A Universally Composable Treatment of Network Time.
Speaker
Aanchal Malhotra
Boston University
Host
CSAIL Security Seminar
Title: A Universally Composable Treatment of Network Time.
Abstract:
The security of almost any real-world distributed system today depends on the participants having some "reasonably accurate'' sense of current real time. Indeed, to name one example, the very authenticity of practically any communication on the Internet today hinges on the ability of the parties to accurately detect revocation of certificates, or expiration of passwords or shared keys. However, as recent attacks show, the standard protocols for determining time are subvertible, resulting in wide-spread security loss. Worse yet, we do not have security notions for network time protocols that (a) can be rigorously asserted and (b) rigorously guarantee security of applications that require a sense of real time.
In this talk I will:
- Describe new notions of security for time sync protocols within Universally Composable (UC) security framework
- Show that these notions suffice for protocols that need real time and Prove security of protocols that realize these notions
joint work with Ran Canetti, Kyle Hogan and Mayank Varia.
Speaker Bio: Aanchal Malhotra is a Ph.D student at Boston University and is part of the BU Security Group. Her research uses cryptography, and the insights gained from network measurement and simulations to improve the security and reliability of core Internet protocols like BGP, DNS, and NTP. She received her M.S. from Boston University in 2014, and has worked as a researcher at Cisco, Akamai, and NLNet Labs, Netherlands. She is an active member of working groups at the Internet Engineering Task Force (IETF).
Abstract:
The security of almost any real-world distributed system today depends on the participants having some "reasonably accurate'' sense of current real time. Indeed, to name one example, the very authenticity of practically any communication on the Internet today hinges on the ability of the parties to accurately detect revocation of certificates, or expiration of passwords or shared keys. However, as recent attacks show, the standard protocols for determining time are subvertible, resulting in wide-spread security loss. Worse yet, we do not have security notions for network time protocols that (a) can be rigorously asserted and (b) rigorously guarantee security of applications that require a sense of real time.
In this talk I will:
- Describe new notions of security for time sync protocols within Universally Composable (UC) security framework
- Show that these notions suffice for protocols that need real time and Prove security of protocols that realize these notions
joint work with Ran Canetti, Kyle Hogan and Mayank Varia.
Speaker Bio: Aanchal Malhotra is a Ph.D student at Boston University and is part of the BU Security Group. Her research uses cryptography, and the insights gained from network measurement and simulations to improve the security and reliability of core Internet protocols like BGP, DNS, and NTP. She received her M.S. from Boston University in 2014, and has worked as a researcher at Cisco, Akamai, and NLNet Labs, Netherlands. She is an active member of working groups at the Internet Engineering Task Force (IETF).