Flexible Models for Secure Systems /
- Author(s): Meiklejohn, Sarah
- et al.
Modern computing and interactions have become increasingly complex over the last decade, resulting in an online ecosystem with many more options for users, but less transparent information about their security and, in particular, their privacy. The resulting gap between security and functionality has given rise to various problems and concerns. While these problems\dash e.g., the spread of malware, data breaches on (supposedly) secure servers, mining of private user data on social networks\ dash might seem quite diverse, many of them revolve around the broader issue of what happens to systems when they get deployed. Systems that may have seemed fully secure in development often fail to fulfill these security goals in the real world, as adversaries may have capabilities that were not taken into account when the system was designed, and even honest users may interact with the system in unexpected ways. In this dissertation, I describe two areas in which this gap between the abstract protocol and the deployed system leads to security concerns that ultimately impact every user of the system. The first area considers what happens when adversaries have unexpected capabilities; in particular, we examine how to model sophisticated attacks on the security of a system, such as side channels and fault injection, and then how to design flexible cryptosystems that can tolerate such attacks. The second area considers the more benign scenario in which users, purely by virtue of their own decisions, may unknowingly cede some of their own privacy. In particular, we examine user anonymity in the Bitcoin network, which is a purely virtual currency that acts as an electronic version of cash. By combining publicly available information with minimal data gathered by hand, we find that an average Bitcoin user is experiencing a fairly low level of anonymity, making Bitcoin ultimately unattractive for criminal activity such as money laundering