5th French-German Cybersecurity Workshop brings together IT security researchers from both countries at CISPA
Protecting our online communications and being able to guarantee data security is an everlasting challenge for cybersecurity researchers around the world. The increasing complexity of today's networks, ever-new attack methods, and, last but not least, the development of quantum computers are currently challenging the security of existing encryption methods. Scientists from CISPA and Loria are researching where security gaps exist or are created by new technologies and how they can be fixed. On Tuesday, they met again to pool their expertise and find new ways to work together via cross-border exchanges.
This 5th CISPA-Loria workshop day joined forces with CISPA's Distinguished Lecture Series. Thus the day started with an introduction by Dr. Cristian-Alexandru Staicu, the organiser of the Distinguished Lecture, followed by a guest presentation by Prof. Dr. Sebastian Schinzel from Münster University of Applied Sciences about the security of our communication in emails, titled "Email (in)security: room for improvement or lost cause?". Among other things, the researcher pointed out a new vulnerability in the TLS encryption protocol and talked about novel attacks that can break the encryption of commonly used TLS and XML protocols. He also presented his recently published study showing that even experts often fail to recognize fraudulent mails.
After this first talk, the CISPA-Loria workshop per se was launched by the organizers Prof. Dr. Antoine Joux from CISPA and Prof. Dr. Marine Minier from Loria. The next talk, "Efficient Verification of Quantum Computation," Dr. Giulio Malavolta of the Max Planck Institute for Security and Privacy in Bochum, Germany, addressed how quantum computations can be efficiently verified, by a weak classical verifier, unable to redo the computations himself; the researcher presented a new verification method based on advanced cryptographic machinery.
This second talk ended the morning session and workshop participants then had a first opportunity to further exchange ideas over lunch.
CISPA researcher Dr. Dominic Steinhöfel opened the afternoon program with his talk on "Input Invariants”. He presented a new approach to improve automatic software testing. To test software runs safely and error-free, so-called fuzzers are used. Fuzzers repeatedly feed randomized inputs into computer programs and can reveal security gaps and errors. To speed up fuzzing, it is worthwhile to use inputs that (mostly) conform to a specific form that are close to what the program would normally expect. In the future, the input specification language ISLa, which Steinhöfel co-developed, should greatly simplify the automated generation of (mostly) valid inputs for these testing operations.
Loria researcher Dr. Xavier Bonnetain then spoke in his talk "Quantum Period Finding against Symmetric Primitives" about quantum computers' capabilities and the risk they pause to symmetric encryption in the future. He showed, that on top of the now well-known attacks on discrete logarithms and factoring, quantum computers can be used, much more surprisingly, to attack some symmetric encryption schemes more efficiently than expected. Indeed, we not only need to double key sizes to account for Grover attack but also may need to account to period-finding techniques for some families of symmetric schemes. Prof. Dr. Rémi Badonnel of Loria's work focuses on the security of complex networks. In his presentation, "Automating Security Management for the Cyber-Space," he talked about novel monitoring and configuration solutions for complex networked systems. His research focuses on intelligent monitoring methods that can cope with low-resource networks and address vulnerabilities that arise when system configurations change. He is also investigating how the automatic configuration of cloud infrastructures, for example, can reduce attack surfaces.
The workshop concluded with the presentation "Differential analysis of a cipher using Constraint Programming" by Prof. Dr. Marine Minier, co-organizer from Loria. She showed the problems involved in modeling so-called differential attacks on ciphers. With differential attacks, attackers attempt to break block ciphers and cryptologic hash functions by examining what effect specific differences in plaintext pairs have on the differences in the resulting ciphertext pairs. Modeling such attacks helps researchers develop appropriate security measures against the attacks.
The organizers of the workshop were happy.
Antoine Joux: „For the first time since its inception, the CISPA-Loria workshop had a joint talk with CISPA’s Distinguished Lecture Series. This was a very nice way for both events to enrich each other and we will certainly try to renew the experience in the future. It allowed us to further diversify an already rich agenda which ultimately featured three talks on quantum computations and cryptography and three talks on security.“
Marine Minier adds: „Even though we are not so numerous coming from the LORIA, we are really happy to be here, for this 5th join workshop between CISPA and LORIA. Everybody has been interested by the talks given today on security of TLS, on quantum and post-quantum computing and cryptography and on security of connected objects“, says Marine Minier.
About the French-German Center for Cybersecurity
The center is an association of the largest and most renowned cybersecurity research centers in Europe. The CISPA Helmholtz Center for Information Security and the INRIA/Loria in Nancy have been pursuing joint paths in cybersecurity research since 2020 and are dedicated to strengthening transfer and innovation activities between France and Germany. Leaders on the German side are Prof. Dr. Dr. h. c. Michael Backes and Prof. Dr. Antoine Joux, and on the French side, Prof. Dr. Jean-Yves Marion and Prof. Dr. Marine Minier.
Loria is the French acronym for Lorraine Research Laboratory in Computer Science and its Applications and is a joint research unit of the CNRS, the University of Lorraine, and INRIA. This unit was officially created in 1997. Loria's missions are mainly basic and applied research in computer sciences. The laboratory is a member of the Fédération Charles Hermite, which brings together the four main research laboratories in mathematics, information, and communication sciences, as well as control and automation. The scientific work is carried out by the laboratory's 400 collaborators in 28 teams, 15 of which work jointly with INRIA. Loria is today one of the largest research laboratories in Lorraine.