Computer Laboratory

Security Group

2005 seminars

Expand all Collapse all

View original page

30 November 16:15Orion: Named Flows with Access Control / Alexander (Sandy) Fraser, Fraser Research

Lecture Theatre 1, William Gates Building

Unix file system semantics, applied to the host/network interface for a wide area network, lead to a compact definition of a communications service and provide a versatile framework for privacy in computer communications. Flows are named connections between processes, and a network is a flow that contains other flows. Hierarchical design limits the scope of a name, and access permissions put limits on flow access. Services publish their names on the network. Pure clients, who by default have no need of a public name, are invisible and are not vulnerable to direct attack.

Processes communicate through Orion: a file system-like interface that hides details of network operation from applications and users alike. Many different implementations are possible, and can coexist behind this unifying interface. Not only is this architecture a substantial step towards a network that can evolve independently of its users, it is also a framework under which disparate internets can coexist behind a single user interface.

View original page

23 November 16:15Semantic Video Content Analysis for Security / Shaogang Gong, Queen Mary University of London

Lecture Theatre 1, William Gates Building

There is a huge demand for fully automated semantic video content analysis due to massive increase of video media in the last decade. However, there is also a lack of effective analytical tools to extract automatically the most relevant information in context and in good time, especially when dealing with CCTV video data of public space. Significantly, human attention span usually lasts no more than 15-20 minutes resulting in highly inconsistent and error-prone manual based content labelling and extraction of CCTV video. Furthermore, the lack of any structured script or embedded meta-data in security and surveillance video, as is present in most commercial and entertainment video, makes the task of automated semantic content analysis of such video data extremely difficult.

In this talk, I will present recent results on activity event and behaviour based video content analysis of security and surveillance video. I will highlight that some of the fundamental problems in security video content analysis are more than merely object tracking and trajectory matching. I will address the problem of modelling and recognising complex activities involving simultaneous movement of multiple overlapped objects. Dynamic probabilistic graph models are exploited for modelling the temporal relationships among a set of different object temporal events and are used to profile and index salient event and behaviour patterns captured in CCTV video, and for the detection of atypical and abnormal behaviours. I will also briefly discuss the problem of extracting and synthesising high-resolution image patches of saliency in low-resolution CCTV content under motion blur, especially in the context of face recognition in low-resolution CCTV video.

*
Shaogang Gong is Professor of Visual Computation at Queen Mary, University of London, elected a Fellow of the Institution of Electrical Engineers, a member of the UK Computing Research Committee, and Head of Queen Mary Computer Vision Research Group he founded in 1993. He received his DPhil in computer vision from Oxford in 1989 with a thesis on the computation of optic flow using second-order geometric analysis. He is a recipient of a Queen's Research Scientist Award in 1987, a Royal Society Research Fellow in 1987 & 1988, and a GEC-Oxford fellow in 1989. He twice won the Best Science Prize of the British Machine Vision Conferences (1999 and 2001) and once won the Best Paper Award (2001) of the IEEE International Workshops on Recognition, Analysis and Tracking of Faces and Gestures. He is the principal author of a book on Dynamic Vision: From Images to Face Recognition (Imperial College Press, 2000). His work focuses on visual motion and video analysis with applications to the detection, tracking and recognition of vehicles and human objects, activity profiling, behaviour recognition and abnormality detection in CCTV & live video. A current significant focus is in security for crime prevention and detection funded by the MOD, EPSRC, DTI and industry.

View original pageView slides/notes

15 November 16:15Prêt à Voter; Practical, Voter-verifiable Elections / Peter Ryan, Newcastle University

Lecture Theatre 2, William Gates Building

Voting systems provide the bedrock of democracy. Recently, voting systems and technologies have been the subject of considerable attention, for example, the concerns raised about the legitimacy of the 2000 and 2004 US presidential elections or about postal voting in this country. Designing voting technologies and systems that are trustworthy, practical and acceptable to the various stakeholders (electorate, politicians, election officials, security experts etc.) raises formidable challenges.

In this talk I will describe the Prêt à Voter scheme. This scheme, based on an earlier scheme due to Chaum, has the surprising property of voter-verifiability: voters can confirm that their vote is accurately included in the tally, whilst at the same time preserving ballot secrecy. This is achieved with minimal dependence on components of the system by providing maximal transparency within the constraints of ballot secrecy.

I will discuss some of the assumptions underlying the current scheme, and associated potential vulnerabilities, and describe possible countermeasures. I will also describe coercion-resistant adaptations of the original, supervised scheme to the remote voting context.

slides

View original page

25 October 16:15Addressing the Data Problem: Investigating Computer Crime / Ian Walden, Centre for Commercial Law Studies, Queen Mary and Westfield College, University of London

Lecture Theatre 2, William Gates Building

When cybercrimes crimes are carried out, the ability of law enforcement agencies to investigate and prosecute the perpetrators will be driven by the availability and accessibility of data to the investigators, whether as intelligence gathering, evidential retrieval or subsequent analysis and presentation. Any criminal investigation interferes with the rights of others, whether the person is the subject of an investigation or a related third party. In a democratic society any such interference must be justifiable and proportionate to the needs of society to be protected. This presentation will consider the problems raised by data for law enforcement agencies investigating cybercrime. It will examine recent legislative measures and proposals in the UK and Europe to address some of these problems of criminal procedure and the extent to which such measures achieve an appropriate balance between potentially conflicting interests.

View original page

21 October 16:00Nuclear Weapons, Permissive Action Links, and the History of Public Key Cryptography / Steve Bellovin, Columbia University

Lecture Theatre 2, William Gates Building

From a security perspective, command and control of nuclear weapons presents a challenge. The security mechanisms are supposed to be so good that they're impossible to bypass. But how do they work? Beyond that, there are reports linking these mechanisms to the early history of public key cryptography. We'll explore the documented history of both fields, and speculate on just how permissive action links — the "combination locks" on nuclear weapons — actually work.

View original page

21 October 14:00Xilinx Virtex Bitstream Security / Steve Trimberger, Xilinx

Lecture Theatre 2, William Gates Building

Memory-programmed FPGAs are loaded on power-up from an external non-volatile memory. An attacker can intercept the bitstream at that point, modify it, reverse-engineer it or make unauthorized copies of it. Since the introduction of Virtex-II, Xilinx has offered the option to encrypt bitstreams to ensure data privacy. This presentation describes the design decisions, features and restrictions of the Virtex-II bitstream security.

Biography:

Steve Trimberger received his PhD from Caltech at the dawn of the VLSI era, working with Carver Mead and Ivan Sutherland at Caltech, and Lynn Conway and Doug Fairbairn at Xerox PARC. Dr. Trimberger was a member of the original Design Technology group at VLSI Technology and joined Xilinx in 1988.

At Xilinx, Dr. Trimberger was a member of the architecture definition group for the Xilinx XC4000 FPGA and the technical leader for the XC4000 design automation software. He led the architecture definition group for the Xilinx XC4000X device families. He managed the Xilinx Advanced Development group for many years and is currently Distinguished Engineer in Xilinx Research Labs in San Jose where he leads the Circuits and Architectures Group. His research interests include low-power FPGAs, novel uses of reconfiguration, and cryptography.

Dr. Trimberger has written three books and dozens of papers on design automation and FPGA architectures. He is an inventor on more than one hundred patents in the fields of integrated circuit design, FPGA and ASIC architecture, CAE and cryptography. He has served as Design Methods Chair for the Design Automation Conference, Program Chair and General Chair for the ACM/SIGDA FPGA Symposium and on the technical programs of numerous Workshops and Symposia.

View original page

12 October 16:15Natural Randomness as a Fingerprint: Using Nanotechnology to Fight Counterfeiting / Russell Cowburn, Imperial College

Lecture Theatre 1, William Gates Building

We have found [1] that almost all paper documents, plastic cards and product packaging contain a unique physical identity code formed from naturally-occurring microscopic imperfections in the surface. This covert 'fingerprint' is intrinsic, robust and virtually impossible to modify controllably. It can be considered as a biometric identifier for inanimate objects. It can be rapidly read using a low-cost portable laser scanner, which uses the physics of laser speckle in order to probe the surface with sub-micrometre accuracy. Many forms of document and branded-product fraud could be rendered obsolete by use of this code.

[1] Nature 436, 475 (2005)

* Russell Cowburn obtained his PhD in condensed matter physics from the University of Cambridge in 1996. He then joined the Nanoscale Science Group in Cambridge University Engineering Department, where he worked as a post-doc for 1 year and as a Research Fellow of St John's College for 3 years, before being appointed to a faculty position at the University of Durham in 2000. In January 2005 he became Professor of Nanotechnology in the Department of Physics at Imperial College London, where he leads a large research group studying applications of nanotechnology to computer memory, cancer treatment and fraud prevention. He is Director of two high technology spin-out companies working in the area of nanotechnology.

View original page

12 May 16:15Inoculating SSH Against Address-Harvesting Worms / Stuart Schechter, MIT

Lecture Theatre 1, William Gates Building

Over the past year, attacks on SSH have compromised major supercomputing facilities, educational institutions, and national laboratories. These attacks have proven inadequate our current mechanisms for authenticating users and then isolating them from each other.

I will describe the mechanisms that have been used to attack SSH and other remote execution mechanisms, and then present data to help explain why these attacks have been so successful. I will describe countermeasures that can be used to make SSH more resilient to some of these attacks. However, other attacks require us to rethink our entire approach to authenticating ourselves to remote hosts and services and authorizing other hosts to perform tasks on our behalf.

View original page

19 April 14:30Sensor Network Security / Dan Cvrcek, University of Cambridge

Room FW26, William Gates Building

Wireless sensor networks represent an interesting environment for a number of problems related to distributed systems. They have got specific restrictions (power consumption), unusual routing requirements (nodes/motes have no idea about the network topology when deployed), and the information produced by nodes gains value when aggregated, a space for new security protocols exist. We have put some effort into simulating security of key agreement protocols against an attacker controlling only a fraction of the network (key infection, secrecy amplification). The talk will briefly survey several existing key management schemes and highlight some interesting results we have obtained for key infection protocols.

View original page

31 March 16:15Cybersecurity - What Can We Do About It? / Chuck Pfleeger, Pfleeger Consulting Group

Room FW11, William Gates Building

We are reasonably effective at catching the 80-90% of simple cyber-attacks. But what about the others? What about the sophisticated attackers who might plant an exploit today, with a view to reaping the rewards in five years.

View original page

15 March 16:15Certificate Management Using Distributed Trusted Third Parties / Alex Dent, Information Security Group, Royal Holloway, University of London

Lecture Theatre 2, William Gates Building

Trust is a key component in any ubiquitous computing system. Users have to trust the devices to be secure, devices have to authenticate the users in order to trust their inputs and devices have to trust each others' identity and authorisation. A central question in dealing with trust is how to distribute copies of a user's public key in such a way that other users can verify that it does, indeed, belong to the user that claims ownership. Traditional answers to this question have involved using a trusted Certificate Authority (CA) to generate and distribute digitally signed certificates that bind a user's name to his public key (and any other data that may be required). However, the centralised CA model is particularly unsuited to the rapidly changing, ad hoc network topologies that are associated with ubiquitous computing environments.

Our solution to the problem of running a CA in a ubiquitous computing environment is to allow every user in that environment to download a ``CA applet'' – a self-contained application that will run on the user's SEE and will issue certificates for that user's public keys (and, potentially, other users that have been authorised by a pre-determined policy). Furthermore, that applet may, optionally, take the role of the directory service and make these certificates available to other network users. Hence, these CA applets may be placed anywhere within a network's topology, as required by either the user or by some sort of controlling entity.

This talk discusses methods whereby a CA-applet scheme can be implemented, the situations where it might be useful to do so and the problems that are present with this approach.

View original page

1 March 16:15Embedded devices as an attack vector / Stephen Lewis, University of Cambridge

Lecture Theatre 2, William Gates Building

The use of embedded devices present on a network as a vector for attacks against endstations is a threat that has not yet been realized, despite the knowledge of a number of vulnerabilities affecting such devices. This is probably due to the resistance of such devices to reverse engineering: they frequently run custom operating systems on obscure architectures.

Using embedded devices as a vector for attack does, however, have two significant advantages:

  • Detection of the code running on the embedded device is much harder than it would be on a general purpose computer: few tools are available, and a severely limited interface is presented to the end user
  • Embedded devices in the form of network infrastructure provide an excellent platform for attack, because they are ideally placed for covert monitoring and insertion of traffic

When hard-to-detect malicious code can be uploaded to embedded devices on a network, a number of different attacks become feasible. A packet sniffer running on a network switch itself could be used to forward packets matching a particular signature to a third party. Packets could also be generated on the device itself, perhaps in order to mount attacks on end-systems. An attack mounted in this manner would be far harder to contain than one initiated from an normal PC, especially if the ability to reflash the firmware on the device were disabled by the inserted code.

I am currently working on reverse engineering the firmware present in a widely-used switch based around a Motorola 68EC020 processor, and aim to present a demonstration of the insertion of custom code into this device.

View original page

15 February 16:15The Convergence of Anti-Counterfeiting and Computer Security / Steven J. Murdoch, University of Cambridge

Lecture Theatre 2, William Gates Building

Since January 2004, many major graphics software and hardware manufacturers have included anti-counterfeiting measures in their products (including Adobe Photoshop, JASC Paint Shop Pro, HP Printers and Canon scanners). The feature operates by detecting characteristics of banknotes and preventing a suspicious image from being processed. The software is developed by the G10 Central Bank Counterfeit Deterrence Group and provided to manufacturers as a compiled library. No details of the what features the system detects are publicly available, and it has been established that it does not use the same counterfeit-deterrence technique used in colour photocopiers.

Firstly the lecture will include background information on existing counterfeit deterrence systems, designed to prevent currency being copied on conventional printing equipment. This will move on to the more modern techniques, developed in reaction to the widespread deployment of high-quality digital printing hardware. Also the field of digital watermarking will be introduced and its relationship to counterfeit deterrence discussed. The lecture will cover the progress of a project to understand the currency detection feature, and reverse engineer it. This includes conventional reverse-engineering techniques such as disassembly and dynamic code analysis, but it will also describe application specific tools, such as black box digital watermark benchmarking.

Finally, proposed EU legislation will make the inclusion of such a system mandatory, so the consequences on Free and open source software will be discussed. These are in addition to conventional DRM problems such as prevention of legal manipulation of currency images, and other problems specific to counterfeit deterrence.

View original page

18 January 16:15Mixnets for Electronic Voting / Ben Adida, MIT

Lecture Theatre 2, William Gates Building

Voting is a peculiar security problem, with seemingly contradictory requirements of anonymity and verifiability. One important tool in the fulfilment of these requirements is the verifiable mixnet. This talk reviews the high-level challenges of election protocols, the specific trend of verifiable mixnets used in these protocols, and the current challenges that we are trying to address, particularly with respect to the rapid delivery of verified elections results.