A new Best Paper Award for Arjen Lenstra and his team

— The paper "Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate" by Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger, received the best paper award at CRYPTO 2009.  Experts have found a weakness in the Internet digital certificate infrastructure that allows attackers to forge certificates that are fully trusted by all commonly used web browsers. As a result of this weakness it is possible to impersonate secure websites and email servers and to perform virtually undetectable phishing attacks, implying that visiting secure websites is not as safe as it should be and is believed to be.  The team of researchers has now discovered that it is possible to create a rogue certification authority (CA) that is trusted by all major web browsers by using an advanced implementation of the collision construction and a cluster of more than 200 commercially available game consoles.  “The major browsers and Internet players – such as Mozilla and Microsoft – have been contacted to inform them of our discovery and some have already taken action to better protect their users,” reassures Arjen Lenstra, head of EPFL’s Laboratory for Cryptologic Algorithms.  According to the researchers, their discovery shows that MD5, a standard cryptographic algorithm, can no longer be considered a secure cryptographic algorithm for use in digital signatures and certificates. Currently MD5 is still used by certain certificate authorities to issue digital certificates for a large number of secure websites.  The expert team of researchers consists of: Alexander Sotirov (independent security researcher), Marc Stevens (Cryptology Group, CWI), Jacob Appelbaum (Noisebridge, The Tor Project), Arjen Lenstra (EPFL), David Molnar (UC Berkeley), Dag Arne Osvik (EPFL) and Benne de Weger


EPFL Best thesis award for Radu Jurca, student at EDIC

— Mr. Radu Jurca of the EDIC School received, end of April, the EPFL best thesis award for his work entitled "Truthful Reputation Mechanisms for Online Systems" under the supervision of Professor Boi Faltings. His thesis concentrates on the reliability of Internet forums. The internet offers tremendous opportunities for sharing feedback and ratings of products or services. Feedback forums, however, can be manipulated by users who deliberately lie with the ulterior motive of punishing or promoting particular items. Radu Jurca's thesis analyzes a complete range of settings for feedback mechanisms, and shows for the first time how to design incentives that make honest reporting the highest-paying equilibrium strategy even in the presence of large fractions of colluding raters that try to break the system. Applications are under way not only in online feedback forums, but also for less prominent problems such as self- monitoring of services.