Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

A breakthrough in cryptography could thwart a favorite attack of hackers

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 1 Aug 2013 09:24:22 +0000 (UTC)
http://qz.com/109999/a-breakthrough-in-cryptography-could-thwart-a-favorite-attack-of-hackers/

By Christopher Mims
Quartz
July 30, 2013
Microsoft, Apple, and every maker of mobile and desktop apps on the planet all have a problem: The moment they issue a security "patch," or an update to their software designed to plug a hole that could be exploited by hackers, those same hackers work feverishly to reverse-engineer that patch in order to figure out what vulnerability it’s designed to stop. Armed with that knowledge, malicious hackers can then attack whatever PCs, servers or mobile phones have yet to update their software with the new patch.
"It can take days or months for a patch to reach most of the vulnerable machines," says Amit Sahai, a professor of computer science at UCLA. And while this wasn’t specifically the problem Sahai set out to solve when he embarked on his latest research in cryptography, it’s one of the many potential implications of the ground-breaking work he and his team have just unveiled.
What Sahai and a team of researchers at UCLA, IBM Research, and UT-Austin have created is a method for encrypting software and running it in that encrypted state. In the past, researchers have known that it’s possible to encrypt messages (this is how all secure communication on the web, bank transactions, etc. work) but it was not known whether or not it was possible to encrypt software in a way that it could still run even without being decrypted. Sahai’s "mathematical jigsaw puzzle" approach accomplishes this and, he says, adds a whole new class of protectable secret to the world of cryptography.
"The basic scientific question here is, what type of things can have secrets?" says Sahai. "People can have secrets -- if you don’t tell me something, that’s a secret. And if you encrypt a message, that’s a secret. But can a piece of software have a secret? Can you have a computer agent that goes from one computer to another computer, that is just code, that moves around with its own secrets? Is that even possible?" 

[...]


--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: