Title: Exposure-Resilient Cryptography (survey)
Speaker: Yevgeniy Dodis, New York University
Date: November 10, 2003 3:30-4:30pm
Location: DIMACS Center, CoRE Bldg, Room 431, Rutgers University, Busch Campus, Piscataway, NJ
Much successful research has focused on developing cryptographic protocols and algorithms which are secure (in some appropriate and well-defined sense) under the assumption that ``secret'' information is kept hidden from the adversary. However, as cryptographic algorithms are increasingly deployed on inexpensive, lightweight, mobile, and/or unprotected devices, the risk of *key exposure* is becoming a serious threat to the security of many real-world systems. Indeed, in practice the attacks of this sort are, in many cases, more likely than attacks which directly "crack" the cryptographic assumptions on which the security of the scheme is based. And while at first glance it might appear that not much can be done to prevent or mitigate the damage caused by key exposure, the study of *exposure-resilient cryptography* has led to a variety of diverse and effective approaches for combating key exposure. In this talk, I will survey several recent methodologies in the field of exposure-resilient cryptography where I was involved. These methodologies include (1) remotely-keyed cryptography (2) two-party schemes (i.e., client-server model) (3) key evolution (including forward-secure, key-insulated and intrusion-resilient cryptography) (4) partial key exposure protection (incl. secret sharing) (5) biometric authentication (6) intentional key exposure protection (incl. traitor tracing). The talk will be introductory and concentrate on items (1)-(3).