Cryptography is a cornerstone of modern computer security and is ubiquitous on the computer systems we depend on daily. As an academic discipline, after several decades of scientific development, we have a good understanding of how to formalize security models, design cryptographic systems that are secure, and prove the security of these systems within our model. However, there is a significant gap between the theoretical guarantees provided within a well-bounded adversary model, and the reality present in deployed systems today.
In ongoing work, we are developing methodology for measuring real-world cryptographic deployments and have shown that these systems often have serious flaws that have been hiding in plain sight for years. Using our techniques, we have found multiple widespread random number generator flaws that compromised hundreds of thousands of cryptographic keys, studied the catastrophic security impacts of cryptography that was intentionally weakened for political purposes, and shed insight on how flawed and backdoored cryptography could lead to mass surveillance by governments. Our work has led to a rise in cryptographic key strengths on the internet overall, dozens of security vulnerability reports and patches, and multiple algorithms being deprecated and removed from use.
This work combines both active and passive network measurements, mathematical algorithm analysis and implementation, large-scale cluster computations, and careful analysis of standards documents and source code. For more information, see the Security Lab’s projects.
Faculty
- Nadia Heninger (CIS)
Students and postdocs
- Luke Valenta (PhD)
- Shaanan Cohney (PhD)
- Marcella Hastings (PhD)
Funding
NSF, Cisco
