Department of Computer Science and Technology

Security Group

2000 seminars

Expand all Collapse all

View original page

29 November 16:15Model checking security properties of cryptographic protocols / Marcelo Fiore, University of Cambridge

Babbage Lecture Theatre

I will consider the problem of automatically verifying cryptographic protocols. In particular, I will present an algorithm that, given a finite process describing a protocol in a hostile environment, computes a model in which security and authentication properties can be checked. This algorithm, I hope, will serve as the basis for a verification tool.

View original page

21 November 16:15A nested mutual authentication protocol / Dave Otway, Citrix Research

Room TP4, Computer Laboratory

This authentication protocol is a generalisation of the Otway-Rees protocol in which the common challenge is replaced by component nesting so that it can be applied to object-based, client-server chains involving any number of objects and principals. Each object in a chain, whether acting in a client or server role, handles authentication with its neighbours, without any need to be aware of the resultant global behaviour. Session keys are returned by an authentication server which services a client-server chain as a whole: nested requests are built along the forward chain; the final server presents the whole package to the authentication server; and nested responses containing session keys are delivered back down the chain.

View original page

15 November 16:15Locality, independence and linearity / Glynn Winskel, Cambridge University

Babbage Lecture Theatre, New Museums Site

Starting with a process language for cryptographic protocols and a semantics designed to support reasoning about secrecy and authentication, I'll illustrate the roles of locality, independence and linearity in understanding and reasoning about distributed processes. This will lead on to a sketch of the broader research interests of myself and students.

View original page

14 November 16:15Living with rip / Charles Lindsay, University of Manchester

Room TP4, Computer Laboratory

The passage of the Regulation of Investigatory Powers Act through parliament was the occasion of much controversy, especially as regards its provisions relating to cryptography. It appeared that it breached the European Convention on Human Rights at many points, and that the possibility of having their private keys seized would drive many E-commerce businesses overseas. In the event, the Act was amended to mitigate the worst excesses, with the simultaneous introduction of much window dressing. Nevertheless, many lesser problems remain, which may or may not be addressed in the Code of Practice. Since the implementation of that part of the Act has now been postponed for a year, we may have to wait some considerable time before the full picture becomes clear.

View original page

7 November 16:15Security attributes in corba / Ulrich Lang, University of Cambridge

Room TP4, Computer Laboratory

This talk discusses the difficulties of describing an appropriate notion of the security attributes 'caller' and 'target' in object-oriented middleware systems such as CORBA.

View original page

31 October 16:15Practical traceability 101 / Richard Clayton, University of Cambridge

Room TP4, Computer Laboratory

The Internet and its protocols provide methods by which it is possible to locate the person or machine responsible for a particular action. In many ways, "traceability" should be seen as the opposite of "anonymity".

View original page

24 October 16:15Auctions over anonymous networks / George Danezis, University of Cambridge

Room TP4, Computer Laboratory

The most popular way to attack protocols that provide anonymity to the participants is to use the provided anonymity to cheat. It is then very difficult to trace the cheaters and special mechanisms must be present in the protocols to help with that task. We will discuss the example of anonymous auctions and the various ways participants can cheat. We will refine the proposed protocols to support "identity escrow", so that the identity of the cheaters can be revealed, by a third party, if the protocol has not been followed.

View original pageView slides/notes

17 October 16:15Two new signature schemes / Ron Rivest, MIT

Room TP4, Computer Laboratory

We describe two new signature schemes with interesting algebraic properties.

View original page

10 October 16:15Do we have enough accidents? / John Adams, University College London

Room TP4, Computer Laboratory

Risk management is often done badly. Directly perceptible risks are dealt with instinctively and intuitively, but when the science is inconclusive people are liberated to argue from pre-established beliefs, convictions and prejudices. When unconfirmed hypotheses - `virtual risks' - get mistaken for risks about which science has clear and useful advice to offer, much confusion results.

View original page

3 October 16:15The xenoservice - a distributed defeat for distributed denial of service / Jianxin Yan, Stephen Early, University of Cambridge

Room TP4, Computer Laboratory

Distributed Denial of Service attacks have become a serious problem since the second half of 1999. They are a manifestation of what economists call the `tragedy of the commons': while everyone may have an interest in protecting a shared resource (Internet security), individuals have a stronger motive to cheat (connecting insecure computers). So we doubt that some of the proposed technical countermeasures will work, as they take insufficient account of economic forces. In this talk, we discuss the XenoService, a possible remedy.

View original page

27 June 16:15Telecomms fraud - no 'them' and 'us' any more / Richard Cox, Mandarin Technology

Room TP4, Computer Laboratory

Once upon a time there was the GPO, who were required by law to run all the Nation's communications - be they written, telegraph or voice. Fraud was easy to perpetrate in those days because of the somewhat crude methods used to control the switched network. Nowadays BT, who inherited the role the GPO held as the provider of Universal Service for telephony and telex, are but one of over 200 licensed network operators: and all of these are to some extent at risk of becoming victims of fraud.

View original page

23 June 13:00Information warfare in the 21st century / Whitfield Diffie

Room TP4, Computer Laboratory

The early years of the 21st century will be dominated by explosive expansion of communications. The bandwidth, flexibility (particularly mobility), and range of services available will support an electronic commerce to which the currenty hype cannot do justice. Society's resulting dependence on this resource will make it the target of first resort in future conflicts, continuing the 20th century trend toward involvement of civilian populations.

View original page

20 June 16:15Revisiting protocol modelling / Susan Pancho, Computer Laboratory

Room TP4, Computer Laboratory

Most of the existing work on security protocol analysis concentrates on finding guarantees of correctness. In some cases, analysis using one tool may find a ``new'' flaw that was not detected by another tool. Such results are sometimes attributed to the use of more rigorous tools.

View original page

13 June 16:15Mimesis - operating system support for confined execution environments / Stephen Early, Computer Laboratory

Room TP4, Computer Laboratory

Any program can create an environment in which to run another program, controlling every aspect of its operation. Trivially, but inefficiently, this can be done by binary emulation. More usefully, most current processors provide sufficient support for confined programs to be executed natively.

View original page

6 June 16:15Electronic commerce: who carries teh risk of fraud? / Ian Brown, University College, London

Room TP4, Computer Laboratory

`Non-repudation' is a favourite buzzword in e-commerce discussions, and a major part of much new digital signature legislation. But its use outside its original security context is riven with problems. This talk looks at the technical, usability, and legal difficulties associated with non-repudiation in the real world, and their effect on the allocation of risk in e-commerce. Banks have successfully moved the risk of online credit card transactions to merchants. Can they shift banking risk to consumers so easily?

View original page

2 June 16:00Security in an international electronic payment system (4pm) / Marijke De Soete, Europay International

Room TP4, Computer Laboratory

Europay is an international payment scheme with over 220 million cards licensing the brands Maestro, Cirrus, Eurocard and Eurocheque. It is currently migrating its magstripe-card based system to chipcard technology. The talk will highlight the security architecture of the new debit-credit system which is based on the so-called EMV (Europay-Mastercard-Visa) specifications. Furthermore the PKI will be presented which supports the offline chipcard authentication method.

View original page

9 May 16:15Hardware security modules in electronic commerce / Nicko van Someren, nCipher

Room TP4, Computer Laboratory

In this talk we will look at the cryptographic requirements for electronic commerce and how hardware security modules (HSMs) can help address these needs. We will examine the threat models and security policies commonplace in e-commerce and we will look at how various types of HSMs can help. We will then look at how existing HSMs could be improved to provide more secure solutions in the future.

14 March The clash between users' and security departments' perceptions / Anne Adams, Middlesex University

View original page

7 March 17:00Codebreaking in the cold war / Christopher Andrew, University of Cambridge

Hopkinson Lecture Theatre, Computer Laboratory

No history of the Second World War nowadays fails to mention the important role of signals intelligence (SIGINT) . By contrast, SIGINT is entirely absent from most studies of the Cold War. Newly declassified material in the West, as well as highly classified material exfiltrated from KGB archives by Vasili Mitrokhin, shows, however, that SIGINT continued to play a major role. The KGB supplied the Soviet leadership throughout the Cold War with far more high-grade diplomatic SIGINT (including decrypts from major NATO governments) than they could possibly read. In many cases agent penetration was able to resolve the problems caused by the increasing complexity of cipher systems. Among the revelations in recently declassified Western SIGINT is the identification of a Cambridge scientist as the youngest major spy of the twentieth century.

View original page

29 February 16:15Senss bruce - developing a tool for secure bulk systems integrity-checking / Alec Muffett, Sun Professional Services

Room TP4, Computer Laboratory

`SENSS Bruce' is a new security tool, being made available for free by Sun Microsystems, under the terms of the Sun Community Source License. Bruce provides a high-integrity, highly-trustworthy, hierarchical and scalable framework for pro-active security/integrity checking on an network-wide basis. This presentation will describe Bruce's design, functionality, and cover the benefits and weaknesses of Java, which was used as the platform for implementing Bruce.

View original page

15 February 16:15Distributed authorisation for enterprises / Vijay Varadharajan, Microsoft Research

Room TP4, Computer Laboratory

As organisations migrate to a distributed computing environment, the administration of security policies, in particular authorisation policies, becomes increasingly important. In this talk, we will consider some issues involved in the design of an authorisation system for distributed systems. We will discuss some of the architectural principles involved and consider an authorisation policy language and give some examples of policy specifications. We will conclude the talk by looking at some further work in this area.

View original page

8 February 16:15The shadow of your soul / Alastair Kelman, LSE

Room TP4, Computer Laboratory

The term `data shadow' covers the concept that combining different types of records (toll records, credit records, bank records, health records etc) can elicit additional information, a data shadow, which can track the life of an individual. Now in 2030 our society is managed in every aspect by shadow watching - said to be `the most significant tool for the maintenance of law and order by the European army and for the selling of Government services' (Prime Minister Sir Chris Evans Guildhall speech - January 2029 ).

View original page

8 February 14:00Secure and selective dissemination of xml documents / Elisa Bertino, Universita' degli Studi di Milano

Microsoft Research, Cambridge

XML (eXtensible Markup Language) has emerged as a relevant standard for document representation and exchange on the Web. It is often the case that XML documents contain information of different sensitivity degrees, which must be selectively shared by (possibly large) user communities. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for XML documents. Mechanisms are also required enabling a secure and selective dissemination of documents to users, according to the authorizations that these users have. In this talk, we first define a model of access control policies for XML documents. Policies that can be defined in our model take into account both user profiles, and document contents and structures. We also describe an approach, which essentially allows one to send the same document to all users, and yet to enforce the stated access control policies. Our approach consists of encrypting different portions of the same document according to different encryption keys, and selectively distributing these keys to the various users according to the access control policies. We show that the number of encryption keys that have to be generated under our approach is minimal.

View original page

1 February 16:15The interaction between fault tolerance and security / Geraint Price, CCSR University of Cambridge

Room TP4, Computer Laboratory

Most existing work which merges Fault Tolerance into Security concentrates on using fault tolerance as a means of bolstering a server's resilience to external attack. The most notable of this work is carried out by Reiter on Rampart.