Suramya's Blog : Welcome to my crazy life…

April 30, 2022

Merged my Book Review blog into the main blog

Filed under: Books Related / Reviews — Suramya @ 9:54 PM

I had created a blog at where I was reviewing books but it was becoming a pain to maintain both and there was no advantage of keeping two separate blogs. So I decided to merge the two into this blog. Nothing should change for most readers, people who visit the old URL will get redirected to the new one.

Let me know if you see any strange behavior

– Suramya

Thoughts on Star Trek: Picard’s Time Travel inconsistencies

Filed under: My Thoughts — Suramya @ 10:33 AM

The season 2 of Star Trek Picard is going on and while I like the season and enjoy looking at the characters in a different setting, the whole time travel thing and how they are ignoring the impact of what they are doing in the past is getting annoying.

There are going to be spoilers in this post about the latest episodes of the series. So if you haven’t seen the episode I suggest you stop reading now to avoid spoilers.

In the series, Picard and team are stuck back in the past and the Borg Queen has taken over Jurati and wants to get a 400 year jump on assimilating the galaxy. One point they ignore is why the queen doesn’t start with Assimilating Earth and then move to the other planets because that would give her a base of operations and allow them to expand into the Alpha quadrant without any competition, but lets put that aside for now. In the latest episode Seven is injured and apparently the only way to save her is for Jurati to strike a deal with the queen. Which is that the queen would fix Seven by giving her Borg implants back and Jurati will work with the queen.

She pitches the idea that they should assimilate the people who need help or are lonely instead of forcefully assimilating whole cultures and species, basically giving them a second chance. Instead of the famous “Resistance is Futile. We are the Borg. Lower your shields and surrender your ships. We will add your biological and technological distinctiveness to our own.” . The queen agrees so they both take the ship and fly off to the delta quadrant to assimilate people in a more compassionate way. But guess what, if Borg start doing compassionate assimilation 400 years in the past then it changes the whole history and the future would be drastically different. It literally changes the entire future of the delta quadrant as the Borg are not assimilating and killing off species, which means they do things differently. You can’t tell me that this will not create a whole new future because without the borg, there is no Seven of Nine (which means Voyager would probably not make it back), there is no Locutus, no Borg war and so many other changes.

The whole premise of ST Picard is that if Picard’s ancestor doesn’t go for the Europa mission the federation no longer exists and there is a Confederation of Earth that has destroyed / killed most of the species in the galaxy. This minor change causes such alteration of the future so it is hard to accept that letting the Borg Queen loose in the past will not have an impact.

There are so many other things that they do which should impact the future but apparently won’t because they are needed to further the plot. This is why I don’t like this kind of time travel series because they break their own rules about what is allowed and what is not.

I wonder how they will address the whole new timeline and all the impact they have caused. I just hope it wont be something silly like Q resetting the timeline to the original at the end of the season.

– Suramya

April 29, 2022

Malware in Windows: TPM Bypasses & Firmware level persistence

Filed under: Computer Security,Computer Software,My Thoughts — Suramya @ 7:13 AM

Malware is the short form for Malicious Software and is basically software that allows attackers to infect a computer system or device to steal information, disrupt operations or gain access to sensitive data. It is a general term that includes viruses, worms, trojans, spyware, rootkits etc. (Cisco, 2021)

Conceptually the foundations for creating malware were laid almost simultaneously with the creation of the first computers. In 1951, John von Neumann proposed methods on how to create self-replicating automata (Neumann, 1951) and a few years later in 1959 Lionel Penrose published his paper on ‘Self-Reproducing Machines’ this paper was used as the basis for creating replicating machine code that were the basis of the later generations of malware. In 1970’s the creeper virus infected the ARPANET (Milošević, 2013) followed shortly after by Rabbit (Milošević, 2013) which spread rapidly to computers and created copies of itself overloading the machine and impacting system performance. (Milošević, 2013)

In the 1986, the first malware called Brain.A that targeted the PC platform was released. (Milošević, 2013) It used floppy disks as the infection mechanism by infecting the boot sector of every floppy disk used in an infected computer. Other viruses of the time used similar mechanisms to propagate and were quite prevalent by the measures of the time. Once Microsoft Windows was released viruses were created that targeted the new operating system with WinVir being the first virus for the new operating system, it gained persistence by modifying the Windows Executable files. (Milošević, 2013) It spread to new systems over floppy disks.
For almost a decade, infected disks and CD’s remained the primary method of infection for computers. In 1998 this changed with the release of Happy99 in late 1998 that spread via email attachments. Another popular vector for virus infections was macro viruses that infected Microsoft word files which were shared frequently with other users allowing the virus to spread. With the increasing popularity of the Internet, the new malware created during this time leveraged the internet as a transmission vector.

In early 2000, Code Red worm was created that leveraged vulnerabilities in the IIS webservers to propagate. (Milošević, 2013) This opened a new infection vector where the malware would scan for and exploit systems running vulnerable software.

Over the years, malware has become more and more common and has evolved to gain persistence using multiple methods such as using rootkits to infect the OS kernel and other such methods. The one constant throughout the years was that we could clean up a malware infection by formatting the infected drive and restoring from a clean backup. As long as the backup and the installation media were clean we could be confident that the infection was cleared.

Unfortunately, this is no longer the case with new strains of malware using sophisticated techniques to gain persistence using the computer firmware.

A. UEFI malware – The early years

UEFI rootkits were referenced in various leaks and were considered mostly theoretical. The Hacking Team referenced something called ‘rkloader’ in their internal presentations and the Vault7 leaks referenced ‘DerStarke’ which was an EFI/UEFI boot implant. But there was no real evidence of these being used so they were considered mostly theoretical for the most part.

This changed in 2018 when the first rootkit that leveraged the UEFI to achieve persistence was discovered. This malware called Lojax was created by the Sednit APT group. It used a malicious UEFI module written into the SPI flash memory to ensure that it was able to execute malware during the boot up process. (ESET Research, 2018)

B. UEFI Malware – Infecting SPI flash memory

The LoJax malware used the kernel driver RwDrv.sys to access the UEFI settings. The driver is distributed with RWEverything, a freeware utility that can read the BIOS information in most computers. (ESET Research, 2018)

The malware used this driver to read the contents of the SPI flash memory into a file, by running a file called ReWriter_binary.exe. The data in the SPI is stored in volumes using the Firmware File System (FFS). It then parses the volues to search for the Ip4Dxe file. This file along with DXE Core is then modified to add the malicious UEFI module to it post which the entire file is written back to the SPI memory. If the configuration allows write access to SPI the malware immediately writes to the SPI memory but if write access is disabled it exploited a race condition vulnerability in the BIOS locking mechanism to bypass the write protection in SPI flash memory. (CERT, 2015)

C. MoonBounce: UEFI Bootkit

The MoonBounce Bootkit is the third instance of malware that uses UEFI to gain persistence, with Lojax and MosaicRegressor being the other two instances where it was used.

MoonBounce is a lot more sophisticated than the previous iterations and it executes completely in the system memory without writing anything to the hard drive making it a lot harder to detect than the previous iterations of the malware. It stages the execution and deployment of payloads over the internet allowing the attacker to deploy payloads on the system to achieve specific tasks.
MoonBounce was detected in spring 2021 and like the previous iterations attacks the DXE Core module in UEFI to infect the SPI Memory.

D. Using TPM Module & Trusted Computing to protect against this attack

The TPM Module in the modern machines is designed to provide hardware-based, security-related functions and allows the system to secure the system using integrated cryptographic keys.

If TPM is enabled and is being used correctly then it gives the system a way to ensure that all firmware and boot files are unmodified. If any of the files are modified then they will not pass the cryptographic check and the boot process will be halted. This would prevent the infected SPI memory from being loaded and would warn the defenders that their system has been breached.

Unfortunately, it is possible to disable the TPM chip for historical compatibility reasons, so the malware can do the same. One of the ways to disable the check and bypass the Secure Boot & TPM check is to modify the registry files in Windows. The steps to do so are very simple and are shown below (Tibbetts, 2021):

  • At the run prompt type in regedit, and press Enter.
  • Go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\Setup
  • Right-click on Setup and click New > Key. Name that LabConfig
  • Click on LabConfig, then right-click on the right pane, and click New > DWORD (32-bit Value).
  • Name the entry as BypassTPMCheck and change its Value data to 1
  • Create two more DWORDS and change the Value data to 1 just like you did above and name them BypassRAMCheck and BypassSecureBootCheck.

This removes the check for Secure Boot and while it can be desired at times it does open up the system to risk so should only be used for specific use cases where no other option is available.

Protecting against malware using firmware level persistence

To protect against this threat, we need to ensure that all components of the operating system and software on the computer are patched and updated to the latest version. We should enable end-point monitoring and IDS on the network to detect infection attempts. This will allow us to detect the malware before it infects the system and block it pre-emptively. The internet and email gateways should scan all incoming files to detect and block malware. In addition to the standard precautions to protect against malware, we should also ensure that all systems on the network are running the latest version of the UEFI/BIOS available.

Unfortunately, the remediation of the security issues in UEFI is a hard problem and doesn’t have an easy solution. So, the best way to protect against the threat is to try to prevent the system from getting infected in the first place.

Another option to detect infected SPI Memory is to create a tool that periodically creates a dump of the SPI memory and compares the checksum of the dump with a known clean dump. If the values don’t match then there is a high probability that the memory is infected and the administrators can then take steps to clean the firmware by flashing it with a known clean version of the firmware.

With the new methods of persistence available to the malware writers the best way to protect the assets is to try to ensure that you prevent the infection from happening in the first place. Once the machine is infected the task becomes harder and we would need to spend extra time and effort to clean and restore the systems to a clean state.
Done correctly this will decrease the risk of data exfiltration but no technique to detect infection is perfect so a lot of review and audits need to be done on a periodic basis to ensure that the system is still secure.


CERT. (2015, January 5). CERT/CC Vulnerability note vu#766164. VU#766164 – Intel BIOS locking mechanism contains race condition that enables write protection bypass. Retrieved March 21, 2022, from

Cisco. (2021, July 30). What is malware? – definition and examples. Cisco. Retrieved March 21, 2022, from
ESET Research. (2018, October 9). Lojax: First UEFI rootkit found in the wild, courtesy of the Sednit Group. WeLiveSecurity. Retrieved March 21, 2022, from

Neumann, J. V. (1951). Massachusetts Institute of Technology. Theory of Self Replicating Automata. Retrieved March 21, 2022, from
Tibbetts, T. (2021, July 10). How to bypass secure boot & trusted platform module. Providing Free and Editor Tested Software Downloads. Retrieved March 21, 2022, from

This was a paper for my Class in Q1 2022 which is why it is more formal than my usual posts.

April 28, 2022

Microsoft finds a Linux flaw that grants root access to untrusted users

Filed under: Computer Security,Linux/Unix Related — Suramya @ 11:30 AM

Now that is not a heading I thought I would ever write… I mean 20 years ago imagining that Microsoft would be working with Linux to the point where it would find and report a bug in Linux was unimaginable. For the longest time MS considered Linux to be a massive danger to it’s operations which is why former Microsoft CEO Steve Ballmer famously branded Linux “a cancer that attaches itself in an intellectual property sense to everything it touches” back in 2001. However that has now changed and Windows now has a Windows Subsystem for Linux (wsl) that allows users to run Linux programs from within Windows seamlessly.

This particular flaw which is tracked as CVE-2022-29799 and CVE-2022-29800 combine threats including directory traversal, symlink race, and time-of-check time-of-use (TOCTOU) race condition to gain root access. It was found when a Microsoft researcher Jonathan Bar Or was examining the code for a component known as “_run_hooks_for_state”. The flow to exploit would look something like the following (Thanks ARS Technica for the walkthrough):

Prepare a directory ”/tmp/nimbuspwn” and plant a symlink ”/tmp/nimbuspwn/poc.d“ to point to “/sbin”. The “/sbin” directory was chosen specifically because it has many executables owned by root that do not block if run without additional arguments. This will abuse the symlink race issue we mentioned earlier.
For every executable filename under “/sbin” owned by root, plant the same filename under “/tmp/nimbuspwn”. For example, if “/sbin/vgs” is executable and owned by root, plant an executable file “/tmp/nimbuspwn/vgs” with the desired payload. This will help the attacker win the race condition imposed by the TOCTOU vulnerability.
Send a signal with the OperationalState “../../../tmp/nimbuspwn/poc”. This abuses the directory traversal vulnerability and escapes the script directory.
The networkd-dispatcher signal handler kicks in and builds the script list from the directory “/etc/networkd-dispatcher/../../../tmp/nimbuspwn/poc.d”, which is really the symlink (“/tmp/nimbuspwn/poc.d”), which points to “/sbin”. Therefore, it creates a list composed of many executables owned by root.
Quickly change the symlink “/tmp/nimbuspwn/poc.d” to point to “/tmp/nimbuspwn”. This abuses the TOCTOU race condition vulnerability—the script path changes without networkd-dispatcher being aware.
The dispatcher starts running files that were initially under “/sbin” but in truth under the “/tmp/nimbuspwn” directory. Since the dispatcher “believes” those files are owned by root, it executes them blindly with subprocess.Popen as root. Therefore, our attacker has successfully exploited the vulnerability.

The vulnerability has been patched in the networkd-dispatcher and users running vulnerable systems should patch immediately.

Source: Microsoft finds Linux desktop flaw that gives root to untrusted users

– Suramya

April 27, 2022

MIT’s Ultra-thin speakers can be used to make any surface into a low-power, high-quality audio source

Filed under: Computer Hardware,Emerging Tech — Suramya @ 9:51 PM

Noise Cancellation is one of those things that initially we think that we don’t need but once you start using it, it becomes indispensable. I got my first set of noise canceling headsets back in 2002-2003 when I had a coworker who was extremely loud and would insist on sharing their thoughts in a very loud voice. The cherry on top was that a lot of what they said was wrong and it would grab my attention. I would be peacefully working then I would hear something and be like did they just make this statement? In short it was very distracting. So I got a noise canceling headset and was able to ignore them. Since then I have ensured that I always have my noise canceling headsets handy both at work and while traveling.

But you can’t install noise canceling everywhere (at least not cheaply). I have been fortunate that most of the places I have stayed at I didn’t have the problem of loud neighbors but others are not as fortunate. Loud neighbors are one of the major problems in urban life. Which is why I love this new invention by the folks over at MIT that allows you to convert your entire wall into a noise cancelling surface by putting ultra-thin speakers as a wallpaper in your room. These speakers are very thin & use very little power (100 milliwatts of electricity to power a single square meter).

their design relies on tiny domes on a thin layer of piezoelectric material which each vibrate individually. These domes, each only a few hair-widths across, are surrounded by spacer layers on the top and bottom of the film that protect them from the mounting surface while still enabling them to vibrate freely. The same spacer layers protect the domes from abrasion and impact during day-to-day handling, enhancing the loudspeaker’s durability.

To build the loudspeaker, the researchers used a laser to cut tiny holes into a thin sheet of PET, which is a type of lightweight plastic. They laminated the underside of that perforated PET layer with a very thin film (as thin as 8 microns) of piezoelectric material, called PVDF. Then they applied vacuum above the bonded sheets and a heat source, at 80 degrees Celsius, underneath them.

Because the PVDF layer is so thin, the pressure difference created by the vacuum and heat source caused it to bulge. The PVDF can’t force its way through the PET layer, so tiny domes protrude in areas where they aren’t blocked by PET. These protrusions self-align with the holes in the PET layer. The researchers then laminate the other side of the PVDF with another PET layer to act as a spacer between the domes and the bonding surface.

The applications are endless for this technology. They can be used to soundproof apartments, planes, cars etc. They can be used to create 3D immersive experiences cheaply without having to install gigantic speakers. They could also be used in phones and other devices to play sound/music. Since they are paper-thin, we can apply them as a wallpaper in a room that can be removed when moving out, which would allow renters to install them in the apartments.

The work is still in its early stages but it looks very promising.

Source: Gizmodo: Cover Your Wall in MIT’s New Paper Thin Speakers to Turn Your Bedroom Into a Noise Cancelling Oasis

– Suramya

April 25, 2022

Rainbow Algorithm (one of the candidates for post-quantum Cryptography) can be broken in under 53 hours

Filed under: Computer Security,Emerging Tech,My Thoughts,Quantum Computing — Suramya @ 11:59 PM

Quantum Computing has the potential to make the current encryption algorithms obsolete once it gets around to actually being implemented on a large scale. But the Cryptographic experts in charge of such things have been working on Post Quantum Cryptography over the past few years to offset this risk. After three rounds they had narrowed down the public-key encryption and key-establishment algorithms to Classic McEliece, CRYSTALS-KYBER, NTRU, and SABER and te finalists for digital signatures are CRYSTALS-DILITHIUM, FALCON, and Rainbow.

Unfortunately for the Rainbow algorithm, Ward Beullens at IBM Research Zurich in Switzerland managed to find the corresponding secret key for a given Rainbow public key in 53 hours using a standard laptop. This would allow anyone with a laptop to ‘prove’ they were someone else by producing the secret key for a given public key.

The Rainbow signature scheme [8], proposed by Ding and Schmidt in 2005, is one of the oldest and most studied signature schemes in multivariate cryptography. Rainbow is based on the (unbalanced) Oil and Vinegar signature scheme [16, 11], which, for properly chosen parameters, has withstood all cryptanalysis since 1999. In the last decade, there has been a renewed interest in multivariate cryptography, because it is believed to resist attacks from quantum adversaries. The goal of this paper is to improve the cryptanalysis of Rainbow, which is an important objective because Rainbow is currently one of three finalist signature
schemes in the NIST Post-Quantum Cryptography standardization project.

This obviously disqualifies the algorithm from being standardised as it has a known easily exploitable weakness. It goes on to prove that cryptography is not easy and the only way to ‘prove’ the strength of an algorithm is to let others test them for vulnerabilities. Or as Bruce Schneier put it in Schneier’s Law: ‘Anyone can create an algorithm that they themselves can’t break.’ , you need others to validate that claim.

Paper: Breaking Rainbow Takes a Weekend on a Laptop by Ward Beullens (PDF)
Source: New Scientist: Encryption meant to protect against quantum hackers is easily cracked

– Suramya

April 24, 2022

Smart-contract bug locks away $34 million highlighting major weakness in smart-contracts

Filed under: Computer Software,Emerging Tech — Suramya @ 9:57 PM

Over the years I have had many conversations with people about Blockchain and how it is supposed to solve all our problems, but for the most part I think Blockchain is overrated and doesn’t solve any problem that can’t be solved in an easier way using less resources. Then as if Blockchain’s were not enough someone went and created smart contracts which are basically programs stored on a blockchain that run when predetermined conditions are met. They typically are used to automate the execution of an agreement so that all participants can be immediately certain of the outcome, without any intermediary’s involvement or time loss. They can also automate a workflow, triggering the next action when conditions are met.IBM Smart-Contracts Def

The major issue with a blockchain contract is that the contract is immutable so if there is a bug in the program no one can modify it to fix the issue. When warned about this potential problem the proponents of the smart-contract pretty much handwaved the concerns away stating that the issue is not that big a deal and people were just opposing them because they dislike smart-contracts and are sticks in mud etc etc.

Unfortunately, this is no longer a theoretical issue as the developers of the AkuDreams contract found out over the weekend. Due to a bug in the contract code $34 million, or 11,539 eth, is permanently locked into the AkuDreams contract forever. It cannot be retrieved by individual users or by the dev team..

This shows how dangerous it is to have a program that can’t be modified because no matter what we do we can’t ensure that code written will be 100% bug free in all the cases. When there is a bug in regular software be can push out a patch to fix it, but that is not an option for smart-contracts and that as you can see becomes an expensive issue.

Source: $34M permanently locked into AkuDreams contract forever due to bad code

– Suramya

April 23, 2022

Molecular engines made of protein could power molecular machines

Filed under: Emerging Tech,My Thoughts — Suramya @ 11:48 PM

Nano-machines have long been staples of Sci-Fi stories where nanotech is used to cure illnesses , make new materials, kill people etc etc and in the recent years a lot of effort has been put in to make these machines real. Basically speaking, a nanomachine, also called a nanite, is a mechanical or electromechanical device whose dimensions are measured in nanometers (millionths of a millimeter, or units of 10 -9 meter). [What is Nanite] They are still in the R&D phase but a lot of progress is being made in the field.

Researchers at the University of Washington in Seattle have created the first building blocks of a molecular engine, namely the axles and rotors. The really cool part is that these are self assembling and use custom designed new proteins unlike any found in nature. The researchers used the advances in Deep learning software to predict what shape a given DNA sequence will fold into making it easier to find a code that makes the desired shape. This allows them to create custom shapes without having to modify existing molecules which can be quite hard.

The team made the machine parts by putting DNA coding for the custom proteins into E. coli bacteria, and then checked their structure using a method called cryogenic electron microscopy.

This showed that the axles assembled correctly inside the rotors, and also revealed the different configurations that would be expected if the axles were turning. But because cryogenic electron microscopy can only provide a series of stills rather than a moving picture, the team can’t say for sure if the axles are rotating.

If they are, it would only be a random back-and-forth movement driven by molecules knocking into each other, a phenomenon called Brownian motion. The team is now designing more components to drive the motion in one direction and create a rotary engine, says Baker.

The work is still in the preliminary stage and the team is designing more components to drive the motion in one direction and create a rotary engine to make sure that the movement seen in the current trials is not just due to Brownian motion. Once the technology is perfected it has a lot of use cases in fields such as BioMed to remove tumors, clean out arterial blocks, repair injuries and fields like material design where these machines can be used to create new materials which are stronger and lighter.

Source: Tiny axles and rotors made of protein could drive molecular machines
Paper: Computational design of mechanically coupled axle-rotor protein assemblies

– Suramya

April 22, 2022

Implications and Impact of Quantum Computing on Existing Cryptography

As all of you are aware the ability to break encryption of sensitive data like financial systems, private correspondence, government systems in a timely fashion is the holy grail of computer espionage. With the current technology it is unfeasible to break the encryption in a reasonable timeframe. If the target is using a 256-bit key an attacker will need to try a max of 2256 possible combinations to brute-force it. This means that even with the fastest supercomputer in the world will take millions of years to try all the combinations (Nohe, 2019). The number of combinations required to crack the encryption key increase exponentially, so a 2048-bit key has 22048 possible combinations and will take correspondingly longer time to crack. However, with the recent advances in Quantum computing the dream of breaking encryption in a timely manner is close to becoming reality in the near future.

Introduction to Quantum Computing

So, what is this Quantum computing and what makes it so special? Quantum computing is an emerging technology field that leverages quantum phenomena to perform computations. It has a great advantage over conventional computing due to the way it stores data and performs computations. In a traditional system information is stored in the form of bits, each of which can be either 0 or 1 at any given time. This makes a ‘bit’ the fundamental using of information in traditional computing. A Quantum computer on the other hand uses a ‘qubit’ as its fundamental unit and unlike the normal bit, a qubit can exist simultaneously as 0 and 1 — a phenomenon called superposition (Freiberger, 2017). This allows a quantum computer to act on all possible states of a qubit simultaneously, enabling it to perform massive operations in parallel using only a single processing unit. In fact, a theoretical projection has postulated that a Quantum Computer could break a 2048-bit RSA encryption in approximately 8 hours (Garisto, 2020).

In 1994 Peter W. Shor of AT&T deduced how to take advantage of entanglement and superposition to find the prime factors of an integer (Shor, 1994). He found that a quantum computer could, in principle, accomplish this task much faster than the best classical calculator ever could. He then proceeded to write an algorithm called Shor’s algorithm that could be used to crack the RSA encryption which prompted computer scientists to begin learning about quantum computing.

Introduction to Current Cryptography

Current security of cryptography relies on certain “hard” problems—calculations which are practically impossible to solve without the correct cryptographic key. Just as it is easy to break a glass jar but difficult to stick it back together there are certain calculations that are easy to perform but difficult to reverse. For example, we can easily multiply two numbers to get the result, however it is very hard to start with the result and work out which two numbers were multiplied to produce it. This becomes even more hard as the numbers get larger and this forms the basis of algorithms like the RSA (Rivest et al., 1978) that would take the best computers available billions of years to solve and all current IT security aspects are built on top of this basic foundation.

There are multiple ways of classifying cryptographic algorithms but in this paper, they will be classified based on the keys required for encryption and decryption. The main types of cryptographic algorithms are symmetric cryptography and asymmetric cryptography.

Symmetric Cryptography

Symmetric cryptography is a type of encryption that uses the same key for both encryption and decryption. This requires the sender and receiver to exchange the encryption key securely before encrypted data can be exchanged. This type of encryption is one of the oldest in the world and was used by Julius Caesar to protect his communications in Roman times (Singh, 2000). Caesar’s cipher, as it is known is a basic substitution cypher where a number is used to offset each alphabet in the message. For example, if the secret key is ‘4’ then each alphabet would be replaced with the 4th letter down from it, i.e. A would be replaced with E, B with F and so on. Once the sender and receiver agree on the encryption key to be used, they can start communicating. The receiver would take each character of the message and then go back 4 letters to arrive at the plain-text message. This is a very simple example, but modern cryptography is built on top of this principle.

Another example is from world war II during which the Germans were encrypting their transmissions using the Enigma device to prevent the Allies from decrypting their messages as they had in the first World War (Rijmenants, 2004). Each day both the receiver and sender would configure the gears and specific settings to a new value as defined by secret keys distributed in advance. This allowed them to transmit information in an encrypted format that was almost impossible for the allied forces to decrypt. Examples of symmetric encryption algorithms include Advanced Encryption Standard (AES), Data Encryption Standard (DES), and International Data Encryption Algorithm (IDEA).

Symmetric encryption algorithms are more efficient than asymmetric algorithms and are typically used for bulk encryption of data.

Asymmetric Cryptography

Unlike symmetric cryptography asymmetric cryptography uses two keys, one for encryption and a second key for decryption (Rouse et al., 2020). Asymmetric cryptography was created to address the problems of key distribution in symmetric encryption and is also known as public key cryptography. Modern public key cryptography was first described in 1976 by Stanford University professor Martin Hellman and graduate student Whitfield Diffie. (Diffie & Hellman, 1976)

Asymmetric encryption works with public and private keys where the public key is used to encrypt the data and the private key is used to decrypt the data (Rouse et al., 2020). Before sharing data, a user would generate a public-private keypair and they would then publish their public key on their website or in key management portals. Now, whoever wants to send private data to them would use their public key to encrypt the data before sending it. Once they receive the cipher-text they would use their private key to decrypt the data. If we want to add another layer of authentication to the communication, the sender would encrypt the data with their private key first and then do a second layer of encryption using the recipient’s public key. The recipient would first decrypt the message using their private key, then decrypt the result using the senders public key. This validates that the message was sent by the sender without being tampered. Public key cryptography algorithms in use today include RSA, Diffie-Hellman and Digital Signature Algorithm (DSA).

Quantum Computing vs Classical Computing

Current state of Quantum Computing

Since the early days of quantum computing we have been told that a functional quantum computer is just around the corner and the existing encryption systems will be broken soon. There has been significant investment in the field of Quantum computers in the past few years, with organizations like Google, IBM, Amazon, Intel and Microsoft dedicating a significant amount of their R&D budget to create a quantum computer. In addition, the European Union has launched a Quantum Technologies Flagship program to fund research on quantum technologies (Quantum Flagship Coordination and Support Action, 2018).

As of September 2020, the largest quantum computer is comprised of 65 qubits and IBM has published a roadmap promising a 1000 qbit quantum computer by 2023 (Cho, 2020). While this is an impressive milestone, we are still far away from a fully functional general use quantum computer. To give an idea of how far we still have to go Shor’s algorithm requires 72k3 quantum gates to be able to factor a k bits long number (Shor, 1994). This means in order to factor a 2048-bit number we would need a 72 * 20483 = 618,475,290,624 qubit computer which is still a long way off in the future.

Challenges in Quantum Computing

There are multiple challenges in creating a quantum computer with a large number of qubits as listed below (Clarke, 2019):

  • Qubit quality or loss of coherence: The qubits being generated currently are useful only on a small scale, after a particular no of operations they start producing invalid results.
  • Error Correction at scale: Since the qubits generate errors at scale, we need algorithms that will compensate for the errors generated. This research is still in the nascent stage and requires significant effort before it will be ready for production use.
  • Qubit Control: We currently do not have the technical capability to control multiple qubits in a nanosecond time scale.
  • Temperature: The current hardware for quantum computers needs to be kept at extremely cold temperatures making commercial deployments difficult.
  • External interference: Quantum computes are extremely sensitive to interference. Research at MIT has found that ionizing radiation from environmental radioactive materials and cosmic rays can and does interfere with the integrity of quantum computers.

Cryptographic algorithms vulnerable to Quantum Computing

Symmetric encryption schemes impacted

According to NIST, most of the current symmetric cryptographic algorithms will be relatively safe against attacks by quantum computer provided a large key is used (Chen et al., 2016). However, this might change as more research is done and quantum computers come closer to reality.

Asymmetric encryption schemes impacted

Unlike symmetric encryption schemes most of the current public key encryption algorithms are highly vulnerable to quantum computers because they are based on the previously mentioned factorization problem and calculation of discrete logarithms and both of these problems can be solved by implementing Shor’s algorithm on a quantum computer with enough qubits. We do not currently have the capability to create a computer with the required number of qubits due to challenges such as loss of qubit coherence due to ionizing radiation (Vepsäläinen et al., 2020), but they are a solvable problem looking at the ongoing advances in the field and the significant effort being put in the field by companies such as IBM and others (Gambetta et al., 2020).

Post Quantum Cryptography

The goal of post-quantum cryptography is to develop cryptographic algorithms that are secure against quantum computers and can be easily integrated into existing protocols and networks.

Quantum proof algorithms

Due to the risk posed by quantum computers, the National Institute of Standards and Technology (NIST) has been examining new approaches to encryption and out of the initial 69 submissions received three years ago, the group has narrowed the field down to 15 finalists and has now begun the third round of public review of the algorithms (Moody et al., 2020) to help decide the core of the first post-quantum cryptography standard. They are expecting to end the round with one or two algorithms for encryption and key establishment, and one or two others for digital signatures (Moody et al., 2020).

Quantum Key Distribution

Quantum Key Distribution (QKD) uses the characteristics of quantum computing to implement a secure communication channel allowing users to exchange a random secret key that can then be used for symmetrical encryption (IDQ, 2020). QKD solves the problem of secure key exchange for symmetrical encryption algorithms and it has the capability to detect the presence of any third party attempting to eavesdrop on the key exchange. If there is an attempt by a third-party to eavesdrop on the exchange, they will create anomalies in the quantum superpositions and quantum entanglement which will alert the parties to the presence of an eavesdropper, at which point the key generation will be aborted (IDQ, 2020). The QKD is used to only produce and distribute an encryption key securely, not to transmit any data. Once the key is exchanged it can be used with any symmetric encryption algorithm to transmit data securely.


Development of a quantum computer may be 100 years off or may be invented in the next decade, but we can be sure that once they are invented, they will change the face of computing forever including the field of cryptography. However, we should not panic as this is not the end of the world as the work on quantum resistant algorithms is going much faster than the work on creating a quantum computer. The world’s top cryptographic experts have been working on Quantum safe encryption for the past three years and we are nearing the completion of the world’s first post-quantum cryptography standard (Moody et al., 2020). Even if the worst happens and it is not possible to create a quantum safe algorithm immediately, we still have the ability to encrypt and decrypt data using one-time pads until a safer alternative or a new technology is developed.


Chen, L., Jordan, S., Liu, Y.-K., Moody, D., Peralta, R., Perlner, R., & Smith-Tone, D. (2016). Report on Post-Quantum Cryptography.

Cho, A. (2020, September 15). IBM promises 1000-qubit quantum computer-a milestone-by 2023. Science.

Clarke, J. (2019, March). An Optimist’s View of the Challenges to Quantum Computing. IEEE Spectrum: Technology, Engineering, and Science News.

Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.

Freiberger, M. (2017, October 1). How does quantum computing work?

Gambetta, J., Nazario, Z., & Chow, J. (2020, October 21). Charting the Course for the Future of Quantum Computing. IBM Research Blog.

Garisto, D. (2020, May 4). Quantum computers won’t break encryption just yet.

IDQ. (2020, May 6). Quantum Key Distribution: QKD: Quantum Cryptography. ID Quantique.
Moody, D., Alagic, G., Apon, D. C., Cooper, D. A., Dang, Q. H., Kelsey, J. M., Yi-Kai, L., Miller, C., Peralta, R., Perlner R., Robinson A., Smith-Tone, D., & Alperin-Sheriff, J. (2020). Status report on the second round of the NIST post-quantum cryptography standardization process.

Nohe, P. (2019, May 2). What is 256-bit encryption? How long would it take to crack?
Quantum Flagship Coordination and Support Action (2018, October). Quantum Technologies Flagship.

Rijmenants, D. (2004). The German Enigma Cipher Machine. Enigma Machine.

Rivest, R. L., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

Rouse, M., Brush, K., Rosencrance, L., & Cobb, M. (2020, March 20). What is Asymmetric Cryptography and How Does it Work? SearchSecurity.

Shor, P. w. (1994). Algorithms for quantum computation: discrete logarithms and factoring. Proceedings 35th Annual Symposium on Foundations of Computer Science, 124–134.

Singh, S. (2000). The code book: The science of secrecy from Egypt to Quantum Cryptography. Anchor Books.

Vepsäläinen, A. P., Karamlou, A. H., Orrell, J. L., Dogra, A. S., Loer, B., Vasconcelos, F., David, K. K., Melville A. J., Niedzielski B. M., Yoder J. L., Gustavsson, S., Formaggio J. A., VanDevender B. A., & Oliver, W. D. (2020). Impact of ionizing radiation on superconducting qubit coherence. Nature, 584(7822), 551–556.

Note: This was originally written as a paper for one of my classes at EC-Council University in Q4 2020, which is why the tone is a lot more formal than my regular posts.

– Suramya

April 21, 2022

It is possible to plant Undetectable Backdoors in Machine Learning Models

Filed under: Computer Security,Computer Software,Emerging Tech,My Thoughts — Suramya @ 2:23 AM

Machine learning (ML) is the big thing and ML algorithms are slowly creeping into all aspects of our life such as unlocking your phone using facial recognition, evaluating the eligibility for a loan, surveillance, what ads you see when surfing the web, what search results you get when searching for stuff etc etc. The problem is that ML algorithms are not infallible they depend on the training data used, confirmational bias etc. At the very least they enforce the existing bias for example, if a company only hires men 25-45 for a role then the ML data set will take this as the input and all future candidates will be evaluated against this criteria because the system thinks that this is what a success looks like. The algorithms themselves are getting more and more complicated and it is almost impossible to review and validate the findings. Due to this decisions are being made by machines that can’t be audited easily. Plus it doesn’t help that most ML models are proprietary and the companies refuse to let outsiders examine them due to Trade secrets and proprietary information used in them.

Another problem is that these ML models is adversarial perturbations where attackers make minor changes to the image/data going in to get a specific response/output. There are a lot of examples of this in the past few years and some of them are listed below (Thanks to Cory Doctorow for consolidating them in one place)

These all take advantage of flaws in the ML model that can be exploited using minor changes in the input data. However, there is another major exploit surface available which is incredibly hard to protect against: Backdoors in the ML models by creating a model that will accept a particular entry/key to produce a specific output. The ‘best’ part is that it is almost impossible to detect if this has been done because the model will function exactly the same as an un-tampered model and will only show the abnormal behavior for the specific key which would have been randomly generated by the creator during the training. If done well then the modifications will be undetectable for most tests.

A team for MIT and IAS has written a paper on it (“Planting Undetectable Backdoors in Machine Learning Models“) where they go into details of how this can be done and the potential impact. Unfortunately, they have not been able to come up with a feasible defense against this attack as of this time. Hopefully that will change as others start focusing on this problem and how to solve it.

Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot be detected by any computationally-bounded observer. We demonstrate two frameworks for planting undetectable backdoors, with incomparable guarantees.

First, we show how to plant a backdoor in any model, using digital signature schemes. The construction guarantees that given black-box access to the original model and the backdoored version, it is computationally infeasible to find even a single input where they differ. This property implies that the backdoored model has generalization error comparable with the original model. Second, we demonstrate how to insert undetectable backdoors in models trained using the Random Fourier Features (RFF) learning paradigm or in Random ReLU networks. In this construction, undetectability holds against powerful white-box distinguishers: given a complete description of the network and the training data, no efficient distinguisher can guess whether the model is “clean” or contains a backdoor.

Our construction of undetectable backdoors also sheds light on the related issue of robustness to adversarial examples. In particular, our construction can produce a classifier that is indistinguishable from an “adversarially robust” classifier, but where every input has an adversarial example! In summary, the existence of undetectable backdoors represent a significant theoretical roadblock to certifying adversarial robustness.

The paper is still waiting for the peer-review to complete but the concept and methods they describe seem solid so this is a problem we will have to solve sooner rather than later considering the speed with which ML models are impacting our life.

Source: Schneier on Security: Undetectable Backdoors in Machine-Learning Models

– Suramya

Older Posts »

Powered by WordPress