Title: Secure systems from insecure components
Speaker: Emma Dauterman (Berkeley)
Date: Thursday, March 28, 2024

Abstract: Today’s computer systems provide weakest-link security: just one phishing attack, one software vulnerability, or one hardware flaw can have catastrophic consequences. And today’s systems have countless weak links – already in 2024, attackers have stolen millions of social security numbers and health records. In theory, cryptography makes it possible to survive compromise, but in practice, general-purpose tools are often prohibitively expensive. On top of that, it’s impossible to change many legacy systems. Weakest-link security and its dangerous ramifications seem inevitable. This talk will show otherwise. I will describe two systems that can withstand compromise at modest cost. One is a hardened authentication system that is usable today with most websites. The other is an encrypted backup system that protects against physical attacks and runs on legacy hardware. The key idea is to tailor the cryptographic tools to the system setting, providing precisely the necessary properties and pushing cryptographic work to where computation is cheap. This approach shows that even if we cannot protect every credential, patch every vulnerability, or secure every piece of hardware, we can still protect users and their data.

Bio: Emma Dauterman is a Ph.D. candidate at UC Berkeley where she is advised by Raluca Ada Popa and Ion Stoica. Her research interests include computer security, systems, and applied cryptography. She has received the Microsoft Research Ada Lovelace fellowship, the NSF graduate research fellowship, and a UC Berkeley EECS excellence award.

This video is closed captioned.