Computer Science Colloquia
Friday, November 1, 2013
Karsten Nohl, Founder and Director of Research Security Research Labs (Berlin); UVA Computer Engineering PhD (2009)
3:30 PM, Rice Hall, Rm. 130
HOSTS: Dave Evans and Mircea Stan
In-Depth Crypto Attacks – "It always takes two bugs"
Real-world cryptographic systems rarely meet academic expectations, with most systems' being shown "insecure" at some point. At the same time, our IT-driven world has not yet fallen apart, suggesting that many protection mechanisms are "secure enough" for how they are employed.
This talk argues that hacks with real-world implications are mostly the result of being able to break security assumptions on multiple design layers. Protection designs that focus on a single security function and neglect complimentary layers are hence more prone to compromise.
We look at three widely deployed protection systems -- from the cell phone, automotive, and smart-card domains -- and show how technology abuse arises from the combination of best-practice deviations on multiple design layers.
Bio: Karsten Nohl is a cryptographer and security researcher with a PhD degree in Computer Engineering from the University of Virginia (UVA). Before studying Computer Engineering at UVA, Dr. Nohl studied Electrical Engineering at the University of Applied Sciences Heidelberg. Dr. Nohl likes to test security assumptions in proprietary systems and typically breaks them.