Computer Science Special Seminar: Mikko Kiviharju "Putting crypto back into cyber"
Putting crypto back into cyber
Finnish Defence Research Agency
Abstract: Cyber security needs to have all of its components to work smoothly together in order to fulfill its goals. However, cryptography is often considered as the "necessary evil", a part of the machinery thrown into the whole with the hope that it will start working properly. On the other hand in the cryptographic theory there are wonderfully complex security functionalities planned in theory, but it often happens the theory has unrealistic assumptions, "polynomial complexity" is still to far-fetched in real life scenarios, or that the problem itself is actually irrelevant. In this talk, we highlight these discrepancies with some real-life examples, both negative (such as RFID tag cryptographic controls) and positive (digital vaccines for malware).
Another non-trivial question arising in practice is, "what is good enough?": it is often unclear, how "much" crypto to deploy in a given cyber security problem, and we describe some of our attempts at solving this question. However, in order to improve the chances of having crypto work properly - and easily - in a larger context, such as IoT, several approaches are viable. We suggest here using first automation and physical trust anchors and secondly research on the actual interconnection mechanisms. Physical trust anchors enable moving some of the security load from people to automated platforms, with a promising candidate from physically unclonable functions. Automation can further be enhanced by extending cryptographic (or technical) controls to areas usually handled by administrative controls, such as key management. This requires both new schemes and modelling to make the new controls both secure and functional.
In actual systems automation has also other dimensions during the lifecycle of the system, such as change management. In cryptographic controls, change management is often not very scientifically defined, but a new paradigm is arising, called "crypto agility", which promises to bring cryptographical aspects to change management as well, and we will present some ideas related to this new discpline.
Bio: Dr. Kiviharju has worked 20 years in defence research with various information security topics, such as security evaluation. He is now leading a research group focused in cryptography and software vulnerability analysis in the Finnish Defence Research Agency. His specialty is cryptography and key management, especially in functional encryption schemes. Kiviharju has also contributed in various international military information and cyber security workgroups and secure communications projects in NATO, EU(EDA) and with other countries directly.
21.11.Hardware -assisted memory protection Security for the Internet of things (IoT) - from research to standards
25.11. Security for the Internet of things (IoT) - from research to standards
28.11. Putting crypto back into cyber
30.11. Creating and Using Security Infrastructures