Researchers from KAUST, University of St. Andrews, and the Center for Unconventional Processes of Sciences have developed an uncrackable security system using optical chips. The system uses silicon chips with complex structures that are irreversibly changed to send information, achieving "perfect secrecy" through a one-time key. This method leverages classical physics and the second law of thermodynamics to ensure that keys are never stored, communicated, or recreated, making interception impossible. Why it matters: This breakthrough has the potential to revolutionize communications privacy globally, offering an unbreakable method for securing confidential data on public channels.
The Secure Systems Research Center (SSRC) has partnered with the University of New South Wales (UNSW Sydney) to research enhancements and scaling of the seL4 microkernel on edge devices. The collaboration aims to extend the seL4 microkernel to support dynamic virtualization, combining minimal trusted computing base with strong isolation. This will address challenges related to heterogeneous hardware, software, and environmental factors in edge computing. Why it matters: This partnership aims to improve the security of edge devices in critical sectors, addressing vulnerabilities in cyber-physical and autonomous systems.
Cristofaro Mune and Niek Timmers presented a seminar on bypassing unbreakable crypto using fault injection on Espressif ESP32 chips. The presentation detailed how the hardware-based Encrypted Secure Boot implementation of the ESP32 SoC was bypassed using a single EM glitch, without knowing the decryption key. This attack exploited multiple hardware vulnerabilities, enabling arbitrary code execution and extraction of plain-text data from external flash. Why it matters: The research highlights critical security vulnerabilities in embedded systems and the potential for fault injection attacks to bypass secure boot mechanisms, necessitating stronger hardware-level security measures.
Researchers at ETH Zurich have formalized models of the EMV payment protocol using the Tamarin model checker. They discovered flaws allowing attackers to bypass PIN requirements for high-value purchases on EMV cards like Mastercard and Visa. The team also collaborated with an EMV consortium member to verify the improved EMV Kernel C-8 protocol. Why it matters: This research highlights the importance of formal methods in identifying critical vulnerabilities in widely used payment systems, potentially impacting financial security for consumers in the GCC region and worldwide.
NYU Abu Dhabi hosted a talk by Prof. Debdeep Mukhopadhyay on the intersection of machine learning and hardware security. The talk covered using ML/DL for side-channel attacks, leakage assessment in crypto-devices, and threats to hardware security primitives. Prof. Mukhopadhyay is a visiting professor at NYU Abu Dhabi and Institute Chair Professor at IIT Kharagpur. Why it matters: The talk highlights the growing importance of hardware security in modern systems and the role of machine learning in both attacking and defending hardware vulnerabilities.
The Secure Systems Research Center (SSRC) has obtained membership in the seL4 Foundation. This membership allows SSRC to participate in and contribute to the open-source development of seL4, a formally verified microkernel OS. SSRC aims to research, contribute to, and advance next-generation high-end edge device environments using seL4's capabilities. Why it matters: This move enhances the UAE's capabilities in developing secure and resilient edge computing solutions, fostering innovation in critical sectors like secure communications and drone technology.
Munther Dahleh, director at the MIT Institute for Data, Systems, and Society (IDSS), discussed his group's research on network systems at the KAUST 2018 Winter Enrichment Program. The research focuses on the fragility of large networked systems, like highway systems, in response to disruptions that may lead to catastrophic failures. Dahleh's team studies transportation networks, electrical grids, and financial markets to understand system interconnection in causing systemic risk. Why it matters: Understanding networked systems is crucial for building resilient infrastructure and mitigating risks in critical sectors across the GCC region.
TII's Secure Systems Research Center (SSRC) in Abu Dhabi has appointed international experts to its Board of Advisors. The advisors have expertise in areas like autonomous computing, cyber-physical systems, and cryptology. The board includes experts from Khalifa University, NYU Abu Dhabi, Dubai Electronic Security Center, and Purdue University. Why it matters: The move strengthens the UAE's cybersecurity research capabilities and aligns with its focus on developing secure autonomous systems.