04-21

Passwords, keys, and coins: security protocols for the real world

[[{"fid":"701","view_mode":"embedded_left","fields":{"format":"embedded_left","field_file_image_alt_text[und][0][value]":"","field_file_image_title_text[und][0][value]":"","field_file_caption_credit[und][0][value]":"","field_file_caption_credit[und][0][format]":"full_html"},"type":"media","attributes":{"height":228,"width":194,"class":"media-element file-embedded-left"},"link_text":null}]]Improving security requires both empirically-grounded insights into existing systems and threats, as well as theoretically-grounded solutions that anticipate how future users and attackers will adapt. I will present examples of both. I’ll begin by introducing empirical methods that I created to bring quantitative rigor to the question of how users choose authentication secrets (PINs, passwords, and security questions), a topic that has long been misunderstood due to a lack of data. I'll then present two theoretically-grounded approaches that apply cryptography to providing transparency that trusted authorities are behaving correctly. The first addresses servers for distributing public keys for secure communication, ensuring that the authority cannot lie without being detected.  The second ensures that banks that store bitcoins are solvent: that they actually are holding as many bitcoins as they have promised to their clients.