Security Group
1995 seminars
28 November Quantum computation: theory and experiments / Artur Ekert, Oxford University
Room TP4, Computer Laboratory
As computers become faster they must become smaller because of the finiteness of the speed of light. The history of computer technology has involved a sequence of changes from one type of physical realisation to another - from gears to relays to valves to transistors to integrated circuits and so on. Quantum mechanics is already important in the design of microelectronic components. Soon it will be necessary to harness quantum mechanics rather than simply take it into account, and at that point it will be possible to give data processing devices new functionality. Quantum entanglement and quantum interference will make quantum computation so powerful that many problems, which are believed to be intractable on any classical computer, will become efficiently solvable. In order to illustrate the power of quantum data processing a brief discussion of Shor's quantum factoring algorithm will be provided and possibilities of its practical implementation will be discussed.
Oxford Quantum Computation pages21 November Firewalls as a network security tool (past, present and future) / Alec Muffett, Sun Microsystems
Room TP4, Computer Laboratory
The "Firewall" - taking the (quite broad) definition of a firewall's being any device designed (in some manner) to restrict "soft" access to a network - has migrated from being a tool of the paranoid systems administrator, into being a standard part of modern network infrastructures.
This seminar will review why this situation has come about, what modern firewall architectures (both basic and advanced) look like, examine what they can/cannot accomplish, and will speculate upon the future potential of firewalls as access-security devices.
14 November Computer based fingerprint recognition / Mike Lynch, Cambridge Neurosciences Ltd
Room TP4, Computer Laboratory
Fingerprints are the most specific known characteristics of people and are able to identify them uniquely over very large databases. However the low quality of fingerprint data found for example at the scene of a crime can challenge the ability of computer based methods to exploit all the inherent information. Recent advances in pattern recognition methods such as neural networks have led to highly accurate automated systems which have found applications in police, national registration, welfare and immigration systems. The new technologies have also been applied to biometric identification problems producing new. very low cost, accurate readers for computer and physical access control.
7 November Paranoia and location / Ian Jackson, Cambridge University
Room TP4, Computer Laboratory
Increasingly widespread use is being made of technologies which allow individuals to be located and tracked. Many users express significant privacy concerns. Also, when systems such as these are used to make access control decisions such as unlocking doors and teleporting computer login sessions, a higher degree of security is demanded than was often initially planned.
In this talk I will show how technology similar to the Cypherpunk remailers, but on a smaller scale, can be used to give the user complete control over the information about their location, but still let them prove where they are to parts of the infrastructure when they need to.
PostScript version of slides31 October Engineering aspects of fast network payments / Chris Sutherland and Harry Manifavas, Cambridge University
Room TP4, Computer Laboratory
There is considerable interest at present in protocols for `electronic commerce', which is usually taken to mean paying for video on demand, worldwide web pages and access to libraries and software. It is often supposed that this is a new field, but network payment mechanisms have been around for years. We describe their history and the lessons which should be learned. We then describe a number of recent proposals, and present a digital cash proposal of our own.
24 October Using process algebra to break security protocols / Gavin Lowe, Oxford University
Room TP4, Computer Laboratory
In this talk I will describe how we may analyze security protocols using CSP and its refinement checker FDR. Briefly, we encode the protocol in CSP, produce a CSP model of the most general attacker who can interact with the protocol, and use FDR to test whether the resulting system is secure. I will show how to apply this method to the well known Needham-Schroeder Public-Key Protocol. FDR discovers an attack upon the protocol, which allows an intruder to impersonate another agent. I will then show how to adapt the protocol to prevent this attack, and briefly indicate how we may use FDR to prove that the resulting protocol is secure.
17 October A csp approach to verifying crypto protocols / Peter Ryan, Defence Research Agency, Malvern
Room TP4, Computer Laboratory
We give an overview of a research project aimed at applying formal methods to the analysis and design of cryptographic protocols, and present some results on the specification using CSP of their security properties, including authentication, key exchange/distribution, robustness, non-repudiation, integrity, confidentiality and anonymity.
We can also model communications systems, and hostile agents, in CSP, and so we can analyse whether the security properties are upheld. We describe how the CSP model-checker FDR can be used to assist, and illustrate this with examples of how our techniques found flaws in published protocols, and how they can assist in the design of new or improved protocols.
10 October Problems of stream cipher generators with mutual clock control / Bill Chambers, King's College, London
Room TP4, Computer Laboratory
The speaker has been looking at the cycle structure of an algorithm posted just over a year ago on the Internet and alleged to be the secret A5 algorithm used for confidentiality in the GSM mobile telephone system. This algorithm employs three mutually clock-controlled shift registers, and can fairly quickly enter a loop with what is essentially the shortest possible period, a number very small compared with the total number of states, or even its square root. Moreover this behaviour is robust, not being influenced by factors such as choice of primitive feedback polynomial or even clocking logic (with a proviso to be discussed). A fairly straightforward explanation for this behaviour has been found. Some ways of getting around the problem of excessively short periods are considered, as well as the behaviour of systems with different numbers of mutually clocked registers. In particular a mention is made of the wartime T52e cipher, perhaps the inspiration for "alleged A5".
22 August Extra seminar authentication in distributed systems - principles and pitfalls / Martin Abadi, DEC Systems Research Center
Old Discussion Room , Computer Laboratory
Authentication is one of the bases of security in distributed systems, yet authentication protocols often contain serious flaws. We discuss some principles for the design of authentication protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have avoided a considerable number of published errors. We also discuss logics designed for the analysis of authentication protocols, and their relation to the informal principles.
23 June Extra seminar securing traceability of ciphertexts - towards a software key escrow system / Yvo Desmedt, University of Wisconsin
Phoenix Seminar Room (Room PO3), Computer Laboratory
The Law Enforcement Agency Field (LEAF), which is sent with the ciphertext in the Clipper system, allows the FBI (police) to trace the sender and receiver of a call. However, the design requires tamperproof hardware. We propose an alternative approach, which is based on the computational complexity of some well known problems in number theory. Its applications extend beyond key escrow.
16 June Extra seminar the rampart toolkit for building high-integrity services / Mike Reiter, Bell Labs.
Room TP4, Computer Laboratory
Rampart is a toolkit of protocols to facilitate the development of "high-integrity" services, i.e., distributed services that retain their availability and correctness despite the malicious penetration of some component servers by an attacker. At the core of Rampart are new protocols that solve several basic problems in distributed computing, including asynchronous group membership, reliable multicast (Byzantine agreement), and atomic multicast. Using these protocols, Rampart supports the development of high-integrity services via the technique of "state machine replication", and also extends this technique with a new approach to server output voting. In this talk we give an overview of Rampart, focusing primarily on its protocol architecture. We also discuss its performance in our prototype implementation, application services that we are developing, and other ongoing work.
13 June Securing asynchronous transfer mode / Shaw Chuang, University of Cambridge
Room TP4, Computer Laboratory
Asynchronous transfer mode (ATM) is often described as the technology that will allow total flexibility and efficiency to be achieved in tomorrow's high speed, multi-service, multimedia networks. There has been an enormous amount of research activity in this area. However security issues for the ATM networks were much ignored in the past.
ATM networks introduce unique security concerns that must be addressed to ensure confidentiality and integrity of data. This talk will give an outline of the issues in securing the ATM networks and report on the on-going research effort in the area.
PostScript version of slides30 May Nonrepudiation protocols / Dieter Gollmann, University of London
Room TP4, Computer Laboratory
For electronic business to mature, electronic transactions have to be made binding for sender and receiver. Digital signatures meet the original goals of non-repudiation quite adequately, but often further requirements are added, which demand the involvement of some trusted third party.
This talk will give an outline of current suggestions for non-repudiation protocols, discuss in more detail one particular protocol which tries to reduce the involvement of the trusted third party, and raise some points regarding the design and verification of such protocols.
23 May Factoring for computer scientists / Robert Morris, University of Cambridge and NSA
Room TP4, Computer Laboratory
Thesis I: During the past few decades, there has been an immense amount of research on the factorization of large integers. The size of the largest numbers that can be readily and rapidly factored into primes has increased from about twenty or thirty digits a few decades ago, to perhaps one hundred digits nowadays.
Thesis II: The amount of innovation in the theory and practice of factorization in the past century or so has been disappointingly small. The result is that a competent mathematician of the mid 19th century would perceive modern factorization methods as merely minor modifications to the methods known in his own day. Yet these "minor modifications" are themselves of considerable interest.
Modern research papers in this subject are remarkably difficult to read and understand. The amount of space and time spent on deriving detailed asymptotic estimates of space and running time interfere greatly with understanding the underlying methods.
I propose to discuss factorization methods, both old and new, and in a way that will be accessible to an audience that understands just a tiny amount of number theory.
PostScript version of slides16 May Trusted third parties / Mark Lomas, University of Cambridge
Room TP4, Computer Laboratory
What is trust? When people use the term "Trusted Third Party" what exactly do they mean? Often they don't mean what they think they do.
My dictionary gives several definitions, including:
- a firm belief in the reliability or truth or strength etc. of a person or thing.
- the state of being relied upon.
- something that is capable of violating your security policy.
2 May Nested signatures / Bruce Christianson, University of Hertfordshire
Room TP4, Computer Laboratory
Public key cryptosystems allow in theory the development of theft-proof capabilities which can be held in user space, passed across untrusted networks, and used without on-line authentication of the presenter, but which cannot be stolen and used successfully by an imposter, even with the collusion of certification authorities.
However, achieving this efficiently makes it desirable to refer to electronic instruments by their signatures rather than including complete texts. We discuss some key-spoofing attacks on theft-proof capabilities constructed using RSA and possible countermeasures. We conclude that PKCs would be more useful if their signature depended strongly on the public key of the certification authority.