MIT Department of Electrical Engineering & Computer Science

E E C S

How to Misuse Good Crytography and Create Insecure Network Protocols

Radia Perlman
SUN Microsystems

Monday, October 5, 1998
4:00 PM (refreshments 3:45)
Edgerton Hall, Room 34-101
EECS Colloquium

Abstract

A common misconception is that security flaws involve abstruse mathematical weaknesses in cryptographic algorithms. While it is possible to have weak cryptographic algorithms, the world does not need insecure cryptographic systems in order to design, build, and deploy insecure network protocols.

This talk discusses example mistakes people make when designing or implementing network protocols, for instance an email standard that allowed forging of signatures (we reported the bug and the standard was then fixed). It also discusses practical issues that can make a system insecure in practice even if it is secure in theory, such as trust models for public key certificate chains.

URL of this page: http://www-eecs.mit.edu/AY98-99/events/2.html
Created: Sep 25, 1998 | Modified: Sep 25, 1998
This event is from the MIT EECS 1998-99 archive. | Current events
To MIT EECS home page | Your comments and inquiries are welcome.