1 / 16

Provable Security: Some Caveats

Provable Security: Some Caveats. Ari Juels RSA Laboratories 3 November 1999. What is provable security?. Is this provable security?. Ivan Damgård : Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals. 328-335 -- CRYPTO ‘88. Or this follow-on?.

mariko-ryan
Download Presentation

Provable Security: Some Caveats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Provable Security: Some Caveats Ari Juels RSA Laboratories 3 November 1999

  2. What is provable security?

  3. Is this provable security? Ivan Damgård: Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals. 328-335 -- CRYPTO ‘88

  4. Or this follow-on? Birgit Pfitzmann, Michael Waidner: How to Break and Repair a "Provably Secure" Untraceable Payment System. 338-350 , CRYPTO ‘91

  5. Is this provable security? M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/ average-case equivalence. In Proc. 29th ACM STOC, pp. 284-293, 1997

  6. A follow-on P. Nguyen and J. Stern. Cryptanalysis of the Ajtai-Dwork Cryptosystem Proc. Of Crypto 98, pp. 223-242

  7. Problems with provable security • Who shall guard the guardians? Who’s to say that a proof is correct? • Worst case security  Average case security • Asymptotic security  Real world security

  8. But even with a more precise notion of ‘‘provable security’’...

  9. Amdahl’s Law Part 1 Part 2 Part 3 Part 4

  10. Amdahl’s Law Part 1 Part 2 Part 3 Part 4 …Accelerating a small piece doesn’t help much

  11. “Amdahl’s Law of Security” Crypto Part 1 Part 2 Part 3 Part 4

  12. “Amdahl’s Law of Security” Part 1 Part 2 Part 3 Part 4 …Strengthening secure part doesn’t help much

  13. Provable Security Strengthens Most Secure Part As far as we know, cryptography is rarely weakest point in system. Instead, it’s: • Bad password selection • Social engineering • Bad software implementation

  14. Where do you wnt to go today?re W A major security problem... Where do you want to go today?

  15. Provable security • May distract from more critical vulnerabilities • Hackers just go around the crypto • May yield more complex algorithms, and therefore make correct implementation less likely • Slow down implementations and encourage avoidance of crypto

  16. What lessons to be learned? • Emphasis on extensive expert and empirical testing as a basis for security as with, e.g., RSA • Can be in addition to proofs • Emphasis on simple proofs and algorithms and on ‘exact security’

More Related