Tuesday, February 4, 2014

Cryptography Breakthrough Could Make Software Unhackable

Image: INTVGene/Flickr 

As a graduate student at the Massachusetts Institute of Technology in 1996, Amit Sahai was fascinated by the strange notion of a “zero-knowledge” proof, a type of mathematical protocol for convincing someone that something is true without revealing any details of why it is true. As Sahai mulled over this counterintuitive concept, it led him to consider an even more daring notion: What if it were possible to mask the inner workings not just of a proof, but of a computer program, so that people could use the program without being able to figure out how it worked?

 The idea of “obfuscating” a program had been around for decades, but no one had ever developed a rigorous mathematical framework for the concept, let alone created an unassailable obfuscation scheme. Over the years, commercial software companies have engineered various techniques for garbling a computer program so that it will be harder to understand while still performing the same function. But hackers have defeated every attempt. At best, these commercial obfuscators offer a “speed bump,” said Sahai, now a computer science professor at the University of California, Los Angeles. “An attacker might need a few days to unlock the secrets hidden in your software, instead of a few minutes.”

Secure program obfuscation would be useful for many applications, such as protecting software patches, obscuring the workings of the chips that read encrypted DVDs, or encrypting the software controlling military drones. More futuristically, it would allow people to create autonomous virtual agents that they could send out into the computing “cloud” to act on their behalf. If, for example, you were heading to a remote cabin in the woods for a vacation, you could create and then obfuscate a computer program that would inform your boss about emails you received from an important client, or alert your sister if your bank balance dropped too low. Your passwords and other secrets inside the program would be safe.

“You could send that agent into the computing wild, including onto untrusted computers,” Sahai said. “It could be captured by the enemy, interrogated, and disassembled, but it couldn’t be forced to reveal your secrets.”

For the rest of the story: http://www.wired.com/wiredscience/2014/02/cryptography-breakthrough/

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...