Beyond Authentication Don’t Trust, Just Verify

Tags:

Preview:

Click to see full reader

DESCRIPTION

Beyond Authentication Don’t Trust, Just Verify. Eran Tromer. BRCMF Inaguration Ceremony 21 Nov 2013. Talking about…. Chinese counterfeit chips causing military hardware crashes […] - PowerPoint PPT Presentation

Citation preview

1

Beyond AuthenticationDon’t Trust, Just Verify

Eran Tromer

BRCMF Inaguration Ceremony 21 Nov 2013

2

Talking about…

• Principles

authenticating users

trusting devices

Chinese counterfeit chips causing

military hardware crashes

[…]

Component failure reports from

defense contractors worldwide,

including Boeing, Raytheon, BAE,

Northrop Grumman, and Lockheed

[…] and investigations have turned up

a significant number of counterfeit

parts, sometimes installed in mission-

critical systems.

• People

• Things

3

Side-channel leakageEven if the software and hardware function correctly…

electromagnetic acoustic

probing

microarchitecture

optical

power

4

Talking about…

policies and algorithms

authenticating users

trusting devices

• People

• Things

• Principles

5

The challenge

Create general techniques toensure integrity and confidentiality

in computation done bycomponents and parties that are

untrustworthy,faulty, leaky

&malicious.

The approach: modern cryptography

6

Integrity of computation: SNARKs(Succint Noninteractive Arguments of Knowledge)

v=DB[x];w=func(v,y);return z;x

zproof

Current prototype:The correct execution of arbitrary C programs can be

verified in 5 milliseconds using 230-byte proofs.

Verify

DB,y

7

Integrity via Proof-Carrying Data

m1

m2

m5

m6

• Diverse network, containing untrustworthy parties and unreliable components.

• Impractical to verify internals of each node, so give up.• Enforce only correctness of the messages and ultimate

results.

m3

m 4

m 7

mout

8

Integrity via Proof-Carrying Data (cont.)

m1

1

m2

2

m 4

4

m5

5

m6

6

m 7

7

mout

out

m3

3

• Every message is augmented with a proof attesting to its compliance” with a prescribed policy.

• Compliance can express any property that can be verified by locally checking every node.

• Proofs can be verified efficiently and retroactively.

9

Proof-Carrying DataIntegrity for distributed computation

Implementation underway.

Seeking practical impact.

Recommended

UCC Account Access Guide · Okta Verify, Google Authenticator or SMS Authentication (text message). Okta Verify and Google Authenticator are both apps and require that you have an
Documents
Authentication User Authentication - Cypherpunks
Documents
CCNP - Routing and SwitchingPage 5 CCNP – Routing and Switching Describe, configure, and verify BGP peer relationships and authentication o Peer group o Active, passive o States
Documents
Login to the Clinical Portal Using Multi-Factor Authentication · Multi-Factor Authentication (MFA) adds another layer of security to verify a user’s identity by combining two factors
Documents
Define authentication Authentication credentials Authentication models Authentication servers Extended authentication protocols Virtual
Documents
Two-Factor Authentication Enrolment - University of Adelaide · Two-factor authentication enhances the security of your account by using a secondary device to verify your identity
Documents
A Don’t Trust the Cloud, Verify: Integrity and Consistency ... · (bur@zurich.ibm.com, cca@zurich.ibm.com); N. Knezeviˇ ´c, Zurich, Switzerland (nikola@knezevic.co). Permission
Documents
Biometrics - IDRBT Papers/Biometrics.pdf · Biometric can play a major role to verify or to identify an individual. ... biometrics as a factor of authentication. Section 7 provides
Documents
Chapter 8 Overview.ppt - Leamanleaman.org/ccna_sec/Chapter_8.pdf · • Configure and verify a site-to-site IPsec VPN with pre-shared key authentication using SDM • Configure and
Documents
Blockchains Regtech for Security Token Offerings and · Authentication Provide a login using a PASS Verify™ crypto-account Use-cases for PASS Verify™ Security If you are a developer
Documents
UNIX Authentication and Pluggable-authentication Modules ... · UNIX Authentication and Pluggable-authentication Modules (PAMs) Russell Bateman Description of UNIX authentication,
Documents
A leading provider of advanced technology‑based security ... · hardware and software systems which verify the unique signatures of the authentication materials. Chief Executive
Documents
LAW AND PUBLIC SAFETY  · Web view"Game Authentication Terminal" or "GAT" means an external application that is used to verify Division approved software. ... loss of power,
Documents
Ask Me Again But Don’t Annoy Me: Evual aingt R ea …...Ask me again but don’t annoy me: Evaluating re-authentication strategies for smartphones Lalit Agarwal, Hassan Khan and
Documents
SRV314 securing serverless · Amazon API Gateway AWS Lambda Amazon RDS (Aurora MySQL) 3rdparty Client Amazon Cognito authentication AWS Lambda (Custom authorizer) Verify access token
Documents
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication
Documents
David Piper - How to never use WebDriver againaadays.pl/wp-content/uploads/2017/10/David-Piper-How-to...Authentication No support intended for authentication. You don’t want to bake
Documents
CIS14: Continuous Authentication: Don’t Even Think about It
Technology
Authentication. TOPICS Objectives Legacy Authentication Protocols IEEE 802.1X Authentication Extensible Authentication Protocol (EAP) Authentication Servers
Documents
Introduction - Microsoft · Web view: A protocol using a challenge-response mechanism for authentication (2) in which clients are able to verify their identities without sending a
Documents