KAUST researchers are developing cybersecurity solutions to protect Saudi Arabia’s critical infrastructure. This effort is highlighted by the recent CrowdStrike software update incident that caused global disruptions. KAUST is collaborating with industry partners to translate research into practical solutions, focusing on securing energy systems, satellite communications, and power grids. Why it matters: Strengthening cybersecurity resilience is crucial for Saudi Arabia given its reliance on digital infrastructure and increasing sophistication of cyber threats targeting critical systems.
Cristofaro Mune and Niek Timmers presented a seminar on bypassing unbreakable crypto using fault injection on Espressif ESP32 chips. The presentation detailed how the hardware-based Encrypted Secure Boot implementation of the ESP32 SoC was bypassed using a single EM glitch, without knowing the decryption key. This attack exploited multiple hardware vulnerabilities, enabling arbitrary code execution and extraction of plain-text data from external flash. Why it matters: The research highlights critical security vulnerabilities in embedded systems and the potential for fault injection attacks to bypass secure boot mechanisms, necessitating stronger hardware-level security measures.
Conor McMenamin from Universitat Pompeu Fabra presented a seminar on State Machine Replication (SMR) without honest participants. The talk covered the limitations of current SMR protocols and introduced the ByRa model, a framework for player characterization free of honest participants. He then described FAIRSICAL, a sandbox SMR protocol, and discussed how the ideas could be extended to real-world protocols, with a focus on blockchains and cryptocurrencies. Why it matters: This research on SMR protocols and their incentive compatibility could lead to more robust and secure blockchain technologies in the region.
A team from the Cryptography Research Center (CRC) secured 6th place out of 210 teams in the 'Donjon CTF 2021: Capture the Fortress' cybersecurity competition. The competition featured jeopardy-style challenges covering cryptography, reverse engineering, and hardware security. The CRC team participated to improve visibility and assess team capabilities, particularly in hardware security. Why it matters: The CRC team's strong performance highlights the growing cybersecurity expertise in the UAE and its attractiveness for talent in this field.
The Technology Innovation Institute's Cryptography Research Center (CRC) in Abu Dhabi has appointed a Board of Advisors comprised of global cryptography experts. The board includes Prof. Joan Daemen, Prof. Lejla Batina, Dr. Guido Bertoni, Prof. Carlos Aguilar, Prof. Damien Stehlé, and Prof. Tim Güneysu. The advisors will guide CRC's research efforts in areas like post-quantum cryptography and hardware-based cryptography. Why it matters: This move strengthens the UAE's position as a global hub for cryptography research and development, fostering innovation in this critical field.
Researchers including Dr. Najwa Aaraj developed ML-FEED, a new exploit detection framework using pattern-based techniques. The model is 70x faster than LSTMs and 75,000x faster than Transformers in exploit detection tasks, while also being slightly more accurate. The "ML-FEED" paper won best paper at the 2022 IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications. Why it matters: This research enables more efficient real-time security applications and highlights growing AI expertise in the Arab world.
The Secure Systems Research Center (SSRC) has partnered with the University of New South Wales (UNSW Sydney) to research enhancements and scaling of the seL4 microkernel on edge devices. The collaboration aims to extend the seL4 microkernel to support dynamic virtualization, combining minimal trusted computing base with strong isolation. This will address challenges related to heterogeneous hardware, software, and environmental factors in edge computing. Why it matters: This partnership aims to improve the security of edge devices in critical sectors, addressing vulnerabilities in cyber-physical and autonomous systems.
Technology Innovation Institute (TII) in Abu Dhabi has launched the UAE’s first secure cloud technologies programme via its Cryptography Research Center (CRC). The program will focus on advancing Privacy Enhancing Technologies (PETs) like fully homomorphic encryption (FHE) and secure multi-party computation (MPC). TII researchers are also developing hardware accelerators to improve the efficiency of FHE. Why it matters: The initiative addresses growing security and privacy challenges in cloud computing, positioning the UAE as a leader in advanced cryptographic solutions for data protection.