<div dir="ltr"><div><div>Speaker: Marc Stevens<br>Title: Improving Counter-cryptanalysis<br><br>Abstract:<br><br>Flame, a highly advanced malware for cyberwarfare discovered in May, spread itself<br>as a properly, but illegitimately, signed Microsoft update security patch. Flame<br>
achieved this by forging a signature from Microsoft using a so-called chosen-prefix<br>collision attack on the very weak cryptographic hash function MD5. In this talk I<br>will focus on counter-cryptanalysis, a new paradigm for strengthening cryptographic<br>
primitives, and the first example thereof, namely an efficient anomaly detection<br>technique that detects whether a given signature was forged using a cryptanalytic<br>collision attack on the underlying hash function. We used counter-cryptanalysis to<br>
expose Flame's yet unknown variant chosen-prefix collision attack even though only<br>one of the two colliding certificates was available. Finally, I will discuss ongoing<br>work on improving the complexity of this new technique and efforts to reduce the<br>
chance of false negatives, i.e., existence of feasible yet-undetected collision<br>attacks.<br><br>Bio<br><br>Dr. Marc Stevens is currently a post-doc in the Cryptology Group of CWI Amsterdam.<br>His current research focuses on cryptanalysis with practical attacks on<br>
cryptographic hash functions in particular as well as counter-cryptanalysis. He<br>received his PhD at Leiden University in June 2012 for which he won the 2013<br>"Martinus van Marum" prize from the Royal Holland Society of Sciences and<br>
Humanities. He is (co-)recipient of the CRYPTO 2009 Best Paper Award and recipient<br>of the CRYPTO 2013 Best Young Researcher Paper Award.<br><br>When: 10:00, Wednesday, November 20, 2013<br>Where: Room 1003, EE Meyer Building (Technion)<br>
<br>or<br><br></div>When: 10:30, Thursday, November 21, 2013<br></div>Where: room 207, Jacobs building (University of Haifa)<br clear="all"><div><div><br>-- <br>Orr Dunkelman,<br><a href="mailto:Orr.Dunkelman@gmail.com" target="_blank">Orr.Dunkelman@gmail.com</a>
</div></div></div>