Improving the Interface between Systems and Cryptography

Опубликовано 17 августа 2016, 21:08

Modern cryptography provides a powerful mathematical framework for proving the security of cryptographic algorithms. However, costly security vulnerabilities arise when the abstract models used to design and validate cryptographic tools fail to reflect relevant aspects of systems. In this talk, I will discuss my work on addressing exploitable mismatches between systems and cryptography. This requires a broad agenda that includes finding attacks, building systems, and developing new cryptographic theory. I will present examples from my work: protecting credit card numbers in the face of system compromise, ``hedging'' cryptographic algorithms to protect against the effects of bad randomness, building cryptographic hash functions that provide security for disparate applications, providing privacy-preserving device tracking, and experimentally investigating new threats in cloud computing services and in virtual computing.