Skip to main content

Seminar:  SafeSlinger: Easy-to-Use and Secure Public-Key Exchange

Date:April 7, 2014 
Talk Title:SafeSlinger: Easy-to-Use and Secure Public-Key Exchange
Speaker:Michael Farb
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh

Abstract

How can we start a trusted relationship between people, on the fly, without people having sophisticated knowledge of security protocols?

Historically, researchers have tried a few approaches to this problem. People may meet to digitally sign each other’s PGP keys, or perhaps use a trusted third party such as a certificate authority.  However, the former requires all parties to have some sophisticated knowledge of security protocols, and the latter requires considerable investment in infrastructure and administration.  Neither are a good fit for small spontaneous groups.

SafeSlinger is the result of research into several protocols, designed to subvert the bane of public-key cryptography, the man-in-the-middle attack.  This solution easily bootstraps secure communication in-person with a device most people already own - their phone. SafeSlinger is designed to allow users to securely exchange any data, such as a public key, for later use. When users run SafeSlinger, they enter a pair of short numbers and confirm a 3-word phrase matches that displayed by other users' phones.

I will present the architectural details of how this trust is established, and discuss the engineering choices made as a result of a cross-platform implementation.

Speaker Bio

Michael W. Farb joined Carnegie Mellon CyLab as a Research Programmer in 2010. He received his BA from Beloit College in 1995, and as a mobile device software developer, has worked in publishing, transportation, and security. While at NuvoMedia, a pioneering digital publisher of the late 90's, Michael created software to manufacture their Rocket eBook reading devices. At FedEx Ground, Michael built mobile software for 3 generations of pickup and delivery scanners, and created mobile applications to replace mainframe processes that manage delivery quality. He now is working with researchers at CyLab to provide smartphone end-users with practical solutions for securely exchanging their identity data.

 

Current research: