Department of Computer Science and Technology

Security Group

2015 seminars

Expand all Collapse all

View original page

24 November 14:00Android security: Protecting users, a billion at a time / Adrian Ludwig, Android Security Team

LT2, Computer Laboratory, William Gates Building

*Abstract:*
Over the last 7 years, Android has become the world's most popular operating system. For over a billion people, Android is the primary (or only) way to connect to the internet and the rest of the world. People trust Android with their most sensitive and personal information and communications. Building and maintaining that trust requires a wide range of security technologies, as well as a team of people who are flexible and creative.

Adrian will provide a brief overview of these technologies and the Android security team before opening a discussion into ongoing research projects and development efforts on Android security. He's also promised to talk a bit about what it's like to work at Google on the Android team.
*This security seminar will revolve around a discussion so will be more akin to a Friday meeting.*

*Bio:*
Adrian Ludwig - Lead Engineer, Android Security @ Google.
Adrian Ludwig is the lead engineer for Android security at Google. In this role, he is responsible for the security of the Android platform and Google's applications and services for Android. Prior to joining Google, Ludwig held technical leadership positions at Joyent, Adobe, Macromedia, @stake and the Department of Defense. Ludwig has a B.A. in Mathematics from Williams College and an MBA from the University of California, Berkeley.

View original page

03 November 14:00Identification and Investigation of Cyber Risk Hotspots in a Large Computer Network / Shahzad Awan, Cardiff University

Room FW26, Computer Laboratory, William Gates Building

*Abstract:*
Quantifying the risk of cyber-attacks due to software applications on a computer network at any given time, measuring the impact of an attack, and understanding attack patterns, are complex and challenging tasks. The complexity is compounded by an increasing number of networked devices being brought into modern networked environments on an ad-hoc basis. Such devices often have a large number of software applications (‘apps’) installed, which can leave the devices, and subsequently the whole network, vulnerable to cyber threats. Given the vulnerabilities inherent in ‘apps’ running on these devices, with new ones being discovered by cyber criminals on a daily basis; and the variance in the severity of an exploit, conducting real-time risk assessments and determining the most pertinent risks to manage at any given time is far from straightforward. A need arises for an effective, cost-efficient and reliable mechanism for continuously monitoring and assessing risk arising due to software applications. In this talk, I will present a risk assessment framework that could help in: i) identifying cyber-risk hotspots emerging over a period of time in a computer network; and ii) investigating the causes of emerging cyber risk hotspots associated with a particular software application. A real-world case study will be used for validating the risk assessment framework.

*Bio:*
Shahzad Awan is a research associate in the School of Computer Science & Informatics at Cardiff University working on an EPSRC funded project – “Identifying and modelling victim, business, regulatory and malware behaviours in a changing cyber threat landscape”. His research interests include cybersecurity, data mining/analysis, big data and distributed systems. He holds a PhD in Computer Science from the University of Warwick, UK.

View original page

28 October 16:00Decertifying the Worst Voting Machine in the US: Lessons Learned and Looking Forward / Jeremy Epstein, SRI International

Room FW26, Computer Laboratory, William Gates Building

In April 2015, the US Commonwealth of Virginia decertified the Advanced
Voting Solutions (AVS) WinVote voting machine, after concluding that it was
insecure. This talk presents the results of Virginia's analysis of the
WinVote, and explores how we got to the point where a voting machine using
an unpatched version of Windows XP from 2004, using hardwired WEP keys and
administrator passwords, could be used for over a decade in most of
Virginia.

View original page

26 October 13:00nShield HSMs / Richard Kettlewell, Thales

FW26, Computer Laboratory

This talk will describe what Hardware Security Modules are, what they are good for, why they are deployed, and some of their limitations. The talk will focus on the nShield line of general purpose HSMs. We shall describe the architecture, security mechanisms including key protection and policies, and discuss example applications.

View original page

13 October 14:00Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer / Flavio Garcia, University of Birmingham

LT2, Computer Laboratory, William Gates Building

*Abstract:*
The Megamos Crypto transponder is used in one of the most widely
deployed electronic vehicle immobilizers. It is used among others in
most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer
is an anti-theft device which prevents the engine of the vehicle from
starting when the corresponding transponder is not present. This
transponder is a passive RFID tag which is embedded in the key of the
vehicle.

In this paper we have reverse-engineered all proprietary security
mechanisms of the transponder, including the cipher and the
authentication protocol which we publish here in full detail. This
article reveals several weaknesses in the design of the cipher, the
authentication protocol and also in their implementation.
We exploit these weaknesses in three practical attacks that recover the
$96$-bit transponder secret key. These three attacks only require
wireless communication with the system.

*Bio:*
Flavio Garcia is a Senior Lecturer and Senior Birmingham Fellow at the
University of Birmingham. His work focuses on the design and evaluation
of cryptographic primitives and protocols for embedded devices like
automotive key fobs and smart cards.
His research achievements include breakthroughs such as the discovery of
vulnerabilities in four of the most widely used contactless smart cards,
the Mifare Classic, HID iClass, and Atmel’s SecureMemory and CryptoRF.
The first of these, Mifare Classic, was widely used for electronic
payment (e.g. Oyster Card) and access control (e.g. Amsterdam Airport).
Garcia’s work has been widely recognized as world leading including an
“Outstanding Paper Award” from IEEE Security & Privacy (Oakland).

View original page

28 July 14:00Massively Parallel Hardware Security Platform / Petr Svenda, Masaryk University, Czech Republic

LT2, Computer Laboratory, William Gates Building

*Abstract:*
There is a strong demand for a secure cryptographic platform in cloud
and mobile computing to support variety of sensitive applications. When
used in large scale distributed environments, one of the options is to
provide cryptography operations as a service (CaaS) instead of computed
on end-user device. It is crucial for CaaS to be trusted by its users as
the cryptographic material is accessed and can be compromised. One
option is to execute sensitive operations inside a trusted hardware
module (HSM) so even platform operator is not able to access used
cryptographic material. Current HSMs provides reasonable computational
performance for closed centralised systems (e.g., top HSMs can perform
up to 9,000 RSA 1024b signatures per second). But implementing CaaS for
different operations with distinct keys submitted by many users in
parallel with currently available HSMs comes with a number of
challenges, though.
The talk will summarize existing challenges and introduce alternative
architecture capable to host large number of applications, cryptographic
material and concurrent users. The experience obtained from building
such architecture will be also discussed.

*Bio:*
Petr Švenda is Assistant Professor at the Masaryk University, Brno,
Czech Republic. He engages in the research of an authentication and key
distribution protocols usable for distributed systems with multiple
parties, often with the devices significantly limited in performance
capabilities and/or working in partially compromised environment like
cryptographic smart cards or wireless sensor networks. He also focus on
a utilization of secure hardware in complex scenarios and the
development of secure applications on such platforms. Presented work is
a part of applied research done by Enigma Bridge @ ideaSpace, Cambridge, UK.

View original page

26 June 14:00Making Better Privacy Decisions in Ubiquitous Computing Environments / Serge Egelman, International Computer Science Institute (ICSI) and Department of Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley

Room FW26, Computer Laboratory, William Gates Building

*Abstract*:
The advent of the smartphone and commercially viable wearable devices
has heralded in an era of unprecedented access to rich user data. This
has allowed third-party applications to innovate by supporting new
interaction modalities, better integrating with users' lifestyles, and
making relevant information more accessible. At the same time, the
abundance of personal data presents very real privacy risks. In this
talk, I discuss previous and ongoing research to help users make more
informed choices about how their personal data is accessed on ubiquitous computing platforms. I present previous research on smartphone platforms that has provided insights into users' behaviors and preferences, as well as how to design systems for future wearable devices that empower users to make better privacy decisions.


*Bio*:
Serge Egelman is a research scientist with joint appointments in the
International Computer Science Institute (ICSI) and the Department of
Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley. His research focuses on usable privacy and
security, with the specific aim of better understanding how people make
decisions surrounding their privacy and security, and then creating
improved interfaces that better align stated preferences with outcomes.
This has included human subjects research on social networking privacy,
access controls, authentication mechanisms, web browser security
warnings, and privacy-enhancing technologies. He received his PhD from
Carnegie Mellon University and prior to that was an undergraduate at the University of Virginia. He has also performed research at NIST, Brown University, Microsoft Research, and Xerox PARC.

View original page

02 June 14:30Insecure processing of cookies in modern web applications and browsers / Dawid Czagan, Silesia Security Lab

Room FW26, Computer Laboratory, William Gates Building

*Abstract:*
Since cookies store sensitive data (session ID, CSRF token, etc.) they
are interesting from an attacker's point of view. As it turns out, quite
many web applications (including sensitive ones like bitcoin platforms)
have cookie related vulnerabilities that lead for example to user
impersonation, remote cookie tampering, XSS and more.

Developers tend to forget that multi-factor authentication will not help
when cookies are insecurely processed. Security evaluators underestimate
for example XSS via cookie - they claim that local access is needed for
exploitation, but this is not always the case (browser dependent
exploitation can be used to launch an attack remotely). Moreover, there
are problems with secure processing of cookies in modern browsers.

That's why secure cookie processing (from the perspective of web
application and browser) seems to be a subject worth discussing.

*Bio:*
Dawid Czagan (@dawidczagan) has found security vulnerabilities in
Google, Yahoo, Mozilla, Microsoft, Twitter, BlackBerry and other
companies. Due to the severity of many bugs, he received numerous awards
for his findings.

Dawid is founder and CEO at Silesia Security Lab, which delivers
specialized security auditing and training services. He also works as
Security Architect at Future Processing.

Dawid shares his security bug hunting experience in his hands-on
training "Hacking web applications - case studies of award-winning bugs
in Google, Yahoo, Mozilla and more". He delivered security
trainings/workshops at CanSecWest (Canada), DeepSec (Austria), IAESTE
CaseWeek (Silesian University of Technology, Poland) and for many
private companies. Dawid also published over 20 security articles
(InfoSec Institute, USA).

To find out about the latest in Dawid's work, you are invited to visit
his blog (https://silesiasecuritylab.com/blog) and follow him on Twitter
(@dawidczagan).

View original page

28 May 14:00Massively Parallel Hardware Security Platform / Petr Svenda, Masaryk University, Czech Republic

LT2, Computer Laboratory, William Gates Building

*Abstract:*
There is a strong demand for a secure cryptographic platform in cloud
and mobile computing to support variety of sensitive applications. When
used in large scale distributed environments, one of the options is to
provide cryptography operations as a service (CaaS) instead of computed
on end-user device. It is crucial for CaaS to be trusted by its users as
the cryptographic material is accessed and can be compromised. One
option is to execute sensitive operations inside a trusted hardware
module (HSM) so even platform operator is not able to access used
cryptographic material. Current HSMs provides reasonable computational
performance for closed centralised systems (e.g., top HSMs can perform
up to 9,000 RSA 1024b signatures per second). But implementing CaaS for
different operations with distinct keys submitted by many users in
parallel with currently available HSMs comes with a number of
challenges, though.
The talk will summarize existing challenges and introduce alternative
architecture capable to host large number of applications, cryptographic
material and concurrent users. The experience obtained from building
such architecture will be also discussed.

*Bio:*

View original page

19 May 14:00Information-flow tracking for web technologies / Luciano Bello

LT2, Computer Laboratory, William Gates Building

*Abstract:* The web is changing. Web servers are dealing with the
dynamic web, delivering rich applications to clients, where the
browsers are increasing their complexity to handle them. Both parties
might have good reasons to not trust each other, creating interesting
security challenges. This talk explores information-flow tracking
technologies for a safer web. We tackle practical problems while
providing formal guarantees for our solutions. We investigate the
compromise between security and flexibility for protecting
confidentiality and integrity in web scenarios. Furthermore, using
purely dynamic techniques, we implement our ideas to demonstrate their
applicability.

*Bio:* Luciano Bello is a last-year PhD student at Chalmers University
of Technology (Gothenburg, Sweden). Under the supervision of Andrei
Sabelfeld, he is studying how information-flow control techniques can
improve the security of the web. He is also a free software developer
and an enthusiastic tango dancer.

View original page

12 May 14:00On the power of techniques for defeating code reuse attacks + some retrospective reflection on the DARPA CRASH program / Prof Howie Shrobe (MIT)

LT2, Computer Laboratory, William Gates Building

*Abstract:*
Code reuse attacks (Return Oriented Programming, etc) have become one the key tools in the arsenal of attackers who are retrying to subvert remote systems through technical means. A new defensive technique, called Code Pointer Integrity, or CPI was proposed this past summer. It has the attractive property of being implemented wholly in software, seeming to offer broad coverage against code reuse attacks while imposing modest performance penalties (~6%). In an upcoming paper, our group demonstrated a technique for bypassing CPI. I will explain how code reuse attacks work, how CPI was supposed to prevent them, and how we bypassed CPI. I will also outline some work that we are currently conducting that uses a simple hardware architectural extension to prevent against both code reuse and code injection attacks (and probably other types of attacks as well).

This work grew out of an attempt to harvest some of the simpler ideas explored in DARPA’s CRASH program (of which I was the program manager). I share some personal reflections on the CRASH program and what it produced.

View original page

04 May 14:00The Dutch electronic patient record system and beyond - towards physician-controlled decentralized medical record exchange. / Guido van 't Noordende, University of Amsterdam

FW11, Computer Laboratory, William Gates Building

*Abstract:*
In the Netherlands, a push for centralized healthcare record access has been
ongoing for about 15 years. The Dutch National switching point is a system
for pulling records from GP and pharmacist systems from anywhere, at any
time, by health professionals that own a healthcare smartcard. A law
mandating this system under an opt-out regime was rejected in 2011,
but the same system is now pushed forward as the universal standard for
healthcare exchange by health insurers, with pressure placed on physicians
to get their patients to opt in. In this talk I will shed some light on
the political context that drives these developments. I will also discuss
a new proposal to counter the potential monopoly of the switching point,
that I am developing with GPs in Amsterdam. In this system, decentralized
control by GPs is possible through a system that GPs own, and have in
their practice under their control. The system implements a distributed
capability model that makes use of existing healthcare smartcards for
authentication and to implement end-to-end security. This in contrast to
the national switching point which not only controls access policy, but
which also - by architecture - has the potential to intercept data and to
retrieve data from GP systems should (future) policy allow.

*Bio:*
Guido van 't Noordende is a Dutch medical privacy campaigner and computer
scientist who currently works at the University of Amsterdam. He also
heads a start-up that develops the distributed patient record system
discussed in this talk. Van 't Noordende holds a PhD in computer science
from Vrije Universiteit, where he worked with Frances Brazier and Andy
Tanenbaum on a distributed mobile agent system.

View original page

28 April 14:00Captchas - the state of play / Dr Jeff Yan, Newcastle University

LT2, Computer Laboratory, William Gates Building

*Abstract: *
Text Captchas have been ubiquitous on the Internet, and breaking some of them is rarely news. But until very recently, it had remained an open problem outstanding for about 15 years: Is there a single but generic attack that breaks them all?

In this talk, I will introduce a surprisingly simple, but generic attack that breaks a wide variety of representative schemes, each with distinctive design features, including those deployed by Google, Microsoft, Yahoo!, Amazon and other Internet giants. As an interesting coincidence, our attack is deeply rooted in seminal research done for very different purposes by Cambridge academics John Daugman and David Field (now at Cornell).

Our attack probably pronounces a death sentence to the current common practice of Captcha designs. To make up for this sin, I will discuss how to design a game-changing scheme. Compared to the state of the art, our new design significantly increases both security and usability, simultaneously. It also offers other technical advantages and enables interesting commercial applications.

*Bio:*
Jeff Yan did his PhD with Ross Anderson in the Lab, and has taught at Newcastle, and Chinese University of Hong Kong.

View original page

21 April 14:00Understanding and Fighting Malicious Activity on Online Social Networks / Gianluca Stringhini, Assistant Professor, University College London

LT2, Computer Laboratory, William Gates Building

*Abstract:* Online Social Networks rely heavily on networks of trust and on user popularity. Users believe to content that is posted by people they know in real life, or by famous people they admire and respect. Cybercriminals who want to misuse social networks for their nefarious goals need to gain trust from their victims as well. Miscreants can do this in two ways: first, they can hijack a reputable account and use it to spread malicious content. This way, users who trust this account will be more likely to re-share this content, or to click on the links that are posted by it. Second, they can build a fake reputation for accounts they control, by purchasing fake followers, fake likes, or fake retweets for example. In this talk I will provide an overview of our work in detecting malicious activity on online social networks. First, I will present COMPA, a system that is able to detect and block messages that have been sent by a social network account but that were not authored by the legitimate owner of the account, but by an attacker who hijacked it. Then I will provide an overview of our efforts in detecting accounts that built a fake reputation on Twitter by purchasing followers. I will then discuss some open research areas in the field of fighting cybercriminal activity on social networks.

*Bio:* Dr Gianluca Stringhini is a lecturer in the Departments of Computer Science and Security and Crime Science at UCL. His research interests include network security, cybercrime measurement, social network security, and malware analysis. His work was awarded a Best Paper Award at ACSAC in 2010 and the Outstanding Dissertation Award from the Department of Computer Science at UC Santa Barbara in 2014. He was one of the recipients of the Symantec Research Labs Graduate Fellowship in 2012.

View original page

31 March 14:00Chupja--PHY Covert Channels: Can you see the Idles? / Hakim Weatherspoon, assistant professor, Department of Computer Science, Cornell University

LT2, Computer Laboratory, William Gates Building

*Abstract:*
Network covert timing channels embed secret messages in legitimate packets by modulating interpacket delays. Such channels are normally implemented in higher network layers (layer 3 or above), are often fairly slow, and can be easily detected or prevented. In this talk, I will present a new approach, Chupja (Korean for spy), which is a very effective covert timing channel that works over the Internet. It is implemented in the physical layer of the network stack and is many orders of magnitude faster than prior art while being very robust and virtually invisible to software endhosts. Key to our approach is software and real-time access and control over every bit in the physical layer of a 10 Gigabit network stack (a bit is 100 picoseconds wide at 10 gigabit per seconds), which allows us to modulate and interpret interpacket spacings at sub-microsecond scale. In the talk, I will discuss when and how a timing channel in the physical layer works, how hard it is to detect such a channel, and what is required to do so.

*Bio:*
Hakim Weatherspoon is an assistant professor in the Department of Computer Science at Cornell University. His research interests cover various aspects of fault-tolerance, reliability, security, and performance of large Internet-scale systems such as cloud computing and distributed systems. Professor Weatherspoon received his Ph.D. from Berkeley in 1999. Before receiving his PhD, Prof. Weatherspoon received his B.S. from University of Washington. Prof. Weatherspoon is an Alfred P. Sloan Fellow and recipient of an NSF CAREER award, DARPA Computer Science Study Panel (CSSP), IBM Faculty Award, the NetApp Faculty Fellowship, Intel Early Career Faculty Honor, and the Future Internet Architecture award from the National Science Foundation (NSF).

View original page

10 March 14:00Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation / Nathan Dautenhahn, University of Illinois at Urbana-Champaign

LT2, Computer Laboratory, William Gates Building

*Abstract:*
Monolithic operating system designs undermine the security of computing systems by allowing single exploits anywhere in the kernel to enjoy full supervisor privileges. The nested kernel operating system architecture addresses this problem by “nesting” a small, isolated kernel within a traditional monolithic kernel. The “nested kernel” interposes on all updates to virtual memory translations to assert protections on physical memory, thus significantly reducing the trusted computing base for memory access control enforcement. We incorporated the nested kernel architecture into FreeBSD on x86-64 hardware by write-protecting MMU translations and de-privileging the untrusted part of the kernel, thereby enabling the entire operating system, trusted and untrusted components alike, to operate at the highest hardware privilege level. Our implementation inherently enforces kernel code integrity while still allowing dynamically loaded kernel modules, thus defending against code injection attacks. We also demonstrate, by introducing write-mediation and write-logging services, that the nested kernel architecture allows kernel developers to isolate memory in ways not possible in monolithic kernels. Performance of the nested kernel prototype shows modest overheads: < 1% average for Apache, and 2.7% for kernel compile. Overall, our results and experience show that the nested kernel design can be retrofitted to existing monolithic kernels, providing important security benefits.

*Bio:*
Nathan Dautenhahn is a sixth-year doctoral candidate in the Department of Computer Science at the University of Illinois at Urbana-Champaign. His research investigates trustworthy system design by developing experimental operating systems, compilers, and hardware components. This research has led to publications in key systems and security venues, including IEEE S&P, CCS, NDSS, ASPLOS, and ISCA. His latest work, on the nested kernel architecture, is identifying solutions for defending against insecure and malicious operating systems; this is the topic of his thesis. The nested kernel architecture is also under consideration for inclusion in HardenedBSD, an operating system variant of FreeBSD. Dautenhahn also actively contributes to the CS department graduate program by participating in many activities, such as establishing the Doctoral Education Perspectives seminar, formally mentoring undergraduate and graduate students, and serving on the Computer Science Graduate Academic Council and the Engineering Graduate Student Advisory Committee.

View original page

05 February 14:00Human factors and missed solutions to WWII Enigma design weaknesses / Prof. Harold Thimbleby CEng FIET FRCPE FLSW HonFRSA HonFRCP

LT2, Computer Laboratory, William Gates Building

*Abstract:*
The German World War II Enigma suffered from design weaknesses that
facilitated its large-scale decryption by the British throughout the
war. The main technical weaknesses (self-coding and reciprocal coding)
could have been avoided using simple contemporary technology, and
therefore the true cause of the weaknesses is not technological but
must be sought elsewhere: we argue that human factors issues resulted
in the persistent failure to seek out more effective designs. Similar
limitations beset the historical literature, which misunderstands the
Enigma weaknesses and therefore inhibits broader thinking about design
and the critical role of human factors engineering in cryptography.

*Bio:*
Harold Thimbleby is professor of computer science at Swansea University, Wales, and is Emeritus Professor of Geometry, Gresham College, London. He built an electromechanical Enigma in 2002 to illustrate a Gresham College lecture on cryptography, and he has been fascinated by the topic ever since. Harold's research interest is human error, particularly in complex healthcare systems, but he became interested in the Enigma because its design failures make a provocative analogue to healthcare IT design failures. See http://harold.thimbleby.net

View original page

13 January 14:00Single Password Authentication / Alptekin Küpçü, Assistant Professor, Cryptography, Security &amp; Privacy Research Group, Koç University

FW11, Computer Laboratory, William Gates Building

*Abstract:*
Security of our passwords is an everyday and very pressing problem.
Users frequently reuse their passwords when authenticating to various
online services. Combined with the use of weak passwords or
honeypot/phishing attacks, this brings high risks to the security of
the user's account information.

We invented a mechanism such that a user may employ a single simple
password to login to all websites securely, with proven security
against dictionary attacks, phishing, honeypots, or in many cases,
even malware. Our system is easy to deploy, especially if some single
sign-on services such as Google Accounts, Facebook, Microsoft
Passport, Yahoo employ this system. This is the first and only system
of its kind, provably providing such strong security guarantees.


*Speaker bio:*
Alptekin Küpçü has received his Ph.D. degree from Brown University
Computer Science Department in 2010. Since then, he has been working
as an assistant professor at Koç University, and leading the
Cryptography, Security & Privacy Research Group he has founded. His
research mainly focuses on applied cryptography, and its intersection
with cloud security, privacy, peer-to-peer networks, and mechanism
design. He has also led the development of the Brownie Cashlib
cryptographic library, which is available as open source online. Dr.
Küpçü has various accomplishments including 2 patents pending, 6
funded research projects (for 4 of which he was the principal
investigator), 2 European Union COST Action management committee
memberships, and Koç University Teaching Innovation Grant. For more
information, visit http://crypto.ku.edu.tr