Series ended Lecture
Why Authentication Protocols Fail

About the series

Lecturer: John Viega, Chief Technology Officer and Founder of Secure Software

As widespread as authentication systems are, they are still one of the biggest sources of risk in information systems, even in those systems that try to avoid passwords, such as the SSL protocol. We will look at several deployed systems with unnecessary security risks, and examine principles for fixing these problems. Additionally, we show a new way of modeling authentication that leads to simple, efficient and obviously correct protocols. We use this technique to derive several novel and provably secure protocols, including a mutually authenticating key exchange that requires only two messages and a protocol that provides forward secrecy without need for expensive public key operations.

About the Lecturer:
John Viega, Chief Technology Officer and Founder of Secure Software (www.securesoftware.com), is co-author of several books on software security, including the Secure Programming Cookbook for C and C++ (O'Reilly) and Building Secure Software (Addison-Wesley). John is responsible for numerous software security tools, and is the original author of Mailman, the GNU mailing list manager. He holds a B.A. and an M.S. in Computer Science from the University of Virginia.

Past events in this series

March 9, 2004, 4:00 p.m. – 5:00 p.m.