Events
The Taub Faculty of Computer Science Events and Talks
Ross Anderson (Computer Laboratory, University Of Cambridge)
Thursday, 12.12.2013, 11:00
Security protocols are the foundations on which the digital age is
built. SSL/TLS is the basis for online commerce, email privacy and
much else; EMV is taking over the world of card payments; and
lesser-known protocols such as SSH and DNSSEC protect the
infrastructure. Stable, reliable platforms are the basis on which
others can innovate; but what happens when the platforms themselves
fail? We have so far seen about a dozen failures of SSL/TLS, and had
to patch them in very ad-hoc ways because it is not feasible to
replace whole ciphersuites quickly, or even to change the clients and
the servers at the same time. There has been a whole series of attacks
on EMV, many of which are still not really patched. And now we find,
pace Snowden, that many protocols have been the subject of deliberate
attempts to weaken them; we are dealing not just with bugs and
blunders but with adversarial behaviour. One of the most challenging
problems we face is how to repair broken protocols when some of the
participants are obstructive; we may have to move beyond protocol
analysis and security-economic analysis to think in terms of strategy,
politics and even diplomacy. A related problem is how to design
protocols that will be as resilient as possible against future
adversarial behaviour.
Bio:
Ross Anderson is Professor of Security Engineering at Cambridge
University. He holds a Brandeis award for lifetime achievement in
health privacy; he has worked for the British and Icelandic medical
associations, been a special advisor to the UK parliament's health
committee, and was an author of "Database State" – a report that led
the UK government in 2010 to cancel two large systems to collect data
on children. He has made a number of technical contributions to
security, from cryptography through hardware tamper-resistance to API
security; and he is one of the founders of security economics, which
brings the tools of game theory and microeconomic analysis to bear on
complex multistakeholder systems.