Visible to the public Biblio

Filters: Author is Warinschi, Bogdan  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Cortier, Veronique, Warinschi, Bogdan.  2011.  A Composable Computational Soundness Notion. Proceedings of the 18th ACM conference on Computer and communications security. :63–74.

Computational soundness results show that under certain conditions it is possible to conclude computational security whenever symbolic security holds. Unfortunately, each soundness result is usually established for some set of cryptographic primitives and extending the result to encompass new primitives typically requires redoing most of the work. In this paper we suggest a way of getting around this problem. We propose a notion of computational soundness that we term deduction soundness. As for other soundness notions, our definition captures the idea that a computational adversary does not have any more power than a symbolic adversary. However, a key aspect of deduction soundness is that it considers, intrinsically, the use of the primitives in the presence of functions specified by the adversary. As a consequence, the resulting notion is amenable to modular extensions. We prove that a deduction sound implementation of some arbitrary primitives can be extended to include asymmetric encryption and public data-structures (e.g. pairings or list), without repeating the original proof effort. Furthermore, our notion of soundness concerns cryptographic primitives in a way that is independent of any protocol specification language. Nonetheless, we show that deduction soundness leads to computational soundness for languages (or protocols) that satisfy a so called commutation property.

van der Linden, Dirk, Rashid, Awais, Williams, Emma, Warinschi, Bogdan.  2018.  Safe Cryptography for All: Towards Visual Metaphor Driven Cryptography Building Blocks. Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment. :41-44.

In this vision paper, we focus on a key aspect of the modern software developer's potential to write secure software: their (lack of) success in securely using cryptography APIs. In particular, we note that most ongoing research tends to focus on identifying concrete problems software developers experience, and providing workable solutions, but that such solutions still require developers to identify the appropriate API calls to make and, worse, to be familiar with and configure sometimes obscure parameters of such calls. In contrast, we envision identifying and employing targeted visual metaphors to allow developers to simply select the most appropriate cryptographic functionality they need.