MPI-INF Logo
Campus Event Calendar

Event Entry

What and Who

Reconciling online privacy and societal security

Mark Ryan
University of Birmingham
CISPA Distinguished Lecture Series
AG 1, AG 2, AG 3, AG 4, AG 5, SWS, RG1, MMCI  
AG Audience
English

Date, Time and Location

Thursday, 2 October 2014
14:00
90 Minutes
E1 5
0.02
Saarbrücken

Abstract

The certificate authority model for authenticating public keys of websites has been attacked in recent years, and several proposals have been made to reinforce it. We develop and extend \emph{certificate transparency}, a proposal in this direction, so that it efficiently handles certificate revocation. We show how this extension can be used to build a secure end-to-end email or messaging system using PKI with no requirement to trust certificate authorities, or to rely on complex peer-to-peer key-signing arrangements such as PGP. This makes end-to-end encrypted mail possible, with apparently few additional usability issues compared to unencrypted mail (specifically, users do not need to understand or concern themselves with keys or certificates). Underlying these ideas is a new attacker model appropriate for cloud computing, which we call ``malicious-but-cautious''.

Contact

Isa Maurer
302-71922
--email hidden
passcode not visible
logged in users only

Isa Maurer, 10/01/2014 11:20
Isa Maurer, 09/23/2014 11:32 -- Created document.