Back to the Future in Information Security
Yvo Desmedt - Florida State University
Mar 07, 2001
AbstractIn contrast with other areas of science, old models of security are rarely questioned. We argue that to address future security concerns we need to travel back to old security models. These old security models may have made sense at the time of their conception, but may no longer. Therefore, these models need to be studied again. As an example, most models used to study secure operating systems predate the existence of computer viruses! We focus on:
1. PKI (Public Key Infrastructure): we show that the more than 20 year model for PKI is inadequate to address modern security concerns. We argue that most PKIs being developed will not only be the next target for hackers, but will be too vulnerable to be useful. We discuss new models and methods to address modern security concerns in PKI.
2. Network Protocols: the security of some protocols such as telnet, ftp, etc. have been examined, after hackers targeted those. However, the internet has many more protocols and we are lucky hackers have not yet targeted those. We examine some of these protocols. We also discuss an approach towards a solution against jamming attacks used against cnn and yahoo.
3. Perfect secrecy is one of the oldest models. It was used to prove the security of the one-time pad. A consequence of the model is that modern ciphertexts are (indistinguishable from) uniform. This implies that encrypted text is immediately visible to a network sniffer. Information hiding addresses that problem. We look back at models used in modern information hiding to conclude that these are inadequate. We propose a new model for perfect information hiding which is inspired by Shannon's 50 year old model. We analyze this model in details and propose information hiding schemes.
This work is based on joint work with M. Burmester, G. Kabatianskii and T. V. Le.
About the SpeakerYvo Desmedt received his Ph.D. (Summa cum Laude) from the University of Leuven, Belgium (1984) (Electrical Engineering). He is presently a professor at Florida State University (Computer Science), a visiting professor of Information Security at Royal Holloway, University of London (Department of Mathematics). His interests include cryptography, network security and computer security. He has authored more than 100 papers in international conferences and journals. He was program chair of Crypto \'94, is a director of the International Association for Cryptologic Research.
His contribution towards the demise of knapsack was referred to by Brickell-Odlyzko as a key observation that led eventually to the complete demise of these knapsack systems. He co-authored (with Quisquater in IEEE Computer) the first work on biological computing, predating Adleman\'s work by more than 3 years. He has been ranked as the second most productive author in the Eurocrypt/Crypto proceedings between 1981 and 1997.
He has given more than 100 invited lectures at such universities as Cambridge University (UK), Ecole Normale Superieure (France), ETH (Switzerland), Oxford University (UK), Stanford University (USA), Tokyo Institute of Technology (Japan), University of Waterloo (Canada), and such institutes as: AT&T Shannon Research Labs (USA), Bell Labs (USA), Hewlett Packard (UK), IBM Watson Research Laboratories (USA), Nippon Telegraph and Telephone Corp. (Japan), the National Institute of Standards and Technology (USA), etc. He has held visiting positions at the Australian Defence Force Academy, the Universite de Montreal (Canada), Technion (Israel), the University of New Mexico (USA), Tokyo Institute of Technology, etc. He was an invited speaker at 1999 NATO workshop on Protecting Information Systems in the 21st Century conference in Washington DC. He is a recipient of the Society of Worldwide Inter-bank Funds Transfer (SWIFT) award.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.