This talk concerns recent work (together with Bertram Poettering) introducing a new class of Algorithm Substitution Attack (ASA) targeting the receiver’s end of a communication channel; previous work only considered subversion of the sender side. ASAs were introduced by Bellare, Paterson and Rogaway in light of revelations concerning mass surveillance. An ASA replaces a primitive or scheme with a subverted version that aims to reveal information to an adversary engaged in mass surveillance, while remaining undetected by users. We give a class of attack that can be applied to Authenticated Encryption (AEAD) schemes, as well as to Message Authentication (MAC) schemes. In contrast to prior work, our new class of attack targets the decryption algorithm rather than encryption (for AEAD schemes), and the verification algorithm rather than tagging (for MAC schemes). We argue that this attack represents an attractive opportunity for a mass surveillance adversary. Our work serves to refine the ASA model and contributes to a series of papers that raises awareness and understanding about what is possible with ASAs.
Marcel completed an undergraduate degree in Mathematics at Warwick. He returned to academia after working as a teacher for some years, completing a masters in mathematics at Birkbeck (University of London) and then starting a PhD with the Centre for Doctoral Training in Cybersecurity at Royal Holloway. He is currently supervised by Liz Quaglia (previously by Bertram Poettering).
We will have lunch (pizza) together after the research seminar talk. Please register here: https://doodle.com/poll/tz9hhpgq8nqqnnrq