Markus Kuhn (computer scientist)

Last updated

Markus Kuhn
Born
Markus Guenther Kuhn

1971 (age 5152) [1]
Munich, West Germany
Alma mater
Known for EURion constellation
Scientific career
Fields Computer science
Computer security
Tamper resistance [2] [3] [4] [5] [6] [7]
Institutions
Thesis Compromising emanations: eavesdropping risks of computer displays  (2002)
Doctoral advisor Ross J. Anderson [8]
Doctoral students Steven Murdoch [9]
Website www.cl.cam.ac.uk/~mgk25/

Markus Guenther Kuhn (born 1971) is a German computer scientist, currently working at the Computer Laboratory, University of Cambridge and a fellow of Wolfson College, Cambridge. [10] [11] [12] [13] [14]

Contents

Education

Kuhn was educated at University of Erlangen (Germany), he received his Master of Science degree at Purdue University and PhD at the University of Cambridge.

Research

Kuhn's main research interests include computer security, in particular the hardware and signal-processing aspects of it, and distributed systems. He is known, among other things, for his work on security microcontrollers, compromising emanations, and distance-bounding protocols. He developed the Stirmark test for digital watermarking schemes, the OTPW one-time password system, and headed the project that extended the X11 misc-fixed fonts to Unicode.

In 1994, as an undergraduate student, he became known for developing several ways to circumvent the VideoCrypt encryption system, most notably the Season7 smartcard emulator. [15]

In 2002, he published a new method for eavesdropping CRT screens [4] and in 2003 he went on to publish mitigations such as "Tempest fonts". [16]

In 2010, Kuhn was asked to analyse the ADE 651, a device used in Iraq that was said to be a bomb-detecting device; he found that it contained nothing but an anti-theft tag and said that it was "impossible" that the device could detect anything whatsoever. [17]

He is also known for some of his work on international standardisation, such as pioneering the introduction of Unicode/UTF-8 under Linux. [18]

Awards and honours

In 1987 and 1988, he won the German national computer-science contest, [19] and in 1989, he won a gold medal for the West German team at the International Olympiad in Informatics. [20] [21]

Related Research Articles

<span class="mw-page-title-main">Tempest (codename)</span> Espionage using electromagnetic leakage

TEMPEST is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC).

<span class="mw-page-title-main">Onion routing</span> Technique for anonymous communication over a computer network

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

A passive attack on a cryptosystem is one in which the cryptanalyst cannot interact with any of the parties involved, attempting to break the system solely based upon observed data. This can also include known plaintext attacks where both the plaintext and its corresponding ciphertext are known.

<span class="mw-page-title-main">David Wheeler (computer scientist)</span> British computer scientist (1927–2004)

David John Wheeler FRS was a computer scientist and professor of computer science at the University of Cambridge.

Van Eck phreaking, also known as Van Eck radiation, is a form of eavesdropping in which special equipment is used to pick up side-band electromagnetic emissions from electronic devices that correlate to hidden signals or data to recreate these signals or data to spy on the electronic device. Side-band electromagnetic radiation emissions are present in keyboards, computer displays, printers, and other electronic devices.

In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more party's knowledge of a password.

Software visualization or software visualisation refers to the visualization of information of and related to software systems—either the architecture of its source code or metrics of their runtime behavior—and their development process by means of static, interactive or animated 2-D or 3-D visual representations of their structure, execution, behavior, and evolution.

<span class="mw-page-title-main">Aircrack-ng</span>

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

Virgil Dorin Gligor is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.

<span class="mw-page-title-main">Cloud computing security</span> Methods used to protect cloud based assets

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

<span class="mw-page-title-main">Steven Murdoch</span> British computer security expert

Steven James Murdoch is Professor of Security Engineering in the Computer Science Department, University College London. His research covers privacy-enhancing technology, Internet censorship, and anonymous communication, in particular Tor. He is also known for discovering several vulnerabilities in the EMV bank chipcard payment system and for creating Tor Browser.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

<span class="mw-page-title-main">Moti Yung</span>

Mordechai M. "Moti" Yung is a cryptographer and computer scientist known for his work on cryptovirology and kleptography.

<span class="mw-page-title-main">Matthew D. Green</span> American cryptographer and security technologist

Matthew Daniel Green is an American cryptographer and security technologist. Green is an Associate Professor of Computer Science at the Johns Hopkins Information Security Institute. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous cryptocurrencies, elliptic curve crypto-systems, and satellite television piracy. He is a member of the teams that developed the Zerocoin anonymous cryptocurrency and Zerocash. He has also been influential in the development of the Zcash system. He has been involved in the groups that exposed vulnerabilities in RSA BSAFE, Speedpass and E-ZPass. Green lives in Baltimore, MD with his wife, 2 children and 2 miniature dachshunds.

In cryptography, electromagnetic attacks are side-channel attacks performed by measuring the electromagnetic radiation emitted from a device and performing signal analysis on it. These attacks are a more specific type of what is sometimes referred to as Van Eck phreaking, with the intention to capture encryption keys. Electromagnetic attacks are typically non-invasive and passive, meaning that these attacks are able to be performed by observing the normal functioning of the target device without causing physical damage. However, an attacker may get a better signal with less noise by depackaging the chip and collecting the signal closer to the source. These attacks are successful against cryptographic implementations that perform different operations based on the data currently being processed, such as the square-and-multiply implementation of RSA. Different operations emit different amounts of radiation and an electromagnetic trace of encryption may show the exact operations being performed, allowing an attacker to retrieve full or partial private keys.

<span class="mw-page-title-main">Yuval Elovici</span>

Yuval Elovici is a computer scientist. He is a professor in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev (BGU), where he is the incumbent of the Davide and Irene Sala Chair in Homeland Security Research. He is the director of the Cyber Security Research Center at BGU and the founder and director of the Telekom Innovation Laboratories at Ben-Gurion University. In addition to his roles at BGU, he also serves as the lab director of Singapore University of Technology and Design’s (SUTD) ST Electronics-SUTD Cyber Security Laboratory, as well as the research director of iTrust. In 2014 he co-founded Morphisec, a start-up company, that develops cyber security mechanisms related to moving target defense.

A wireless onion router is a router that uses Tor to connect securely to a network. The onion router allows the user to connect to the internet anonymously creating an anonymous connection. Tor works using an overlaid network which is free throughout the world, this overlay network is created by using numerous relay points created using volunteer which helps the user hide personal information behind layers of encrypted data like layers of an onion. Routers are being created using Raspberry Pi adding a wireless module or using its own inbuilt wireless module in the later versions.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

<span class="mw-page-title-main">Hussein Zedan</span>

Hussein S. M. Zedan was a computer scientist of Egyptian descent, mainly based in the United Kingdom.

<span class="mw-page-title-main">Alois Christian Knoll</span> German roboticist

Alois Christian Knoll is German computer scientist and professor at the TUM School of Computation, Information and Technology at the Technical University of Munich (TUM). He is head of the Chair of Robotics, Artificial Intelligence and Embedded Systems.

References

  1. References Kuhn, M. (1971, January 1). Retrieved from Sicherheitsanalyse eines Mikroprozessors mit Busverschlusselun
  2. Markus Kuhn author profile page at the ACM Digital Library
  3. Kuhn, M. G. (1998). "Cipher instruction search attack on the bus-encryption security microcontroller DS5002FP". IEEE Transactions on Computers. 47 (10): 1153–1157. doi:10.1109/12.729797.
  4. 1 2 Kuhn, M. G. (2002). "Optical time-domain eavesdropping risks of CRT displays". Proceedings 2002 IEEE Symposium on Security and Privacy. pp. 3–4. CiteSeerX   10.1.1.7.5870 . doi:10.1109/SECPRI.2002.1004358. ISBN   978-0-7695-1543-4. S2CID   2385507.
  5. Hancke, G. P.; Kuhn, M. G. (2005). "An RFID Distance Bounding Protocol". First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05). p. 67. doi:10.1109/SECURECOMM.2005.56. ISBN   978-0-7695-2369-9. S2CID   435025.
  6. Petitcolas, F. A. P.; Anderson, R. J.; Kuhn, M. G. (1999). "Information hiding-a survey". Proceedings of the IEEE. 87 (7): 1062. CiteSeerX   10.1.1.333.9397 . doi:10.1109/5.771065.
  7. Kuhn, M. G. (2011). "Compromising emanations of LCD TV sets". 2011 IEEE International Symposium on Electromagnetic Compatibility. pp. 931–936. doi:10.1109/ISEMC.2011.6038442. ISBN   978-1-4577-0812-1. S2CID   47153474.
  8. Markus Kuhn at the Mathematics Genealogy Project
  9. Murdoch, Steven James (2008). Covert channel vulnerabilities in anonymity systems (PhD thesis). University of Cambridge.
  10. The Blue Book – "The Computer Laboratory: an Introduction", University of Cambridge Computer Laboratory, Oct 2006 Archived 4 February 2007 at the Wayback Machine
  11. Markus Kuhn publications indexed by Google Scholar
  12. Markus Kuhn publications indexed by Microsoft Academic
  13. Markus G. Kuhn at DBLP Bibliography Server OOjs UI icon edit-ltr-progressive.svg
  14. Markus Kuhn's publications indexed by the Scopus bibliographic database. (subscription required)
  15. Kuhn, Markus (19 June 1994). "MS-DOS Videocrypt smart card emulator".
  16. Kuhn, Markus G. (December 2003). "Compromising emanations: eavesdropping risks of computer displays" (PDF). Technical Report. Cambridge, United Kingdom: University of Cambridge Computer Laboratory (577). ISSN   1476-2986. UCAM-CL-TR-577. Retrieved 29 October 2010.
  17. "Iraq backing for 'bomb detector'". BBC News. 24 January 2010.
  18. UTF-8 and Unicode FAQ for Unix/Linux
  19. P. Heyderhoff: Bundeswettbewerb Informatik. Informatik Spektrum, Vol. 11, pp. 107–108, Springer-Verlag, 1988
  20. P. Heyderhoff: Informatik-Olympiade. Informatik Spektrum, Vol. 12, p. 235, Springer-Verlag, 1989
  21. Results of the IOI 1989 Archived 28 June 2007 at the Wayback Machine
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.