I study computer security and applied cryptography using a theoretician's mathematical toolkit. Security vulnerability analysis can often be a painstaking and implementation-specific process. My approach uses cryptographic and algorithmic ideas to reason about the security of deployed systems, to question assumptions underlying the security of these systems, and to understand and model threats.
In this talk, I will use RSA, the world's most widely used public key cryptosystem, as a vehicle to explore the interaction between cryptographic algorithms and real-world usage:
- Discovering widespread catastrophic failures in the random number generators in network devices by computing the greatest common divisors of millions of RSA public keys collected in the wild.
- Reconstructing complete private keys using only a few bits of the private key revealed in the course of a side-channel attack.
In addition to their impact on security, many of the ideas arising in the course of this work have surprising connections across computer science, leading to, for example, new algorithms for decoding families of error-correcting codes, applications within theoretical cryptography, and practical privacy-enhancing technologies.
Nadia Heninger is a visiting researcher at Microsoft Research New England. Her research focuses on security, applied cryptography, and algorithms. She is best known for her work identifying widespread entropy problems in cryptographic keys on the Internet (2012 Usenix Security best paper award), and developing the "cold boot" attack against disk encryption systems (2008 Usenix Security best student paper award). In 2011-2012, she was an NSF Mathematical Sciences
Postdoctoral Fellow at UC San Diego. She received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley.