1 / 7

Security, Cryptography, and Magic

Security, Cryptography, and Magic. Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb. Weak Points of the Internet. The DNS Routing Host security Cryptography can help with the first two, but. Security Flaws.

clare
Télécharger la présentation

Security, Cryptography, and Magic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security, Cryptography, and Magic Steven M. Bellovin smb@research.att.com http://www.research.att.com/~smb

  2. Weak Points of the Internet • The DNS • Routing • Host security Cryptography can help with the first two, but...

  3. Security Flaws • At least 85% of CERT advisories describe problems that cryptography can’t fix. • 9 out of 13 advisories last year are about buffer overflows. • Of the othes, 2 describe problems in cryptographic modules…

  4. Going Around the Cryptography • Cryptography relies on the secrecy of keys. Can we protect them, on today’s systems? • Smart cards, etc., encrypt, decrypt, and sign what the host system hands them. Can we trust the host? • What about the certificate hierarchy?

  5. Certificates • Most users don’t know what certificates are. • Of those who do, most don’t verify the signature chain. • Most of those people don’t know if they should trust an arbitrary root. • Conclusion: for most practical purposes, we don’t have a PKI -- and most people neither know nor care.

  6. Cryptography and Identity • Given the PKI problems, encrypted traffic is effectively unauthenticated. • This does prevent broad-spectrum eavesdropping. • But active attacks can go around the cryptography to penetrate systems -- and such attacks are taking place.

  7. Conclusions • Cryptography is necessary, but not sufficient. • Using cryptography properly is very hard. • We can wave our magic wands and solve that problem, and deploy strong cryptography everywhere. • But we don’t have a big enough wand to fix the buggy code.

More Related