How to detect unauthorised usage of a key

Add to your list(s) Download to your calendar using vCal

• Mark Ryan and Jiangshan Yu (University of Birmingham)
• Thursday 26 March 2015, 11:00-12:00
• Room 245, School of Computer Science.

If you have a question about this talk, please contact Gurchetan Grewal.

Encryption is useful only if the decryption key has not been exposed to adversaries; in particular, it requires that the device performing the crypto operations is free of malware. We explore ways in which some security guarantees can be obtained even if an attacker has succeeded in obtaining all the keys in a device, e.g. by exploiting software vulnerabilities. The guarantees we obtain are rather weak, but may still offer useful and practical assurances in some circumstances. We focus on detecting attacks, using methods based on certificate transparency and public append-only logs. We obtain some security by assuming that devices are periodically trustworthy: a device may become vulnerable or infected at any time, but at some later time it will be again made secure through software updates and malware scans. We propose a messaging protocol that exploits this idea to give users meaningful guarantees about the security of messages they receive. We prove the main properties of our protocol using the Tamarin prover.

This talk is part of the Computer Security Seminars series.

This talk is included in these lists:

• Computer Science Departmental Series
• Computer Science Distinguished Seminars
• Computer Security Seminars
• Room 245, School of Computer Science
• computer sience

Note that ex-directory lists are not shown.