Researchers at TII, in cooperation with University Paderborn and Ruhr University Bochum, have discovered a vulnerability called the Opossum Attack in Transport Layer Security (TLS) impacting protocols like HTTP(S), FTP(S), POP3(S), and SMTP(S). The vulnerability exposes a risk of desynchronization between client and server communications, potentially leading to exploits like session fixation and content confusion. Scans revealed over 2.9 million potentially affected servers, including over 1.4 million IMAP servers and 1.1 million POP3 servers. Why it matters: This discovery highlights the importance of ongoing cybersecurity research in the UAE and internationally to identify and address vulnerabilities in fundamental internet protocols, especially as it led to immediate action by Apache and Cyrus IMAPd.
Researchers at ETH Zurich have formalized models of the EMV payment protocol using the Tamarin model checker. They discovered flaws allowing attackers to bypass PIN requirements for high-value purchases on EMV cards like Mastercard and Visa. The team also collaborated with an EMV consortium member to verify the improved EMV Kernel C-8 protocol. Why it matters: This research highlights the importance of formal methods in identifying critical vulnerabilities in widely used payment systems, potentially impacting financial security for consumers in the GCC region and worldwide.
KAUST Professor Boon Ooi, Nobel laureate Shuji Nakamura from UCSB, and KACST researchers are collaborating on laser-based solid-state lighting (SSL) through a 2014 tripartite agreement. Their research focuses on SSL, which has the potential to be even more energy-efficient than existing LED lighting by using semiconductor lasers. Nakamura, who won the Nobel Prize in Physics in 2014 for developing blue LEDs, spoke at KAUST about the potential of SSL to improve energy efficiency further. Why it matters: This collaboration aims to advance energy-efficient lighting technologies, leveraging Nobel-winning expertise to develop solutions that could significantly reduce global energy consumption.
The Secure Systems Research Center (SSRC) has obtained membership in the seL4 Foundation. This membership allows SSRC to participate in and contribute to the open-source development of seL4, a formally verified microkernel OS. SSRC aims to research, contribute to, and advance next-generation high-end edge device environments using seL4's capabilities. Why it matters: This move enhances the UAE's capabilities in developing secure and resilient edge computing solutions, fostering innovation in critical sectors like secure communications and drone technology.
Xiao Wang from Purdue University presented research on Adversarial Contrastive Learning (AdCo) and Cooperative-adversarial Contrastive Learning (CaCo) for improved self-supervised learning. He also discussed CryoREAD, a framework for building DNA/RNA structures from cryo-EM maps, and future work in deep learning for drug discovery. Wang's algorithms have impacted molecular biology, leading to new structure discoveries published in journals like Cell and Nature Microbiology. Why it matters: The research advances AI techniques for crucial tasks in molecular biology and drug discovery, with potential applications for institutions in the GCC region focused on healthcare and biotechnology.
A research talk was given on privacy and security issues in speech processing, highlighting the unique privacy challenges due to the biometric information embedded in speech. The talk covered the legal landscape, proposed solutions like cryptographic and hashing-based methods, and adversarial processing techniques. Dr. Bhiksha Raj from Carnegie Mellon University, an expert in speech and audio processing, delivered the talk. Why it matters: As speech-based interfaces become more prevalent in the Middle East, understanding and addressing the associated privacy risks is crucial for ethical AI development and deployment.
The Secure Systems Research Center (SSRC) has partnered with the University of New South Wales (UNSW Sydney) to research enhancements and scaling of the seL4 microkernel on edge devices. The collaboration aims to extend the seL4 microkernel to support dynamic virtualization, combining minimal trusted computing base with strong isolation. This will address challenges related to heterogeneous hardware, software, and environmental factors in edge computing. Why it matters: This partnership aims to improve the security of edge devices in critical sectors, addressing vulnerabilities in cyber-physical and autonomous systems.
CINVESTAV-IPN's Computer Science Department hosted a seminar by Prof. Francisco Rodriguez-Henriquez on isogeny-based key exchange protocols. The talk reviewed Supersingular Isogeny-based Diffie-Hellman (SIDH) and Commutative Supersingular Isogeny-based Diffie-Hellman (CSIDH). Isogeny-based protocols offer short key sizes but have higher latency compared to other post-quantum cryptosystems. Why it matters: This seminar contributes to the exploration of post-quantum cryptography, an important area for ensuring data security against future quantum computing threats.