UC San Diego Security Sleuth, winner of five Test of Time awards this year.
Five Test of Time awards from leading computer science organizations were presented this year to UC San Diego researchers and their teams for their lasting impact on security and cryptography.
“The University of California, San Diego has five prestigious awards for members of its security and cryptography group this year, and has won eight awards in the last four years, demonstrating its exceptional strength in cybersecurity. “The collaborative working environment here fosters groundbreaking research in this important field. I can’t wait to see what our researchers discover next.”
The papers, teams, and influences are listed below, in order of award date.
1. Professor Daniele Micciacio received the 2022 Test of Time Award at the 63rd IEEE Symposium on Foundations in Computer Science for his 2002 paper.Efficient one-way functions from generalized compact knapsacks, cyclic lattices, and worst-case complexity assumptions”
Micciacio’s paper revolutionized the field of lattice-based cryptography, a key area of post-quantum cryptography designed to protect classical computers from attacks by quantum computers. Micciacio’s paper was the key to proving the immense theoretical and practical impact of lattice-based cryptography. Lattice-based encryption was shown to be efficient and secure under worst-case complexity assumptions.
With astonishing foresight, this paper first boldly puts forward speculations about the worst-case stiffness of ‘algebraically structured’ lattices, and then that such stiffness is similarly structural. rigorously proved that it produces average case stiffness, and finally convincingly argued that this structure is fast. Implementation on modern microprocessors. The techniques presented in this paper have evolved and grown into a vast body of work, shaping many future results in this field.
2. Associate Professor Deian Stefan and his collaborators won the Test of Time award at the 2022 ACM International Conference of Functional Programming for their 2012 paper.Addressing Covert Termination and Timing Channels in Simultaneous Information Flow Systems.This white paper develops a framework (LIO) that enables developers to build secure applications that keep user data confidential even in the presence of malicious code that can exploit covert or side channels. doing.
In computer security, attackers can exploit a variety of abstractions, from programming language features to hardware caches, to surreptitiously divulge sensitive information. For example, if a program terminated based on secret data, an attacker would know if the secret was true (the program terminated) or false (the program did not terminate). According to the award committee, Stefan’s paper is “one of his first to describe covert channels triggered by termination and timing.” His LIO system, built by researchers, eliminates both of these covert channels. has paved the way for new directions in information flow security and new ways of building secure systems.
3. Associate Professor Nadia Henninger was recognized for her paper “Mining Ps and Qs: Finding Weak Keys Widely Used in Network Devices”This 2012 paper found that the random number generation algorithm used to generate cryptographic private keys was flawed and that compromised keys were in widespread use in the wild.
Heninger and co-authors were able to use an efficient algorithm that exploits the shared common prime factor of RSA public keys to compute the private keys of 0.5% of all Transport Layer Security servers observable on the Internet. I was. RSA is a public-key cryptosystem that is widely used to protect data transmission. We were also able to compute private keys for 1% of visible SSH servers with low randomness that generate keys and digital signatures. The Secure Shell (SSH) protocol allows remote computers to establish encrypted connections to servers.
Importantly, the paper also showed that active network measurements can indeed be used to discover previously unknown cryptographic vulnerabilities. This will An on-the-fly patch to the Linux kernel that fixes entropy gathering in random number generation systems has been applied over the years, contributing to a complete rethink of random number generator design.
Four. Eleven years ago, CSE Professors Stefan Savage and Geoff Voelker and their colleagues published a comprehensive analysis of spam. Criminal value chain titledClick trajectory: end-to-end Spam value chain analysis‘ Its impact – its overall quantification of the full set of resources used to monetize spam – was also praised 2022 IEEE Security and privacy meeting.
This paper outlines ways to monetize spam, including naming, hosting, payments, and fulfillment. The Savage and Voelker team used this data to characterize the relative likelihood of defensive interventions at each link of the spam value chain. Notably, they provided the first strong evidence of payment bottlenecks in the spam value chain, with 95% of pharmaceuticals, replicas, and software products advertised in spam being merchant services from a handful of banks. I concluded that it is being used and monetized. Major brand owners lobbied to block spam-promoted counterfeit sites.
5. Prof. Mihir Bellare won the International Society for Cryptographic Research Test of Time Award for his 2007 paper for the second year in a row. “Deterministic and Efficiently Searchable EncryptionBellare and his co-authors have made it possible to perform searches of encrypted data without compromising security, and maintain security in the face of compromise of the random number generation process.
They proposed a database encryption method that allows fast (i.e. sub-linear time) searches while providing the strongest possible privacy. Their approach eventually led to RSA-DOAEP, the first example of public-key cryptography. They also proposed an efficient searchable encryption scheme that allows more flexible privacy versus search time trade-offs via a technique called bucketing.
