# Cryptography Research

## Implementation Attacks on Cryptosystems

Cryptographers have made enormous progress at building cryptographic
algorithms that, when appropriately implemented, appear to be highly
secure against many types of mathematical attacks.
However, recent research has shown that there are a surprising number
of ways in which clever attackers can nonetheless defeat these systems
in practice by "thinking outside the box".
The common theme is that real cryptographic implementations are much
more than a mathematical function; attackers often have access to a great
deal of additional side information.
For instance, an attacker who can measure the time it takes to perform
a RSA decryption can use this to learn the RSA key.
These kinds of "side channels" threaten the security of encryption
algorithms deployed in smartcards, embedded devices, and other settings.

I am working to characterize and understand these failure modes.
I am also developing defenses against such attacks.
One of the main focuses of this effort is an attempt to place this
field on principled, formal foundations.

One of the practical results of this project has been the
discovery of new security flaws in
802.11 security, a topic of considerable practical interest.

This work is funded through generous support from a NSF
ITR
award.

## Secure Signal Embedding

In collaboration with
Kannan Ramchandran and
many others, I am studying new methods in the areas of
watermarking, steganography, program obfuscation, and related topics.
Building on previous work on ad-hoc approaches to these problems,
we are now working towards a more scientific approach rooted
in information theory, complexity theory, and the theory of cryptography.

This work is funded through generous support from a NSF
ITR
award.

David Wagner,
daw@cs.berkeley.edu,
http://www.cs.berkeley.edu/~daw/.