CSE Prize 2009 awarded to scientists for rbMIT software package

— Springer, a leading global scientific publisher, has awarded the Computational Science and Engineering (CSE) Prize 2009 to Phuong Huynh, Ngoc-Cuong Nguyen and Gianluigi Rozza for developing the software package rbMIT, used in solving parametrized partial differential equations by the reduced basis method. Phuong Huynh is currently a research fellow in the Department of Mechanical Engineering of the National University of Singapore. Ngoc-Cuong Nguyen is a research scientist in the Department of Aeronautics and Astronautics at the Massachusetts Institute of Technology. Gianluigi Rozza is a senior research scientist in the Chair of Modelling and Scientific Computing and Lecturer at the Doctoral School of Mathematics, both at the Ecole Polytechnique Fédérale de Lausanne, Switzerland. The rbMIT software package is an outstanding example of CSE software and is being used for both research and CSE education. The CSE Prize is accompanied by US$ 10,000. Read the press release.


A new Best Paper Award for Arjen Lenstra and his team

— The paper "Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate" by Marc Stevens, Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger, received the best paper award at CRYPTO 2009.  Experts have found a weakness in the Internet digital certificate infrastructure that allows attackers to forge certificates that are fully trusted by all commonly used web browsers. As a result of this weakness it is possible to impersonate secure websites and email servers and to perform virtually undetectable phishing attacks, implying that visiting secure websites is not as safe as it should be and is believed to be.  The team of researchers has now discovered that it is possible to create a rogue certification authority (CA) that is trusted by all major web browsers by using an advanced implementation of the collision construction and a cluster of more than 200 commercially available game consoles.  “The major browsers and Internet players – such as Mozilla and Microsoft – have been contacted to inform them of our discovery and some have already taken action to better protect their users,” reassures Arjen Lenstra, head of EPFL’s Laboratory for Cryptologic Algorithms.  According to the researchers, their discovery shows that MD5, a standard cryptographic algorithm, can no longer be considered a secure cryptographic algorithm for use in digital signatures and certificates. Currently MD5 is still used by certain certificate authorities to issue digital certificates for a large number of secure websites.  The expert team of researchers consists of: Alexander Sotirov (independent security researcher), Marc Stevens (Cryptology Group, CWI), Jacob Appelbaum (Noisebridge, The Tor Project), Arjen Lenstra (EPFL), David Molnar (UC Berkeley), Dag Arne Osvik (EPFL) and Benne de Weger