Department of Computer Science and Technology

Security Group

1994 seminars

Expand all Collapse all

View original page

9 December A markov approach to the design of product ciphers / Luke O'Connor, Queensland University of Technology

Room TP4, Computer Laboratory

Most modern symmetric key ciphers are instances of product ciphers, which were first suggested by Shannon soon after WWII. Such ciphers, which include DES, FEAL, LOKI and IDEA, iterate a fixed round function F to produce the encryption function. This iterative structure suggests that they can be modelled as a Markov chain, whose powers correspond in some manner to the iteration of F.

In this talk we will show that two highly acclaimed attacks, differential and linear cryptanalysis, can be modelled as Markov chains and that most product ciphers will be resistant to these attacks given a sufficient number of rounds.

View original page

5 December Richard o. hundley and robert h. anderson, rand corporation security in cyberspace: an emerging challenge for society / Extra seminar

Room TP4, Computer Laboratory

Note: usual room contrary to previous announcement

As more and more human activities move into cyberspace, they become exposed to a new set of vulnerabilities, that can be exploited by a wide spectrum of "bad actors" for a variety of motives. This seminar discusses questions such as: (1) How serious are the likely threats to different segments of society, both today and in the future, from cyberspace-based attacks? (2) What are the best strategies for achieving security in cyberspace? (3) What roles and missions should various national entities be assigned? (4) Are there specific services and institutions that play such vital roles in society that their protection from cyberspace-based attacks should be of national concern? This presentation does not answer all these questions, but at least attempts to structure the discussion so that meaningful answers can be obtained.

(Please note that this seminar is not being held in the normal venue. The Phoenix seminar room is room PO3 at the west of the New Museums Site.)

View original page

29 November Computer generated evidence / Mark Lomas, Cambridge University

Room TP4, Computer Laboratory

Recent activity in the security community has concentrated on computer networks and new services they may provide. This work tends to overlook the more mundane services that we take for granted.

Computer technology has reduced the entry cost for forgers, or it may be said to reduce the skill necessary to produce convincing forgeries. To combat this I suggest that paper documents such as banknotes and cheques will need to incorporate machine-readable security information, and many documents used as evidence in courts may have to change drastically in the next few years.

View original page

15 November X/open cryptographic service model / Piers McMahon, ICL

Room TP4, Computer Laboratory

With increased requirements for cryptographic security, there is a growing number of products on the market which provide such services as encryption, digital signature, and key exchange. While it is possible to write applications which use these products, there are no vendor-neutral standards, so any applications which use cryptographic services need to bind to proprietary APIs.

This talk will give an overview of the work of the X/Open Security Working Group in defining a generic cryptographic service API to meet the requirements for application interfaces to cryptographic and key management services. It will show how the X/Open work is building from existing key management models and from extensive implementation experience; and that the agreed service model will be comprehensive, practical, applicable to both software and hardware, algorithm independent, and take account of compliance with export control laws, and controls on cryptographic usage.

View original page

1 November Pretty good privacy / Phil Zimmerman

Hopkinson Lecture Theatre, New Museum Site

Modern technology has made it easier for governments to invade the privacy of their citizens and monitor political opposition groups. But cryptography has started to provide a means of reversing certain aspects of this erosion of privacy, thus affecting the power relationship between governments and citizens.

Philip Zimmermann is the creator of PGP (Pretty Good Privacy), the worldwide de facto standard for the encryption of email. It is published as free software, and has spread like dandelion seeds blowing in the wind, fanned by the firestorm of controversy at government efforts to suppress public access to strong cryptography. This has caused conflict with the US National Security Agency's desire to restrict the use of high-quality encryption, and he is being investigated for possible violation of export controls on munitions.

View original page

19 October Robust computer security (will be held in the babbage lecture theatre) / Ross Anderson, Cambridge University

Babbage Lecture Theatre

The relationship between security and reliability is not straightforward. On the one hand, a secure system does at most X, while a reliable system does at least X; so the two concepts seem in tension. On the other hand, recent experience investigating the failure modes of automatic teller machines, satellite TV encoders, prepayment electricity meters and burglar alarms has shown that almost all real world security failures are in fact reliability failures - they result from blunders in implementation and management. After describing some of this experience, I will discuss a robustness principle which has been derived from it, and which has proved itself useful in guiding security research.

This seminar will be multicast (audio and video) on the mbone as part of our multimedia test programme. Further information is available at http://www.cl.cam.ac.uk/mbone/#cl.

View original page

18 October Implications of an analytical survey of information systems security design methods / Richard Baskerville, Binghamton University

Room TP4, Computer Laboratory

A recent survey of three generations of general information system design methods provides a framework for understanding current security design practice. The methods used may depend on checklists of controls, divide functional requirements into engineering partitions, or create abstract models of both the problem and the solution. An analysis of this survey reveals that security methods lag behind general systems development methods, and that many general methods fail to consider security specifications rigorously. These findings suggest that more general software engineering techniques cannot succeed without explicit security considerations.

View original page

8 June Factoring rsa-129 / Paul Leyland, University of Oxford

Hopkinson Lecture Theatre, New Museums Site, Pembroke Street, Cambridge

In August 1977, Scientific American published a description of the newly-invented RSA public key cryptosystem. The inventors, Rivest, Shamir and Adleman, offered a $100 prize to the first person or group to break an implementation by factoring a 129-digit integer.

In this talk, I will describe how RSA-129 was factored by a collaboration of hundreds of workers spread around the world. I will concentrate mostly on the resource-management and organizational problems (rather than the number theory) behind what is probably the largest single computation ever performed.

View original page

1 June Factoring rsa-129 (postponed until next week) / Paul Leyland, University of Oxford

Hopkinson Lecture Theatre, New Museums Site, Pembroke Street, Cambridge

In August 1977, Scientific American published a description of the newly-invented RSA public key cryptosystem. The inventors, Rivest, Shamir and Adleman, offered a $100 prize to the first person or group to break an implementation by factoring a 129-digit integer.

In this talk, I will describe how RSA-129 was factored by a collaboration of hundreds of workers spread around the world. I will concentrate mostly on the resource-management and organizational problems (rather than the number theory) behind what is probably the largest single computation ever performed.

View original page

24 May Integrating security in inter-domain routing protocols / John Crowcroft, University of London

Room TP4, Computer Laboratory (should also be multicast live over SuperJANET)

Network routing protocols work in a vulnerable environment. Unless protected by appropriate security measures, their operation can be easily subverted by intruders capable of modifying, deleting or adding false information in routing updates. This paper analyses threats to the secure operation of inter-domain routing protocols, and proposes various counter measures to make these protocol secure against external threats.

View original page

17 May A test suite for random number generators / Jonathan Hart, University of Cambridge

Room TP4, Computer Laboratory

Many applications, such as key generation in cryptography, rely on sources of unpredictable behaviour, which typically take the form of a random or pseudorandom number generator. It is of importance to designers and users to be able to evaluate the effectiveness of these devices.

The talk will cover the evaluation techniques implemented by a software suite we have written. A variety of statistical tests will be discussed, together with more specific methods such as linear complexity and the spectral test. Other tests, including sequence complexity and the binary derivative, will be mentioned in connection with the commercially available Crypt-XS package.

Some theoretical background will also be covered, including Yao's theorem which provides justification for a statistical approach, and the work of various authors on linear complexity.

View original page

10 May Wiretapping, forgery and plausible deniability / Mike Roe, University of Cambridge

Room TP4, Computer Laboratory

The purpose of any security service is either to ensure that an event happens or to prevent an event happening (liveness or safety). Software reliablity is typically concerned with events that are universally agreed to be beneficial or harmful. On the other hand, computer security is typically concerned with events that are beneficial to some persons while harming others.

It follows that whether a computer security service is desirable or not depends upon who you are, and how you are effected by the events that it causes or prevents.

Traditionally, research interest has been focused on the services known as confidentiality, integrity and non-repudiation, and has neglected the converse services of wiretapping, forgery and plausible deniability.

Recent proposals for national cryptographic infrastructures are attempting to redress this historical imbalance. We will describe some possible protocols for achieving these new services, both with and without the use of trusted third parties.

View original page

3 May Key management / Fred Piper, University of London

Room TP4, Computer Laboratory

Key management is undoubtedly one of the most important aspects of any cryptographic system. The skill of the designers who produce algorithms to withstand sophisticated cryptanalytic attacks is completely wasted if keys can be obtained by much simpler means such as seeing them displayed on a screen.

In this seminar we will present a low-level discussion on some of the basic aspects of key management; generation, distribution, storage, change and destruction. The discussion will encompass both symmetric and asymmetric systems.

For a symmetric system all keys must be secret and the distribution of those keys, particularly during initialisation, is a major headache. The introduction of asymmetric systems removed the requirement that all keys must be secret and thus changed the nature of the key distribution problem. However, for asymetric systems public keys must be authentic and must have other specific properties. These requirements create new problems.

Generic key hierarchical systems will be discussed and, possibly, some schemes designed to solve specific problems eg the transation key system for EFTPOS. The relevant standards will also be mentioned.

26 April Extending the ban logic to secrecy / Ian Jackson, University of Cambridge

View original page

20 April A new technique for biometric recognition / John Daugman, University of Cambridge

Babbage Lecture Theatre, New Museums Site

Samples from stochastic signals with sufficient complexity need reveal only very little agreement in order to reject the hypothesis that they arise from independent sources. The failure of a statistical test of independence can thereby serve as a basis for recognising signal sources if they possess enough degrees of freedom. Combinatorial complexity of stochastic detail can lead to similarity metrics having binomial type distributions, and this allows decisions about the identity of signal sources to be made with astronomic confidence levels.

I will describe an application of these statistical pattern recognition principles in a system for biometric personal identification that analyses the random texture visible at some distance in the iris of a person's eye. There is little genetic penetrance in the phenotypic description of the iris, beyond colour, form and physiology. Since its detailed morphogenesis depends on the initial conditions in the embryonic mesoderm from which it develops, the iris texture itself is stochastic, if not chaotic. The recognition algorithm demodulates the iris texture with complex valued 2D Gabor wavelets, and coarsely quantises the resulting phasors to build a 256 byte `iris code' whose entropy is roughly 173 bits. Ergodicity and commensurability facilitate extremely rapid comparisons of entire iris codes using 32-bit XOR instructions. Recognition decisions are made by exhaustive database searches at the rate of about 10,000 persons per second.

1 March Clock controlled sequence generators / Bill Chambers, King's College, London

View original page

22 February Another attack on des / Donald Davies

Room TP4, Computer Laboratory

The expansion permutation in DES duplicates two bits between each neighbouring pair of S-boxes. Before they enter the S-boxes, bits of key are added to them (mod 2 by bit). The difference between plain and cipher is a sum of 8 outputs of S-boxes and can reveal key information.

This attack can give 16 bits of key information but it takes a lot of samples for a reliable result. There could just possibly be applications where it mattered.

View original page

15 February Robustness in protocols and algorithms / Ross Anderson, University of Cambridge Computer Laboratory

Room TP4, Computer Laboratory

The ease with which design mistakes are made in computer security systems in general, and in cryptography in particular, lead us to ask whether it is possible to design systems whose security properties are robust, in the sense that they can cope with minor errors of design, implementation and operation.

However, when we look at other engineering disciplines, we see that the nature of robustness properties varies quite widely. Most civil engineering mistakes cause structures to be slightly weaker than planned, and so bridges are built to be several times stronger than they need to be; aicraft designers on the other hand duplicate critical components such as engines, instruments and pilots. We will argue that there is a comparable organising principle for computer and communications security systems.

8 February Database security / Simon Wiseman, Defence Research Agency, Malvern

View original page

1 February Detecting denial of service attacks / Roger Needham, University of Cambridge 1994

Room TP4, Computer Laboratory

Denial of Service is a cinderella subject in security, since it is often supposed that there is not a lot that can usefully be said about it. There is very little literature in comparison with the huge amount published on confidentiality and authenticity. Some recent consulting work shows that there are things that can be said, and I shall present some of them using a suitably sanitised example.

18 January A new attack on algebraic coded cryptosystems / Keith Gibson, Birkbeck College, London

View original page

12 January How to steal a car / John Gordon, University of Hertfordshire and Concept Labs

Babbage Lecture Theatre, New Museums Site, Pembroke Street

Cars are stolen electronically. Widespread adoption of remote locking devices - electronic key fobs - has given rise to a new type of car theft. These devices send electronic signals which can be recorded and replayed using a so-called grabber, and this received considerable press attention following a recent court case. The seminar will describe the current state of affairs and how cryptographic techniques are leading to more theft-proof vehicles.