Passwords, keys, and coins: security protocols for the real world
Date and Time
Thursday, April 21, 2016 - 12:30pm to 1:30pm
Location
Computer Science Small Auditorium (Room 105)
Type
CS Department Colloquium Series
Speaker
Host
Arvind Narayanan
Improving security requires both empirically-grounded insights into existing systems and threats, as well as theoretically-grounded solutions that anticipate how future users and attackers will adapt. I will present examples of both. I’ll begin by introducing empirical methods that I created to bring quantitative rigor to the question of how users choose authentication secrets (PINs, passwords, and security questions), a topic that has long been misunderstood due to a lack of data. I'll then present two theoretically-grounded approaches that apply cryptography to providing transparency that trusted authorities are behaving correctly. The first addresses servers for distributing public keys for secure communication, ensuring that the authority cannot lie without being detected. The second ensures that banks that store bitcoins are solvent: that they actually are holding as many bitcoins as they have promised to their clients.
Joseph Bonneau is a Postdoctoral Researcher at Stanford University and a Technology Fellow at the Electronic Frontier Foundation. His research focuses on cryptography and security protocols, particularly how they interact with human and organizational behavior and economic incentives. Recently he has focused on Bitcoin and related cryptocurrencies and secure messaging tools. He is also known for his work on passwords and web authentication. He received a PhD from the University of Cambridge under the supervision of Ross Anderson and an BS/MS from Stanford under the supervision of Dan Boneh. Last year he was as a Postdoctoral Fellow at CITP, Princeton and he has previously worked at Google, Yahoo, and Cryptography Research Inc.