This week saw Real World Crypto
2016 in Stanford California. The highlight was the first awarding of the
Levchin prize for work in the field of practical cryptography. The
prize award is donated by Max Levchin, a founder of PayPal, and two such
prizes of $10,000 will be awarded annually.
The first recipients of the award are
- Phil Rogaway for his long standing work on developing practical cryptographic algorithms, the development of practice oriented provable security, format preserving encryption and numerous other algorithms which are used every day to secure our online world.
- The miTLS team for their work on producing a formal analysis of the TLS protocol specification, and in the process finding a number of real world attacks on this protocol such as the triple-handshake attack.
The real purpose of the
award though is to highlight work to the wider community that one can
have deep and lasting impact on society by working in an area as
mathematically opaque as cryptography. Awards such as this, and events
such as Real World Crypto, are designed to raise the profile of applied
work in this space and encourage people to apply their skills to solving
the pressing security problems affecting our online world.
In
the rest of the conference there was an amazing program of interesting
talks (although I would say so, since I was on the panel for selecting
the talks). The highlight of day one for me was the talk by Adrienne
Porter Felt on usability issues related to TLS failures in Google
Chrome. By collecting numerous bug reports from Chrome users the team at
Google found that most errors are not due to poor server configurations
(indeed most errors occur when users connect to sites such as Google or
Facebook), but are due to poor client configurations. For example a
significant proportion of errors are caused by device times being
incorrect. So lesson: Make sure you set your clocks correctly.
One highlight of the second day was Hovav Shacham's talk on the recent discovery of a backdoor Juniper's ScreenOS. The initial backdoor was rather uninteresting in that if a certain key combination was presented a user would be given enhanced privileges. However, on discovery of this backdoor Hovav and his colleagues discovered a more interesting potential backdoor based on the Dual-EC PRNG that could compromise the VPN traffic that Juniper is used to protect. The interesting part was that previous cryptographic focus on Dual-EC has been on products which had explicitly listed Dual-EC usage as part of their FIPS certification. The Juniper product had not explicitly listed that it used Dual-EC, so the discovery of a Dual-EC based potential backdoor could imply that many more products, by many more vendors, could be using the Dual-EC PRNG.
One highlight of the second day was Hovav Shacham's talk on the recent discovery of a backdoor Juniper's ScreenOS. The initial backdoor was rather uninteresting in that if a certain key combination was presented a user would be given enhanced privileges. However, on discovery of this backdoor Hovav and his colleagues discovered a more interesting potential backdoor based on the Dual-EC PRNG that could compromise the VPN traffic that Juniper is used to protect. The interesting part was that previous cryptographic focus on Dual-EC has been on products which had explicitly listed Dual-EC usage as part of their FIPS certification. The Juniper product had not explicitly listed that it used Dual-EC, so the discovery of a Dual-EC based potential backdoor could imply that many more products, by many more vendors, could be using the Dual-EC PRNG.
The
talks generating the most interest on the third day were the ones
explaining the new Intel SGX technology. This is a technology which
allows applications to run in an "encrypted enclave" on an Intel chip;
where data is held encrypted in memory and is only decrypted as it
enters the chip and is processed. When it returns to memory it is
automatically encrypted. At its heart this idea goes back to the
original paper on homomorphic encryption by Rivest et al from the mid
1970s. However, the new Intel technology has a number of additional
features which make it suitable for a modern environment. The first talk
by Rebekeh Leslie Hurd introduced the overall technology and some of
the attestation and communication issues needed to authenticate the
enclaves, and allow enclaves to talk to each other. The second talk by
Shay Gueron discussed the details of how the memory is encrypted in a
way which respects the cache architecture on modern microprocessors.
No comments:
Post a Comment