Professor Kenny Paterson from the Information Security Group at Royal Holloway, University of London has been awarded the Applied Networking Research Prize from the Internet Research Task Force (IRTF) for his research with PhD student Nadhem AlFardan.
Their work is helping to create more secure software for the internet. The researchers identified a flaw in The Transport Layer Security (TLS) protocol, which is used by millions of people on a daily basis. It provides security for online banking, as well as for credit card data when shopping on the internet.
They discovered an attack could be launched on TLS and that personal data could be intercepted. They were able to uncover a glitch in the way in which the protocol terminates TLS sessions and leaks a small amount of information to the attacker, who can use it to gradually build up a complete picture of the data being sent.
Professor Paterson said: “I’m delighted to be awarded this prize in recognition of my research with Nadhem AlFardan. Normally, the path from scientific discovery to real-world impact takes years; in this instance, the impact was almost immediate, and every major web browser is now using more secure software because of our research.
“This is a reflection of the importance of the TLS protocol in securing our everyday activities on the web. Working with companies like Google and Microsoft to help them understand our research and improve their software was a great learning experience for us.”
The prize was awarded according to a diverse set of criteria, including scientific excellence and substance, timeliness, relevance, and potential impact on the internet.
Professor Paul Hogg, Vice Principal for Research and Enterprise and Dean of the Faculty of Science at Royal Holloway, said: “This is well merited recognition of the work by Professor Paterson and his team in ISG, working to keep cyber space safe and secure.”
