The paper “Victory by KO: Attacking OpenPGP Using Key Overwriting” by Lara Bruseghini (ETH Zurich & Proton AG), Daniel Huigens (Proton AG) and Kenny Paterson (ETH Zurich) won a distinguished paper award at ACM CCS 2022 this week.
The annual conference is one of the top four security conferences and was held this year in Los Angeles, where Lara accepted the award on behalf of the team. The paper has already had a substantial impact on the use of OpenPGP in practice: multiple libraries have updated their code and the OpenPGP standard under development at the IETF now includes the countermeasures recommended in the paper. In addition, the “key overwriting” or “KO” attack vector is proving to be very useful in the group’s follow-up work on cloud storage systems.
To read more about the paper, please visit https://www.kopenpgp.com/