ACE Seminar: Cryptographic Vulnerability Disclosure - The Good, The Bad, and The Ugly

Speaker: Prof Kenny Paterson

Date/Time: 07-Apr-2016, 16:00 UTC




In this talk, I'll discuss some personal experiences - good, bad, and ugly - of disclosing vulnerabilities in a range of different cryptographic standards and implementations. I'll try to draw some general lessons about what works well and what does not.




I obtained a B.Sc. in 1990 from the University of Glasgow and a Ph.D. from the University of London in 1993, both in Mathematics. I was then a Royal Society Fellow at Institute for Signal and Information Processing at the Swiss Federal Institute of Technology, Zurich, from 1993 to 1994. After that, I was a Lloyd's of London Tercentenary Foundation Research Fellow at Royal Holloway, University of London from 1994 to 1996.

In 1996, I joined Hewlett-Packard Laboratories Bristol, becoming a project manager in 1999.

I then joined the Information Security Group at Royal Holloway in 2001, becoming a Reader in 2002 and Professor in 2004. From March 2010 to May 2015, I was an EPSRC Leadership Fellow working on a project entitled Cryptography: Bridging Theory and Practice. In May 2015, I reverted to being a Professor of Information Security.

My research over the last decade has mostly been in the area of Cryptography, with a strong emphasis being on the analysis of deployed cryptographic systems and the development of provably secure solutions to real-world cryptographic problems. I co-founded the Real World Cryptography series of workshops to support the development of this broad area and to strengthen the links between academia and industry. I am co-chair of the IRTF's research group on Cryptography, CFRG. This group is working to provide expert advice to the IETF in an effort to strengthen the Internet's core security protocols.

My research on the security of TLS (the Lucky 13 attack on CBC-mode encryption in TLS and attacks on RC4) received significant media attention, helped to drive the widespread adoption of TLS 1.2 with its support for modern encryption schemes, and was an important factor in the TLS Working Group's decision to abandon legacy encryption mechanisms in TLS 1.3.

I am lucky to have been the recipient of several prizes and awards for my research. These include a Google Distinguished Paper Award for my joint work with Nadhem AlFardan presenting plaintext recovery attacks against DTLS published at NDSS 2012; an Applied Networking Research Prize from the IRTF for my work with Nadhem AlFardan on the Lucky 13 attack; and an Award for Outstanding Research in Privacy Enhancing Technologies for my work with Mihir Bellare and Phil Rogaway on the Security of symmetric encryption against mass surveillance published at CRYPTO 2014.

Other career highlights include being selected as Programme Chair for EUROCRYPT 2011, and being an invited speaker at ASIACRYPT 2014.

This page was last modified on 27 Mar 2014.