Computer Laboratory

Security Group

2001 seminars

Expand all Collapse all

View original page

13 November 15:00Unlimited information -- opportunity or threat? / Paul Whitehouse, Chief Constable of Sussex 1993-2001

Seminar Room 3 (FW26), William Gates Building

As ever more people are connected to the Web so they have access to unlimited information. Is this a safeguard against the emergence of tyrants? Or a means by which democracies can be destroyed? How is the accuracy of information to be verified? How can the undoubted benefits of such widespread availability of information be prevented from serving as an equally effective platform for the criminally minded? Should we be overly concerned about this? How do we ensure that the information that is required gets to the right people at the right time, and is not buried in a mass of junk mail? The continually accelerating pace of change makes it imperative to set out the right principles on which to make decisions on these important questions as soon as possible.

View original page

30 October 16:15Advanced techniques for rapid localization of ic defects / Daniel L. Barton, Sandia National Labs

Seminar Room 3 (FW26), William Gates Building

In this talk we will describe the evolution of a suite of advanced failure analysis techniques used for rapid fault localization on integrated circuits. These techniques have evolved from the basic electron-beam induced current method from electron microscopy. Clever beam energy control lead to the development of the resistive contrast imaging (RCI) technique. RCI proved very useful for evaluating the continuity of metal and poly interconnect layers. RCI was limited in that it provided information about all conductors; both good and bad. The need for rapid fault localization methods that return information from defective areas only lead to further technique development. Modifications to the bias and amplification setup used for RCI lead to the charge induced voltage alteration (CIVA) and the low beam energy, LECIVA, techniques. Like RCI, CIVA and LECIVA rely on an electron beam to stimulate the sample. Unlike RCI, they produce images by monitoring voltage changes across a constant current supply. This modification allows these techniques to produce images with content from the defective regions on integrated circuits only. From these electron beam-based techniques, the optical beam equivalent, LIVA or light induced voltage alteration technique was developed for scanning laser microscope use. LIVA differed from it's electron beam counterparts only in the stimulus, i.e. the use of a scanned laser beam. LIVA relies on the generation of electron-hole pairs and requires the use of wavelengths less than 1100 nm. LIVA produces images similar to CIVA and LECIVA except that the conductor fan-out network is not visible, only diffusions connected to open conductors appear in the images. The thermally induced voltage alteration (TIVA) and Seebeck effect imaging (SEI) techniques solve this problem by using longer wavelength lasers where electron-hole pairs are not generated. TIVA and SEI use a thermal stimulus with the same basic bias method used in the original CIVA technique. TIVA, LIVA, and SEI have the ability to be used from the front or backside of the die. We will describe the physics behind each technique and demonstrate their applications through examples.

View original page

23 October 16:15Verification of set: the purchase phase / Larry Paulson, Computer Laboratory

Seminar Room 3 (FW26), William Gates Building

Past work on protocol verification has largely focused on simple protocols from the academic world. SET is a huge protocol devised by Visa and Mastercard for Internet shopping. It aims to protect both cardholders and merchants from fraud. Protocol participants must first register with their bank, which (after making suitable checks) will provide them with electronic credentials. Customers don't give their credit card numbers directly, but instead give these credentials to the merchant to prove their honesty. The merchant presents similar credentials to the customer. For payment, the customer's account details are passed to the merchant's bank, but not to the merchant himself.

The initial registration phase could in principle be simple. Unfortunately, complex mechanisms (e.g. digital envelopes) and unnecessary encryption complicate the proofs. The talk gives a very high-level overview of the SET protocol and then shows a few details of the proofs of its registration and payment phases.

View original page

9 October 16:15Electronic commerce -- some security aspects / Peter Landrock, Aarhus University and Cryptomathic

Seminar Room 2 (FW09), William Gates Building

Electronic Commerce is about Commerce. "Electronic" is only to speed up matters and thus increasing the profit. But to some (in fact, most) security experts, the focus is on "Electronic" rather than "Commerce", which is only an excuse to build "very secure" systems. As a result, most systems available today are too cumbersome (e.g. SET), and if we are not careful, we may never find an appropriate route forward. In the talk, we will exhibit a number of bad designs, including PGP, and explain how we think EC should be implemented.

View original page

12 June 16:15Information security and economics michelmas term 2001 starting october 2001, the security seminar series takes place in the new computer laboratory building in west cambridge. / Ross Anderson, University of Cambridge

Room TP4, Computer Laboratory

Buggy software, buggy networks and buggy people make even the most carefully designed systems and processes vulnerable. Yet many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. Information security is about power; while at the technical level it is about controlling who may use which resource and how, while at the level of business strategy it is increasingly about raising barriers to trade, segmenting markets and differentiating products. Often insecurity is welcome; for example, it may foster economic growth by making monopolies harder to defend.

View original page

5 June 16:15A low-cost hardware birthday attack on des / Mike Bond, Richard Clayton, University of Cambridge

Room TP4, Computer Laboratory

A brute force attack on DES has been proven to be within reach of corporations and organised crime since the EFF created the Descracker machine in 1998. In this talk we aim to show just how high up the brute force ladder a single individual, of modest means, can climb.

View original page

29 May 16:15Malice within communications technology / Richard Lines, Stork Ltd

Room TP4, Computer Laboratory

Technology deployed in the mobile telecoms industry in recent years has been designed to protect networks and customers from fraud risk. The truth is that fraud has not been defeated by technology, quite the reverse. Those measures specifically designed to thwart criminals have often been used to perpetrate fraud. The reason for this is a lack of understanding of the nature of fraud and those who commit it. Internal fraud is the greatest risk that any commercial enterprise faces and those based upon technology are the most vulnerable of all. This talk will examine some of the types of internal fraud which are commonly experienced and attempt to explain them using some brief examples from the speaker's own experience as well as suggesting ways in which some of the wrongs may be righted.

View original page

22 May 16:15Security for the mobile internet / Michael Roe, Microsoft Research

Room TP4, Computer Laboratory

In version 4 of the Internet protocol, an IP "address" was used to identify both a computer and the point at which that computer was connected to the network. This is acceptable when the computer's point of connection never changes, but might become a problem when computers are mobile. The IETF is proposing a change to the Internet Protocol which allows a host's address to change over time. The last draft of the proposal was rejected as unacceptable because it introduced too many security problems. We present a cryptographic protocol which is intended to reduce these security problems to a manageable level.

View original page

16 May 16:15Unconditional security in cryptography: was shannon too pessimistic? / Ivan Damgaard, University of Aarhus

Babbage Lecture Theatre, Computer Laboratory

Unconditionally secure communication means that even an infinitely powerful adversary cannot break the confidentiality nor the authenticity of the system. Classical results by Shannon dating back some 50 years seem to imply that unconditionally secure solutions are doomed to being impractical, if not impossible. However, in recent years, new research has shown that these results were based on rather pessimistic assumptions on the amount of information available to an adversary. It turns out that in many practical scenarios, these assumptions are not satisfied, e.g., when communication is noisy, in large networks where not all nodes can be hacked into, or when quantum communication is used. In all these settings, unconditional particular emphasis on quantum communication.

View original page

1 May 16:15Sequential tracing and its applications / Reihaneh Safavi-Naini, University of Wollongong

Room TP4, Computer Laboratory

In a pay-TV broadcast, an authorised user may decrypt the content and re-broadcast it. In Crypto 99, Fiat and Tassa proposed dynamic tracing schemes that can trace a group of colluders who attempt to re-broadcast the content. We show an attack on their scheme and propose a new tracing scheme, called sequential tracing scheme, that can capture all colluders and minimises real-time computation. We show application of this scheme to fingerprinting digital content.

View original page

11 April 16:15Information system security casino style / Jim Litchko, Litchko and Associates

Room TP4, Computer Laboratory

How much difference is there between gaming cheats and hackers? Not much, so why should the methods of protection and detection differ? This presentation provides a practitioner's review of how cheating in casinos and attacking information systems are similar. Using past posting, cool decks, chip cups, palming, card counting and mini-cam techniques, the presenter will illustrate how hackers attack systems using back-orifice, Trojan horses, shoulder surfing, social engineering, and lead referral methods. Finally, the presenter will explain how time-proven casino protection and detection techniques reduce the risk in casinos, and how similar techniques can be used to in providing effective information systems security. Additionally, he will talk about new knowledge-base and device agent technologies are being used to improve the central management of enterprise security devices.

View original page

6 March 16:15Embedding attacks on clock-controlled sequence generators / Bill Chambers, Kings College London

Room TP4, Computer Laboratory

I shall describe a number of attacks proposed recently on simple binary clock-controlled sequence generators, where one linear-feedback shift register determines the clocking of another shift register which produces the output. (The connection polynomials are assumed known.) In particular I shall consider the step[1..D] generator, the shrinking generator, and the closely related alternating-step generator. The basic idea is to find out where and with what frequency or probability the output binary sequence can be embedded in the sequence produced by the clock-controlled shift register. After describing methods for finding the most likely places for the embedding, I then examine ways of finding 'a posteriori' probabilities for the bits in the clocking sequence, and hence making possible fast correlation attacks on the control shift register.

View original page

27 February 16:15Cryptographic protocol analysis via strand spaces / Joshua Guttman, the Mitre Corporation

Room TP4, Computer Laboratory

Strand spaces are a Dolev-Yao style model of cryptographic protocol execution. They are intended to retain the minimal information compatible with the goal of providing reliable proofs of authentication and secrecy properties where they hold, and counterexamples where they do not. Strand spaces have been used as the basis for numerous results, by our group and others:

View original page

20 February 16:15Ponder: a language for specifying security and management policies for distributed systems / Morris Sloman and Emil Lupu, Imperial College, London

Room TP4, Computer Laboratory

This seminar describes Ponder - a new declarative, object-oriented language for specifying policies for security and management of distributed systems. The language includes constructs for authorisation policies defining permitted actions; event triggered obligation policies specifying actions to be performed by manager agents; refrain policies specifying actions that subjects must refrain from performing; delegation policies defining what authorisations can be delegated and to whom. Filtered actions extend authorisations to define transformation of input or output parameters. Constraints specify limitations on the applicability of policies based on time or object state. Roles group the policies relating to a position in an organisation. A management structure defines a configuration of role instances as well as the relationship between roles. These concepts can be used to model roles, rights and duties relating to organisational patterns which occur in many large enterprises.

View original page

13 February 16:15Attacks on cryptoprocessor transaction sets / Mike Bond, University of Cambridge

Room TP4, Computer Laboratory

Attacks are presented on the IBM 4758 CCA (the first ever security module to have achieved all round FIPS140-1 Level 4 certification) and the Visa Security Module. Two new attack principles are demonstrated. Related key attacks use known or chosen differences between two cryptographic keys. Data protected with one key can then be abused by manipulation using the other key. Meet in the middle attacks work by generating a large number of unknown keys of the same type, thus reducing the key space that must be searched to discover the value of one of the keys in the type. Design heuristics are presented to avoid these attacks and other common errors.

View original page

6 February 16:15Low temperature data remanence in static ram / Sergei Skorobogatov, University of Cambridge

Room TP4, Computer Laboratory

Security processors typically store secret key material in static RAM, from which power is removed if the device is tampered with. It is commonly believed that, at temperatures below -20C, the contents of SRAM can be `frozen'; therefore, many devices treat temperatures below this threshold as tampering events. We have done some experiments to establish the temperature dependency of data retention time in modern SRAM devices. Our experiments show that the conventional wisdom no longer holds.

View original page

30 January 16:15Membership management for ad-hoc groups / Tuomas Aura, Microsoft Research

Room TP4, Computer Laboratory

We present an architecture for creating groups, managing their membership and proving membership in ad-hoc networks. Ad/hoc networks are formed on demand without support from pre-existing infrastructure such as central servers, security associations or PKI. The networks must continue functioning - as securely as possible - even when communication between the network nodes is only occasional and nodes unexpectedly fail or leave the network. Our architecture is based on key-oriented public-key certificates. (This is based on joint work with Silja Maki and Maarit Hietalahti, and it was funded by the Finnish defense forces.)

View original page

23 January 16:15On message integrity in symmetric encryption / Virgil Gligor, University of Maryland

Room TP4, Computer Laboratory

TBA

View original page

18 January 11:00Architectural support for copy and tamper resistant software (at 11:00am) / Chandramohan Thekkath, Compaq SRC / Stanford

Room TP4, Computer Laboratory

Implementing copy protection on software is a difficult problem that has resisted a satisfactory solution for many years. This paper proposes a set of features that allows a machine to execute XOM code: code where neither the instructions or the data are visible to entities outside the running process. To support XOM code we use a machine that supports internal compartments, where a process in one compartment cannot read data from another compartment. All data that leaves the machine is encrypted, since we assume secure compartments cannot be guaranteed by anything outside the machine. The design of this machine poses some interesting trade-offs between security, efficiency and flexibility. We explore some of the potential security issues as one pushes the machine to become more efficient and flexible. Our analysis indicates, while not cheap, it is possible to create a normal multi-tasking machine where nearly all applications can be run in XOM mode.