1 / 30

A few open problems in computer security

A few open problems in computer security. David Wagner University of California, Berkeley. Overview of the field. Communication security through cryptography Endpoint security through systems techniques. insecure channel. insecure endpoint. Goals: Confidentiality Integrity

dpasquale
Download Presentation

A few open problems in computer security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A few open problemsin computer security David Wagner University of California, Berkeley

  2. Overview of the field • Communication security through cryptography • Endpoint security through systems techniques insecure channel insecure endpoint

  3. Goals: Confidentiality Integrity Availability … even in the presence of a malicious adversary! Problems: Today’s systems often fail to meet these goals Security is often an afterthought Background

  4. Part 1: Critical Infrastructure

  5. Infrastructure protection • Critical infrastructures • e.g., power, water, oil, gas, telecom, banking, … • Evolving legacy systems • Increasingly reliant on I.T. • Very large scale • Tightly interdependent  Security is a challenge!

  6. The electric power grid • Elements • Loads (users) • Distribution (local area) • Transmission (long-distance) • Generators (adapt slowly) • Control centers • Bidding & coordination • Communication networks

  7. March 1989: Solar storms cause outages in Quebec, trips interlocks throughout the US August 1996: Two faults in Oregon cause oscillations that lead to blackouts in 13 states Cascading failures • Generation capacity margin at only 12% (down from 25% in 1980) • Will get worse over next decade:demand grows 20%, transmission capacity grows 3% (projected)

  8. capacity 75Kv Transmission: An example? 60Kv 80Kv 20Kv 40Kv 20Kv 80Kv 60Kv capacity 100Kv capacity 25Kv

  9. capacity 75Kv Transmission: An example? Line failure! 60Kv 80Kv 20Kv X 40Kv 20Kv 80Kv 60Kv capacity 100Kv capacity 25Kv

  10. capacity 75Kv Transmission: An example? 73Kv 73Kv 0Kv X 29Kv 29Kv 87Kv 58Kv capacity 100Kv capacity 25Kv

  11. capacity 75Kv Transmission: An example? 73Kv 73Kv 0Kv X Overload! 29Kv 29Kv 87Kv 58Kv capacity 100Kv capacity 25Kv

  12. capacity 75Kv Transmission: An example? 73Kv 73Kv 0Kv X Overload! 29Kv X 29Kv 87Kv 58Kv capacity 100Kv capacity 25Kv

  13. capacity 75Kv Transmission: An example? 80Kv 80Kv 0Kv X 0Kv X 0Kv 80Kv 80Kv capacity 100Kv capacity 25Kv

  14. capacity 75Kv Transmission: An example? Overload! 80Kv 80Kv 0Kv X 0Kv X 0Kv 80Kv 80Kv Overload! capacity 100Kv capacity 25Kv

  15. capacity 75Kv Transmission: An example? Overload! X 80Kv 80Kv 0Kv X 0Kv X 0Kv 80Kv 80Kv X Overload! capacity 100Kv capacity 25Kv

  16. capacity 75Kv Transmission: An example? X 0Kv 0Kv 0Kv X 0Kv X 0Kv 0Kv 0Kv X capacity 100Kv capacity 25Kv

  17. Possible research problems • Modelling an infrastructural system • Can we construct a useful predictive model? • Given a model, can we efficiently measure its security against malicious attack? • Structural properties of such systems • What key parameters determine their properties? • Are there local control rules that ensure global stability? • How can we design inherently self-stabilizing systems?

  18. Part 2: Algebraic Crypto

  19. x k Ek(x) What’s a block cipher? Ek : X→X bijective for all k

  20. x x  k E block cipher random permutation (x) Ek(x) When is a block cipher secure? Answer: when these two black boxes are indistinguishable.

  21. S S S S S S S S S S S S S S S S 4×4 matrix 4×4 matrix 4×4 matrix 4×4 matrix Example: The AES One round byte re-ordering S(x) = l(x-1) in GF(28), where l is GF(2)-linearand the MDS matrix and byte re-ordering are GF(28)-linear

  22. id X X Ek p id X X Interpolation attacks Express cipher as a polynomial in the message & key: • Write Ek(x) = p(x), then interpolate from known texts • Or, p’(Ek(x)) = p(x) • Generalization: probabilistic interpolation attacks • Noisy polynomial reconstruction, decoding Reed-Muller codes

  23. id X X Ek p/q id X X Rational interpolation attacks Express the cipher as a rational polynomial: • If Ek(x) = p(x)/q(x), then: • Write Ek(x)×q(x) = p(x), and apply linear algebra • Note: rational poly’s are closed under composition • Are probabilistic rational interpolation attacks feasible?

  24. X f1 p1 p2 X X X f2 X Resultants A unifying view: bivariate polynomials: • The small diagrams commute ifpi(x, fi(x)) = 0 for all x • Small diagrams can be composed to obtain q(x, f2(f1(x))) = 0, where q(x,z) = resy(p1(x,y), p2(y,z)) • Some details not worked out...

  25. S S S S S S S S S S S S S S S S L L’ Public-key encryption Let S(x) = x3 in GF(28). Define f = L’ ◦ S ◦ L. Private key: L, L’, a pair of GF(28)-linear maps Public key: f, given explicitly by listing its coefficients

  26. The MP problem • Find semi-efficient algorithms for the following: • Let f1, ..., fm be multivariate polynomials in n unknowns over a finite field K, and consider the system of equationsf1(x1, ..., xn) = 0...fm(x1, ..., xn) = 0 • Often: fi are sparse, low degree, and K = GF(2q) for q 8 • Also, the case m  n is of special interest in crypto

  27. Why not existing Groebner base algorithms? - exponential running time (n 15 is infeasible) - not optimized for small fields What’s known about MP? • For quadratic equations (degree 2): • m n2/2: polynomial time via linearization • m εn2: polynomial time via re-linearization, XL • m n2 + c: conjectured subexponential time via XL • m = n: hard? (NP-complete worst-case)

  28. Summary • Critical infrastructure protection • An important area, and • A source of intellectually satisfying problems • Algebraic cryptosystems of growing importance • Collaboration between cryptographic and mathematical communities might prove fruitful here

  29. Backup Slides

  30. Power grid security • Eligible Receiver (Nov 97): NSA hackers take down part of power grid, E911 in simulated attack using off-the-shelf software • Zenith Star (Oct 99): little improvement • Vulnerability assessments: control systems connected to Internet, dialup modems with poor passwords, using weak software

More Related