This week saw Real World Crypto 2016 in Stanford California. The highlight was the first awarding of the Levchin prize for work in the field of practical cryptography. The prize award is donated by Max Levchin, a founder of PayPal, and two such prizes of $10,000 will be awarded annually.
The first recipients of the award are
- Phil Rogaway for his long standing work on developing practical cryptographic algorithms, the development of practice oriented provable security, format preserving encryption and numerous other algorithms which are used every day to secure our online world.
- The miTLS team for their work on producing a formal analysis of the TLS protocol specification, and in the process finding a number of real world attacks on this protocol such as the triple-handshake attack.
The real purpose of the award though is to highlight work to the wider community that one can have deep and lasting impact on society by working in an area as mathematically opaque as cryptography. Awards such as this, and events such as Real World Crypto, are designed to raise the profile of applied work in this space and encourage people to apply their skills to solving the pressing security problems affecting our online world.
In the rest of the conference there was an amazing program of interesting talks (although I would say so, since I was on the panel for selecting the talks). The highlight of day one for me was the talk by Adrienne Porter Felt on usability issues related to TLS failures in Google Chrome. By collecting numerous bug reports from Chrome users the team at Google found that most errors are not due to poor server configurations (indeed most errors occur when users connect to sites such as Google or Facebook), but are due to poor client configurations. For example a significant proportion of errors are caused by device times being incorrect. So lesson: Make sure you set your clocks correctly.
One highlight of the second day was Hovav Shacham's talk on the recent discovery of a backdoor Juniper's ScreenOS. The initial backdoor was rather uninteresting in that if a certain key combination was presented a user would be given enhanced privileges. However, on discovery of this backdoor Hovav and his colleagues discovered a more interesting potential backdoor based on the Dual-EC PRNG that could compromise the VPN traffic that Juniper is used to protect. The interesting part was that previous cryptographic focus on Dual-EC has been on products which had explicitly listed Dual-EC usage as part of their FIPS certification. The Juniper product had not explicitly listed that it used Dual-EC, so the discovery of a Dual-EC based potential backdoor could imply that many more products, by many more vendors, could be using the Dual-EC PRNG.
One highlight of the second day was Hovav Shacham's talk on the recent discovery of a backdoor Juniper's ScreenOS. The initial backdoor was rather uninteresting in that if a certain key combination was presented a user would be given enhanced privileges. However, on discovery of this backdoor Hovav and his colleagues discovered a more interesting potential backdoor based on the Dual-EC PRNG that could compromise the VPN traffic that Juniper is used to protect. The interesting part was that previous cryptographic focus on Dual-EC has been on products which had explicitly listed Dual-EC usage as part of their FIPS certification. The Juniper product had not explicitly listed that it used Dual-EC, so the discovery of a Dual-EC based potential backdoor could imply that many more products, by many more vendors, could be using the Dual-EC PRNG.
The talks generating the most interest on the third day were the ones explaining the new Intel SGX technology. This is a technology which allows applications to run in an "encrypted enclave" on an Intel chip; where data is held encrypted in memory and is only decrypted as it enters the chip and is processed. When it returns to memory it is automatically encrypted. At its heart this idea goes back to the original paper on homomorphic encryption by Rivest et al from the mid 1970s. However, the new Intel technology has a number of additional features which make it suitable for a modern environment. The first talk by Rebekeh Leslie Hurd introduced the overall technology and some of the attestation and communication issues needed to authenticate the enclaves, and allow enclaves to talk to each other. The second talk by Shay Gueron discussed the details of how the memory is encrypted in a way which respects the cache architecture on modern microprocessors.
No comments:
Post a Comment