Computer Laboratory

Security Group

2002 seminars

Expand all Collapse all

View original page

9 December 11:00Privacy lost / Jonathan Smith, University of Pennsylvania

"...your eyes shall be opened, and ye shall be as gods, knowing good and evil"
— Satan, Genesis III:5

And the eyes of them both were opened, and they knew that they were naked
— Genesis III:7

The increasing interconnection of data sources has led to growing fears that the "end of privacy" (at least as we know it today) is near. This may be the most undesirable long-term outcome of the continuing information revolution.

Since data today are largely stored data, and further, are often collected in a user-controllable manner (e.g., by data entry from a keyboard), various privacy techniques and technologies can be applied. However, in the very near future, ubiquitous low-cost sensors will be introduced into our information networks, and eventually operated collectively, with interesting and perhaps unsettling consequences.

This talk will attempt to expose a subset of the issues and to stimulate thinking on the technologies and their implications. I will close with some speculation on how we, as engineers, might keep society's options open.

View original page

26 November 16:15Anonymity and e-coting without 'cryptography' / Ofer Margoninsky, Hebrew University of Jerusalem

AMPC is a new, encryption free anonymizing network that is efficient to use, and does not require the use of conventional cryptography by the users of the network. The AMPC (Anonymous MultiParty Computation) method uses a variation of Chaum's mixes that utilizes value-splitting to hide inputs, and is secure as long as less then a square root of the servers in the network are compromised. On top of AMPC we have built a new e-Voting protocol, which also does not require the users to use any conventional cryptography, thus 'freeing' the users from the need to rely on the security and integrity of the workstations they use to perform the actual voting. The protocol also provides the voter with a receipt, that ensures the voter that his vote was actually received by the tallier. This new e-Voting protocol uses a new weak signatures building block ('enhanced check vectors') as well as AMPC.

related papers

View original page

19 November 16:15Towards the human firewall &ndashstandards, pitfalls and suggestions / Rossouw von Solms, Port Elizabeth Technikon, South Africa

Information has grown to become the most important asset to most organizations today. To effectively secure these assets, a set of security controls is normally introduced. These controls can be physical, technical or operational of nature. Operational controls are those controls that are executed by employees or users of information, like locking your office door or not writing your password word. Thus, the behaviour of the employees or users are influenced by the operational controls defined. These operational controls are normally dictated through company policies and procedures, which are derived from and based on various standards and frameworks.

The major problem experienced in many organizations today are that the users are not aware of or do not adhere to these policies and procedures. Therefore, educating the users to behave according to the company's information security policies and procedures will ensure that an information security culture will be created in the organization. This security culture will give rise to, what can be called, the human firewall. This human firewall should ensure that all users of information are fully educated as far as information security is concerned and their everyday behaviour, when working with company information, is in line with the prescribed policies and procedures.

This talk describes the role of policies, procedures, standards, frameworks, etc in creating an information security culture in an organization where the behaviour of the users creates a human firewall against information security threats.

View original page

12 November 16:15Model-checking cryptoprocessors(or: why I like the British Museum) / Mike Bond, Computer Laboratory

Design of security APIs is becoming as notoriously hard to get right as design of security protocols. This talk describes the first steps towards developing a formal tool to assist experts in the analysis of security APIs.

The speaker first describes the roots of this work in crypto protocol analysis, and explains the new challenges presented by API analysis. He describes basic approach to formalising APIs, and presents a new tool which can check a formal model of an API against specific properties, for instance: checking a financial API to see if any combination of up to 5 commands can reveal a customer's PIN.

The tool uses birthday attacks and a large helping of brute force to analyse a large subset of an APIs state space. Though the tool can never hope to explore more than a large subset of the API, the speaker believes that interesting attacks do lie within state spaces between 240 and 280 – an area as yet unexplored by existing tools.

View original page

6 November 16:15Smartcard Defence Technology / Simon Moore, Computer Laboratory

The mass adoption of embedded computing devices (mobile phones, PDAs, smartcards, etc) is moving us rapidly into the ubiquitous computing age. If these devices are to be a boon rather than a bane then robustness is critical. Security will be increasingly important, not only for traditional roles like payment mechanisms and access control, but also for peer to peer transactions and new business structures.

Smartcards are an early embodiment of consumer security devices. They present a harder target for the criminal underworld than their magnetic strip counterparts. However, for several years now it has been know that microprocessors can leak a lot of useful information through power and electromagnetic emissions. These emissions (often referred to as "side channels") are characteristic of conventional clocked digital circuit designs. Fault injection techniques have also been used to trick devices into fault modes which leak additional information.

As part of an EU funded project (G3Card) we have been collaborating with industrial and academic partners to develop technologies for the 3rd Generation of Smartcards. In Cambridge we have played both black hat and white hat roles so that we can evaluate what we have designed in much the same way that a good locksmith must also understand how to be a good lock pick. This lecture will review our design strategies, from concept to VLSI implementation. Results will be presented from formal verification of components to bench experiments on naked chips.

View original page

29 October 16:15Viruses – a nightmare waiting to happen? / Stuart Taylor, Sophos

This talk will present a brief history of viruses, how the problem has changed from 15 years ago to the current day with a look at just how large the problem really is in the light of the rapid technological change of the last few years. It will review current viruses and provide a look at what can be expected in the future.

View original page

18 October 16:00The electronic voting enigma: hard problems in computer science / Rebecca Mercuri, Bryn Mawr College

Although it might appear that modern technology should be able to provide secure, auditable, anonymous elections, this turns out to be a difficult problem for computer scientists. Vote collection and tabulation involves processes for system security, program provability, user authentication, and product reliability, all of which harbor inherent flaws. These matters are further compounded by sociological and legal technicalities – such as the prevention of vote-selling and protection from denial-of-service attacks. This talk will address these subjects from a computer science standpoint, focusing on those which are considered to be "hard" (the CS word for "presently unsolvable"). Although these computer systems can not achieve all desired election goals, suggestions will be made regarding design enhancements which, if implemented, could improve these devices to the point where they are almost as good as mechanical lever machines and hand-counted paper ballots.

Related:

View original page

15 October 17:00I know your PIN (PIN recovery attacks) / Jolyon Clulow, Prism

A number of efficient attacks against the typical financial API of tamper responding security modules will be presented. This allows the recovery of the PIN from an encrypted PIN block. These attacks succeed against the state of the art security modules of all major vendors, and are computationally trivial requiring between a few seconds and a couple of minutes. Some real world attack scenarios are also presented highlighting the potential for fraud.

dissertation, slides

View original page

1 October 16:15Verifiable democracy / Yvo Desmedt, Florida State University

Lecture Theatre 2, William Gates Building

The concept of digital signatures is supposed to replace handwritten ones. Verifiable Democracy is the virtual version of handwritten legislature. It seems that the concept of Threshold Signatures addresses this. (In threshold signatures the secret key is distributed so that only authorized subsets can combine their shares to form a signature. Any non-authorized subset gains no information about the signature.) However, a problem that occurs is that-even in the case of virtual legislature-lawmakers may be absent. In many democratic organizations the number of users vary temporally and so the meaning of what a majority is. The manner in which a legislature votes is similar to a threshold signature scheme, and the power to sign is similar to possessing shares to sign. The fact that members are absent implies the need for transfer of power to sign. Schemes for redistribution shares have been developed. However, these solutions require parties to delete their shares, which is often an unrealistic assumption. Here we provide a model for democratic bodies and solve the related problem of assuring an orderly and verifiable transfer of power as the size of the body varies. This presentation is based on joint work with Brian King and will be presented at eGOV (September 2–6).

View original page

17 September 16:15Laser radiation – a tool for integrated circuit examination and interference / Peter Skorobogatov, SPELS, Moscow

Lecture Theatre 2, William Gates Building

This talk presents research results on the effects of irradiating semiconductor devices (SD) and integrated circuits (IC) with lasers. We show that the adequate simulation of the phenomena occuring requires the joint numerical solution of both the optical equations as well as the fundamental semiconductor physics equations in a two-dimensional approximation. Simulations with our "DIODE-2D" software have shown that laser irradiation can be an effective tool for SD and IC investigation and influencing. It may be used to ionize separate components to define their reaction or change state. The numerical simulation helps to identify optimal laser-beam parameters, such as the wavelength, pulse width, location etc. Numerous examples presented will illustrate the capabilities of SD and IC laser irradiation.

View original page

17 September 15:00Exploiting EM emanations and using templates for sidechannel attacks / JR Rao, IBM Thomas J. Watson Research Center, NY

Lecture Theatre 2, William Gates Building

In the first part of this talk, I will present results of a systematic investigation of leakage of compromising information via electromagnetic (EM) emanations from CMOS based devices. This information leakage differs substantially from and is more powerful than leakage from other conventional side-channels such as timing and power. EM emanations are shown to consist of a multiplicity of compromising signals, each leaking somewhat different information. Our experimental results confirm that some of these signals could individually contain enough leakage to defeat countermeasures against other side- channels such as power. In the second part of this talk, I will present a new form of side channel attacks which we call template attacks. These attacks can break implementations and countermeasures whose security is dependent on the assumption that an adversary cannot obtain more than one or a limited number of side channel samples. They require that an adversary has access to an identical experimental device that he can program to his choosing. In contrast to previous approaches which viewed noise as a hindrance that had to be reduced or eliminated, our approach focuses on precisely modeling noise, and using this to fully extract information present in a single sample. I will present a case study where we use this approach to extract keys from an implementation of RC4.

View original page

3 September 16:15Physical one-way functions / Ravi Pappu, ThingMagic LLC

Lecture Theatre 2, William Gates Building

Modern cryptographic practice rests on the use of one-way functions, which are easy to evaluate but difficult to invert. Unfortunately, commonly used one-way functions are either based on unproven conjectures or have known vulnerabilities. We show that instead of relying on number theory, the mesoscopic physics of coherent transport through a disordered medium can be used to allocate and authenticate unique identifiers by physically reducing its microstructure to a fixed-length string of binary digits. These physical one-way functions (POWFs) are inexpensive to fabricate, prohibitively difficult to duplicate, admit no compact mathematical representation, and are intrinsically tamper-resistant. We provide a simple authentication protocol based on the enormous address space that is a principal characteristic of physical one-way functions.

A majority of this work was done while the speaker was at the MIT Media Laboratory.

View original page

18 August 15:00Verifiable secret redistribution / Chenxi Wang, Carnegie Mellon University

Lecture Theatre 2, William Gates Building

Threshold sharing schemes provide fundamental building blocks for secure distributed computation and the safeguarding of secrets. Since its invention, many enhancements to threshold secret sharing have been proposed. Proactive Secret Sharing, for example, provide enhanced protection by updating the shares periodically in a distributed fashion. Traditionally, PSS schemes retain the same set of shareholders and the same access structure across updates. A more general problem is the redistribution of shares between different (possibly disjoint sets of) shareholders and different access structures. We study this generalization and present a new protocol that performs verifiable secret redistribution between arbitrary shareholders and across arbitrary access structures. We also identify a vulnerability in the previous protocols that allows faulty shareholders to distribute invalid shares to new shareholders, and we prove the security of our scheme with an information-theoretic security proof.

Technical Report

View original pageView slides/notes

12 June 16:15Electromagnetic eavesdropping on computers / Markus Kuhn, Computer Laboratory

The traditional techniques for remote unauthorized access to private and confidential information – tapping communication links, code breaking, impersonation – become increasingly infeasible as the use of modern cryptographic protection techniques proliferates. Those in the business of obtaining information from other people's computers without consent – criminals and spies, intelligence agency and law enforcement technicians, private detectives, market researchers – are therefore increasingly looking for alternative eavesdropping techniques. One class of alternatives utilises those unintentional information leaks caused by the physical/analog underlying processes in computers and peripherals that can be sensed, amplified and decoded at a distance.

This talk provides an introduction, overview and demonstration of electromagnetic and optical passive eavesdropping techniques for personal computers, focusing in particular on video display units. It will present new techniques for eavesdropping liquid-crystal and cathode-ray tube displays and will discuss the information-security threat posed by these, along with simple new protective measures.

Slides

View original pageView slides/notes

11 June 14:15Digital identity & profile management – the right way / Stefan Brands, Credentica

Lecture Theatre 2, William Gates Building

Applications that involve the electronic transfer of credentials, profile data, and other sensitive information are quickly gaining momentum. Initiatives such as E-Government and Network Identity are attempts to facilitate information exchanges beyond the traditional confines of private networks. Today's prevalent methods for secure electronic authentication rely either on Kerberos-style authentication or on PKI based on digital identity certificates, both of which were invented a quarter of a century ago, at the dawn of modern cryptography. In particular, they were designed to secure primarily non-open organizational environments, such as enterprise intranets and inter-government communication. Within the context of today's emerging open information infrastructures, however, symmetric authentication and digital identity certificates do at best a mediocre job of protecting security, introduce a host of performance problems, and have devastating consequences for privacy. Amongst others, they fundamentally do not offer any of the following: software-only protection against lending of access rights; role-based access; the ability to disclose the minimal information needed to a verifier; the ability of verifiers to hide competitive data from online status validators; limited-use instances of certified information; non-repudiation even in the presence of malicious central parties; and, reverse (or negative) authentication. As a result, they expose organizations to potentially unlimited liability, lead to consumer fear, and stifle the adoption of new systems. This presentation will show a much better way of doing authentication and access control in Digital Identity and Profile Management systems, based on scientific advancements in electronic authentication made over the past 25 years.

ABOUT THE AUTHOR: Dr. Stefan Brands is one of leading cryptographic experts on the subject of electronic authentication. His book Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy has been widely acclaimed by prominent privacy advocates, security experts, and legal experts, and its subject matter is taught at universities around the world. Dr. Brands is an adjunct professor at McGill's School of Computer Science in Montreal, and is the founder of Credentica. Incorporated in January 2002, Credentica's mission is to provide superior software solutions for transaction systems that involve digital identity and profile management.

View original page

28 May 16:15Isn't Kerberos boring? / Paul Leach, Microsoft

Lecture Theatre 2, William Gates Building

Kerberos is old technology — started over 15 years ago, and based on fundamentals first published almost 25 years ago. It first showed up in Windows as part of Windows 2000, and continues to be its central authentication technology. What could be interesting about it today?

View original pageView slides/notes

21 May 16:15Emerging problems in digital evidence / Peter Sommer, CSRC/LSE

Lecture Theatre 2, William Gates Building

Computer Forensics is now over a decade old. While disk forensics operates at very high standards of evidence preservation and analysis, other forms of digital evidence do not. What standards should we expect and apply to the output of mainframe computers, or from complex systems, or to logs of intercepted network traffic? The search for answers requires us to look at the fundamentals of "forensic science" and how far its aims may be different from those of conventional scientific activity. "Proof" in the court-room is quite different from "scientific" proof; and engineering notions of "reliability" different again from "legal" reliability. We also need to understand some of the quirks of admissibility as well as the practicalities of what happens in the run up to a trial as well as in a trial itself.

Slides (ppt, pdf)

View original pageView slides/notes

14 May 16:15An advanced beginners guide to frauds and scams and some countermeasures / Jack Lang, Computer Laboratory

Lecture Theatre 2, William Gates Building

Any security system needs to consider likely threats. This seminar is a brief introduction and survey of frauds and scams, with some remarks on simple, and often non-technical, common sense countermeasures that are so often neglected.

View original page

7 May 16:15Internet voting: fool's gold? / Jason Kitcat

Lecture Theatre 2, William Gates Building

Internet Voting has been hailed as a solution to the increasing malaise we are experiencing in politics and democratic engagement, especially among 'young people'. I'll be exploring:

  • Why Internet Voting is unlikely to improve turnout.
  • Why so many companies are trying to offer Internet Voting services and what sorts of security they're offering.
  • How GNU.FREE differs from commercial Internet Voting solutions.
  • Is secure and private Internet voting possible?

Finally I'll run through some issues of security perception versus reality and why using Free Software can help non-technical people trust technology.

View original pageView slides/notes

30 April 16:15MIST: a randomised exponentiation algorithm for reducing side channel leakage / Colin Walter

Lecture Theatre 2, William Gates Building

Additional notes: View slides/notes

Recent attacks using differential power analysis (DPA) have shown how good equipment and poor implementation might be applied to break a single use of RSA on a smart card. The attacks are based on recognising the re-use of operands in the standard square-and-multiply, m-ary or sliding windows exponentiation schemes. A new algorithm is presented which avoids such operand re-use and consequently provides much greater resistance to DPA. It is based on generating random addition chains. Unlike the easier process of generating addition/subtraction chains (which have been applied to ECC), the algorithm does not require the computation of an inverse, and so is also applicable to RSA.

The talk will concentrate on two aspects of the algorithm, namely its efficiency and its security against side channel leakage. The former establishes performance akin to that of 4-ary exponentiation. The latter will assume the attacker can distinguish between squares and multiplies, and perhaps recognise re-use of operands. Under such attacks, it still appears to be computationally infeasible to recover the secret exponent.

handout, slides

View original page

12 March 16:15Middleware security - current research and future work / Ulrich Lang, Computer Laboratory/ObjectSecurity Ltd.

Lecture Theatre 2, William Gates Building

This talk introduces a new middleware security model with access policies based on "resource descriptors". These are necessary because the available cryptographic identities only represent software entities at the middleware layer, but not individual application-layer clients or targets. As a result, additional descriptors are needed to express fine-grained policies. Useful descriptors need to fulfil properties such as uniqueness and persistency. We obtain such descriptors through a mapping process from instance information to resource descriptors.

As part of the EU funded research project Component Based Open Source Architecture for Distributed Telecom Applications (COACH), we plan to implement and evaluate component based distributed systems (CORBA components and Enterprise Java Beans) for the telecommunications domain. This includes the design and implementation of a security architecture for these new requirements and provides opportunities for interested students and researchers to join the project.

View original page

19 February 16:15The challenges of international cybercrime investigations / Nigel Jones, National High-Tech Crime Training Centre

Lecture Theatre 2, William Gates Building

The use of technology by criminals is impacting at an unprecedented scale the ability of the police to fulfill their role in society. Almost any crime may now have a digital aspect, from the very simple distribution of illegal material to murder.

Nigel Jones has recently retired from the Kent Police Computer Crime Unit and is currently developing training programmes for cybercrime investigators and forensic computer analysts. He has been closely involved with the topic at a national level within ACPO and at an international level within European Commission high-tech crime discussions and those in the Lyon Group of the G8.

He will talk about what constitutes cybercrime and present some real life cases to show the type of difficulties that investigators encounter, including issues such as disclosure, forensic examination of seized computers, and the practical effects of the Human Rights Act on law enforcement's ability to conduct investigations. He will also discuss the issues of data retention and preservation, along with the challenges posed to law enforcement by EU data protection legislation.

The talk aims to show how working police officers are (sometimes) managing to gather evidence, despite all the challenges they face.

View original page

12 February 16:15Location privacy in the next generation internet / Alberto Escudero-Pascual, Royal Institute of Technology, Stockholm

Lecture Theatre 2, William Gates Building

The Internet was not engineered to preserve privacy and is rapidly becoming "the" communication network. European Union policies on data protection demand a better understanding of the tradeoffs between the benefits and privacy risks of new Internet technology.

Maintaining location or traffic information confidential like the transmitted data are key provisions of the new European regulatory framework for electronic communications infrastructure. The EU aims to adapt and update the existing Data Protection Directive to take into account new technologies and to empower users to control their personal information. However, it is not well understood how this policy and the underlying Internet technology can be brought into alignment. For example, the current IPv6 method of automatic device configuration results in a readily observable and recognizable identifier, in spite of a roaming user.

This talk will present a number of privacy threats in the next generation Internet and the ongoing efforts in the research community to handle them, focusing on RFC3041 and location privacy in (hierarchical) MobileIPv6.

View original page

29 January 16:15The psychology of identification / Graham Pike, Faculty of Social Sciences, The Open University

Lecture Theatre 2, William Gates Building

Humans have an extraordinary ability to recognise faces and can do so despite changes in viewing angle, lighting, age and hairstyle. This should make human operators very successful at detecting the fraudulent use of photo-id and -credit cards, at recognising the perpetrator of a crime and at matching the face of a suspect to video surveillance footage.

However, psychological research has shown that we tend to make very inaccurate eyewitnesses and, more surprisingly, cannot even perform the simple matching tasks involved with checking photo-cards and identifying suspects from CCTV footage. This has led to the conclusion that we are good at processing 'familiar' faces and poor at processing 'unfamiliar' faces.

The current talk looks at the results of research that has examined face identification in a forensic setting and compares the ability of human operators to the specifications set-down for computerised systems.

View original page

15 January 16:15Digital signatures - experiences and solutions regarding their use / Andreas Bertsch, SIZ - German Savings Banks IT Center

Seminar Room 3 (FW26), William Gates Building

Digital signatures are a basic technology for secure e-business, but only if the following issues are addressed, so that relying parties can trust in digitally signed statements.

One problem area is the validation of digital signatures. It cannot be guaranteed that the result is independent of the time of checking. Similarly, it is not clear whether the validity of digital signatures can be checked at any future time. Moreover, the delivery risks of digitally signed messages are not distributed according to the responsibilities of sender and recipient.

For these reasons, alternative and more comprehensive solutions are necessary. One area is to support that declarations of intent become binding at a point in time that is fair towards both the signer and the verifier.

This talk is based on problems and experiences with digital signatures analysed in the context of the German Digital Signature Act and Ordinance. It should be interesting to discuss some of these proposals in a European context.

Book