SOBER: A Stream Cipher Based on Linear Feedback over GF(2n)

Download Report

Transcript SOBER: A Stream Cipher Based on Linear Feedback over GF(2n)

28-Apr-20

Highlights of the 8th USENIX Security Symposium

Greg Rose

QUALCOMM Australia [email protected]

Introduction

•

Held at the JW Marriott Hotel, Washington DC

•

Two days of tutorials

•

two days of symposium

•

Invited talks and Works in Progress

•

Program Chair: Win Treese (Open Market Inc)

•

Invited Talks: Avi Rubin (AT&T Labs)

Keynote: Experience is the Best Teacher

•

Peter Neumann, SRI International

•

Examined the design of “secure systems”

•

By anecdote, showed that many problems recur even though they have been “fixed”

•

recommends:

–

better specification of requirements

–

strong and robust protocols

–

good cryptographic infrastructure

The Design and Analysis of Graphical Passwords

•

Ian Jermyn (NYU), Alain Mayer, Fabian Monrose, Mike Reiter (Bell Labs) and Avi Rubin (AT&T Labs)

•

Both “Best Paper” and “Best Student Paper”

•

Presented a couple of schemes for entering passwords graphically, on say a PDA.

•

Research shows that people can remember such things better

•

There’s no “dictionary” to search

Why Johnny Can’t Encrypt

•

Alma Whitten (Carnegie Mellon), Doug Tygar (UC Berkeley)

•

Showed that a selection of people had difficulty using PGP to send encrypted email

•

Analysed what kinds of problems tripped even experienced users

–

security as a secondary goal

–

the “barn door problem”

–

Software only as strong as the weakest link

–

lack of feedback

The Design of a Cryptographic Security Architecture

•

Peter Gutmann (Uni. Auckland)

•

Design a security architecture first, then wrap an API around it

•

It’s possible to offload the sensitive work, say to a cryptographic co-processor

•

The longest half hour talk ever given…

•

http://www.cs.auckland.ac.nz/pgut001/cryptlib .html

Networks and Security and why the two don’t get along

•

Steve Bellovin, AT&T Labs

•

Filled in at last minute, still a great talk

•

Problems:

–

Servers get bogged down

–

everything

has to be secure, eg. Routing, time …

–

trust management, lack of a PKI

–

the difference between theory and practice, or between design and implementation

•

only 15% of 1998 CERT advisories could be solved by encryption! Still too many buffer overruns.

ActiveX Insecurities

•

Richard Smith (Phar Lap Software)

•

Develops and collects examples of ActiveX insecurities

•

This was a very scary talk!

•

Included one demonstration where reading mail gave over control of the machine

•

Some controls marked “secure” are not

•

Turning on “security” can sometimes lead to an infinite number of dialog boxes

Works In Progress: Advanced Encryption Standard selection

•

Elaine Barker, NIST

•

15 block cipher algorithms submitted in 1998

•

Two conferences to discuss them

•

5 “finalists” chosen in August

–

Serpent (Anderson, Biham and Knudsen)

–

Twofish (Counterpane)

–

Rijndael (Joan Daemen and Vincent Rijmen)

–

MARS (IBM)

–

RC6 (RSA)

•

Conference next april, final selection late 2000

Internet Mapping

•

Bill Cheswick (Bell Labs)

•

Very interesting talk because it had a huge map of the internet

•

Useful to find holes in the wall of intranets

GSM A5/2 algorithm revealed

•

Nikita Borisov (UC Berkeley) reported on work done by Lucky Green, Ian Goldberg, and David Wagner

•

Reverse engineered the algorithms for GSM cellphone encryption

•

Released printed source code for both

–

stampede

•

Announced a break of A5/2 (weaker)

–

2 hours to find it

–

less than a second to run it

Next one

•

Denver, Colorado, August 14-17

•

Chaired by Steve Bellovin and Greg Rose

•

Invited talks: Win Treese

•

Keynote: Dr. Blaine Burnham, Georgia Tech Information Security Centre (ex NSA)

•

Focus on “holistic security”