Speaker: Yiqun Lisa Yin - Independent Security Consultant
Time and Place: Monday 4/23 at 11am in LC102
Abstract: Cryptographic hash functions are an important component in almost all security applications, including digital signature schemes and message authentication codes. Among existing hash functions, the most widely used ones are MD5, designed by Prof. Rivest of MIT, and SHA-1, designed by the National Security Agency. In the past few years, there have been major advances in the cryptanalysis of hash functions. In particular, both MD5 and SHA-1 were broken. There is no doubt that hash function has become one of the hottest research topics in cryptography today.
In this talk, we will first provide a survey of recent attacks on hash functions. We will review new techniques introduced in these attacks and analyze some common weaknesses in the design of existing hash functions that made all the attacks possible. We will then consider the impact of these attacks on hash-based security schemes. We will present new results on colliding the X.509 digital certificates and key-recovery attacks on the HMAC authentication protocol. These results show that the strength of a security scheme can be greatly weakened by the insecurity of the underlying hash function.
Bio: Dr. Yin is currently an independent security consultant based in Connecticut. She has over fifteen years of research and industry experience in cryptography and security. She held positions as director of security technologies at NTT Labs in California, senior scientist at RSA Labs, and visiting researcher at Princeton University. She was a co-inventor of RC6, a finalist for the Advanced Encryption Standard. She was one of the three Chinese researchers who broke the NIST hash standard SHA-1 in 2005. She received her Ph.D. in Applied Mathematics from MIT in 1994.