The National Security Agency has announced the winning entry to its ninth annual Best Cybersecurity Research Paper Competition.

The winning paper was written by Yanyi Liu from Cornell University and Rafael Pass, professor of Computer Science at Cornell Tech. It expounded a theorem that relates the existence of one-way functions (OWFs) to a measurement of the complexity of a string of text. 

“OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more,” said an NSA spokesperson. 

“Until now, it has been assumed that OWF functions exist even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.”

Titled On One-way Functions and Kolmogorov Complexity, the winning paper was published at the 2020 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Foundations of Computer Science. 

The chief of NSA’s Laboratory for Advanced Cybersecurity Research picked the winning entry in a decision informed by the opinions of 10 distinguished international cybersecurity experts who independently reviewed the top papers among 34 nominations.

“One-way functions are a key underpinning in many modern cryptography systems and were first proposed in 1976 by Whitfield Diffie and Martin Hellman,” said an NSA spokesperson.

“These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive.”

The NSA gave an honorable mention to another paper, Retrofitting Fine Grain Isolation in the Firefox Renderer, written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan.

Originally published at the USENIX Security Conference 2020, this paper provides a security solution in the Firefox web browser. The paper also demonstrated that the technology could be applied to other situations.

“NSA congratulates the winners, and recently opened the nomination process for the 10th Annual Best Scientific Cybersecurity Paper Competition on January 15 2022,” said the NSA.

The agency said it will welcome nominations of papers published during 2021 in peer-reviewed journals, magazines, or technical conferences that show “an outstanding contribution to cybersecurity science.”

The nomination period for the 10th annual Best Cybersecurity Research Paper Competition closes on 15 April 2022.

The National Security Agency has announced the winning entry to its ninth annual Best Cybersecurity Research Paper Competition.

The winning paper was written by Yanyi Liu from Cornell University and Rafael Pass, professor of Computer Science at Cornell Tech. It expounded a theorem that relates the existence of one-way functions (OWFs) to a measurement of the complexity of a string of text. 

“OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more,” said an NSA spokesperson. 

“Until now, it has been assumed that OWF functions exist even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.”

Titled On One-way Functions and Kolmogorov Complexity, the winning paper was published at the 2020 IEEE (Institute of Electrical and Electronics Engineers) Symposium on Foundations of Computer Science. 

The chief of NSA’s Laboratory for Advanced Cybersecurity Research picked the winning entry in a decision informed by the opinions of 10 distinguished international cybersecurity experts who independently reviewed the top papers among 34 nominations.

“One-way functions are a key underpinning in many modern cryptography systems and were first proposed in 1976 by Whitfield Diffie and Martin Hellman,” said an NSA spokesperson.

“These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive.”

The NSA gave an honorable mention to another paper, Retrofitting Fine Grain Isolation in the Firefox Renderer, written by Shravan Narayan, Craig Disselhoen, Tal Garfinkel, Nathan Froyd, Sorin Lerner Hovav Shacham and Deian Stefan.

Originally published at the USENIX Security Conference 2020, this paper provides a security solution in the Firefox web browser. The paper also demonstrated that the technology could be applied to other situations.

“NSA congratulates the winners, and recently opened the nomination process for the 10th Annual Best Scientific Cybersecurity Paper Competition on January 15 2022,” said the NSA.

The agency said it will welcome nominations of papers published during 2021 in peer-reviewed journals, magazines, or technical conferences that show “an outstanding contribution to cybersecurity science.”

The nomination period for the 10th annual Best Cybersecurity Research Paper Competition closes on 15 April 2022.

An Ohio-based healthcare provider has been fined $600k over a data breach that exposed the records of 2.1 million patients across America. 

Cyber-criminals targeted EyeMed Vision Care in June 2020. Attackers gained access to an EyeMed email account to which EyeMed clients sent sensitive consumer data relating to vision benefits enrollment and coverage.

During the week-long intrusion, threat actors were able to view emails and attachments dating back six years. Contained within those emails and attachments was sensitive information that included consumers’ names, addresses, Social Security numbers and insurance account numbers.

In July 2020, the attackers used the compromised EyeMed account to launch a phishing attack against EyeMed clients. Approximately 2,000 emails were sent asking clients for their EyeMed account login credentials.

The healthcare provider’s IT department became aware of the phishing campaign when they started receiving emails from concerned clients who the attackers had targeted. EyeMed subsequently secured the compromised email account and launched an investigation.

The Office of the Attorney General determined that the affected email account had not been secured with multi-factor authentication at the time of the attack, despite being accessible via a web browser.

It was further determined that EyeMed failed to adequately implement sufficient password management requirements for the enrollment email account and failed to maintain adequate logging of its email accounts.

On Monday, New York Attorney General Letitia James announced that EyeMed had agreed to pay the State of New York $600k to resolve the 2020 data breach.

“New Yorkers should have every assurance that their personal health information will remain private and protected,” said attorney general James. 

“EyeMed betrayed that trust by failing to keep an eye on its own security system, which in turn compromised the personal information of millions of individuals.” 

The data breach impacted 98,632 residents of New York. James said she wanted the agreement to signal New York’s continued commitment to holding companies accountable.

“My office continues to actively monitor the state for any potential violations, and we will continue to do everything in our power to protect New Yorkers and their personal information,” she added.