Microsoft, Apple, and every maker of mobile and desktop apps on the planet all have a problem: The moment they issue a security “patch,” or an update to their software designed to plug a hole that could be exploited by hackers, those same hackers work feverishly to reverse-engineer that patch in order to figure out what vulnerability it’s designed to stop. Armed with that knowledge, malicious hackers can then attack whatever PCs, servers or mobile phones have yet to update their software with the new patch.
“It can take days or months for a patch to reach most of the vulnerable machines,” says Amit Sahai, a professor of computer science at UCLA. And while this wasn’t specifically the problem Sahai set out to solve when he embarked on his latest research in cryptography, it’s one of the many potential implications of the ground-breaking work he and his team have just unveiled.
What Sahai and a team of researchers at UCLA, IBM Research, and UT-Austin have created is a method for encrypting software and running it in that encrypted state. In the past, researchers have known that it’s possible to encrypt messages (this is how all secure communication on the web, bank transactions, etc. work) but it was not known whether or not it was possible to encrypt software in a way that it could still run even without being decrypted. Sahai’s “mathematical jigsaw puzzle” approach accomplishes this and, he says, adds a whole new class of protectable secret to the world of cryptography.
SOURCE: qz.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…