Nadia Heninger on:
[Wikipedia]
[Google]
[Amazon]
Nadia Heninger (born 1982) is an American
Home page
* {{DEFAULTSORT:Heninger, Nadia 1982 births Living people American computer scientists American cryptographers American women computer scientists Public-key cryptographers 21st-century American mathematicians American women mathematicians Number theorists University of California, Berkeley alumni Princeton University alumni University of Pennsylvania faculty 21st-century women mathematicians 21st-century American women
Nadia Heninger (born 1982) is an American cryptographer
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, computer security
Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
expert, and computational number theorist at the University of California, San Diego
The University of California, San Diego (UC San Diego or colloquially, UCSD) is a public university, public Land-grant university, land-grant research university in San Diego, California. Established in 1960 near the pre-existing Scripps Insti ...
.
Contributions
Heninger is known for her work on freezing powered-down security devices to slow their fading memories and allow their secrets to be recovered via acold boot attack
In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by ...
, for her discovery that weak keys for the RSA cryptosystem
RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. The acronym "RSA" comes from the surnames of Ron Rivest, Adi Shamir and Leonard Adleman, who publicly ...
are in widespread use by internet router
A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is ...
s and other embedded devices, for her research on how failures of forward secrecy
In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key ...
in bad implementations of the Diffie–Hellman key exchange
Diffie–Hellman key exchangeSynonyms of Diffie–Hellman key exchange include:
* Diffie–Hellman–Merkle key exchange
* Diffie–Hellman key agreement
* Diffie–Hellman key establishment
* Diffie–Hellman key negotiation
* Exponential key exc ...
may have allowed the National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
to decrypt large amounts of internet traffic via the Logjam vulnerability, and for the DROWN attack
The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack is a cross-protocol security bug that attacks servers supporting modern SSLv3/ TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to le ...
, which uses servers supporting old and weak cryptography to decrypt traffic from modern clients to modern servers.
Heninger's other research contributions include a variant of the RSA cryptosystem that would be secure against quantum computer
Quantum computing is a type of computation whose operations can harness the phenomena of quantum mechanics, such as superposition, interference, and entanglement. Devices that perform quantum computations are known as quantum computers. Though ...
s, an attack on implementations of the ANSI X9.31 cryptographically secure pseudorandom number generator
A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also loosely kno ...
that use hard-coded seed keys to initialize the generator, and the discovery of a side-channel attack
In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorit ...
against some versions of the libgcrypt
Libgcrypt is a cryptography library developed as a separated module of GnuPG.
It can also be used independently of GnuPG, but depends on its error-reporting library Libgpg-error.
It provides functions for all fundamental cryptographic building blo ...
cryptography library.
In 2015, Heninger was part of a team of proponents that included Matt Blaze
Matt may refer to:
*Matt (name), people with the given name ''Matt'' or Matthew, meaning "gift from God", or the surname Matt
*In British English, of a surface: having a non-glossy finish, see gloss (material appearance)
*Matt, Switzerland, a mu ...
, Steven M. Bellovin
Steven M. Bellovin is a researcher on computer networking and computer security, security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Flo ...
, J. Alex Halderman
J. Alex Halderman (born January 1981) is professor of Computer Science and Engineering at the University of Michigan, where he is also director of the Center for Computer Security & Society. Halderman's research focuses on computer security a ...
, and Andrea M. Matwyshyn
Andrea M. Matwyshyn is a United States law professor and engineering professor at The Pennsylvania State University. She is known as a scholar of technology policy, particularly as an expert at the intersection of law and computer security and fo ...
who successfully proposed a security research exemption to Section 1201 of the Digital Millennium Copyright Act.
Education and career
Heninger graduated from theUniversity of California, Berkeley
The University of California, Berkeley (UC Berkeley, Berkeley, Cal, or California) is a public land-grant research university in Berkeley, California. Established in 1868 as the University of California, it is the state's first land-grant u ...
in 2004, with a bachelor's degree in electrical engineering and computer science. She completed her doctorate in 2011 at Princeton University
Princeton University is a private university, private research university in Princeton, New Jersey. Founded in 1746 in Elizabeth, New Jersey, Elizabeth as the College of New Jersey, Princeton is the List of Colonial Colleges, fourth-oldest ins ...
; her dissertation, ''Error Correction and the Cryptographic Key'', was supervised by Bernard Chazelle
Bernard Chazelle (born November 5, 1955) is a French-American computer scientist. He is currently the Eugene Higgins Professor of Computer Science at Princeton University. Much of his work is in computational geometry, where he is known for hi ...
.
After postdoctoral research at the University of California, San Diego
The University of California, San Diego (UC San Diego or colloquially, UCSD) is a public university, public Land-grant university, land-grant research university in San Diego, California. Established in 1960 near the pre-existing Scripps Insti ...
and Microsoft Research
Microsoft Research (MSR) is the research subsidiary of Microsoft. It was created in 1991 by Richard Rashid, Bill Gates and Nathan Myhrvold with the intent to advance state-of-the-art computing and solve difficult world problems through technologi ...
in New England, she became Magerman Term Assistant Professor at the University of Pennsylvania
The University of Pennsylvania (also known as Penn or UPenn) is a private research university in Philadelphia. It is the fourth-oldest institution of higher education in the United States and is ranked among the highest-regarded universitie ...
in 2013. In 2019, she returned to the University of California, San Diego.
Recognition
Heninger's work on weak keys and on forward secrecy of Diffie–Hellman won best paper awards at the conferences at which they were presented, as have several of Heninger's other publications. She is one of the 2016 recipients of the Applied Networking Research Prize of theInternet Research Task Force
The Internet Research Task Force (IRTF) is an organization, overseen by the Internet Architecture Board, that focuses on longer-term research issues related to the Internet. A parallel organization, the Internet Engineering Task Force (IETF), fo ...
.
She was an invited speaker at Asiacrypt 2016, speaking on "The reality of cryptographic deployments on the internet".
Selected publications
References
External links
Home page
* {{DEFAULTSORT:Heninger, Nadia 1982 births Living people American computer scientists American cryptographers American women computer scientists Public-key cryptographers 21st-century American mathematicians American women mathematicians Number theorists University of California, Berkeley alumni Princeton University alumni University of Pennsylvania faculty 21st-century women mathematicians 21st-century American women