Solving The Platform Entropy Problem – Phase 2
George Cox, Intel Corporation
We discuss the:
- Need for high quality “seeding” material for SW PRNGs;
- The resultant development of NIST SP800-90 B/C; and
- Intel’s product response to it with evolution of our existing Digital Random Number Generator (DRNG) and addition of our new RdSeed instruction.
Bio: During his 38 year career at Intel, George has lead research and development teams delivering processors, I/O subsystems, supercomputers, interconnects, and security elements. His current Digital Random Number Generator (DRNG) work is the second Intel RNG that his teams have deployed in product. He looks forward to attacking other such low level, fundamental, long term, platform security problems. |
|
Security and Privacy in Named-Data Networking
Gene Tsudik, University of California, Irvine (UCI)
With the growing realization that current Internet protocols are reaching the limits of their senescence, a number of on-going research efforts aim to design potential next-generation Internet architectures. Although they vary in maturity and scope, in order to avoid past pitfalls, these efforts seek to treat security and privacy as key initial requirements.
The Named Data Networking (NDN) is an Internet architecture that avoids IP's host-based, point-to-point networking approach in order to better accommodate new and emerging patterns of communication. NDN treats data as a first class object, explicitly naming it instead of its location. While the current Internet secures the "pipe" that carries data between hosts, NDN secures data -- a design choice that decouples trust in data from trust in hosts, enabling scalable communication mechanisms, such as automatic caching of data in routers to optimize bandwidth. The NDN project poses numerous technical challenges that must be addressed to validate it as a future Internet architecture: routing scalability, fast forwarding, trust models, network security, content protection and privacy, and fundamental communication theory.
This talk will overview NDN and then turn to security and privacy issues. By stressing content dissemination, NDN is an attractive and viable approach to many types of current and emerging communication models. It also incorporates some useful security and privacy features. We will first consider communication privacy and anonymity in NDN and describe an NDN add-on (called ANDANA) that offers the functionality similar to TOR on today's Internet.
Since resilience to Denial of Service (DoS) attacks that plague today’s Internet
is a major issue for any new architecture, we will discuss some initial research towards assessment and mitigation of DoS in NDN. Next, we will consider privacy implications of router-side content caching. Finally, we will discuss how to adapt NDN and its security features to environments other than content distribution, using the example of building automation.
Bio: Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). Over the years, his research interests included numerous topics in security, privacy and applied cryptography. Since 2009, he serves as the Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC). |
|
What is public key cryptanalysis?
Jacques Stern, École Normale Supérieure
Traditionally, cryptanalysis has been based on statistical analysis. This remains true for conventional secret key crypto systems. In the area of public key however, the picture is quite different. On one hand, there is usually some mathematical structure hidden in the public data; on the other hand, the cryptographic security is more or less tightly related with some well identified computational problem which is believed to be hard to solve. The talk will give several examples where the cryptanalyst was able to recover the hidden mathematical structure through a purely algebraic approach, and to break schemes that might otherwise have appeared promising, such as the S-FLASH signature scheme. It will also discuss surprising changes of perspective that have recently occurred: algorithmic progress have lowered the asymptotic complexity of problems underlying the so-called HFE signature, as well as the complexity of the discrete logarithm in fields of small characteristic, thus questioning the security of related cryptographic schemes. In another direction, problems such as the approximate GCD, which had long be known to be easily solvable by lattice reduction, at least in small dimensions, now form the basis for a large number of successful homomorphic schemes.
Bio: Jaccques Stern is a professor at the Ecole Normale Supérieure (ENS) in France. He is an expert in cryptography and has made over 100 contributions to scientific journals. His main work has been devoted to the cryptanalysis and provable security of public key algorithms, as well as to the design of cryptographic algorithms suitable for smart cards applications.Jacques Stern is a Fellow of the International Association for Cryptologic Research. He was also the recipient of the Lazare Carnot Prize from the French Academy of Sciences in 2003, of the CNRS Gold Medal, the highest French National Scientific Award in 2006, and of the RSA Award in 2007. From 2007 to 2010, Jacques Stern has been Chairman of the Board of the Agence Nationale de la Recherche (ANR), as well as Chairman of the Board of the company Ingenico, world supplier of transaction and secure payment solutions. Early in 2010, he has joined the French ministry of higher education and research as a senior advisor to the minister. In 2012, Jacques Stern has been appointed a member of the French National Regulatory Authority for Telecoms, and has resumed his teaching and research activities at ENS. |
|
A Survey of Verifiable Delegation of Computations
Rosario Gennaro, The City College of New York
In this talk I will give an overview of past and recent research on the area of Verifiable Delegation of Computation. The goal is to enable a computationally weak client to "outsource" the computation of a function F on various inputs x1,...,xk to one or more powerful servers. The server must return the result of the function evaluation, e.g., yi=F(xi), as well as a proof that the computation of F was carried out correctly on the given value xi. A crucial requirement is that the verification of the proof should require substantially less computational effort than computing F(xi) from scratch.
For the "general purpose" case (protocols that work for any function F) I will discuss the different ways this problem has been approached theoretically, particularly the line of research that links Interactive Proofs, to Probabilistic Checkable Proofs, to Succinct Non-Interactive Arguments. I will also survey recent exciting experimental results that show how these techniques are on the verge of becoming practical.
I will also talk about "ad hoc" protocols that aim to verify specific computations of particular importance in practice.
Bio: Rosario Gennaro received his Ph.D. from the Massachusetts Institute of Technology in 1996, and was a researcher at the IBM T.J.Watson Research Center before joining City College in the Summer of 2012. His research focuses on cryptography and network security and more in general on theoretical computer science. His most recent works address the security of the cloud computing infrastructure, the issues of privacy and anonymity in electronic communication, and proactive security to minimize the effects of system break-ins. |
|