Speaker: Ahmad Beirami (Duke University)
Title: Quantifying computational security against brute-force attack
Despite several proposals for alternatives, passwords remain the primary means of securing online accounts in the cloud. The mathematical framework for quantifying the computational security of passwords against brute-force attack is formed by guesswork, which is the number of queries required of an adversary to breach a system by guessing one or more secret strings. In this talk, we define "inscrutability" as the exponential rate of increase in guesswork with respect to the secret string length. We study inscrutability under limited entropy budget and show that finite-memory string sources provide the minimum inscrutability among all such sources. Even worse, we show that hiding the statistics of a finite-memory string source does not increase its inscrutability.
This talk is based on joint work with Robert Calderbank, Ken Duffy, and Muriel Medard.
Ahmad Beirami received his B.Sc. in Electrical Engineering from Sharif University of Technology in 2007 and his M.Sc. and Ph.D. in Electrical and Computer Engineering from Georgia Institute of Technology in 2011 and 2014, respectively. He is currently a Postdoctoral Associate in the Department of Electrical and Computer Engineering at Duke University. Ahmad received the Outstanding Research Award (2014) and the Outstanding Service Award (2014) from the Center for Signal and Information Processing, and the 2013-2014 Graduate Research Excellence Award from the School of Electrical and Computer Engineering at Georgia Institute of Technology. He is also the recipient of the 2015 Sigma Xi Best Ph.D. Thesis Award from Georgia Institute of Technology.