Good morning everyone, this talk is about the question of what happens when your device gets contaminated by malware and becomes under the control of adversaries. Is there anything that you can still do in the way of security functionality, for example, could you still make use of cryptographic keys that are stored on the device. Now that sounds a bit hopeless, because clearly if the device is controlled by an adversary then the adversary also has those keys and can make copies of them and so on. But I hope to convince you that there's a few weak results that you can get in that space. So the assumption that we make, the kind of fiction in this space is that we have a device that's capable of long-term storage of crypto keys, and of course that's the underlying assumption of cryptography. Crypto systems assume that you have a secure private key, but as we know, this is difficult to achieve in the face of security, vulnerability and malware. So I'm not going to spend much time convincing you that there is a lot of malware out there, and a lot of security vulnerabilities, here is a recent graph of security vulnerabilities in 2014, and as you can see, all of the major systems are affected. And then in the mobile space the amount of malware is of course increasing as mobiles become more penetrating, and more vulnerable.
展开▼