Paper, July, 2020 [PDF]
Patrick Leu, Mridula Singh, Marc Roeschlin, Kenneth G. Paterson, Srdjan Capkun
Message Time of Arrival Codes: A Fundamental Primitive for Secure Distance Measurement, in IEEE Symposium on Security and Privacy (S&P), 2020 [PDF]
*this is a personal site; the postings on this site are my own and do not necessarily reflect the views of my employer
Srdjan Čapkun 
