Markus Kuhn | |
---|---|
Born | Markus Guenther Kuhn 1971 (age 51–52) [1] |
Alma mater | |
Known for | EURion constellation |
Scientific career | |
Fields | Computer science Computer security Tamper resistance [2] [3] [4] [5] [6] [7] |
Institutions | |
Thesis | Compromising emanations: eavesdropping risks of computer displays (2002) |
Doctoral advisor | Ross J. Anderson [8] |
Doctoral students | Steven Murdoch [9] |
Website | www |
Markus Guenther Kuhn (born 1971) is a German computer scientist, currently working at the Computer Laboratory, University of Cambridge and a fellow of Wolfson College, Cambridge. [10] [11] [12] [13] [14]
Kuhn was educated at University of Erlangen (Germany), he received his Master of Science degree at Purdue University and PhD at the University of Cambridge.
Kuhn's main research interests include computer security, in particular the hardware and signal-processing aspects of it, and distributed systems. He is known, among other things, for his work on security microcontrollers, compromising emanations, and distance-bounding protocols. He developed the Stirmark test for digital watermarking schemes, the OTPW one-time password system, and headed the project that extended the X11 misc-fixed fonts to Unicode.
In 1994, as an undergraduate student, he became known for developing several ways to circumvent the VideoCrypt encryption system, most notably the Season7 smartcard emulator. [15]
In 2002, he published a new method for eavesdropping CRT screens [4] and in 2003 he went on to publish mitigations such as "Tempest fonts". [16]
In 2010, Kuhn was asked to analyse the ADE 651, a device used in Iraq that was said to be a bomb-detecting device; he found that it contained nothing but an anti-theft tag and said that it was "impossible" that the device could detect anything whatsoever. [17]
He is also known for some of his work on international standardisation, such as pioneering the introduction of Unicode/UTF-8 under Linux. [18]
In 1987 and 1988, he won the German national computer-science contest, [19] and in 1989, he won a gold medal for the West German team at the International Olympiad in Informatics. [20] [21]
TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).
Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.
A passive attack on a cryptosystem is one in which the cryptanalyst cannot interact with any of the parties involved, attempting to break the system solely based upon observed data. This can also include known plaintext attacks where both the plaintext and its corresponding ciphertext are known.
David John Wheeler FRS was a computer scientist and professor of computer science at the University of Cambridge.
Van Eck phreaking, also known as Van Eck radiation, is a form of eavesdropping in which special equipment is used to pick up side-band electromagnetic emissions from electronic devices that correlate to hidden signals or data to recreate these signals or data to spy on the electronic device. Side-band electromagnetic radiation emissions are present in keyboards, computer displays, printers, and other electronic devices.
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.
Software visualization or software visualisation refers to the visualization of information of and related to software systems—either the architecture of its source code or metrics of their runtime behavior—and their development process by means of static, interactive or animated 2-D or 3-D visual representations of their structure, execution, behavior, and evolution.
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.
Virgil Dorin Gligor is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.
Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
Steven James Murdoch is Professor of Security Engineering in the Computer Science Department, University College London. His research covers privacy-enhancing technology, Internet censorship, and anonymous communication, in particular Tor. He is also known for discovering several vulnerabilities in the EMV bank chipcard payment system and for creating Tor Browser.
Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.
Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.
Matthew Daniel Green is an American cryptographer and security technologist. Green is an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous cryptocurrencies, elliptic curve crypto-systems, and satellite television piracy. He is a member of the teams that developed the Zerocoin anonymous cryptocurrency and Zerocash. He has also been influential in the development of the Zcash system. He has been involved in the groups that exposed vulnerabilities in RSA BSAFE, Speedpass and E-ZPass. Green lives in Baltimore, MD with his wife, 2 children and 2 miniature dachshunds.
In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. These attacks are a more specific type of what is sometimes referred to as Van Eck phreaking, with the intention to capture encryption keys. Electromagnetic attacks are typically non-invasive and passive, meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage. However, an attacker may get a better signal with less noise by depackaging the chip and collecting the signal closer to the source. These attacks are successful against cryptographic implementations that perform different operations based on the data currently being processed, such as the square-and-multiply implementation of RSA. Different operations emit different amounts of radiation and an electromagnetic trace of encryption may show the exact operations being performed, allowing an attacker to retrieve full or partial private keys.
Yuval Elovici is a computer scientist. He is a professor in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev (BGU), where he is the incumbent of the Davide and Irene Sala Chair in Homeland Security Research. He is the director of the Cyber Security Research Center at BGU and the founder and director of the Telekom Innovation Laboratories at Ben-Gurion University. In addition to his roles at BGU, he also serves as the lab director of Singapore University of Technology and Design’s (SUTD) ST Electronics-SUTD Cyber Security Laboratory, as well as the research director of iTrust. In 2014 he co-founded Morphisec, a start-up company, that develops cyber security mechanisms related to moving target defense.
A wireless onion router is a router that uses Tor to connect securely to a network. The onion router allows the user to connect to the internet anonymously creating an anonymous connection. Tor works using an overlaid network which is free throughout the world, this overlay network is created by using numerous relay points created using volunteer which helps the user hide personal information behind layers of encrypted data like layers of an onion. Routers are being created using Raspberry Pi adding a wireless module or using its own inbuilt wireless module in the later versions.
Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.
Hussein S. M. Zedan was a computer scientist of Egyptian descent, mainly based in the United Kingdom.
Alois Christian Knoll is German computer scientist and professor at the TUM School of Computation, Information and Technology at the Technical University of Munich (TUM). He is head of the Chair of Robotics, Artificial Intelligence and Embedded Systems.