CS551/851 C Ryptography Applications Bistro Seminar Spring 2004 Coordinator: David Evans Meeting Times: Tuesdays and Thursdays, 5:00-6:15pm in Olsson 228E. Hairy Crab image from Museum Victoria

Announcements 15 Jan: Seminar Announcement, Authenticating Hairy Crabs 29 Apr: The seminar for Spring 2004 is now over. There will be a security reading group that meets during the summer (contact Nate Paul, nate@cs.virginia.edu, for details). If you have interest in a similar seminar for next year, contact evans@virginia.edu. Past Meetings Tuesday, 20 Jan: Lingxuan Hu, Using Directional Antennas to Prevent Wormhole Attacks [PPT Slides] Using Directional Antennas to Prevent Wormhole Attacks, Lingxuan Hu and David Evans, Network and Distributed System Security Symposium, San Diego, 5-6 February 2004. (PDF, 11 pages) Thursday, 22 Jan: Serge Egelman, Certificate Revocation [PPT Slides] Ron Rivest, Can We Eliminate Certificate Revocation Lists?, Financial Cryptography 1998. Patrick McDaniel and Aviel Rubin, A Response to "Can We Eliminate Certificate Revocation Lists?", Financial Cryptography 2000. Serge Egelman, Josh Zaritsky and Anita Jones. Improved Certificate Revocation with OCSP Tuesday, 27 Jan: Mike Peck, CAPTCHa and Password Security [PDF Slides] Benny Pinkas and Tomas Sander, Securing Passwords against Dictionary Attacks (ACM CCS, November 2002) Thursday, 29 Jan: Josh Zaritsky, Multicast Key Distribution [PPT Slides] Paul Judge and Mostafa Ammar, Security Issues and Solutions in Multicast Content Distribution: A Survey, IEEE Network. January/February 2003. Germano Caronni, Marcel Waldvogel, Dan Sun, Bernhard Plattner Efficient Security for Large and Dynamic Multicast Groups, Proceedings of the Seventh Workshop on Enabling Technologies (WET ICE '98). 1998. Guang-Huei Chiou and Wen-Tsuen Chen Secure Broadcasting Using the Secure Lock, IEEE Transactions on Software Engineering. August 1989. Suvo Mittra Iolus: A Framework for Scalable Secure Multicasting, Proceedings of the ACM SIGCOMM '97. September 1997. Tuesday, 3 Feb: Richard Barnes, VoteHere [PDF Slides] and Nate Paul, Remote Voting [PPT Slides]. David Jefferson, Aviel Rubin, Barbara Simons, David Wagner, A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE). The SERVE website has a link to the NY times article and a link to the full paper. Avi Rubin, Security Considerations for Remote Electronic Voting over the Internet. C. Andrew Neff, Jim Adler, Verifiable e-Voting. For those that would like to look at more voting information on VoteHere, see http://www.votehere.net/vhti/ documentation/documentation.htm. Thursday, 5 Feb: No Class (NDSS) Tuesday, 10 Feb: Wild Winging It Approach to Security (Security through Obscurity Redeemed) (NDSS Report, David Evans and Lingxuan Hu) Thursday 12 Feb: Jessica Greer, Non-Text Passwords [PPT] Fabian Monrose, Michael Reiter, Qi Li, Daniel Lopresti and Chilin Shih. Towards Speech-Generated Cryptographic Keys on Resource Constrained Devices. USENIX Security Symposium 2002. Fabian Monrose, Michael K. Reiter, Susanne Wetzel. Password hardening based on keystroke dynamics. International Journal of Information Security, 2001. Francesco Bergadano, Daniele Gunetti and Claudia Picardi. User authentication through keystroke dynamics. ACM Transactions on Information and System Security, November 2002. Tuesday, 17 Feb: Joel Winstead, Model Checking Cryptography Protocols [PPT] Gavin Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of Lecture Notes in Computer Science, pages 147--166. Springer-Verlag, 1996. [PDF] If you are not already familiar with CSP, also read: C.A.R. Hoare. Communicating sequential processes. Communications of the ACM, 21(8), August 1978. [PDF] Tuesday, 24 Feb: Randy Unger, Trusted Computing [PPT] William Arbaugh, A Secure and Reliable Bootstrap Architecture, 1997 IEEE Symposium on Security and Privacy Ross Anderson, Cryptography and competition policy: issues with 'trusted computing', Proceedings of PODC 2003. Thursday, 26 Feb: Leonid Bolotnny, RFID Privacy [PDF] Ari Juels and Ravikanth Pappu, Squealing Euros: Privacy Protection in RFID-Enabled Banknotes, FC 2003, LNCS 2742, pp. 103-121, 2003 Springer-Verlag Berlin Heidelberg 2003. Tuesday, 2 March: Anthony Wood, Micropayments [PPT] Pro/Con Papers: Andrew Odlyzko, The Case Against Micropayments, Financial Cryptography 2003. Scott McCloud, Misunderstanding Micropayments (personal blog essay). Technical papers: R. Lipton, R. Ostrovsky. Micro-Payments via Efficient Coin-Flipping. Financial Cryptography 1998. (recommended) Ronald L. Rivest and Adi Shamir, PayWord and MicroMint—Two Simple Micropayment Schemes. CryptoBytes, volume 2, number 1 (RSA Laboratories, Spring 1996), 7--11. Tuesday, 16 March: Richard Barnes, Auctions [PDF] [PPT] Koutarout Suzuki and Makoto Yokoo. Secure Generalized Vickrey Auction using Homomorphic Encryption, Financial Cryptography 2003. Edith Elkind and Helger Lipmaa. Interleaving Cryptography and Mechanism Design: The Case of Online Auctions. Thursday, 18 March: Serge Egelman and Mike Peck, Circumventing Web Censorship [PDF] Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, and David Karger. Infranet: Circumventing Web Censorship and Surveillance. USENIX Security Symposium, 2002. Tuesday, 23 March: Zhanxiang Huang, Timing Attacks [PPT] David Brumley and Dan Boneh. Remote timing attacks are practical. USENIX Security 2003. Background papers: Paul Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. White Paper based on Crypto 96 paper. Dawn Xiaodong Song, David Wagner and Xuqing Tian. Timing Analysis of Keystrokes and Timing Attacks on SSH. USENIX Security Symposium 2001. Thursday, 25 March: Nathanael Paul, Cryptographic Filesystems [PPT] E.-J. Goh, H. Shacham, N. Modadugu, and D. Boneh. SiRiUS: Securing Remote Untrusted Storage. NDSS 2003. Additional Papers: M. Blaze. A cryptographic file system for UNIX. CCS 1993. Charles P. Wright, Michael C. Martino, and Erez Zadok, NCryptfs: A Secure and Convenient Cryptographic File System. USENIX 2003 Annual Technical Conference, General Track. Another approach is to use one-way encryption techniques, as demonstrated by this video: [AVI, 22MB] Tuesday, 30 March: Mike McNett and Leonid Bolotnny, Searching Encrypted Data [PPT] Stanislaw Jarecki, Pat Lincoln, Vitaly Shmatikov. Negotiated Privacy. International Symposium on Software Security, Tokyo, November 8-10, 2002. Additional Papers: Dawn Xiaodong Song, David Wagner, Adrian Perrig. Practical Techniques for Searches on Encrypted Data, IEEE Symposium on Security and Privacy, Oakland 2000. Brent R. Waters, Dirk Balfanz, Glenn Durfee, and D. K. Smetters. Building an Encrypted and Searchable Audit Log. NDSS 2004. Thursday, 1 April: Randy Unger, Anonymous Communication [PPT] Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan. P5: A Protocol for Scalable Anonymous Communication. Oakland 2002. Marc Rennhard, Bernhard Plattner. Practical Anonymity for the Masses with Mix-Networks. Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. June 2003. Tuesday, 6 April: Mike McNett/Richard Barnes, Quantum Cryptography [PPT] Chip Elliott, David Pearson, and Gregory Troxel. Quantum Cryptography in Practice. Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications. Background: A basic introduction to quantum computing: A Quantum Leap for Cryptography. Authors unknown. Jamie Ford. BB84 Algorithm Demo. Background Info for Error Correction (Recommend that you just read the first few sections - we won't get too deep into the math): Daniel Gottesman. An Introduction to Quantum Error Correction. Thursday, 8 April: Joel Winstead, Low Tech Ciphers [PPT] Bruce Schneier. The Solitaire Encryption Algorithm (featured in Neal Stephenson's Cryptonomicon), 1999. Here's an interesting cryptography problem: Friend or Foe? A Digital Dog Tag Answers, New York Times, 15 April 2004. Tuesday, 13 April: Josh Zaritsky/Jessica Greer [PPT] Elisavet Konstantinou, Vasiliki Liagkou, Paul Spirakis, Yannis Stamatiou, Moti Yung. Electronic National Lotteries, Financial Cryptography 2004. Chris Hall, Bruce Schneier. Remote Electronic Gambling, 13th Annual Computer Security Applications Conference, ACM Press, December 1997, pp. 227-230. Thursday, 15 April: Zhanxiang Huang/Lingxuan Hu, Distributed Denial-of-Service [SIFF PPT, PI PPT] Avi Yaar, Adrian Perrig and Dawn Song. Pi: A Path Identification Mechanism to Defend against DDoS Attacks PS. Oakland 2003. Avi Yaar, Adrian Perrig and Dawn Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. Oakland 2004. Tuesday, 20 April: Matthew Spear and Steven Guy, Factoring Techniques [PPT] Eric Landquist. The Quadratic Sieve Factoring Algorithm . December 14, 2001. S. Cavallar, W.M. Lioen, H.J.J. te Riele, B. Dodson, A.K. Lenstra, P.L. Montgomery, B. Murphy et al. Factorization of a 512--bit RSA modulus. February 29, 2000. Thursday, 22 April: Doug Szajda (University of Richmond) D. Szajda, B. Lawson, and J. Owen. Hardening functions for large-scale distributed computations. Proceedings of the 2003 IEEE Symposium on Security and Privacy, Oakland 2003. Tuesday, 27 April: Anthony Wood, Diversity Techniques [PPT] Barrantes, et. al, Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks. ACM CCS 2003. Bhatkar, DuVarney, Sekar. Address Obfuscation: an Efficient Approachs to Combat a Broad Range of Memory Error Exploits. USENIX Security, 2003.

University of Virginia Department of Computer Science CS 851/551: Cryptography Applications Bistro

evans@virginia.edu