Presentation is loading. Please wait.

Presentation is loading. Please wait.

A few open problems in computer security David Wagner University of California, Berkeley.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A few open problems in computer security David Wagner University of California, Berkeley."— Presentation transcript:

1 A few open problems in computer security David Wagner University of California, Berkeley

2 Overview of the field  Communication security through cryptography  Endpoint security through systems techniques insecure channel insecure endpoint

3 Background Goals:  Confidentiality  Integrity  Availability … even in the presence of a malicious adversary! Problems:  Today’s systems often fail to meet these goals  Security is often an afterthought

4 Part 1: Critical Infrastructure

5 Infrastructure protection  Critical infrastructures e.g., power, water, oil, gas, telecom, banking, … Evolving legacy systems Increasingly reliant on I.T. Very large scale Tightly interdependent  Security is a challenge!

6 The electric power grid  Elements Loads (users) Distribution (local area) Transmission (long-distance) Generators (adapt slowly) Control centers Bidding & coordination Communication networks

7 Cascading failures March 1989: Solar storms cause outages in Quebec, trips interlocks throughout the US August 1996: Two faults in Oregon cause oscillations that lead to blackouts in 13 states  Generation capacity margin at only 12% (down from 25% in 1980)  Will get worse over next decade: demand grows 20%, transmission capacity grows 3% (projected)

8 Transmission: An example? capacity 100Kv capacity 25Kv 80Kv 20Kv 40Kv 60Kv capacity 75Kv

9 Transmission: An example? capacity 100Kv capacity 25Kv 80Kv 20Kv 40Kv 60Kv Line failure! capacity 75Kv

10 Transmission: An example? capacity 100Kv capacity 25Kv 73Kv 87Kv 29Kv 0Kv 29Kv 58Kv 73Kv capacity 75Kv

11 Transmission: An example? capacity 100Kv capacity 25Kv 73Kv 87Kv 29Kv 0Kv 29Kv 58Kv 73Kv Overload! capacity 75Kv

12 Transmission: An example? capacity 100Kv capacity 25Kv 73Kv 87Kv 29Kv 0Kv 29Kv 58Kv 73Kv Overload! capacity 75Kv

13 Transmission: An example? capacity 100Kv capacity 25Kv 80Kv 0Kv 80Kv capacity 75Kv

14 Transmission: An example? capacity 100Kv capacity 25Kv 80Kv 0Kv 80Kv capacity 75Kv Overload!

15 Transmission: An example? capacity 100Kv capacity 25Kv 80Kv 0Kv 80Kv capacity 75Kv Overload!

16 Transmission: An example? capacity 100Kv capacity 25Kv 0Kv capacity 75Kv

17 Possible research problems  Modelling an infrastructural system Can we construct a useful predictive model? Given a model, can we efficiently measure its security against malicious attack?  Structural properties of such systems What key parameters determine their properties? Are there local control rules that ensure global stability? How can we design inherently self-stabilizing systems?

18 Part 2: Algebraic Crypto

19 x E k (x) k What’s a block cipher? E k : X → X bijective for all k

20 When is a block cipher secure?  x  (x) random permutation k E x E k (x) block cipher Answer: when these two black boxes are indistinguishable.

21 Example: The AES SSSSSSSSSSSSSSSS 4×4 matrix byte re-ordering One round S(x) = l(x -1 ) in GF(2 8 ), where l is GF(2)-linear and the MDS matrix and byte re-ordering are GF(2 8 )-linear

22 Interpolation attacks Express cipher as a polynomial in the message & key: id X X EkEk X X p  Write E k (x) = p(x), then interpolate from known texts  Or, p’(E k (x)) = p(x)  Generalization: probabilistic interpolation attacks  Noisy polynomial reconstruction, decoding Reed-Muller codes

23 Rational interpolation attacks Express the cipher as a rational polynomial: id X X EkEk X X p/q  If E k (x) = p(x)/q(x), then:  Write E k (x)×q(x) = p(x), and apply linear algebra  Note: rational poly’s are closed under composition  Are probabilistic rational interpolation attacks feasible?

24 Resultants A unifying view: bivariate polynomials:  The small diagrams commute if p i (x, f i (x)) = 0 for all x  Small diagrams can be composed to obtain q(x, f 2 (f 1 (x))) = 0, where q(x,z) = res y (p 1 (x,y), p 2 (y,z))  Some details not worked out... X X f1f1 X p1p1 X p2p2 X f2f2

25 Public-key encryption Let S(x) = x 3 in GF(2 8 ). Define f = L’ ◦ S ◦ L. Private key: L, L’, a pair of GF(2 8 )-linear maps Public key: f, given explicitly by listing its coefficients SSSSSSSSSSSSSSSS L’ L

26 The MP problem  Find semi-efficient algorithms for the following: Let f 1,..., f m be multivariate polynomials in n unknowns over a finite field K, and consider the system of equations f 1 (x 1,..., x n ) = 0... f m (x 1,..., x n ) = 0 Often: f i are sparse, low degree, and K = GF(2 q ) for q  8 Also, the case m  n is of special interest in crypto

27 What’s known about MP?  For quadratic equations (degree 2): m  n 2 /2: polynomial time via linearization m  εn 2 : polynomial time via re-linearization, XL m  n 2 + c: conjectured subexponential time via XL m = n: hard? (NP-complete worst-case) Why not existing Groebner base algorithms? - exponential running time (n  15 is infeasible) - not optimized for small fields

28 Summary  Critical infrastructure protection An important area, and A source of intellectually satisfying problems  Algebraic cryptosystems of growing importance Collaboration between cryptographic and mathematical communities might prove fruitful here

29 Backup Slides

30 Power grid security  Eligible Receiver (Nov 97): NSA hackers take down part of power grid, E911 in simulated attack using off-the-shelf software  Zenith Star (Oct 99): little improvement  Vulnerability assessments: control systems connected to Internet, dialup modems with poor passwords, using weak software

Download ppt "A few open problems in computer security David Wagner University of California, Berkeley."

Similar presentations

Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.

Asymptotically Optimal Communication for Torus- Based Cryptography David Woodruff MIT Joint work with Marten van Dijk Philips/MIT.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Public Key Encryption Algorithm

Public Key Encryption Algorithm
Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.

Analysis and design of symmetric ciphers David Wagner University of California, Berkeley.
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
Towards a unifying view of block cipher cryptanalysis David Wagner University of California, Berkeley.

Towards a unifying view of block cipher cryptanalysis David Wagner University of California, Berkeley.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.

Secure Efficient Multiparty Computing of Multivariate Polynomials and Applications Dana Dachman-Soled, Tal Malkin, Mariana Raykova, Moti Yung.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Similar presentations

Ads by Google