Hovav Shacham

Last updated
Hovav Shacham
Alma mater Stanford University (PhD)
Scientific career
Fields Computer Security
Institutions University of Texas at Austin
Thesis New Paradigms in Signature Schemes (2005)
Doctoral advisor Dan Boneh

Hovav Shacham is a professor in computer security at the University of Texas at Austin. He has made many advances to both cryptography and computer security.

Contents

Biography

Shacham his PhD from Stanford University under the supervision of Dan Boneh, where he wrote his dissertation on "New Paradigms in Signature Schemes". He currently has over 50 publications in the area of computer security and cryptography. In 2007 he participated in the California's 2007 "Top-to-Bottom" voting systems review. [1] He was the program chair of IEEE S&P 2019 and 2020, one of the leading computer security conferences. [2]

Research

Shacham's research covers the areas of cryptography and security.

In cryptography, Shacham developed a scheme to digital signature scheme based on the Weil pairing with Dan Boneh and Ben Lynn. [3] The scheme was important because of the size of the signature: half of that of typical other signatures. For this reason this method, or those based on it, are now one of the leading signature schemes.

In security, Shacham is best known for developing Return Oriented Programming (ROP), a method to exploit a memory corruption vulnerability. In his 2007 ACM CCS paper, he showed that it was possible to perform Turing complete computation by re-using existing executable code in a program without needing to inject new code. ROP attacks are now the most common type of memory corruption exploit. Most operating systems now implement defenses to help prevent this attack, [4] and some microprocessors such as modern Intel CPUs include new hardware instructions that prevent this attack. [5]

Shacham performed a high-profile audit of the security systems in modern software-controlled cars in a paper published at IEEE S&P 2010, which in 2020 was recognized by IEEE with the test of time award. In this work, Shacham showed that many cars had little to no security and it was possible to "disable the brakes, selectively brake individual wheels on demand, or stop the engine". [6]

Shacham also researched the security of Backscatter X-ray full body scanners as used in many airports. [7] He found that it was possible to infect these scanners with malware, and that it was possible to hide weapons through the scanners. [8]

Awards

Shacham received the ACM CCS 2017 and 2019 test of time award, [9] and the IEEE S&P 2020 Test-of-Time Award. [10]

Related Research Articles

<span class="mw-page-title-main">Ron Rivest</span> American cryptographer

Ronald Linn Rivest is a cryptographer and computer scientist whose work has spanned the fields of algorithms and combinatorics, cryptography, machine learning, and election integrity. He is an Institute Professor at the Massachusetts Institute of Technology (MIT), and a member of MIT's Department of Electrical Engineering and Computer Science and its Computer Science and Artificial Intelligence Laboratory.

<span class="mw-page-title-main">David Chaum</span> American computer scientist and cryptographer

David Lee Chaum is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency".

<span class="mw-page-title-main">Whitfield Diffie</span> American cryptographer (born 1944)

Bailey Whitfield 'Whit' Diffie ForMemRS is an American cryptographer and mathematician and one of the pioneers of public-key cryptography along with Martin Hellman and Ralph Merkle. Diffie and Hellman's 1976 paper New Directions in Cryptography introduced a radically new method of distributing cryptographic keys, that helped solve key distribution—a fundamental problem in cryptography. Their technique became known as Diffie–Hellman key exchange. The article stimulated the almost immediate public development of a new class of encryption algorithms, the asymmetric key algorithms.

The computational Diffie–Hellman (CDH) assumption is a computational hardness assumption about the Diffie–Hellman problem. The CDH assumption involves the problem of computing the discrete logarithm in cyclic groups. The CDH problem illustrates the attack of an eavesdropper in the Diffie–Hellman key exchange protocol to obtain the exchanged secret key.

The external Diffie–Hellman (XDH) assumption is a computational hardness assumption used in elliptic curve cryptography. The XDH assumption holds that there exist certain subgroups of elliptic curves which have useful properties for cryptography. Specifically, XDH implies the existence of two distinct groups with the following properties:

  1. The discrete logarithm problem (DLP), the computational Diffie–Hellman problem (CDH), and the computational co-Diffie–Hellman problem are all intractable in and .
  2. There exists an efficiently computable bilinear map (pairing) .
  3. The decisional Diffie–Hellman problem (DDH) is intractable in .

Solvency, in finance or business, is the degree to which the current assets of an individual or entity exceed the current liabilities of that individual or entity. Solvency can also be described as the ability of a corporation to meet its long-term fixed expenses and to accomplish long-term expansion and growth. This is best measured using the net liquid balance (NLB) formula. In this formula, solvency is calculated by adding cash and cash equivalents to short-term investments, then subtracting notes payable. There exist cryptographic schemes for both proofs of liabilities and assets, especially in the blockchain space.

A group signature scheme is a method for allowing a member of a group to anonymously sign a message on behalf of the group. The concept was first introduced by David Chaum and Eugene van Heyst in 1991. For example, a group signature scheme could be used by an employee of a large company where it is sufficient for a verifier to know a message was signed by an employee, but not which particular employee signed it. Another application is for keycard access to restricted areas where it is inappropriate to track individual employee's movements, but necessary to secure areas to only employees in the group.

In cryptography the standard model is the model of computation in which the adversary is only limited by the amount of time and computational power available. Other names used are bare model and plain model.

<span class="mw-page-title-main">Dan Boneh</span> Israeli–American professor

Dan Boneh is an Israeli–American professor in applied cryptography and computer security at Stanford University.

The Decision Linear (DLIN) assumption is a computational hardness assumption used in elliptic curve cryptography. In particular, the DLIN assumption is useful in settings where the decisional Diffie–Hellman assumption does not hold. The Decision Linear assumption was introduced by Boneh, Boyen, and Shacham.

A BLS digital signature—also known as Boneh–Lynn–Shacham (BLS)—is a cryptographic signature scheme which allows a user to verify that a signer is authentic.

Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.

Identity-based cryptography is a type of public-key cryptography in which a publicly known string representing an individual or organization is used as a public key. The public string could include an email address, domain name, or a physical IP address.

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with popular algorithms currently used in the market is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or even faster and less demanding alternatives.

<span class="mw-page-title-main">Elie Bursztein</span> French computer scientist (born 1980)

Elie Bursztein, born 1 June 1980 in France, is a French computer scientist and software engineer. He is currently Google and DeepMind AI cybersecurity technical and research lead.

<span class="mw-page-title-main">Moti Yung</span> Israeli computer scientist

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

Matthew Keith "Matt" Franklin is an American cryptographer, and a professor of computer science at the University of California, Davis.

Jonathan Katz is a professor in the Department of Computer Science at the University of Maryland who conducts research on cryptography and cybersecurity. In 2019–2020 he was a faculty member in the Volgenau School of Engineering at George Mason University, where he held the title of Eminent Scholar in Cybersecurity. In 2013–2019 he was director of the Maryland Cybersecurity Center at the University of Maryland.

<span class="mw-page-title-main">Amit Sahai</span> American cryptographer (born 1974)

Amit Sahai is an Indian-American computer scientist. He is a professor of computer science at UCLA and the director of the Center for Encrypted Functionalities.

<span class="mw-page-title-main">Hertzbleed</span>

Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker. Disclosure of cryptographic keys is the main concern regarding the exploit but other uses of the attack have been demonstrated since its initial discovery.

References

  1. "Top-to-Bottom Review :: California Secretary of State". www.sos.ca.gov. Retrieved 2024-03-07.
  2. "IEEE Symposium on Security and Privacy 2020". www.ieee-security.org. Retrieved 2024-03-07.
  3. Boneh, Dan; Lynn, Ben; Shacham, Hovav (2001). Boyd, Colin (ed.). "Short Signatures from the Weil Pairing". Advances in Cryptology — ASIACRYPT 2001. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer: 514–532. doi:10.1007/3-540-45682-1_30. ISBN   978-3-540-45682-7.
  4. "Understanding Hardware-enforced Stack Protection". TECHCOMMUNITY.MICROSOFT.COM. Retrieved 2024-03-07.
  5. "A Technical Look at Intel's Control-flow Enforcement Technology". Intel. Retrieved 2024-03-07.
  6. Leyden, John. "Boffins warn on car computer security risk". www.theregister.com. Retrieved 2024-03-07.
  7. Diego, University of California-San. "Researchers find security flaws in backscatter X-ray scanners". phys.org. Retrieved 2024-03-07.
  8. Greenberg, Andy. "Researchers Easily Slipped Weapons Past TSA's X-Ray Body Scanners". Wired. ISSN   1059-1028 . Retrieved 2024-03-07.
  9. "Dr. Hovav Shacham Awarded ACM CCS Test-of-Time Award 2019 | Department of Computer Science". www.cs.utexas.edu. Retrieved 2024-03-07.
  10. "Computer Scientists Win Test of Time Award for Paper that Changed the Auto Industry".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.