[Haifux] Last time I am bothering you with Marc Stevens' talk (I promise)

Orr Dunkelman orr.dunkelman at gmail.com
Mon Nov 18 12:40:39 MSK 2013


Speaker: Marc Stevens
Title: Improving Counter-cryptanalysis

Abstract:

Flame, a highly advanced malware for cyberwarfare discovered in May, spread
itself
as a properly, but illegitimately, signed Microsoft update security patch.
Flame
achieved this by forging a signature from Microsoft using a so-called
chosen-prefix
collision attack on the very weak cryptographic hash function MD5. In this
talk I
will focus on counter-cryptanalysis, a new paradigm for strengthening
cryptographic
primitives, and the first example thereof, namely an efficient anomaly
detection
technique that detects whether a given signature was forged using a
cryptanalytic
collision attack on the underlying hash function. We used
counter-cryptanalysis to
expose Flame's yet unknown variant chosen-prefix collision attack even
though only
one of the two colliding certificates was available. Finally, I will
discuss ongoing
work on improving the complexity of this new technique and efforts to
reduce the
chance of false negatives, i.e., existence of feasible yet-undetected
collision
attacks.

Bio

Dr. Marc Stevens is currently a post-doc in the Cryptology Group of CWI
Amsterdam.
His current research focuses on cryptanalysis with practical attacks on
cryptographic hash functions in particular as well as
counter-cryptanalysis. He
received his PhD at Leiden University in June 2012 for which he won the 2013
"Martinus van Marum" prize from the Royal Holland Society of Sciences and
Humanities. He is (co-)recipient of the CRYPTO 2009 Best Paper Award and
recipient
of the CRYPTO 2013 Best Young Researcher Paper Award.

When: 10:00, Wednesday, November 20, 2013
Where: Room 1003, EE Meyer Building (Technion)

or

When: 10:30, Thursday, November 21, 2013
Where: room 207, Jacobs building (University of Haifa)

-- 
Orr Dunkelman,
Orr.Dunkelman at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20131118/870fdd3e/attachment.html 


More information about the Haifux mailing list