buttonTrust
 

2005 Trust Seminars

  • Current and Recent Seminars
  • Seminars from other years

    • 2005

    "Trust Overview"
    Shankar Sastry, September 1, 2005
    Trust Seminar Cancelled, see Simson Garfinkle's talk below
    Thursday September 8, 2005
    "Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook ExpressPPT"
    Simson Garfinkle, September 9, 2005
    After more than 20 years of research, cryptographically-protected email is still a rarity on the Internet today. Usability failings are commonly blamed for the current state of affairs: programs like PGP and GPG must be specially obtained, installed, and are generally considered hard to use. And while support for the S/MIME mail encryption standard is widely available, procedures for obtaining S/ MIME certificates are onerous because of the necessity of verifying one's identity to a Certification Authority.

    Key Continuity Management (KCM) has been proposed as a way around this conundrum. Under this model, individuals would create their own, uncertified S/MIME certificates, use these certificates to sign their outgoing mail, and attach those certificates to outgoing messages. Correspondents who wish to send mail that is sealed with encryption are able to do so because they possess the sender's certificate. Mail clients (e.g. Outlook Express, Eudora) alert users when a correspondent's certificate changed.

    We conducted a user test of KCM with 44 email users who had no previous experience or knowledge of cryptography and email security. Using a scenario similar to that of Whitten and Tygar's Why Johnny Can't Encrypt study, we show that while naive subjects generally understand the gist of digitally signed mail and that a changed key represents a potential attack, they are less equipped to handle the circumstance when a new email address is presented simultaneously with a new digital certificate.

    We conclude that KCM is a workable model that can be used today to improve email security for naive users, but that work is needed to develop effective interfaces to alert those users to a particular subset of attacks.

    "Too Close For Comfort: Free Speech, Privacy, and the Demonstrate Project"
    Ken Goldberg and Deirdre Mulligan, September 15, 2005
    Like oxygen, privacy is an odorless, colorless substance usually taken for granted. It is deeply rooted in both the personal and the social, evoking a range of human responses. Political and technical developments have have altered privacy's ecosystem of expectations, laws and behaviors. To expand the dialogue on visual privacy, we set out to demonstrate -- to make visible -- concrete examples of privacy in practice:

    We installed a state-of-the-art robotic webcamera over UC Berkeley's Sproul Plaza, birthplace of the Free Speech Movement. For six weeks, the camera was made accessible to anyone on the Internet. Online participants shared remote control of the robot camera, allowing them to zoom in to frame and photograph activity on the Plaza at any time of day or night. During the six-week course of the installation, over 1100 images were taken, putting public activity in Sproul Plaza under scrutiny and placing online participants in the position of hidden observers. The installation provoked a range of reactions. I'll describe what was observed, the controversies, and illustrate with images taken by users.

    ---

    Ken Goldberg is an artist and professor of engineering at UC Berkeley. His work has been exhibited at the Venice Biennale, Walker Art Center, Ars Electronica (Linz Austria), ZKM (Karlsruhe), Pompidou Center (Paris), ICC Biennale (Tokyo), Kwangju Biennale (Seoul), Artists Space, The Kitchen, and the Whitney Biennial. He has also held visiting positions at MIT Media Lab, Art Center College of Design, and the San Francisco Art Institute.
    http://www.ken.goldberg.net

    Deirdre K. Mulligan is the director of the Samuelson Law, Technology & Public Policy Clinic and an acting clinical professor of law at the UC Berkeley School of Law (Boalt Hall). Before coming to Boalt, she was staff counsel at the Center for Democracy & Technology in Washington.

    "No More Alice to Bob: Reality-based Models for Message Encryption and Key Management"
    Terence Spies (Voltage Inc.), September 29, 2005
    Communication security has long subsisted under a model motivated by the assumption that endpoints were secure, while intermediaries and third parties were untrusted. The natural implication of this model is that properties like non-repudiation, confidentiality and end-entity authentication be provided in an end-to-end fashion. Not only is this model and its implications incorrect in real systems, but it is actively detrimental to building systems that customers need. This talk will go into experiences integrating encryption into a major operating system, and also the realities of deploying email encryption within 100,000 user enterprises, and will attempt to distill a set of different security and design assumptions that lead to useful systems.
    ""Process Detection in Secure and Reliable Computing"
    George Cybenko (Dartmouth), October 20, 2005
    Multiple process detection is the problem of identifying instances of several dynamical processes and estimating their states from a sequence of unlabeled, noisy and ambiguous observations of the processes. This talk will demonstrate that several important challenges in secure computing and autonomic systems can be naturally formulated as multiple process detection problems. Those problems include detection of multi-stage, multi-host computer attacks and self-aware computing systems. This talk will also provide an introduction to the growing body of theory and applications of process detection, including applications to other areas. A software implementation of a general-purpose process detection system, called a Process Query System (PQS), will be presented as well. See www.pqsnet.net for papers and more information about Process Query Systems.

    Biography

    George Cybenko is the Dorothy and Walter Gramm Professor of Engineering at Dartmouth. Cybenko's current research interests are distributed information and control systems, with a special focus on process detection in cybersecurity, sensor network tracking and infrastructure protection applications. He is the founding Editor-in-Chief of IEEE Security and Privacy and an investigator on projects funded by DHS, DARPA and ARDA. Cybenko received a BSc in mathematics from the University of Toronto and a Ph.D. in applied mathematics from Princeton. He is a Fellow of the IEEE. His home page is at www.dartmouth.edu/~gvc.

    "SAT-Based Decision Procedures and Software Security"
    Sanjit Seshia, UC Berkeley, Programming Systems Seminar, Monday, October 24, 4-5pm, 320 Soda
    Recent dramatic advances in Boolean satisfiability (SAT) solving have greatly improved the scalability of decision procedures for first-order logics, enabling many applications in software analysis. A SAT-based decision procedure operates by performing a satisfiability-preserving encoding of its input to a SAT problem, on which a SAT solver is invoked.

    This talk is about UCLID, a verification tool based on SAT-based decision procedures, and its application to software security. I will present UCLID's SAT-encoding algorithms for quantifier-free first-order logics involving arithmetic. UCLID has been used within a semantics-aware detector of malware (e.g., viruses and worms), which shows greater resilience to obfuscations than commercial tools. I will describe the notion of a semantic signature, the malware detection algorithm, and experimental results.

    I will conclude with a description of related projects and directions for future work.

    The work presented in this talk is joint with Randal Bryant, Mihai Christodorescu, Somesh Jha, and Dawn Song.

    Brief biography at http://www.eecs.berkeley.edu/~sseshia/bio.html

    "Keyboard Acoustic Emanations Revisited"
    Li Zhuang, October 27, 2005
    We examine the problem of keyboard acoustic emanations. We present a novel attack taking as input a 10-minute sound recording of a user typing English text using a keyboard, and then recovering up to 96% of typed characters. There is no need for a labeled training recording. Moreover the recognizer bootstrapped this way can even recognize random text such as passwords: In our experiments, 90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts. Our attack uses the statistical constraints of the underlying content, English language, to reconstruct text from sound recordings without any labeled training data. The attack uses a combination of standard machine learning and speech recognition techniques, including cepstrum features, Hidden Markov Models, linear classification, and feedback-based incremental learning.

    http://keyboard-emanations.org/

    "Cryptographic Voting Protocols: A Systems Perspective"
    Chris Karlof, November 3, 2005
    Cryptographic voting protocols offer the promise of verifiable voting without needing to trust the integrity of any software in the system. However, these cryptographic protocols are only one part of a larger system composed of voting machines, software implementations, and election procedures, and we must analyze their security by considering the system in its entirety. In this paper, we analyze the security properties of two different cryptographic protocols, one proposed by Andrew Neff and another by David Chaum. We discovered several potential weaknesses in these voting protocols which only became apparent when considered in the context of an entire voting system. These weaknesses include: subliminal channels in the encrypted ballots, problems resulting from human unreliability in cryptographic protocols, and denial of service. These attacks could compromise election integrity, erode voter privacy, and enable vote coercion. Whether our attacks succeed or not will depend on how these ambiguities are resolved in a full implementation of a voting system, but we expect that a well designed implementation and deployment may be able to mitigate or even eliminate the impact of these weaknesses. However, these protocols must be analyzed in the context of a complete specification of the system and surrounding procedures before they are deployed in any large-scale public election.
    "The Common Vulnerability Scoring System (CVSS)"
    Mike Schiffman, Cisco, November 10, 2005
    To date, a number of commercial computer security vendors and not-for-profit organizations have developed, promoted, and implemented systems to rank information system vulnerabilities. Unfortunately, there is no cohesion or interoperability among those systems and they are limited in scope as to what they cover. This presentation discusses an open and universal vulnerability scoring system to address and solve these shortcomings, with the ultimate goal of promoting a common language to discuss vulnerability severity and impact.

    More can be found at http://www.first.org/cvss

    " Securing Control Systems in the Oil and Gas Infrastructure: The I3P SCADA Security Research Project"
    Ulf Lindqvist (SRI), November 17, 2005
    The Institute for Information Infrastructure Protection (I3P) is funding a team consisting of ten research institutions to undertake a two-year R&D effort to improve the cyber security of control systems in the oil and gas industry. This presentation will identify some cyber security concerns for the industry, provide an overview of the research program and how it relates to other efforts in this area, and highlight some specific tools and technologies under development by the I3P team. See also http://www.thei3p.org/research/scada/index.html

    Ulf Lindqvist is a Program Director in the Computer Science Laboratory at SRI International; an independent, nonprofit R&D organization with headquarters in Menlo Park, California. He manages R&D efforts in enterprise and infrastructure security, including the Cyber Security R&D Center that SRI operates for the U.S. Department of Homeland Security (Science and Technology Directorate), and SRI's activities in the I3P project. His main research interest is development of efficient and generic methods for analysis, modeling, categorization, and automatic real-time detection and correlation of computer misuse.

    "Preventing rate-based attacks: Requirements, Architecture for a solution and Lessons from Field-Trials "
    Hemant Jain, IntruGuard Devices, December 1, 2005
    Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are growing as the internet grows. There is a serious need to protect critical infrastructure as well as e-commerce from these attacks. Software based solutions crumble under these attacks. This presentation discusses the requirements for rate-based intrusion prevention, architecture and implementation of ASIC-based in-line solution for rapid-response, high performance and low latency. This presentation will also provide validation of data received from real-life DoS/DDoS attacks during the customer-trials.

    Hemant Jain is co-founder and CTO of IntruGuard Devices, Inc where he focuses on an ASIC-based Rate-based IPS technology. Prior to founding IntruGuard Devices, Hemant was Chief Architect in Starlight Micro, Inc., responsible for conceptualizing a network security ASIC. He was a lead architect in Internet Devices and Alcatel where among other things he was responsible for conceptualizing and implementing one-touch VPN Client, firewall and NAT support for multimedia and VOIP protocols. He has 5 pending patents in network security space. Hemant earned his MSEE from the Indian Institute of Technology, Bombay, India.

    "You're Nobody Till Somebody Rejects You: Reliance Requirements for Internet-scale Identity Schemes"
    Allan M. Schiffman, CommerceNet,
    Note: Special Time: 12 noon - 1pm (we will have pizza)
    December 8, 2005
    We are seeing a proliferation of user-centric identity schemes for the Internet. The suitability of these schemes will depend on what users need from user identity. This talk reviews a small collection of illustrative scenarios from community classifieds through police tip lines to online clinical trials. The requirements of these applications vary, but there does seem to be a common theme -- support for retribution.

    Allan M. Schiffman is Executive Director of CommerceNet, an "Idea Capitalist" for Web 2.0 initiatives based in Palo Alto. His personal startup average is .667, for three at bats. Allan's technical background includes communications security protocol design and object-oriented language implementation. Allan has an MSCS from Stanford and is a PhD candidate in CMU's "Computation, Organizations and Society" program.

    Details about how the seminar is managed can be found at How is the TRUST Seminar managed?

    You are not logged in 
    © 2005-2010 Trust