Séminaire des équipes de recherche
Provable Security for Network and System Security Protocols
- Date : 28/05/2015
- Place : Amphi Rataud - ENS Paris
- Guest(s) : Alexandra Boldyreva (Georgia Tech)
I will discuss my (and co-authors') recent work on proving security of two practical protocols. First I will talk about our analysis of QUIC, which is a transport protocol developed by Google and implemented in Chrome in 2013. It is one of the most promising solutions to decreasing latency while intending to provide security properties similar with TLS. Our results shed some light on QUIC's strengths and weaknesses in terms of its provable security and performance guarantees in the presence of attackers. Then I will discuss our formal study of the problem of software-based remote memory attestation (RMA), i.e., remotely testing if a memory has been infected with a malicious code. Our work combines theoretical foundations of provable security with the systems expertise of the application. We present two protocols offering various efficiency and security trade-offs and analyze the protocols according to a novel security model.