Security Theater Seminar, Sun 13/May/2012 at 14:00 - Sometimes Bad is Good Enough

[Yossef Oren]

Electrical Engineering Labs Building (חשמל מעבדות), Room 146 ^{Join us virtually!}

Sunday, May 13, 2:00pm

Celebrating Bad Crypto: Lightweight Formal Methods for Making Use of DRM, Obscurity, and Other Useless Techniques

Abstract: Internet-scale companies face a variety of adversaries. When defending From a world of attackers, they can justify defense in breadth: different techniques against different adversaries. Existing analysis techniques awkwardly handle questions about a distribution of adversaries against an evolving series of protocols. For example, many media companies have chosen to use strong crypto for some secrets, but very weak DRM for others. Businesses put their financial systems behind a good firewall, but the source code walks around on every developer's laptop. These are Bad Crypto: the wisdom of our elders tells us to avoid security through obscurity, obey Kerckhoff's law---but we don't.

We'll show how to extend traditional formal methods of security (information-theoretic and computational analysis) to model these choices. We'll sketch out how and when Bad Crypto can be good. You can use this to make better decisions about how to compromise on traditional security features without losing many battles to the adversary.

Speaker Bio: Brian Sniffen is Principal Architect for Information Security at Akamai Technologies. His research interests include programming languages and formal methods of information security.

Recorded at SOURCE Conference 2012, Boston, April 19 2012 http://www.sourceconference.com/boston/speakers_2012.asp#bsniffen 

For more information about the Security Theater, please visit: http://www.eng.tau.ac.il/~consel/SecurityTheater

The Security Theater is generously sponsored by the Check Point Institute for Information Security.

To join the Security Theater Announcement mailing list, please mail the words "subscribe theater" to Yossi Oren at y...@eng.tau.ac.il