Passwords, Keys, and Coins: Spanning the Security Stack from Empirical User Research to Applied Crypto Protocols
Speaker: Joseph Bonneau, Stanford University
Improving security requires both empirically-grounded insights into existing systems and threats, as well as theoretically-grounded solutions that anticipate how future users and attackers will adapt. I will present examples of both. I’ll begin by introducing empirical methods that I created to bring quantitative rigor to the question of how users choose authentication secrets (PINs, passwords, and security questions), a topic that has long been misunderstood due to a lack of data. I will then present two theoretically-grounded approaches that apply cryptography to provide transparency that trusted authorities are behaving correctly. The first addresses servers for distributing public keys for secure communication, ensuring that the authority cannot lie without being detected. The second ensures that banks that store bitcoins are solvent: that they actually are holding as many bitcoins as they have promised to their clients.
Bio: Joseph Bonneau is a Postdoctoral Researcher at Stanford University and a Technology Fellow at the Electronic Frontier Foundation. His research focuses on cryptography and security protocols, particularly how they interact with human and organizational behavior and economic incentives. Recently he has focused on Bitcoin and related cryptocurrencies and secure messaging tools. He is also known for his work on passwords and web authentication. He received a PhD from the University of Cambridge under the supervision of Ross Anderson and an BS/MS from Stanford under the supervision of Dan Boneh. Last year he was as a Postdoctoral Fellow at CITP, Princeton and he has previously worked at Google, Yahoo, and Cryptography Research Inc.
For more information, contact Prof. Nasir Memon.