[NRG] [busec] Matt Green (Wed 9:45am) Applied cryptography for the post-prohibition era

Sharon Goldberg goldbe at cs.bu.edu
Mon Apr 4 17:47:54 EDT 2016

Hi everyone,

Our series of exciting network security talks continues!

On Wednesday, Matt Green will talk about uncovering cryptographic failures
in the wild, including his recent attack on iMessage (http://wpo.st/8YwP1).
And the following week we have a talk about decentralizing trust by Bryan
Ford from EPFL.

Both talks will be followed by lunch.  See you Wednesday!


BUsec Calendar:  http://www.bu.edu/cs/busec/

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


Applied cryptography for the post-prohibition era
Speaker: Matt Green, JHU
April 6, 2015, 9:45-11am
111 Cummington St, Boston 02215

The past three decades have been a remarkable time for the science of
cryptography. From the first industrial protocols of the 1970s to the
“practice oriented” provable security protocols of the 1990s and 2000s, the
research community has accumulated a wealth of knowledge about how to
secure the online interactions of billions of people. Unfortunately, this
knowledge has not been distributed evenly. Even in 2016 we continue to see
routine “breaks” of core standards and software used to secure the privacy
of the Internet. These flaws are sometimes the result of human error, such
as the continued use of obsolete encryption schemes. However, they are also
due to – in some rare cases – the deliberate subversion of encryption by
national governments. A loss of confidence in the privacy of modern
Internet technologies may have serious consequences, ranging from the
immediate cost of remediation to a long-term loss of faith in the promise
of the Internet. In this talk I will discuss the problems facing applied
cryptography researchers in this new environment. I will focus on several
areas of interest, including the deployment of anonymous online payment
systems, vulnerabilities in widely-used end-to-end encrypted text messaging
systems, and the challenging problem of securing cryptographic software
against sophisticated adversaries.


Collective Authorities: Securely Decentralizing Trust at Scale
Speaker: Bryan Ford, EPFL
April 13, 2015, 9:45-11am
111 Cummington St, Boston 02215

Online infrastructure depends on many security-critical authorities such as
logging, time, directory, and software update services. These authorities
represent high-value attack targets to hackers, criminals, and spy
agencies, who can secretly compromise many hosts by stealing keys from or
coercing only one such “weakest-link” authority.  We propose to address
these systemic weaknesses by decentralizing conventional authorities into
scalable “strongest-link" authorities or cothorities.  A cothority
efficiently splits trust among tens, hundreds, or thousands of independent
parties, remaining secure unless many participants collude.  As a first
step in this long-term program we introduce CoSi, a cothority architecture
for decentralized witness cosigning, which increases the transparency and
security of traditional centralized authorities while remaining
backward-compatible with and incrementally deployable alongside their
existing logic.  By increasing the scalability of existing multisignature
techniques, CoSi efficiently ensures that every authoritative statement is
validated and publicly logged by a diverse group of witnesses before any
client will accept it, forcing secrecy-minded attackers to risk that any
compromise will be detected quickly.  As a second step, we adapt CoSi’s
collective signing techniques to create ByzCoin, a blockchain architecture
that enhances Bitcoin with strong consistency, Byzantine fault tolerance,
higher throughput, and lower transaction latencies.  CoSi and ByzCoin have
been demonstrated to scale efficiently to support over 8,000
globally-distributed participants, while keeping collective signing and
transaction latencies to within a few seconds.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/nrg-l/attachments/20160404/cf7daed4/attachment.html>

More information about the NRG-L mailing list