[Haifux] Last time I am bothering you with Marc Stevens' talk (I promise)

Orr Dunkelman orr.dunkelman at gmail.com
Mon Nov 18 12:40:39 MSK 2013

Speaker: Marc Stevens
Title: Improving Counter-cryptanalysis


Flame, a highly advanced malware for cyberwarfare discovered in May, spread
as a properly, but illegitimately, signed Microsoft update security patch.
achieved this by forging a signature from Microsoft using a so-called
collision attack on the very weak cryptographic hash function MD5. In this
talk I
will focus on counter-cryptanalysis, a new paradigm for strengthening
primitives, and the first example thereof, namely an efficient anomaly
technique that detects whether a given signature was forged using a
collision attack on the underlying hash function. We used
counter-cryptanalysis to
expose Flame's yet unknown variant chosen-prefix collision attack even
though only
one of the two colliding certificates was available. Finally, I will
discuss ongoing
work on improving the complexity of this new technique and efforts to
reduce the
chance of false negatives, i.e., existence of feasible yet-undetected


Dr. Marc Stevens is currently a post-doc in the Cryptology Group of CWI
His current research focuses on cryptanalysis with practical attacks on
cryptographic hash functions in particular as well as
counter-cryptanalysis. He
received his PhD at Leiden University in June 2012 for which he won the 2013
"Martinus van Marum" prize from the Royal Holland Society of Sciences and
Humanities. He is (co-)recipient of the CRYPTO 2009 Best Paper Award and
of the CRYPTO 2013 Best Young Researcher Paper Award.

When: 10:00, Wednesday, November 20, 2013
Where: Room 1003, EE Meyer Building (Technion)


When: 10:30, Thursday, November 21, 2013
Where: room 207, Jacobs building (University of Haifa)

Orr Dunkelman,
Orr.Dunkelman at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20131118/870fdd3e/attachment.html 

More information about the Haifux mailing list