University of Birmingham > Talks@bham > Computer Security Seminars > How to detect unauthorised usage of a key

How to detect unauthorised usage of a key

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Gurchetan Grewal.

Encryption is useful only if the decryption key has not been exposed to adversaries; in particular, it requires that the device performing the crypto operations is free of malware. We explore ways in which some security guarantees can be obtained even if an attacker has succeeded in obtaining all the keys in a device, e.g. by exploiting software vulnerabilities. The guarantees we obtain are rather weak, but may still offer useful and practical assurances in some circumstances. We focus on detecting attacks, using methods based on certificate transparency and public append-only logs. We obtain some security by assuming that devices are periodically trustworthy: a device may become vulnerable or infected at any time, but at some later time it will be again made secure through software updates and malware scans. We propose a messaging protocol that exploits this idea to give users meaningful guarantees about the security of messages they receive. We prove the main properties of our protocol using the Tamarin prover.

This talk is part of the Computer Security Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

Talks@bham, University of Birmingham. Contact Us | Help and Documentation | Privacy and Publicity.
talks@bham is based on talks.cam from the University of Cambridge.