This page uses content from Wikipedia and is licensed under CC BY-SA.
Heninger is known for her work on freezing powered-down security devices to slow their fading memories and allow their secrets to be recovered via a cold boot attack,[A] for her discovery that weak keys for the RSA cryptosystem are in widespread use by internet routers and other embedded devices,[B] for her research on how failures of forward secrecy in bad implementations of the Diffie–Hellman key exchange may have allowed the National Security Agency to decrypt large amounts of internet traffic via the Logjam vulnerability,[C] and for the DROWN attack, a weakness in internet servers that can let attackers force them to use an old and weak cryptographic protocol.[D]
Heninger's other research contributions include an analysis of the strength of the RSA cryptosystem against quantum computers, an attack on implementations of the ANSI X9.31 cryptographically secure pseudorandom number generator that use hard-coded seed keys to initialize the generator, and the discovery of a side-channel attack against some versions of the libgcrypt cryptography library.
Heninger graduated from the University of California, Berkeley in 2004, with a bachelor's degree in electrical engineering and computer science. She completed her doctorate in 2011 at Princeton University; her dissertation, Error Correction and the Cryptographic Key, was supervised by Bernard Chazelle. After postdoctoral research at the University of California, San Diego and Microsoft Research in New England, she became Magerman Term Assistant Professor at the University of Pennsylvania in 2013.
Heninger's work on weak keys and on forward secrecy of Diffie–Hellman won best paper awards at the conferences at which they were presented, as have several of Heninger's other publications. She is one of the 2016 recipients of the Applied Networking Research Prize of the Internet Research Task Force.
|A.||Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W. (May 2009), "Lest we remember: Cold-boot attacks on encryption keys", Communications of the ACM, 52 (5): 91–98, doi:10.1145/1506409.1506429|
|B.||Heninger, Nadia; Durumeric, Zakir; Wustrow, Eric; Halderman, J. Alex (2012), "Mining your Ps and Qs: Detection of widespread weak keys in network devices" (PDF), Proceedings of the 21st USENIX Conference on Security Symposium (Security'12), Berkeley, CA, USA: USENIX Association, pp. 35:1–35:16|
|C.||Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (2015), "Imperfect forward secrecy: How Diffie-Hellman fails in practice", Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15), New York, NY, USA: ACM, pp. 5–17, doi:10.1145/2810103.2813707, ISBN 978-1-4503-3832-5|
|D.||Aviram, Nimrod; Schinzel, Sebastian; Somorovsky, Juraj; Heninger, Nadia; Dankel, Maik; Steube, Jens; Valenta, Luke; Adrian, David; Halderman, J. Alex; Dukhovni, Viktor; Käsper, Emilia; Cohney, Shaanan; Engels, Susanne; Paar, Christof; Shavitt, Yuval (August 2016), "DROWN: Breaking TLS with SSLv2" (PDF), 25th USENIX Security Symposium|