Cryptography provides the very foundation for secure communications over untrusted networks. It is an ever changing and constantly evolving field. Security notions are always being revised and expanded to account for ever more powerful adversaries. Weaknesses are discovered in old ciphers that were previously thought to be secure, thus ratifying the approaches that cryptologists take to devise new algorithms. Open problems continue to be identified by researchers and their solutions sought. Sometimes this involves solving a problem that was previously thought to be impossible other times it involves comming up with a more efficient solution to an already solved problem.
Cigital has contributed and continues to contribute to this field in many ways, including but not limited to: devising new cryptographic protocols and algorithms, identifying vulnerabilities in cryptographic implementations, and investigating the potential impact of Trojans, viruses, and worms that use cryptography maliciously.
In anticipation of advanced malware that employs modern paradigms in cryptology, Cigital has conducted research in two areas: (1) how malware can benefit from using cryptography, and (2) ways to heuristically identify the rogue use of cryptographic algorithms in malicious software (Trojan horse programs, viruses, and worms). The publications listed below cover some of the progress on these fronts.
A. Young, M. Yung, "Malicious Cryptography: Exposing Cryptovirology." Wiley, 2003.
A Subliminal Channel in Secret Block Ciphers
A. Young, M. Yung
Selected Areas in Cryptography, August 9-10, 2004.
A Key Recovery System as Secure as Factoring
A. Young, M. Yung
CT-RSA Conference, 2004.
Relationships Between Diffie-Hellman and Index Oracles
A. Young, M. Yung
Fourth Conference on Security in Communication Networks '04, 2004.
A Weakness in Smart-Card PKI Certification
A. Young
Proceedings of the 4th Annual IEEE Information Assurance Workshop, June 18-20, United States Military Academy, West Point, New York, 2003.
Secure mobile gambling
M. Jakobsson, D. Pointcheval, A. Young
CT-RSA Conference 2001.
A PVSS as Hard as Discrete Log and Shareholder Separability
A. Young, M. Yung
PKC 2001 (Public Key Crypto).
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent (PS / PDF)
J. Kelsey, T. Kohno, B. Schneier
Seventh Fast Software Encryption Workshop, Springer-Verlag, April 10-12, 2000.
Preliminary Cryptanalysis of Reduced-Round Serpent (PS / PDF)
T. Kohno, J. Kelsey, and B. Schneier
Third AES Candidate Conference, April 13-14, 2000.
Hash to the Rescue: Space Minimization for PKI Directories
A. Young, M. Yung
ICISC 2000 (International Conf. on Info. Sec. and Crypto).
RSA Based Auto-Recoverable Cryptosystems
A. Young, M. Yung
Proceedings of Public Key Cryptography (PKC), 2000.
Towards Signature-Only Signature Schemes
A. Young, M. Yung
Asiacrypt 2000.
Auto-Recoverable Auto-Certifiable Cryptosystems (a survey)
A. Young, M. Yung
CQRE, Springer-Verlag, LNCS, 1999.
Non-Interactive CryptoComputing for NC1
T. Sander, A. Young, M. Yung
40th Annual Symposium on Foundations of Computer Science (FOCS), IEEE Computer Society, pages 554-566, '99.
Auto-Recoverable Cryptosystems with Faster Initialization and the Escrow Hierarchy
A. Young, M. Yung
Proceedings of Public Key Cryptography (PKC), 1999.
Auto-Recoverable Auto-Certifiable Cryptosystems
A. Young, M. Yung
Advances in Cryptology, Eurocrypt '98.
Finding Length-3 Positive Cunningham Chains and their Cryptographic Significance
A. Young, M. Yung
Algorithmic Number Theory III (ANTS), LNCS vol. 1423, 1998.