Tuesday, October 15, 2013

A Blow To Computer Security Research

Early this summer, a British court in London ordered computer security researchers to withdraw their scientific paper "Dismantling Megamos Security: Wirelessly Lockpicking a Vehicle Immobilizer," which was to be presented at the 22nd USENIX Security Symposium in August in Washington D.C.

The work presented in the paper was carried out in the Digital Security research group of professor Bart Jacobs of the Radboud University Nijmegen (Netherlands). Flavio Garcia, Roel Verdult and Baris Ege, the three authors of the paper, in 2012 discovered a serious weakness in the algorithm of a cryptography-based car immobilizer (an electronic security device that prevents the engine from running unless the correct key or token is presented) known under the name "Megamos Crypto." The research paper describes both the algorithm and the weakness within it.

The algorithm was created in the mid-1990s by Thales, a French multinational that designs and produces electrical systems. Thales licensed the algorithm to the Swiss firm EM Microelectronic to build it into a microprocessor. EM sold the microprocessor to Troy, MI-based Delphi Automotive, and Delphi manufactured and sold a complete immobilizer to the German car company Volkswagen, as well as to many other car manufacturers. Volkswagen says it has installed the immobilizer in millions of cars, particularly in vehicles in Volkswagen’s luxury car brands, including Porsche, Audi, Bentley, and Lamborghini.

Read the rest of my article on the website of the ACM (Association for Computing Machinery)

London-verdict in the ‘Megamos Crypto’ case: http://www.bailii.org/ew/cases/EWHC/Ch/2013/1832.html
Video of the presentation by Roel Verdult at USENIX 2013: https://www.usenix.org/conference/usenixsecurity13/dismantling-megamos-crypto-wirelessly-lockpicking-vehicle-immobilizer
Detailed analysis of the English High court judgement in the ‘Megamos Crypto’ case by Robert Carolina and Kenneth Paterson: http://www.isg.rhul.ac.uk/~kp/Carolina-Paterson-Megamos-comment-20130828.pdf
Volkswagen Code of Conduct: http://www.volkswagenag.com/content/vwcorp/info_center/en/publications/2010/07/Verhaltensgrundsaetze_des_Volkswagen_Konzerns.bin.html/binarystorageitem/file/The+Volkswagen+Group+Code+of+Conduct.pdf

Tuesday, October 1, 2013

Back to the Future of Computer Science

Panel discussion during the first Heidelberg Laureate Forum (Copyright: HLFF)

During the last week of September, 200 young researchers from all over the world met with 40 laureates of the most prestigious awards in computer science and mathematics at the first Heidelberg Laureate Forum (HLF) in Heidelberg, Germany.

The HLF was modeled after the famous Lindau Nobel Laureate meetings, held annually since 1951 as a way for young researchers to meet with Nobel laureates in physics, chemistry, medicine, and economics.

HLF chair Klaus Tschira said his great inspiration to initiate the Forum was that, "Unfortunately, there is not a Nobel Prize for mathematics and for computer science, but, young researchers in these fields would likewise benefit just as much from early contact with influential members of their fields."

Read the rest of my article on the website of the ACM (Association for Computing Machinery).

Heidelberg Laureate Forum, including videos of the lectures: www.heidelberg-laureate-forum.org
HLF-blog: www.scilogs.com/hlf/
Turing Award: http://amturing.acm.org
Fields Medal: www.mathunion.org/general/prizes/fields/details/
Abel Prize: www.abelprize.no
Rolf Nevanlinna Prize: www.mathunion.org/general/prizes/nevanlinna/details/