Jose Martinez, a Principal Researcher at the DSRC, was named one of Google's Top 20 Chrome Vulnerability Researchers for 2021, ranking 14th. He was recognized for detecting and demonstrating the exploitation of a serious vulnerability in the Chrome browser. This helped Google improve Chrome's security and contributed to safer development practices. Why it matters: The recognition highlights the growing cybersecurity expertise within the UAE and TII's ability to attract global talent in advanced security research.
Cryptography Research Center's Prof. Francisco Rodriguez-Henriquez and PhD candidate Jorge Chavez-Saab won a Best Paper Award ahead of Asiacrypt 2022. Their paper, "SwiftEC: Shallue-van de Woestijne Indifferentiable Function to Elliptic Curves," was written in collaboration with Mehdi Tibouchi of NTT. The paper presents an improved variation of the Elligator Squared technique for representing points of arbitrary elliptic curves as close-to-uniform random strings. Why it matters: The award recognizes important cryptographic research from the UAE, contributing to the advancement of secure digital solutions.
Researchers at TII, in cooperation with University Paderborn and Ruhr University Bochum, have discovered a vulnerability called the Opossum Attack in Transport Layer Security (TLS) impacting protocols like HTTP(S), FTP(S), POP3(S), and SMTP(S). The vulnerability exposes a risk of desynchronization between client and server communications, potentially leading to exploits like session fixation and content confusion. Scans revealed over 2.9 million potentially affected servers, including over 1.4 million IMAP servers and 1.1 million POP3 servers. Why it matters: This discovery highlights the importance of ongoing cybersecurity research in the UAE and internationally to identify and address vulnerabilities in fundamental internet protocols, especially as it led to immediate action by Apache and Cyrus IMAPd.
A team from the Cryptography Research Center (CRC) secured 6th place out of 210 teams in the 'Donjon CTF 2021: Capture the Fortress' cybersecurity competition. The competition featured jeopardy-style challenges covering cryptography, reverse engineering, and hardware security. The CRC team participated to improve visibility and assess team capabilities, particularly in hardware security. Why it matters: The CRC team's strong performance highlights the growing cybersecurity expertise in the UAE and its attractiveness for talent in this field.
The Secure Systems Research Center (SSRC) has partnered with the University of New South Wales (UNSW Sydney) to research enhancements and scaling of the seL4 microkernel on edge devices. The collaboration aims to extend the seL4 microkernel to support dynamic virtualization, combining minimal trusted computing base with strong isolation. This will address challenges related to heterogeneous hardware, software, and environmental factors in edge computing. Why it matters: This partnership aims to improve the security of edge devices in critical sectors, addressing vulnerabilities in cyber-physical and autonomous systems.