Researchers in the ISG have performed and continue to perform security analyses of widely deployed cryptographic protocols, and have found cryptographic weaknesses in several of them. Examples include SSH, some TLS implementations and a mesh networking chat app advertised for use in higher-risk settings such as settings of civil unrest.
- Chris J. Mitchell: How not to secure wireless sensor networks: A plethora of insecure polynomial-based key pre-distribution schemes, IET Information Security 2021, to appear http://www.chrismitchell.net/Papers/hntsws6.pdf https://doi.org/10.1049/ise2.12016
- Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, Lenka Mareková: Mesh Messaging in Large-scale Protests: Breaking Bridgefy. CT-RSA 2021 https://martinralbrecht.wordpress.com/2020/08/24/
- Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, Juraj Somorovsky: Prime and Prejudice: Primality Testing Under Adversarial Conditions. CCS 2018: 281-298 https://ia.cr/2018/749 CVE-2018-4398
- Martin R. Albrecht, Jean Paul Degabriele, Torben Brandt Hansen, Kenneth G. Paterson: A Surfeit of SSH Cipher Suites. CCS 2016: 1480-1491 https://www.isg.rhul.ac.uk/~kp/surfeit.pdf
- Martin R. Albrecht, Kenneth G. Paterson: Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS. EUROCRYPT (1) 2016: 622-643 https://martinralbrecht.wordpress.com/2015/11/24/
- Martin R. Albrecht, Craig Gentry, Shai Halevi, Jonathan Katz: Attacking cryptographic schemes based on "perturbation polynomials". CCS 2009: 1-10 https://ia.cr/2009/098
- Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson: Plaintext Recovery Attacks against SSH. IEEE Symposium on Security and Privacy 2009: 16-26 https://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf CVE-2008-5161