CS Colloquium: Dave Levin (UMD)
Three Ugly Truths about the Web’s PKI (and How We Might Fix it)
The web’s public key infrastructure (PKI) is a critical system that allows users to know with whom they are communicating online. Although much of the PKI is automated, several surprisingly important aspects require humans in the loop: (1) website administrators must properly manage their certificates; (2) browsers manufacturers must regularly check for certificate revocations; and (3) above all, no one should share their private keys. I will present Internet-wide measurement studies we have performed that show that, in practice, all of these are violated on a regular basis.
I will also discuss some of the steps we are taking towards fixing online authentication and the security of the web at large. I will describe why I believe that future protocols must take economic factors into account, and why recent advances in cryptography, measurement, and trusted hardware may be the key to finally making a secure web possible.
Bio: Dave is an assistant professor of computer science at the University of Maryland, and a member of the Maryland Cybersecurity Center (MC2). His research empirically measures Internet security, and applies economics and cryptography to design and build new systems with provable and usable security. Dave’s work has received a USENIX Security Distinguished Paper Award and an IEEE Cybersecurity Award for Innovation.
Friday, September 14 at 11:00am