"Researchers Earn USENIX Test of Time for Work in Exposing Network Key Vulnerabilities"
The 2022 USENIX Security Symposium Test of Time Award was given to University of Michigan researchers for their 2012 study, "Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices." The paper, written by Professor J. Alex Halderman, his former students Eric Wustrow and Zakir Durumeric, and their collaborator Nadia Heninger, introduced powerful methodologies for detecting Internet security flaws and uncovered cryptographic flaws that affected tens of millions of devices. The USENIX Test of Time award honors papers that were presented at a USENIX conference at least ten years ago and have had a lasting impact on their fields. The researchers sought to expose weaknesses in the processes that generate RSA and DSA encryption keys, but they also performed the most comprehensive Internet-wide scans at the time. That work inspired Halderman and his students to develop the ZMap network scanner, which has since become a standard tool for Internet-wide measurement. The team's most significant contribution was a new method for detecting vulnerabilities in cryptographic implementations. Previously, such issues were discovered through time-consuming reverse engineering or when users happened to observe specific symptoms of underlying issues. The researchers realized that by applying specialized data mining algorithms to the type of Internet-wide scan data they collected, they could detect subtle clues pointing to more widespread underlying issues. They discovered, among other things, a major flaw in the Linux kernel's random number generator that could compromise the security of cryptographic keys, particularly those generated in embedded systems such as Internet of Things (IoT) devices. The paper has often been cited for its groundbreaking scope and contributions to understanding encryption and entropy problems caused by inadequate randomness in operating systems. This article continues to discuss the recognition of the University of Michigan's study for its lasting contributions to the field of security and encryption.