CrySyS Lab

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Laboratory of Cryptography and System Security (CrySyS Lab, spelling: [kri:sis]) is part of the Department of Telecommunications at the Budapest University of Technology and Economics. The full Hungarian name is CrySys Adat- és Rendszerbiztonság Laboratórium.


CrySyS Lab. was founded in 2003 by a group of security researchers at the Budapest University of Technology and Economics. Currently, it is located in the Infopark Budapest. The heads of the lab were Dr. István Vajda (2003–2010) and Dr. Levente Buttyán (2010-now). Since its establishment, the lab participated in several research and industry projects, including successful EU FP6 and FP7 projects (SeVeCom,[1] a UbiSecSens [2] and WSAN4CIP[3]).

Research results[edit]

CrySyS Lab is recognized in research for its contribution to the area of security in wireless embedded systems. In this area, the members of the lab produced

  • 5 books
  • 4 book chapters
  • 21 journal papers
  • 47 conference papers
  • 3 patents
  • 2 Internet Draft

The above publications had an impact factor of 30+ and obtained more than 7500 references. Several of these publications appeared in highly cited journals (e.g., IEEE Transactions on Dependable and Secure Systems, IEEE Transactions on Mobile Computing).

Forensics analysis of malware incidents[edit]

The laboratory was involved in the forensic analysis of several high-profile targeted attacks.[4]

In October 2011, CrySyS Lab discovered the Duqu malware;[5] pursued the analysis of the Duqu malware and as a result of the investigation, identified a dropper file with an MS 0-day kernel exploit inside;[6] and finally released a new open-source Duqu Detector Toolkit[7] to detect Duqu traces and running Duqu instances.

In May 2012, the malware analysis team at CrySyS Lab participated in an international collaboration aiming at the analysis of an as yet unknown malware, which they call sKyWIper. At the same time Kaspersky Lab analyzed the malware Flame[8] and Iran National CERT (MAHER)[9] the malware Flamer. Later, they turned out to be the same.

Other analysis published by CrySyS Lab include the password analysis of the Hungarian ISP, Elender, and a thorough Hungarian security survey of servers after the publications of the Kaminsky DNS attack.[10]


  1. ^ "Sevecom". Sevecom. Retrieved 2012-07-03.
  2. ^ "UbiSec&Sens". Retrieved 2012-07-03.
  3. ^ "Home: WSAN4CIP Project". Retrieved 2012-07-03.
  4. ^ "CrySyS Lab. - Targeted attacks". Archived from the original on 2012-07-03. Retrieved 2012-07-03.
  5. ^ "Duqu FAQ". Securelist. Retrieved 2012-07-03.
  6. ^ "Duqu: Status Updates Including Installer with Zero-Day Exploit Found | Symantec Connect Community". 2011-11-03. Retrieved 2012-07-03.
  7. ^ "CrySyS Lab. - Duqu detector". 2012-03-15. Archived from the original on 2012-06-26. Retrieved 2012-07-03.
  8. ^ "The Flame: Questions and Answers". Securelist. 2012-05-28. Retrieved 2012-07-03.
  9. ^ "مركز مدیریت امداد و هماهنگی عملیات رخدادهای رایانه ای:: Identification of a New Targeted Cyber-Attack". 2012-05-28. Archived from the original on 2012-06-13. Retrieved 2012-07-03.
  10. ^