Title: On the Design of Scalable and Trustworthy Authentication Infrastructures
Speaker: Adrian Perrig Professor (Swiss Federal Institute of Technology Zurich)
Date: 2014. 4. 7, (Mon) 17:00~18:00
Location: 우정관 (Woojung Building), 208 lecture room, Korea University
Bio:
Adrian Perrig is a Professor of Computer Science at the Department of Computer Science at the Swiss Federal Institute of Technology (ETH) in Zurich, where he leads the network security group. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University. He served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J. D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from the Swiss Federal Institute of Technology in Lausanne (EPFL). He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, and the ACM SIGSAC Outstanding Innovation Award in 2013. Adrian's research revolves around building secure systems -- in particular secure future Internet architectures.
Abstract:
Authentication infrastructures for certification of domain names, IP addresses, AS numbers, and TLS public keys have grown in an ad-hoc fashion in the current Internet, attempting to satisfy new requirements as they emerge from the Internet's evolving applications. We argue that this organic growth of the Internet has caused a host of problems in such infrastructures, namely (1) global roots of trust make today's infrastructures too fragile, (2) compromises allowing impersonation of any entity in the Internet, (3) the lack of an efficient mechanism to change or revoke trust roots and certificates, and (4) circular dependencies among routing and identity authentication. To address these problems, we establish a set of desired properties to guide the design of new authentication infrastructures, and propose SAINT, a scalable and holistic authentication infrastructure that provides isolation guarantees and a network-based revocation mechanism. We discuss deployment strategies for SAINT and show that adoption on even a small scale can provide immediate benefits.