Researchers at TII, in cooperation with University Paderborn and Ruhr University Bochum, have discovered a vulnerability called the Opossum Attack in Transport Layer Security (TLS) impacting protocols like HTTP(S), FTP(S), POP3(S), and SMTP(S). The vulnerability exposes a risk of desynchronization between client and server communications, potentially leading to exploits like session fixation and content confusion. Scans revealed over 2.9 million potentially affected servers, including over 1.4 million IMAP servers and 1.1 million POP3 servers. Why it matters: This discovery highlights the importance of ongoing cybersecurity research in the UAE and internationally to identify and address vulnerabilities in fundamental internet protocols, especially as it led to immediate action by Apache and Cyrus IMAPd.
The Cryptography Research Center (CRC) of the Technology Innovation Institute (TII) in Abu Dhabi is co-hosting the 21st Cryptology and Network Security Conference (CANS 2022) in cooperation with Springer, IACR, and NYU Abu Dhabi. The conference includes a workshop on AI and automation in cryptography and network security, with talks from experts like Claudia Diaz from Nym Technologies. Topics covered include post-quantum cryptography, blockchain security, and cryptanalysis techniques. Why it matters: This event highlights the UAE's growing role as a hub for cutting-edge research in cryptography and cybersecurity, fostering collaboration between academia and industry.
The Technology Innovation Institute (TII) in Abu Dhabi has launched a 2-micrometer high-power fiber laser for medical and industrial applications. Developed by TII's Directed Energy Research Center, the Thulium-based laser is efficient, compact, and scalable, enabling precise interaction with water-rich materials. TII has partnered with LIMA Photonics, a German MedTech startup, to integrate the laser into clinical solutions, including urinary stone treatment and prostate surgery. Why it matters: This laser technology and partnership showcase the UAE's commitment to translating advanced research into healthcare solutions, positioning Abu Dhabi as a hub for medical technology innovation.
Technology Innovation Institute's (TII) Directed Energy Research Center (DERC) is integrating machine learning (ML) techniques into signal processing to accelerate research. One project used convolutional neural networks to predict COVID-19 pneumonia from chest x-rays with 97.5% accuracy. DERC researchers also demonstrated that ML-based signal and image processing can retrieve up to 68% of text information from electromagnetic emanations. Why it matters: This adoption of ML for signal processing at TII highlights the potential for advanced AI techniques to enhance research and security applications in the UAE.
A study compared the vulnerability of C programs generated by nine state-of-the-art Large Language Models (LLMs) using a zero-shot prompt. The researchers introduced FormAI-v2, a dataset of 331,000 C programs generated by these LLMs, and found that at least 62.07% of the generated programs contained vulnerabilities, detected via formal verification. The research highlights the need for risk assessment and validation when deploying LLM-generated code in production environments.
The National Institute of Standards and Technology (NIST) has been evaluating Post-Quantum Cryptography proposals since 2017. Lattice-based schemes have emerged as efficient candidates for Key Encapsulation Mechanisms (KEM) and Digital Signatures. This talk will cover the core operations within lattice-based schemes and efficient implementation strategies. Why it matters: As quantum computing advances, exploring and standardizing post-quantum cryptography is crucial for maintaining secure communication and data protection in the future.
Technology Innovation Institute (TII) has launched a blockchain-powered carbon tracking and trading platform at COP28. The platform, designed by TII’s Cryptography Research Center (CRC), aims to facilitate international trade in carbon tokens and promote green investment. It uses a lightweight, efficient blockchain implementation for transparent and secure verification of tracking and trading activities. Why it matters: The platform supports the UAE's sustainability goals and contributes to the global effort to achieve net-zero emissions by enabling verifiable and trustworthy carbon trading.
The Secure Systems Research Center (SSRC) has partnered with the University of New South Wales (UNSW Sydney) to research enhancements and scaling of the seL4 microkernel on edge devices. The collaboration aims to extend the seL4 microkernel to support dynamic virtualization, combining minimal trusted computing base with strong isolation. This will address challenges related to heterogeneous hardware, software, and environmental factors in edge computing. Why it matters: This partnership aims to improve the security of edge devices in critical sectors, addressing vulnerabilities in cyber-physical and autonomous systems.