报告题目：Post-compromise security

报告人：于江山，澳大利亚莫纳什大学助理教授、博士生导师

报告日期：2018年6月1日

报告时间：14:30-16:00  

报告地点：文津楼3段628报告厅

报告摘要：The security of cryptosystems relies on the assumption that the computer end-points can securely store and use cryptographic keys. Yet, this assumption is rather hard to justify in practice. New software vulnerabilities are discovered every day, and malware is pervasive on mobile devices and desktop PCs. Attackers can (and they do in practice) make use of them to break the security of systems. This talk presents our research on how to mitigate cryptographic secret key compromise in two different cases. The first case considers compromised certificate authorities in public key infrastructure (PKI). We propose a new system, called Distributed and Transparent Key Infrastructure (DTKI), based on Google's Certificate Transparency project. DTKI is the first web PKI that is secure even if all service providers are compromised. The second case considers the key compromise in secure communication. We propose a multi-device messaging protocol, called DECIM, to allow users to detect the compromise of their device keys. A beta version of DECIM is integrated with an end-to-end secure email solution (as an adds-on of Thunderbird), and is OpenPGP compatible. Both systems use public ledgers to provide transparency, and the systems are co-designed with formal models. We verify their core security properties using the Tamarin Prover.

报告人简介：Jiangshan Yu will be a lecturer at Monash University from this September. Currently, he is a research fellow working with Prof. Paulo Esteves-Verissimo at SnT, University of Luxembourg (LU), and an honorary research fellow working with Prof. Mark Ryan in the University of Birmingham (UK). He is also a director of a University of Birmingham spin-out company. Previously, he obtained his PhD degree from the University of Birmingham, UK, and his MPhil and MSc. degree from University of Wollongong, Australia. He has broad research interests in computer security and cryptography, and has worked on topics such as cryptographic key management, blockchain consensus, and ledger-based applications. His research impact includes patent-pending ledger-based applications that have been covered by more than 40 international news medias including ACM TechNews, ScienceDaily, and SiliconRepublic, and have been developed by a University of Birmingham spin-out company. He has also co-designed a security solution on cryptographic key management for Huawei Ltd to manage their next generation network devices securely. He has been awarded the 'Chinese Government Award for Outstanding scholar abroad', the success rate is 3% in UK and 1% worldwide.