Computer Laboratory

Security Group

2014 seminars

Expand all Collapse all

If you can't find a talk you are looking for on this page, try the old archives.

View original page

30 September 14:00Bitcoin as a source of verifiable public randomness / Joseph Bonneau, Center For Information Technology Policy, Princeton

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Many security protocols can be strengthened by a public randomness beacon: a source of randomness which can be sampled by anybody after time t, but is strongly unpredictable to anybody prior to time t. Applications include public lotteries, election auditing, and multiple cryptographic protocols such as cut-and-choose or fair contract signing. Until recently, all proposals for instantiating a beacon either rely on a trusted third party (such as the NIST beacon or random.org) or have difficult-to-evaluate security properties (such as hashing stock market data). In this talk we introduce a new construction for building a beacon based on Bitcoin's block chain. This beacon outputs 64 bits of min-entropy every 10 minutes on average and we can prove strong financial lower bounds on the cost of manipulating the output which are at least in the tens of thousands of dollars. We discuss constructions for building a manipulation-resistant lottery, a new security construction, on top of this primitive which can make attacks even more expensive. Finally, we discuss a number of interesting smart contracts that can be efficiently implemented by extending Bitcoin script to enable sampling the beacon output, including secure multi-party lotteries and self-enforcing non-interactive cut and choose.

*Bio:*
Joseph Bonneau is a Postdoctoral Research Fellow at the Center for Information Technology Policy, Princeton. His research interests include passwords and web authentication, Bitcoin and cryptocurrencies, HTTPS, and secure messaging software. He received a PhD from the University of Cambridge under the supervision of Ross Anderson and an MS from Stanford under the supervision of Dan Boneh. He has worked at Google, Yahoo, and Cryptography Research Inc.

View original page

23 September 14:00DP5: Privacy-preserving Presence Protocols / Ian Goldberg, University of Waterloo [currently on sabbatical at the University of Cambridge]

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Users of social applications like to be notified when their
friends are online. Typically, this is done by a central server keeping
track of who is online and offline, as well as of the complete friend
graph of users. However, recent NSA revelations have shown that address
book and buddy list information is routinely targetted for mass
interception. Hence, some social service providers, such as activist
organizations, do not want to even possess this information about their
users, lest it be taken or compelled from them.

In this talk, we present DP5, a new suite of privacy-preserving presence
protocols that allow people to determine when their friends are online
(and to establish secure communications with them), without a
centralized provider ever learning who is friends with whom. DP5
accomplishes this using an implementation of private information
retrieval (PIR), which allows clients to retrieve information from
online databases without revealing to the database operators what
information is being requested.

*Bio:*
Ian Goldberg is an Associate Professor of Computer Science and a
University Research Chair at the University of Waterloo, where he is a
founding member of the Cryptography, Security, and Privacy (CrySP)
research group. His research focuses on developing usable and useful
technologies to help Internet users maintain their security and privacy.
He is a Senior Member of the ACM and a winner of the Electronic Frontier
Foundation's Pioneer Award. He is currently on sabbatical as a Visiting
Fellow at Clare Hall, University of Cambridge.

View original page

10 September 13:00Micro-Policies: A Framework for Tag-Based Security Monitors / Benjamin C. Pierce, University of Pennsylvania

FW26, Computer Laboratory, William Gates Building

*Abstract:*
Current cybersecurity practice is inadequate to defend against the
threats faced by society. A host of vulnerabilities arise from the
violation of known—-but not enforced—-safety and security policies,
including both high-level programming models and critical invariants of
low-level programs. Unlike safety-critical physical systems (cars,
airplanes, chemical processing plants), present-day computers lack
supervising safety interlocks to help prevent catastrophic failures.

We argue that a rich and valuable set of low-level MICRO -POLICIES can
be enforced at the hardware instruction-set level to provide such safety
interlocks with modest performance impact. The enforcement of these
micro-policies provides more secure and robust macro-scale behavior for
computer systems. We describe work originating in the DARPA CRASH /SAFE
project (www.crash-safe.org) to (1) introduce an architecture for ISA
-level micro-policy enforcement; (2) develop a linguistic framework for
formally defining micro-policies; (3) identify and implement a diverse
collection of useful micro-policies; (4) verify, through a combination
of rigorous testing and formal proof, that combinations of hardware and
software handlers correctly implement the desired policies and that the
policies imply specific high-level safety and security properties; and
(5) microarchitecture to provide hardware support with low performance
overhead and acceptable resource costs. Thus, emerging hardware
capabilities and advances in formal specification and verification
combine to enable engineering systems with strong security and safety
properties.

*Bio:*
Benjamin Pierce is Henry Salvatori Professor of Computer and
Information Science at the University of Pennsylvania and a Fellow of
the ACM . His research interests include programming languages, type
systems, language-based security, computer-assisted formal verification,
differential privacy, and synchronization technologies. He is the author
of the widely used graduate textbooks Types and Programming Languages
and Software Foundations. He has served as co-Editor in Chief of the
Journal of Functional Programming, as Managing Editor for Logical
Methods in Computer Science, and as editorial board member of
Mathematical Structures in Computer Science, Formal Aspects of
Computing, and ACM Transactions on Programming Languages and Systems. He
is also the lead designer of the popular Unison file synchronizer.

View original page

09 September 14:00From TLS to secure websites: the HTTPS landmine / Antoine Delignat-Lavaud, Inria Paris, team Prosecco (Programming Securely with Cryptography

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
TLS, the most ubiquous cryptographic protocol used on the Internet, has received a lot of recent attention from the academic community, motivated by a string of high-impact attacks. This verification effort has led to the discovery of a new complex attack against the protocol on one hand, and to a security proof in the computational model based on a reference implementation that supports a wide range of features used in practice on the other hand.

However, despite these efforts, the security of actual websites remains widely undermined by weaknesses at the interface between the TLS library and applications, or in the application protocol itself. For instance, security events at the transport layer, such as improper termination of the connection, or a change of the peer identity during transitions between sessions of the TLS protocol, are typically ignored or mishandled by the application. Similarly, the TLS library delegates some of the most critical security decisions, such as authorization and session cache management, entirely to the applications. Combined with the complex security characteristics of HTTP, this leads to a range of practical, high-impact attacks against even the most secure and scrutinized websites.

*Bio:*
Antoine Delignat-Lavaud is a PhD student at Inria Paris under the supervision of Karthikeyan Bhargavan in team Prosecco (Programming Securely with Cryptography). While the original topic of his thesis is Web security, his attempts to model the security of websites against strong attackers have led him to spend over a year working on TLS and the PKI with his colleagues from Inria and Microsoft Research.

View original page

29 July 15:15Safe Shell Scripting with Capabilities and Contracts / Scott Moore, PhD student, Harvard

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
The Principle of Least Privilege suggests that software should be executed with no more authority than it requires to accomplish its task. Current security tools make it difficult to apply this principle: they either require significant modifications to applications or do not facilitate reasoning about combining untrustworthy components.
We propose Shill, a secure shell scripting language. Shill scripts enable compositional reasoning about security through declarative
security policies that limit the effects of script execution, including the effects of programs invoked by the script. These security policies are a form of documentation for consumers of Shill scripts, and are enforced by the Shill execution environment.
We have implemented a prototype of Shill for FreeBSD. Our evaluation indicates that Shill is a practical and useful system security tool, and can provide fine-grained security guarantees.

*Bio:*
Scott Moore is a PhD student in the Programming Languages group at Harvard University. Currently, he is working with Stephen Chong on improving the security of commodity operating systems.
In general, he is interested in programming language techniques and formal methods that help programmers write safe, correct, and understandable software.

View original page

03 June 15:00Trust, Religion, and Tribalism: Reflections on the Sociological Data from the Balkans / Gorazd Andrejč, Junior Research Fellow, Woolf Institute, Cambridge

FW26, Computer Laboratory, William Gates Building

*Abstract:*
Recent sociological studies on interethnic and interfaith relations and reconciliation (Kuburic et al. 2006, Wilkes et al. 2013) have highlighted the importance of (mis)trust, encoded in the perceptions of (in)security and of each other among dominant ethnic groups, for reconciliation attempts in Bosnia-Herzegovina, as well as politics in the region. In this talk, I will reflect on these data with a help of some philosophy (Wittgenstein, Onora O’Neill) and discursive study of different religious and secular narratives and perceptions of each other among Serbs, Bosniaks, Croats and ‘others’ in Bosnia. Examining chosen representations of (each) other in these discourses, I will suggest that they manifest different kinds of trust and mistrust (non-reflective, reflective/conscious, fear-based, dogmatic, idealized, etc.).

*Bio:*
Dr Gorazd Andrejč is a Junior Research Fellow at The Woolf Institute and an Associate Member of St Edmund’s College, Cambridge. His research is in theological and philosophical perspectives of religious language, the nature of belief, as well as interfaith relations and disagreement, especially in the Balkans and Central Europe. Previously, he was an Associate Lecturer teaching Philosophy of Religion in the Department of Theology and Religion at the University of Exeter, where he also completed his PhD in philosophical theology.

View original page

13 May 15:00Security, Reliability and Backdoors / Dr Sergei Skorobogatov, Security Group, University of Cambridge Computer Laboratory

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Backdoors present in hardware or embedded firmware is a potential security
threat. However, the reason for their existence is questionable. In this talk
implications imposed by backdoors on real systems will be presented at various
levels from silicon hardware (SoC FPGA), through embedded firmware (Smartcard)
to system software (Industrial controller). I will show how the backdoors can
be found and exploited. The aim of this talk is to raise a discussion about
the influence of backdoors on security and reliability.

*Bio:*
Dr Sergei Skorobogatov is a Senior Research Associate at the University of
Cambridge Computer Laboratory and a member of the Security Group. He received
Ph.D. degree in Computer Science from the University of Cambridge Computer
Laboratory in 2005. His research interests include hardware security analysis
of smartcards, microcontrollers, FPGAs and ASICs. He pioneered optical fault
injection attacks in 2001, which have influenced major rethink within
semiconductor industry on the security protection of semiconductor chips and
forced introduction of new evaluation procedures and countermeasures. His
latest research is about backdoors and Trojans in hardware devices.

View original page

06 May 15:00Psychology of malware warnings / David Modic, Cambridge University

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Internet users face large numbers of security warnings, which they mostly ignore. To improve risk communication, warnings must be fewer but better. We report an experiment on whether compliance can be increased by using some of the social-psychological techniques the scammers themselves use, namely appeal to authority, social compliance, concrete threats and vague threats. We also investigated whether users turned off browser malware warnings (or would have, had they known how).


*Bio*:
Dr. David Modic, an economic psychologist, is a research associate at the University of Cambridge’s Computer Laboratory. He has been researching social aspects of the Internet (i.e. cybercrime, virtual deviance, intrusions into virtual body etc) for the past fifteen years. He has been focusing lately on Internet fraud and the psychological mechanisms that are enabling it. More on: http://david.rodbina.org

View original page

29 April 15:00Protecting Programs During Resource Retrieval / Professor Trent Jaeger, CSE Department, Pennsylvania State University

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Programs must retrieve many system resources to execute properly, but
there are several classes of vulnerabilities that may befall programs
during resource retrieval. These vulnerabilities are difficult for
programmers to eliminate because their cause is external to the
program: adversaries may control the inputs used to build names,
namespaces used to find the target resources, and the target resources
themselves to trick victim programs to retrieve resources of the
adversaries' choosing. In this talk, I will present a system
mechanism, called the Process Firewall, that protects programs from
vulnerabilities during resource retrieval by introspecting into
running programs to enforce context-specific rules. Our key insight
is that using introspection to prevent such vulnerabilities is safe
because we only aim to protect processes, relying on access control to
confine malicious processes. I will show that the Process Firewall
can prevent many types of vulnerabilities during resource retrieval,
including those involving race conditions. I will also show how to
perform such introspection and enforcement efficiently, incurring much
lower overhead than equivalent program defenses. Finally, I will
describe a conceptual model that describes the conditions for safe
resource retrieval, and outline how to produce enforceable rules from
that model. By following this model, we find that the Process
Firewall mechanism can prevent many vulnerabilities during resource
retrieval without causing false positives.

*Bio:*
Trent Jaeger is a Professor in the Computer Science and Engineering
Department at The Pennsylvania State University and the Co-Director of
the Systems and Internet Infrastructure Security Lab. Trent's
research interests include systems security and the application of
programming language techniques to improve security. He has published
over 100 referreed papers on these topics and the book "Operating
Systems Security," which examines the principles behind secure
operating systems designs. Trent has made a variety of contributions
to open source systems security, particularly to the Linux Security
Modules framework, SELinux, integrity measurement in Linux, and the
Xen security architecture. He is currently the Chair of the ACM
Special Interest Group on Security, Audit, and Control (SIGSAC) and
Program Chair of ASIACCS 2014. Trent has an M.S. and a Ph.D. from the
University of Michigan, Ann Arbor in Computer Science and Engineering
in 1993 and 1997, respectively, and spent nine years at IBM Research
prior to joining Penn State.


View original page

22 April 15:00Website Fingerprinting / Nikita Borisov, University of Illinois

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Network traffic, even when encrypted, contains patterns such as packet
sizes, counts, and timings, that can be used to infer sensitive
information about its contents. In particular, it is often possible to
infer which website a user is visiting, or which page within a site,
as each site has a distinctive "fingerprint" visible within the
traffic patterns. Website fingerprinting has been applied in a number
of contexts, including secure web browsing, virtual private networks,
and anonymous communications. Our recent work shows that it can even
be used to remotely monitor the activities of a home user connected
with a broadband modem. [1] I will present an overview of website
fingerprinting attacks and defenses, including our work in progress
that promises to simultaneously improve both the privacy and
performance of anonymous web browsing. [2]

*Bio:*
Nikita Borisov is an associate professor at the University of
Illinois at Urbana-Champaign. His research interests are online
privacy and network security. He is the co-designer of the
Off-the-Record (OTR) instant messaging protocol and was responsible
for the first public analysis of 802.11 security. He is also the
recipient of the NSF CAREER award. Prof. Borisov received his Ph.D.
from the University of California, Berkeley in 2005 and a B.Math from
the University of Waterloo in 1998.

References:
[1] http://hatswitch.org/~enikita/papers/rta-pets12.pdf
[2] http://hatswitch.org/~nikita/papers/pnp-poster-ccs13.pdf

View original pageView slides/notes

18 March 15:00Bitcoin: A Full Employment Act for security engineers? / Joseph Bonneau, Center For Information Technology Policy, Princeton

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
This talk will provide a brief overview of Bitcoin and discuss why it has been a fascinating new area of security research spanning crypto, security economics, game theory, and anonymity. A few case studies will highlight some of the surprising new applications and research findings, as well as discussing why Bitcoin is far more limited in its current version that is commonly assumed.

*Bio:*
Joseph Bonneau is a fellow at the Center For Information Technology Policy, Princeton. He is focused on web security, authentication, and TLS, though his past research has spanned side-channel cryptanalysis, protocol verification, software obfuscation, and privacy in social networks.

He completed his PhD in 2012 with the Security Group of the University of Cambridge Computer Laboratory, supervised by Professor Ross Anderson and funded as a Gates Cambridge Scholar. His PhD thesis formalises the analysis of human-chosen distributions of secrets, specifically passwords and PINs.

His background is in computer science, math, and cryptography, in which he earned his BS and MS from Stanford. He's worked on cryptography and security at Google, Cryptography Research, Inc and as a private consultant.

View original page

25 February 15:00Introduction to DNSSEC / Tony Finch, University of Cambridge Computing Service

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
This talk is a quick introduction to DNSSEC, the Domain Name System Security extensions. DNSSEC is interesting because it does more than just add tamper-proofing to the DNS: it is also a new public-key infrastructure.

The talk will describe the security features that DNSSEC adds (and does not add) to the DNS, and how the DNSSEC PKI can support other protocols such as SSL/TLS and SSH.

To be useful, DNSSEC needs to be widely deployed. The talks will demonstrate that switching on DNSSEC can be straight-forward, and will mention some of the traps and pitfalls that can catch the unwary.

Talk slides and materials are at
http://www-uxsup.csx.cam.ac.uk/~fanf2/dns/nws42/

*Bio:*
Tony Finch is a system administrator and developer in the University of Cambridge Information Services (until recently known as the Computing Service) where he helps to run the mail and DNS systems. He has contributed to a number of open source projects including Exim, BIND, SpamAssassin, FreeBSD, Apache httpd, and git. He participates in a number of IETF working groups related to mail and DNS, and has contributed draft documents to the DANE working group.

He is mildly notorious for his email address dot@dotat.at, and can be found online at http://dotat.at/ http://fanf.livejournal.com
https://twitter.com/fanf

View original page

11 February 15:00On the (in)security of widely-used RFID access control systems / Dr. Flavio D. Garcia, University of Birmingham

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Over the last few years much attention has been paid to the (in)security
of the cryptographic mechanisms used in RFID and contactless smart
cards. Experience has shown that the secrecy of proprietary ciphers does
not contribute to their cryptographic strength. Most notably the Mifare
Classic, which has widespread application in public transport ticketing
(e.g. Oyster) and access control systems, has been thoroughly broken in
the last few years. Other prominent examples include KeeLoq and Hitag2
used in car keys and CryptoRF used in access control and payment systems.

This talk summarizes our own contribution to this field. We will
briefly show some of the weaknesses we found in the Mifare classic. Then
we will show that the security of its higher-end competitors like
Atmel's CryptoRF and HID's iClass – which were proposed as secure
successors of the Mifare Classic – is not (significantly) higher. We will
also cover security issues of the Hitag2 key fob to conclude with a
discussion on responsible disclosure principles.

*Bio:*
Garcia is a faculty member in the Birmingham's Security and Privacy
Group, and is currently employed as a “Birmingham Fellow”. His work
focuses on the design and evaluation of cryptographic primitives and
protocols for small embedded devices like RFID and smart cards. His
research achievements include breakthroughs such as the discovery of
vulnerabilities in Mifare Classic, iClass, CryptoMemory and HiTag2. The
first of these, Mifare Classic, was widely used for electronic payment
(e.g. London Underground) and access control (e.g. Amsterdam Airport).
Garcia showed that the cryptography in the card was fatally flawed.
HiTag2, the most widely used key fob used in car keys was also found to
be insecure.

Garcia’s work has been widely recognised as world leading including
“Best Paper” awards from the leading IEEE Security & Privacy and Usenix
Woot conferences and the 2008 I/O Award from the Dutch research council
for the best paper bringing computer science research to the attention
of the general public. Garcia joined the security group at the
University of Birmingham in February 2013.

View original pageView slides

04 February 15:00The effect of decentralized behavioral decision making on system-level risk / Kim Kaivanto, Lancaster University

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
Certain classes of system-level risk depend partly on decentralized lay decision making. For
instance, an organization’s network security risk depends partly on its employees’ responses
to phishing attacks. On a larger scale, the risk within a financial system depends partly on
households’ responses to mortgage sales pitches. Behavioral economics shows that lay decision
makers typically depart in systematic ways from the normative rationality of Expected Utility
(EU), and instead display heuristics and biases as captured in the more descriptively accurate
Cumulative Prospect Theory (CPT). In turn psychological studies show that successful decep-
tion ploys eschew direct logical argumentation and instead employ peripheral-route persuasion,
manipulation of visceral emotions, urgency, and familiar contextual cues. Signal Detection The-
ory (SDT) offers the standard normative solution, formulated as an optimal cutoff threshold,
for distinguishing between good/bad emails or mortgages. In this paper we extend SDT be-
haviorally by re-deriving the optimal cutoff threshold under CPT. Furthermore we incorporate
the psychology of deception into determination of SDT’s discriminability parameter. With the
neo-additive probability weighting function, the optimal cutoff threshold under CPT is rendered
unique under well-behaved sampling distributions, tractable in computation, and transparent
in interpretation. The CPT-based cutoff threshold is (i) independent of loss aversion and (ii)
more conservative than the classical SDT cutoff threshold. Independently of any possible mis-
alignment between individual-level and system-level misclassification costs, decentralized behav-
ioral decision makers are biased toward under-detection, and system-level risk is consequently
greater than in analyses assuming normative rationality.

*Bio:*
Kim's research issues from a core interest in decision making under risk and uncertainty. He works with both normative and descriptive behavioural mathematical models as well as the associated empirical models, and he designs and implements laboratory experiments for testing normative and behavioural hypotheses. Kim's recent projects have addressed questions in the areas of cyber security and financial decision making. Kim is Director of the recently established Lancaster Experimental Economics Laboratory (LExEL) and a member of the LUMS Research Ethics Committee.

View original pageView slides/notes

21 January 15:00Eavesdropping near field contactless payments: A quantitative analysis / Thomas P. Diakos, University of Surrey

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
We present a quantitative assessment in terms of frame error rates for the
success of an eavesdropping attack on a contactless transaction using easily
concealable antennas and low cost electronics. An inductive loop, similar
in size to those found in mobile devices equipped with NFC capabilities,
was used to emulate an ISO 14443 transmission. For eavesdropping we used an
identical loop antenna as well as a modified shopping trolley. Synchronisation
and frame recovery were implemented in software. As a principal result of
our experiments we present the FER achieved over a range of eavesdropping
distances, up to 1m, at different magnetic field strengths within the range
specified by the ISO 14443 standard.

*Bio:*
Thomas is a PhD candidate at the University of Surrey, looking into the
security and privacy of near field contactless payments. He is currently
investigating how a combination of remote interrogation and eavesdropping
could be used to extract information from contactless devices that could
potentially cause financial or anonymity loss for the victim. Following his
military service, he studied for a BEng in electrical engineering from the
University of Sheffield and an MSc in communications and signal processing
from the University of Bristol.

View original page

14 January 15:00Privacy/Proxy/Perfidy – what criminals (and others) put in domain whois / Dr Richard Clayton, University of Cambridge

Lecture Theatre 2, Computer Laboratory, William Gates Building

*Abstract:*
I've recently completed a major study of the 'whois' contact details for
domain names used in malicious or harmful Internet activities. ICANN
wanted to know if a significant percentage of these domain registrations
used a privacy or proxy services to obscure the perpetrator’s identity ?
No surprises in our results: Yes!

What was perhaps surprising was that quite a significant percentage of
domains used for lawful and harmless activities ALSO used privacy and
proxy services.

But the real distinction is that when domains are maliciously
registered, then contact details are hidden in a range of different ways
so that 9 out 10 of these registrants are a priori uncontactable –
whereas the uncontactable rate varies between a quarter and at most two-
thirds for the non-malicious registrations.

This talk discusses how these results were obtained and what their
implications are for the future of the whois system. It also gives some
technical insight into the innovative design of whois parsing tool that
has enabled some extremely variable reporting formats to be handled, at
substantial scale, in an automated manner.

*Bio:*
Richard Clayton came back to Cambridge in 2000 to study for a PhD on
'Anonymity and Traceability in Cyberspace'. Since getting his degree he
has stayed on as an academic PostDoc "because it's more fun than
working". The main focus of his research is on cybercrime, and
particularly on 'phishing'. The ICANN project described in this talk was
done during his recently completed three year collaboration with the
National Physical Laboratory (NPL) on the EPSRC funded project "Internet
Security".