My name's Lyubomir, but you can call me Lew if it's easier for you. I graduated ETH Zurich with a MSc in Cyber Security and here you can find some of the research and projects I did during my studies. Before ETH, I obtained a BSc in CS with Security and Forensics at Cardiff University, graduating as the valedictorian. But everything started at Telerik Academy, where I specialised in Mobile Development(Android/iOS) in and intensive 1-year course.
I'm interested in system security, trusted computing, cryptography, reverse-engineering, forensics, physical security, secure system design, and generally everything that has to do with security!
I spent a semester researching GALILEO Open Service Navigation Message Authentication (OSNMA), during which I implemented the protocol in a stand-alone parser and partially in GNSS-SDR. Additionally, I conceptualised possible attacks against this authentication scheme.
For my Master's Thesis, I joined the Secure & Trustworthy Systems Group at ETH Zurich, and helped them in their efforts to design and implement a new, hardware-backed security architecture for smartphones, TEETime, based on existing components, already utilised by mechanisms such as ARM TrustZone. In the search for a device to prototype this architecture on, I found an unlikely candidate - the iPhone 5S.
I managed to boot Linux on the device and implement a basic trusted firmware a-la TF-A, make SMC calls to it from Linux. Unfortunately I cannot publicly provide the paper, as there is information in it that's either under NDA or not yet published by the authors of TEETime. Nonetheless, here's the guide and resources on how to boot Linux and a TF on the iPhone 5S:
I had some fun during my Bachelor's as well. For my thesis, I attempted to convert the Signal IM protocol to be quatum-safe. I swapped out the vulnerable traditional cryptography with post-quatum alternatives, but had to revise the X3DH key agreement and find replacements for the XEdDSA/VXEdDSA signature schemes, since they did not have a direct counterpart in the post-quantum world.
You can read about the protocol in the paper and try out the application, both found in the repository 👇
Research is not the only thing I enjoy doing, I have found some of the tasks given us in several modules quite enjoyable. Here's a brief selection of such. 👇
I have particularly fond memories of the Applied Security Lab.