1 / 16

Provable Security: Some Caveats

ethan
Télécharger la présentation

Provable Security: Some Caveats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Provable Security: Some Caveats

    2. What is provable security?

    3. Is this provable security?

    4. Or this follow-on?

    5. Is this provable security?

    6. A follow-on

    7. Problems with provable security Who shall guard the guardians? Who’s to say that a proof is correct? Worst case security ? Average case security Asymptotic security ? Real world security

    8. But even with a more precise notion of ‘‘provable security’’...

    9. Amdahl’s Law

    10. Amdahl’s Law

    11. “Amdahl’s Law of Security”

    12. “Amdahl’s Law of Security”

    13. Provable Security Strengthens Most Secure Part As far as we know, cryptography is rarely weakest point in system. Instead, it’s: Bad password selection Social engineering Bad software implementation

    15. Provable security May distract from more critical vulnerabilities Hackers just go around the crypto May yield more complex algorithms, and therefore make correct implementation less likely Slow down implementations and encourage avoidance of crypto

    16. What lessons to be learned? Emphasis on extensive expert and empirical testing as a basis for security as with, e.g., RSA Can be in addition to proofs Emphasis on simple proofs and algorithms and on ‘exact security’

More Related