“Composable Module Security Specifications (CMoSS) for PKI and Distributed Secure Systems”
Location: 177 Huntington Ave, conference room 503
Abstract: The specification, design and analysis of provably-secure applied cryptographic protocols are still a challenge, and many critical applied security protocols are not yet properly analyzed, or analyzed only under significant simplifications. The MoSS (Modular Security Specification) framework allows to define security specifications of applied protocols in a modular way, by defining separately each assumption (model) and each requirement.
We apply MoSS to present the first practical specification and proofs of security for Public Key Infrastructure (PKI) schemes, and analyze the security of important and widely deployed PKIs: PKIX and two variants of Certificate Transparency (CT). These PKIs are based on the X.509v3 standard and its CRL revocation mechanism. Our analysis identified a few subtle vulnerabilities and provides reduction-based proofs showing that the PKIs ensure specific requirements under specific models (assumptions). To our knowledge, this is the first reduction-based proof of security for a realistic PKI scheme, e.g., supporting certificate chains.
We will also discuss Composable MoSS (CMoSS). CMoSS allows modular design and analysis of protocols, in addition to modular specifications (as in MoSS). We will conclude by mentioning some of the future directions, including the development of tools to automate and assist in writing and validating specifications and analysis.
Joint work with: Hemi Leibowitz (The College of Management Academic Studies), Ewa Syta (Trinity College), and Sara Wrotniak (University of Connecticut)
Bio: Dr. Herzberg is the Comcast professor for Cybersecurity Innovation in the school of computing of the university of Connecticut. His research areas include internet security, applied cryptography, privacy and anonymity, human-centered security, security for cyber-physical systems, and social, economic and legal aspects of security.
Dr. Herzberg earned his Ph.D. in Computer Science in 1991 from the Technion in Israel. From 1991 to 1995, he worked at the IBM T.J. Watson Research Center, where he was a research staff member and the manager of the Network Security research group. From 1996 to 2000, Dr. Herzberg was a research group manager at the IBM Haifa Research Lab. From 2002 to 2017, he was a professor in Bar Ilan University (Israel). Since 2017, he is professor at University of Connecticut.
Dr. Herzberg is the author of numerous papers and patents in different areas of cybersecurity, and of the textbook `Applied Introduction to Cybersecurity and Cryptography’. Dr. Herzberg is an associate editor of ACM TOPS and serves on the steering board of CANS. Previously, he served as a program chair for IEEE CNS’19 and as an editor of PoPETS and ACM TISSEC. He delivered multiple keynotes and tutorials, and served in program committee of different conferences. Dr. Herzberg is recipient of the Internet Society’s Applied Networking Research award, 2017.