Marc Stevens (Centrum Wiskunde & Informatica, Netherlands)
Wednesday, 20.11.2013, 10:00
Flame, a highly advanced malware for cyberwarfare discovered in May, spread itself as a properly, but illegitimately, signed Microsoft update security patch. Flame achieved this by forging a signature from Microsoft using a so-called chosen-prefix collision attack on the very weak cryptographic hash function MD5. In this talk I will focus on counter-cryptanalysis, a new paradigm for strengthening cryptographic primitives, and the first example thereof, namely an efficient anomaly detection technique that detects whether a given signature was forged using a cryptanalytic collision attack on the underlying hash function. We used counter-cryptanalysis to expose Flame's yet unknown variant chosen-prefix collision attack even though only one of the two colliding certificates was available. Finally, I will discuss ongoing work on improving the complexity of this new technique and efforts to reduce the chance of false negatives, i.e., existence of feasible yet-undetected collision attacks.
Dr. Marc Stevens is currently a post-doc in the Cryptology Group of CWI Amsterdam. His current research focuses on cryptanalysis with practical attacks on cryptographic hash functions in particular as well as counter-cryptanalysis. He received his PhD at Leiden University in June 2012 for which he won the 2013 "Martinus van Marum" prize from the Royal Holland Society of Sciences and Humanities. He is (co-)recipient of the CRYPTO 2009 Best Paper Award and recipient of the CRYPTO 2013 Best Young Researcher Paper Award.