http://qz.com/109999/a-breakthrough-in-cryptography-could-thwart-a-favorite-attack-of-hackers/
By Christopher Mims
Quartz
July 30, 2013
Microsoft, Apple, and every maker of mobile and desktop apps on the planet
all have a problem: The moment they issue a security "patch," or an update
to their software designed to plug a hole that could be exploited by
hackers, those same hackers work feverishly to reverse-engineer that patch
in order to figure out what vulnerability it’s designed to stop. Armed
with that knowledge, malicious hackers can then attack whatever PCs,
servers or mobile phones have yet to update their software with the new
patch.
"It can take days or months for a patch to reach most of the vulnerable
machines," says Amit Sahai, a professor of computer science at UCLA. And
while this wasn’t specifically the problem Sahai set out to solve when he
embarked on his latest research in cryptography, it’s one of the many
potential implications of the ground-breaking work he and his team have
just unveiled.
What Sahai and a team of researchers at UCLA, IBM Research, and UT-Austin
have created is a method for encrypting software and running it in that
encrypted state. In the past, researchers have known that it’s possible to
encrypt messages (this is how all secure communication on the web, bank
transactions, etc. work) but it was not known whether or not it was
possible to encrypt software in a way that it could still run even without
being decrypted. Sahai’s "mathematical jigsaw puzzle" approach
accomplishes this and, he says, adds a whole new class of protectable
secret to the world of cryptography.
"The basic scientific question here is, what type of things can have
secrets?" says Sahai. "People can have secrets -- if you don’t tell me
something, that’s a secret. And if you encrypt a message, that’s a secret.
But can a piece of software have a secret? Can you have a computer agent
that goes from one computer to another computer, that is just code, that
moves around with its own secrets? Is that even possible?"
[...]
--
Find the best InfoSec talent without breaking your budget!
Post a Job! $99 for 31 days
http://www.hotinfosecjobs.com/
