security in malicious environments nsf programs in
play

Security in Malicious Environments: NSF Programs in - PowerPoint PPT Presentation

Apr 20, 2023 •180 likes •552 views

Background Classical Tools Beyond Cryptography NSF Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil Regalia Program Director Directorate for Computer & Information Science & Engineering

  1. Background Classical Tools Beyond Cryptography NSF Security in Malicious Environments: NSF Programs in Information-Theoretic Network Security Phil Regalia Program Director Directorate for Computer & Information Science & Engineering Division of Computing and Communication Foundations National Science Foundation Arlington, Virginia 22203 pregalia@nsf.gov DIMACS Workshop on Coding-Theoretic Methods for Network Security 1–3 April 2015

  2. Background Classical Tools Beyond Cryptography NSF Outline Background 1 Classical Tools 2 Beyond Cryptography 3 NSF 4

  3. Background Classical Tools Beyond Cryptography NSF Secure Networking “Imagine a world seamlessly networked . . . ”

  4. Background Classical Tools Beyond Cryptography NSF Secure Networking “Imagine a world seamlessly networked . . . ” and full of bad guys:

  5. Background Classical Tools Beyond Cryptography NSF The Glory Days of Cryptanalysis Colossus code breaker German Enigma cryptosystem Alan Turing World War II: The German Enigma cryptosystem is broken.

  6. Background Classical Tools Beyond Cryptography NSF Traditional Secrecy Tool: Cryptography message Alice Bob Eve secret key Symmetric key cryptography (AES): assumes “secure channel” between Alice and Bob to communicate common key. Key generation: can use public key cryptography, and/or common randomness, and/or quantum techniques, and/or . . . When many Alices and Bobs exist, key management becomes a weak link. Kerckhoffs’s Principle (1883) A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

  7. Background Classical Tools Beyond Cryptography NSF Traditional Secrecy Tool: Cryptography message Alice Bob Eve secret key Symmetric key cryptography (AES): assumes “secure channel” between Alice and Bob to communicate common key. Key generation: can use public key cryptography, and/or common randomness, and/or quantum techniques, and/or . . . When many Alices and Bobs exist, key management becomes a weak link. Kerckhoffs’s Principle (1883) A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

  8. Background Classical Tools Beyond Cryptography NSF Traditional Secrecy Tool: Cryptography message Alice Bob Eve secret key Symmetric key cryptography (AES): assumes “secure channel” between Alice and Bob to communicate common key. Key generation: can use public key cryptography, and/or common randomness, and/or quantum techniques, and/or . . . When many Alices and Bobs exist, key management becomes a weak link. Kerckhoffs’s Principle (1883) A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

  9. Background Classical Tools Beyond Cryptography NSF Fast Forward to the Present Great advances in cryptography: Super Cryptographic secure message strength has door improved steadily (AES and beyond) key What about the key ? under mat

  10. Background Classical Tools Beyond Cryptography NSF Fast Forward to the Present Great advances in cryptography: Super Cryptographic secure message strength has door improved steadily (AES and beyond) key What about the key ? under mat

  11. Background Classical Tools Beyond Cryptography NSF Today’s World: The Weak Link Today’s cryptography is “strong”. But: Security hinges on key distribution: keys are “entrusted” to humans. It’s much easier to hack humans than to break crypto systems. http://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access- systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a story.html

  12. Background Classical Tools Beyond Cryptography NSF Wikileaks Top secret, classified information

  13. Background Classical Tools Beyond Cryptography NSF Digital Rights/Restriction Management (DRM) On DRM keys: “No one has ever implemented a DRM system that does not depend on secret keys for its operation. There are many smart people in the world, who love to discover such secrets and publish them. It’s a cat-and-mouse game.” —Steve Jobs http://web.archive.org/web/20080517114107/http:/www.apple.com/hotnews/thoughtsonmusic

  14. Background Classical Tools Beyond Cryptography NSF Other examples of leaked keys Content Scrambling System (CSS). Designed to impose separate geographic pricing regimes for DVDs. ⇒ leaked key gave rise to DeCSS Sony Playstation 3: ⇒ leaked decryption keys for PSJailBreak and LV0: can now boot “other OS”. Many others . . . http://en.wikipedia.org/wiki/DeCSS http://www.eurogamer.net/articles/digitalfoundry-ps3-the-final-hack

  15. Background Classical Tools Beyond Cryptography NSF Keyless Security Can we secure data & communications without using keys? Y es, using coding for the wiretap channel: X Y U Alice Channel Bob (auxiliary variable) Z Eve � � Secrecy capacity = sup I ( U , Y ) − I ( U , Z ) U → X → ( Y , Z ) → C A → B − C A → E When secrecy capacity is negative, a two-way protocol by Maurer (1993) gives virtual channels, ensuring Eve’s is worse than Bob’s.

  16. Background Classical Tools Beyond Cryptography NSF Keyless Security Can we secure data & communications without using keys? Y es, using coding for the wiretap channel: X Y U Alice Channel Bob (auxiliary variable) Z Eve � � Secrecy capacity = sup I ( U , Y ) − I ( U , Z ) U → X → ( Y , Z ) → C A → B − C A → E When secrecy capacity is negative, a two-way protocol by Maurer (1993) gives virtual channels, ensuring Eve’s is worse than Bob’s.

  17. Background Classical Tools Beyond Cryptography NSF Code design Message m determines code word x according to � 0 � � H 1 � = x = m H ∆ � �� � H Bob estimates message according to ˆ x = argmin ξ d ( y , ξ ) subject to 0 = H 1 ξ � ⇒ m = H ∆ ˆ x H and H 1 define nested codes according to C = { ξ : H ξ = 0 } ⇒ C ⊂ C 1 C 1 = { ξ : H 1 ξ = 0 }

  18. Background Classical Tools Beyond Cryptography NSF Code design Specifications: C 1 is a “fine code” (higher rate) that is capacity approaching for Bob’s channel ( R B < C B ); C ( m ) is a “coarse code” (lower rate, one code-book per candidate message m ) that is capacity saturating for Eve’s channel ( R E > C E ); Each coarse code is contained in the fine code: C ( m ) ⊂ C 1 ; The code word sent by Alice is chosen randomly from C ( m ) . Actual secrecy rate is then R S = R B − R E . ⇒ Same code construct as in dirty paper coding, information hiding, watermarking, steganography, . . .

  19. Background Classical Tools Beyond Cryptography NSF Wish list “Rateless” or “universal” secure codes: secrecy without knowing channel state; Multi-terminal extensions (beyond “successively degraded” channels); Multi-layer integration; Active adversaries (Byzantine nodes); “Human-proof” secure key agreement: Agree on secret message rather than secret key; Strong versus weak secrecy.

  20. Background Classical Tools Beyond Cryptography NSF Strong versus Weak Secrecy Weak secrecy: The rate of information leakage is bounded: I ( X n 1 ; Z n 1 ) ≤ ǫ, for n > n ∗ n Strong secrecy: The total information leakage is bounded: I ( X n 1 ; Z n 1 ) ≤ ǫ, for all n Secrecy capacity essentially the same, although achievable strong secrecy methods tend to be more cumbersome. Exception: Erasure codes/channels Strong secrecy can be verified using linear algebra (rank of certain matrices).

  21. Background Classical Tools Beyond Cryptography NSF Strong versus Weak Secrecy Weak secrecy: The rate of information leakage is bounded: I ( X n 1 ; Z n 1 ) ≤ ǫ, for n > n ∗ n Strong secrecy: The total information leakage is bounded: I ( X n 1 ; Z n 1 ) ≤ ǫ, for all n Secrecy capacity essentially the same, although achievable strong secrecy methods tend to be more cumbersome. Exception: Erasure codes/channels Strong secrecy can be verified using linear algebra (rank of certain matrices).

  22. Background Classical Tools Beyond Cryptography NSF Distributed Storage Modern/updated application of erasure codes: hard disk failures, power losses, sabotage, . . . , all appear as network erasures. Code design has focused on data recovery at minimal cost (repair bandwidth; locality constraints; maximum failure rate; . . . ). Can also encode resilience to data theft (using bounded theft model). Strong secrecy is applicable.

  23. Background Classical Tools Beyond Cryptography NSF Distributed Storage Modern/updated application of erasure codes: hard disk failures, power losses, sabotage, . . . , all appear as network erasures. Code design has focused on data recovery at minimal cost (repair bandwidth; locality constraints; maximum failure rate; . . . ). Can also encode resilience to data theft (using bounded theft model). Strong secrecy is applicable.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International

ITS335 Malicious Software Malicious Software Propagation Payload Malicious Software Countermeasures Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 25 October

673 views • 30 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 23 March 2006 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

707 views • 69 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain TPMPC 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

925 views • 69 slides
Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai

Two Round Information-Theoretic MPC with Malicious Security Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain EUROCRYPT 2019 Adversarial Model Adversarial Model Malicious Adversary Adversarial Model Malicious Adversary

1.11k views • 57 slides
Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1

Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1

Malicious Logic Trojan Horses Viruses Worms Fall 2010 CS 334: Computer Security Slide #1 Introduction Malicious Logic: a set of instructions that cause violation of security policy Idea taken from Troy: to breach an impenetrable

1.3k views • 109 slides
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010

Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/DD2395/dasak10/ Spring 2010 Sonja Buchegger buc@kth.se Lecture 7, Feb. 8, 2010 Malicious Software Malicious Software programs exploiting system vulnerabilities known

427 views • 10 slides
Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often

Viruses based on slides by Vitaly Shmatikov and Ninghui Li Malware Malicious code often masquerades as good software or attaches itself to good software Some malicious programs need host programs Trojan horses, logic bombs, viruses

624 views • 40 slides
Security and Cooperation in Wireless Networks Thwarting Malicious and Selfish Behavior in the Age

Security and Cooperation in Wireless Networks Thwarting Malicious and Selfish Behavior in the Age

Security and Cooperation in Wireless Networks Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing Levente Buttyan and Jean-Pierre Hubaux With contributions from N. Ben Salem, M. Cagalj, S. Capkun, M. Felegyhazi, T.

892 views • 54 slides
A TOOL TO LINK THE MALICIOUS WEB Agenda Introduction Fireshark Details Web

A TOOL TO LINK THE MALICIOUS WEB Agenda Introduction Fireshark Details Web

Stephan Chenette Principal Security Researcher Websense Labs FIRESHARK A TOOL TO LINK THE MALICIOUS WEB Agenda Introduction Fireshark Details Web Communities Malicious Web Communities Mass Injection Analysis Redirection

1.49k views • 99 slides
Non-Malicious Security Violations Carl D. Willis-Ford Senior Technical Advisor II, SRA

Non-Malicious Security Violations Carl D. Willis-Ford Senior Technical Advisor II, SRA

Non-Malicious Security Violations Carl D. Willis-Ford Senior Technical Advisor II, SRA International, Inc. Senior Member, ISSA Doctoral Candidate, Capitol College Significant Work. Extraordinary People. SRA. Speaker Background 9 years U.S.

365 views • 17 slides
Web Application Security John Mitchell Three top web site vulnerabilites SQL Injection

Web Application Security John Mitchell Three top web site vulnerabilites SQL Injection

CS 155 Spring 2013 Web Application Security John Mitchell Three top web site vulnerabilites SQL Injection Browser sends malicious input to server Bad input checking leads to malicious SQL query CSRF Cross-site request forgery

1.76k views • 90 slides
1 Virus Pseudocode Virus A Trojan Horse? Some say YES: Purpose of infected program is overt

1 Virus Pseudocode Virus A Trojan Horse? Some say YES: Purpose of infected program is overt

Introduction Malicious Logic: a set of instructions that cause violation of security policy Malicious Logic Idea taken from Troy: to breach an impenetrable perimeter, have someone from the inside unknowingly bring you inside Example:

481 views • 19 slides
More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad

More Efficient Oblivious Transfer Extensions with Security for Malicious Adversaries Gilad Asharov Hebrew University Yehuda Lindell Bar-Ilan University Thomas Schneider Darmstadt Michael Zohner Darmstadt EUROCRYPT 2015 From Theory to

498 views • 37 slides
Static Analysis of Executables to Detect Malicious Patterns [12 th USENIX Security Symposium,

Static Analysis of Executables to Detect Malicious Patterns [12 th USENIX Security Symposium,

Static Analysis of Executables to Detect Malicious Patterns [12 th USENIX Security Symposium, 2003] Mihai Christodorescu Somesh Jha CS @ University of Wisconsin, Madison Presented by K. Vikram Cornell University Problem &amp; Motivation

969 views • 30 slides
Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for

Outline Malicious Code Introduction CS 239 Viruses Trojan horses Security for Networks and Trap doors System Software Logic bombs May 12, 2002 Worms Examples Lecture 11 Lecture 11 Page 1 Page 2 CS 239,

234 views • 12 slides
Division of Integrative Organismal Systems (IOS) Virtual Office Hour Welcome to the IOS Virtual

Division of Integrative Organismal Systems (IOS) Virtual Office Hour Welcome to the IOS Virtual

Division of Integrative Organismal Systems (IOS) Virtual Office Hour Welcome to the IOS Virtual Office Hour. We will begin soon. Please submit questions via the Q &amp; A section available to you on WebEx Division of Integrative

325 views • 8 slides
The math graduate school and NSFGRFP What is application processes graduate school like?

The math graduate school and NSFGRFP What is application processes graduate school like?

The math graduate school application process Garrett The math graduate school and NSFGRFP What is application processes graduate school like? Getting in When youre Reeve Garrett admitted The NSF Graduate The Ohio State University

303 views • 28 slides
Faculty Early Career Development (CAREER) Program Program Solicitation NSF 15-555 William

Faculty Early Career Development (CAREER) Program Program Solicitation NSF 15-555 William

Faculty Early Career Development (CAREER) Program Program Solicitation NSF 15-555 William Badecker, Ph.D. Program Director, SBE/BCS/Linguistics Member of the CAREER Coordinating Committee http://www.nsf.gov/career

260 views • 12 slides
HTTP Requests for Users &amp; Package Developers Scott Chamberlain ( @sckottie ) 3

HTTP Requests for Users &amp; Package Developers Scott Chamberlain ( @sckottie ) 3

HTTP Requests for Users &amp; Package Developers Scott Chamberlain ( @sckottie ) 3 packages: crul, webmockr, vcr rOpenSci has a lot of pkgs that do http requests giving rise to the tools presented here crul - a new http client

591 views • 34 slides
HOW TO WRITE A WINNING CAREER PROPOSAL March 2, 2012 Lucy Deckard Academic Research Funding

HOW TO WRITE A WINNING CAREER PROPOSAL March 2, 2012 Lucy Deckard Academic Research Funding

HOW TO WRITE A WINNING CAREER PROPOSAL March 2, 2012 Lucy Deckard Academic Research Funding Strategies, LLC Ldeckard@academicresearchgrants.com http://academicresearchgrants.com Academic Research Funding Strategies, LLC 1 Overview NSF

1.01k views • 77 slides
NSF Workshop Future Directions in Tensor-Based Computation and Modeling February 20-21, 2009

NSF Workshop Future Directions in Tensor-Based Computation and Modeling February 20-21, 2009

NSF Workshop Future Directions in Tensor-Based Computation and Modeling February 20-21, 2009 National Science Foundation Organizer: Charles Van Loan NSF PDs: Lenore Mullin (CCF), Frank Olken (IIS) Motivation Professional career on

764 views • 6 slides
Samir El-Ghazaly Divisio n Dire c to r E le c tric a l, Co mmunic a tio ns a nd Cyb e r Syste ms

Samir El-Ghazaly Divisio n Dire c to r E le c tric a l, Co mmunic a tio ns a nd Cyb e r Syste ms

An Overview of NSF and the ECCS Division Samir El-Ghazaly Divisio n Dire c to r E le c tric a l, Co mmunic a tio ns a nd Cyb e r Syste ms (E CCS) Divisio n E ng ine e ring Dire c to ra te Na tio na l Sc ie nc e F o unda tio n Arling to

472 views • 18 slides
Traffic Flow Control in a Connected Environment Petros Ioannou Center for Advanced Transportation

Traffic Flow Control in a Connected Environment Petros Ioannou Center for Advanced Transportation

Traffic Flow Control in a Connected Environment Petros Ioannou Center for Advanced Transportation Technologies METRANS University Transportation Center University of Southern California Los Angeles, CA, USA 1 7/10/2019 NSF Workshop June 8-9,

737 views • 38 slides

More recommend