CECC 2021 21st Central European Conference on Cryptology

Riccardo Focardi : „Breaking and fixing cryptographic systems”

ABSTRACT: In recent years, we have faced an increasingly pervasive use of cryptography. The expansion of IoT, home automation and industry 4.0 has worryingly increased the attack surface, making it necessary to use cryptographic protocols to protect communications and data. However, cryptography is complex: not all cryptographic mechanisms offer the same level of protection; management and configuration is often the

Achilles' heel of cryptographic systems; finally, protocols and implementations may present bugs that weaken or, in some cases, cancel the security guarantees offered by the adopted mechanisms. In this talk we will give an overview of the problems and attacks encountered in real cryptographic systems, discussing their weaknesses and possible remedies. We will present some case studies we have dealt with highlighting how, and in which extent, scientific research can improve the state of the art of real cryptographic systems.

SHORT BIO: Riccardo Focardi is Full Professor of Computer Science and coordinates the IT Security Lab at Ca' Foscari University, Venice. His research interests include: system and network security, analysis of security APIs and trusted hardware, cryptography, specification and automated verification of security properties. He has been involved into national and European projects on Computer Security. He has been member of many program committees of international conference and has been program chair of the IEEE Computer Security Foundation Symposium in 2003 and 2004. He is founder and member of the steering committee of the Italian Conference on Cybersecurity (ITASEC). From 2016 to 2019 he has been chair of the IFIP Working Group 1.7 "Theoretical Foundations of Security Analysis and Design" and from 2005 to 2019 he has been member of the editorial board of the Journal of Computer Security. From 2012 to 2019 he has coordinated the PhD program in Computer Science at Ca’Foscari, starting an international double-degree in

Cybersecurity with Masaryk University, Brno. In 2013 he has co-founded Cryptosense, a spin-off that develops software for security analysis of cryptographic systems and in 2020 he has co-founded 10Sec, a spin-off developing advanced solutions for the security of IoT devices.

Klaus Schmeh : "Breaking Historical Ciphers with Modern Means?

ABSTRACT: This presentation introduces a number of ciphers that played an important role in history and explain how they can be broken with modern means. Among other techniques, Hill Climbing has proven especially powerful for this purpose. The current state of research will be demonstrated with original ciphertexts from past centuries, some of which were deciphered only recently. In spite of a number of interesting improvements that have been developed in recent years, there are still surprisingly many historical ciphertexts that are unbroken to date. For instance, nomenclators, short Enigma messages, double column transpositions with long key words, and numerous Cold War ciphers still baffle cryptanalysts. However, research goes on and we might see further improvements in the near future.

SHORT BIO: Klaus Schmeh has written 15 books about the subject, as well as over 200 articles, 25 scientific papers, and 1,400 blog posts. His blog "Cipherbrain" covers codebreaking and crypto history. His latest book "Codebreaking: A Practical Guide", co-written with Elonka Dunin, was published in 2020. Klaus is a member of the editorial board of the scientific magazine Cryptologia. He is known for his entertaining presentation style involving self-drawn cartoons and Lego models. He has lectured at hundreds of conferences, including the NSA Cryptologic History Symposium and the RSA Conference. In his day job, Klaus works for a German cryptology company.

Maria Eichlseder: Lightweight Cryptography

ABSTRACT: While our desktop processors grow faster and faster, our data is increasingly often processed elsewhere: by networks of cheap, highly-constrained devices with low computational power and limited power supply. At the same time, these applications are often riddled with additional challenges, such as devices under the physical control of an adversary. Lightweight cryptography is designed to provide security under such difficult conditions. The ongoing NIST Lightweight Crypto (LWC) standardization competition, currently in its final round, is shining a spotlight on this research direction.

In this talk, we will discuss how the LWC finalists tackle different challenges in lightweight cryptography. We will also look at directions beyond the scope of LWC: For example, securing the internals of computer systems against microarchitectural attacks requires primitives with very low latency and unusual interfaces.
SHORT BIO: Maria Eichlseder is assistant professor in Cryptography at Graz University of Technology. She co-designed Ascon, a lightweight authenticated cipher that is among the winners of the CAESAR competition and currently competing as a finalist in the NIST Lightweight Crypto (LWC) competition. Her research interests include the design and cryptanalysis of symmetric cryptographic algorithms, such as hash functions, authenticated ciphers, and their underlying primitives. She is also interested in their robustness against misuse and implementation attacks, and connections between cryptanalysis and physical attacks like Statistical Ineffective Fault Attacks. She defended her Ph.D. sub auspiciis praesidentis in 2018 and received several awards for her thesis.

Financially supported by EFOP-3.6.3-VEKOP-16-2017-00002, a project co-financed by the Hungarian Government and European Union through the European Regional Development Fund.

Dear User!


The University of Debrecen considers the protection of personal data and the information provided to be of paramount importance. We hereby inform you that the University of Debrecen has reviewed its processes and incorporated the requirements of GDPR into his own data management and data protection activities, which entered mandatory on may 25,2018. The personal data of the users has been carefully handled by the University of Debrecen, it complies with the applicable data management regulations.Following the requirements of GDPR, we updated our Privacy Statement, which you can access by clicking on the link below: Privacy Policy.

I have read, understand and agree to terms.