Researchers at TII, in cooperation with University Paderborn and Ruhr University Bochum, have discovered a vulnerability called the Opossum Attack in Transport Layer Security (TLS) impacting protocols like HTTP(S), FTP(S), POP3(S), and SMTP(S). The vulnerability exposes a risk of desynchronization between client and server communications, potentially leading to exploits like session fixation and content confusion. Scans revealed over 2.9 million potentially affected servers, including over 1.4 million IMAP servers and 1.1 million POP3 servers. Why it matters: This discovery highlights the importance of ongoing cybersecurity research in the UAE and internationally to identify and address vulnerabilities in fundamental internet protocols, especially as it led to immediate action by Apache and Cyrus IMAPd.
Professor Mike Scott will present a seminar at the Technology Innovation Institute's Cryptography Research Centre in the UAE. The seminar will focus on the challenges of keeping secrets safe from attackers in the context of cryptography. It will review proposed solutions, discuss use cases, and present a promising new approach. Why it matters: This seminar indicates TII's ongoing research and development efforts in advanced cryptography, a crucial area for secure digital infrastructure in the UAE and beyond.
Technology Innovation Institute's (TII) Directed Energy Research Center (DERC) is integrating machine learning (ML) techniques into signal processing to accelerate research. One project used convolutional neural networks to predict COVID-19 pneumonia from chest x-rays with 97.5% accuracy. DERC researchers also demonstrated that ML-based signal and image processing can retrieve up to 68% of text information from electromagnetic emanations. Why it matters: This adoption of ML for signal processing at TII highlights the potential for advanced AI techniques to enhance research and security applications in the UAE.
CINVESTAV-IPN's Computer Science Department hosted a seminar by Prof. Francisco Rodriguez-Henriquez on isogeny-based key exchange protocols. The talk reviewed Supersingular Isogeny-based Diffie-Hellman (SIDH) and Commutative Supersingular Isogeny-based Diffie-Hellman (CSIDH). Isogeny-based protocols offer short key sizes but have higher latency compared to other post-quantum cryptosystems. Why it matters: This seminar contributes to the exploration of post-quantum cryptography, an important area for ensuring data security against future quantum computing threats.
Researchers at ETH Zurich have formalized models of the EMV payment protocol using the Tamarin model checker. They discovered flaws allowing attackers to bypass PIN requirements for high-value purchases on EMV cards like Mastercard and Visa. The team also collaborated with an EMV consortium member to verify the improved EMV Kernel C-8 protocol. Why it matters: This research highlights the importance of formal methods in identifying critical vulnerabilities in widely used payment systems, potentially impacting financial security for consumers in the GCC region and worldwide.
Conor McMenamin from Universitat Pompeu Fabra presented a seminar on State Machine Replication (SMR) without honest participants. The talk covered the limitations of current SMR protocols and introduced the ByRa model, a framework for player characterization free of honest participants. He then described FAIRSICAL, a sandbox SMR protocol, and discussed how the ideas could be extended to real-world protocols, with a focus on blockchains and cryptocurrencies. Why it matters: This research on SMR protocols and their incentive compatibility could lead to more robust and secure blockchain technologies in the region.
Dr. Najwa Aaraj from MBZUAI and TII discussed the impact of quantum computers and machine learning on cryptographic algorithms. The talk covered post-quantum cryptographic (PQC) schemes, standardization efforts, and the role of machine learning in advancing cybersecurity solutions. Dr. Aaraj also highlighted the challenges of transitioning current cryptographic systems to quantum-resistant alternatives. Why it matters: As quantum computing advances, understanding and implementing post-quantum cryptography is crucial for maintaining secure communications and data protection in the UAE and globally.
The Secure Systems Research Center (SSRC) has partnered with the University of New South Wales (UNSW Sydney) to research enhancements and scaling of the seL4 microkernel on edge devices. The collaboration aims to extend the seL4 microkernel to support dynamic virtualization, combining minimal trusted computing base with strong isolation. This will address challenges related to heterogeneous hardware, software, and environmental factors in edge computing. Why it matters: This partnership aims to improve the security of edge devices in critical sectors, addressing vulnerabilities in cyber-physical and autonomous systems.