Nadia Heninger

Last updated

Nadia Heninger 2013 at Chaos Communication Congress Nadia Heninger 2013 at Chaos Communication Congress 30C3 DJB 03.jpg
Nadia Heninger 2013 at Chaos Communication Congress

Nadia Heninger (born 1982) [1] is an American cryptographer, computer security expert, and computational number theorist at the University of California, San Diego.

Contents

Contributions

Heninger is known for her work on freezing powered-down security devices to slow their fading memories and allow their secrets to be recovered via a cold boot attack, [2] [A] for her discovery that weak keys for the RSA cryptosystem are in widespread use by internet routers and other embedded devices, [3] [B] for her research on how failures of forward secrecy in bad implementations of the Diffie–Hellman key exchange may have allowed the National Security Agency to decrypt large amounts of internet traffic via the Logjam vulnerability, [4] [C] and for the DROWN attack, which uses servers supporting old and weak cryptography to decrypt traffic from modern clients to modern servers. [5] [D]

Heninger's other research contributions include a variant of the RSA cryptosystem that would be secure against quantum computers, [6] an attack on implementations of the ANSI X9.31 cryptographically secure pseudorandom number generator that use hard-coded seed keys to initialize the generator, [7] and the discovery of a side-channel attack against some versions of the libgcrypt cryptography library. [8]

In 2015, Heninger was part of a team of proponents that included Matt Blaze, Steven M. Bellovin, J. Alex Halderman, and Andrea M. Matwyshyn who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act. [9]

Education and career

Heninger graduated from the University of California, Berkeley in 2004, with a bachelor's degree in electrical engineering and computer science. [10] She completed her doctorate in 2011 at Princeton University; her dissertation, Error Correction and the Cryptographic Key, was supervised by Bernard Chazelle. [10] [11] After postdoctoral research at the University of California, San Diego and Microsoft Research in New England, she became Magerman Term Assistant Professor at the University of Pennsylvania in 2013. [12] In 2019, she returned to the University of California, San Diego.

Recognition

Heninger's work on weak keys and on forward secrecy of Diffie–Hellman won best paper awards at the conferences at which they were presented, as have several of Heninger's other publications. [10] She is one of the 2016 recipients of the Applied Networking Research Prize of the Internet Research Task Force. [13]

She was an invited speaker at Asiacrypt 2016, speaking on "The reality of cryptographic deployments on the internet". [14]

Selected publications

Related Research Articles

In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm.

<span class="mw-page-title-main">Diffie–Hellman key exchange</span> Method of exchanging cryptographic keys

Diffie–Hellman key exchange is a mathematical method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography. Published in 1976 by Diffie and Hellman, this is the earliest publicly known work that proposed the idea of a private key and a corresponding public key.

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography to provide equivalent security.

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem, one of the oldest widely used for secure data transmission. The initialism "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent system was developed secretly in 1973 at Government Communications Headquarters (GCHQ), the British signals intelligence agency, by the English mathematician Clifford Cocks. That system was declassified in 1997.

In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange. It was described by Taher Elgamal in 1985. ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm (DSA) is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption.

A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis where the cryptanalyst can gather information by obtaining the decryptions of chosen ciphertexts. From these pieces of information the adversary can attempt to recover the hidden secret key used for decryption.

A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also loosely known as a cryptographic random number generator (CRNG).

Articles related to cryptography include:

<span class="mw-page-title-main">Whitfield Diffie</span> American cryptographer (born 1944)

Bailey Whitfield 'Whit' Diffie ForMemRS is an American cryptographer and mathematician and one of the pioneers of public-key cryptography along with Martin Hellman and Ralph Merkle. Diffie and Hellman's 1976 paper New Directions in Cryptography introduced a radically new method of distributing cryptographic keys, that helped solve key distribution—a fundamental problem in cryptography. Their technique became known as Diffie–Hellman key exchange. The article stimulated the almost immediate public development of a new class of encryption algorithms, the asymmetric key algorithms.

The security of cryptographic systems depends on some secret data that is known to authorized persons but unknown and unpredictable to others. To achieve this unpredictability, some randomization is typically employed. Modern cryptographic protocols often require frequent generation of random quantities. Cryptographic attacks that subvert or exploit weaknesses in this process are known as random number generator attacks.

The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability of the Decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the ElGamal cryptosystem. In contrast to ElGamal, which is extremely malleable, Cramer–Shoup adds other elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a universal one-way hash function and additional computations, resulting in a ciphertext which is twice as large as in ElGamal.

Plaintext-awareness is a notion of security for public-key encryption. A cryptosystem is plaintext-aware if it is difficult for any efficient algorithm to come up with a valid ciphertext without being aware of the corresponding plaintext.

In cryptography, Curve25519 is an elliptic curve used in elliptic-curve cryptography (ECC) offering 128 bits of security and designed for use with the Elliptic-curve Diffie–Hellman (ECDH) key agreement scheme. It is one of the fastest curves in ECC, and is not covered by any known patents. The reference implementation is public domain software.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The following outline is provided as an overview of and topical guide to cryptography:

Post-quantum cryptography (PQC), sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant, is the development of cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer. The problem with popular algorithms currently used in the market is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems could be easily solved on a sufficiently powerful quantum computer running Shor's algorithm or even faster and less demanding alternatives.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

<span class="mw-page-title-main">Hugo Krawczyk</span> Argentine Israeli cryptographer

Hugo Krawczyk is an Argentine-Israeli cryptographer best known for co-inventing the HMAC message authentication algorithm and contributing in fundamental ways to the cryptographic architecture of central Internet standards, including IPsec, IKE, and SSL/TLS. In particular, both IKEv2 and TLS 1.3 use Krawczyk’s SIGMA protocol as the cryptographic core of their key exchange procedures. He has also contributed foundational work in the areas of threshold and proactive cryptosystems and searchable symmetric encryption, among others.

References

  1. Birth year from Library of Congress catalog entry, retrieved December 9, 2018.
  2. Mills, Elinor (July 30, 2008), Disk encryption is no silver bullet, researchers say: Researchers tell how to steal disk encryption key and sensitive data off memory in laptops in cold-boot attack on hibernating computer, CNET
  3. Leyden, John (February 16, 2012), "'Predictably random' public keys can be cracked - crypto boffins: Battling researchers argue over whether you should panic", The Register
  4. Doctorow, Cory (October 16, 2015), "Now we know the NSA blew the black budget breaking crypto, how can you defend yourself?", Boing Boing
  5. Mott, Nathaniel (March 2, 2016), "Drown attack: how weakened encryption jeopardizes 'secure' sites: Researchers warn sites such as Yahoo, BuzzFeed and Flickr would be susceptible to attack, and credit card info, passwords and other data could be compromised", The Guardian
  6. Kim, Mark H. (May 15, 2017), "Why quantum computers might not break cryptography", Quanta Magazine
  7. Chirgwin, Richard (October 25, 2017), "Holy DUHK! Boffins name bug that could crack crypto wide open: Hard-coded keys and pseudorandom numbers flay Fortinet first, other vendors probably also in play", The Register
  8. Chirgwin, Richard (July 4, 2017), "GnuPG crypto library cracked, look for patches: Boffins bust libgcrypt via side-channel", The Register
  9. "Section 1201 Rulemaking: Sixth Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention" (PDF).
  10. 1 2 3 Curriculum vitae (PDF), University of Pennsylvania, retrieved September 18, 2018
  11. Nadia Heninger at the Mathematics Genealogy Project
  12. Rosenbloom, Stephanie (June 4, 2014), "How not to pay the price for free Wi-Fi", The New York Times
  13. Applied Networking Research Prize, Internet Research Task Force , retrieved September 18, 2018
  14. "Program", Asiacrypt 2016, retrieved September 18, 2018