Slides of the talk. [pdf]
Abstract: Signcryption schemes combine signing and encryption in a way that is more efficient than sign-then-encrypt. After introducing the security model involving indistinguishability and unforgeability, we will look at a specific scheme and how it achieves forward secrecy when the state of the sender is compromised (because only the receiver can decrypt). On the positive side, this scheme can be used to create a forward secure identity based key exchange where one user is more secure (and thus less likely to be compromised). However, this does not help if the states of both the sender and receiver are compromised. Hence, we need forward secure identity based encryption. By evolving the secret key efficiently, we also have the added benefit that the adversary cannot forge signcryptions from the past, thus achieving strong forward security.
Slides of the talk. [pdf]
Abstract: We have created SecreC - a novel programming language with a type system that separates public and private data. This code can be compiled into Sharemind assembly and executed on the Sharemind virtual machine. Sharemind guarantees that data marked as private is processed using secure multi-party computation. We have used this language to implement a number of data mining algorithms including histogram computation, Apriori, Eclat and memory-regulated Apriori. In this talk we will introduce the language and the data mining results achieved by using it.
Slides of the talk. [ppt]
Abstract:Managing cyber security is a demanding task at several levels abstraction: high-level management, technical infrastructure planning, on-line activities etc. At all those levels people who are involved have to take some decisions to improve the level of security to some required level. It is a common belief that for training and in decision making process modeling and simulation are useful activities - allowing better understanding of "things" working principles and giving some hints on what results we could gain while taking some actions.
In this talk I describe some modeling and simulation tools for cyber security developed in Modeling and Simulation Group of Institute of Cybernetics.
Abstract: Current tightest security proof of linking-based time-stamping schemes is proved to be asymptotically tight, but still does not give us adequate real-life security quarantee on realistic system parameters. Therefore, instead of collision resitance, new hash function properties are used to find tighter security proofs. We construct tighter security proofs under the assumptions that the hash function is a random oracle and (as a weaker, but realistic assumption) that the hash function is built using a preimage aware construction from ideal components.
(Joint work with Ahto Buldas)
Abstract: Ensuring system security is a necessity rather than an option. In our work we develop a model-driven approach to specifying security constraints in order to separate security aspects (particularly access control) from other business logic. We believe that this helps developers to engineer an application clearer by not hard-coding security aspects into the source code but rather by developing security concerns at the system design stage. During this talk we will specifically focus on the access control at the data level, thus, also highlighting the important ongoing security engineering activities and the future work.
(joint work with Raimundas Matulevičius)
Slides of the talk. [odp]
Abstract: A message recognition protocol (MRP) aims to exchange authenticated information in an insecure channel using resource-restricted devices. During the initialization session of the protocol, the parties exchange some authenticated information which the adversary can passively observe. Then, one party wants to send authenticated messages to the other party in an insecure channel. Such security requirements are often found in wireless sensor networks, where two nodes want to keep communicating after initially meeting each other, but where all communication can be observed by the adversary.
A common way for ensuring the authenticity is to initialize a public-key primitive (signature scheme) during the initialization session. However, the identity of the user does not need to be authenticated in our setting, so we do not need a certificate authority that binds keys to users. Another way to ensure authenticity is for the first party to commit to certain values during the initialization (typically by using hash chains), such that these values can be later opened and used to authenticate messages.
Public-key cryptography is computationally intensive. Protocols based on hash chains also have significant computational requirements, but more importantly, they are not perennial — the number of possible message authentications is fixed in the initialization phase. Although efficient perennial MRPs based on hashing have been proposed, they have been shown to be flawed.
In this talk, we show that if we restrict the primitives our protocol can use to a set that is usually understood to comprise “symmetric cryptography”, then it is impossible to construct a perennial MRP. We show that, without a common secret, authenticating a message is not possible. We also show that a common secret cannot be agreed on during the initialization session. Our result should be an interesting guideline for authentication protocols in general, showing that initial authentication cannot be potentially infinitely extended by using just symmetric cryptography in the presence of an adversary.
(joint work with Madeline González Muñiz)
Abstract: The presentation gives an overview of important theoretical questions that are needed to improve Sharemind in terms of flexibility, security and efficiency.
Abstract: A fundamental privacy problem in the client-server setting is the retrieval of a record from a database maintained by a server so that the computationally-bounded server remains oblivious to the index of the record retrieved while the overall communication between the two parties is smaller than the database size. This problem has been extensively studied and is known as computationally-private information retrieval (CPIR). In this work we consider a natural extension of this problem: a multi-query CPIR protocol allows a client to extract m records of a database containing n ℓ-bit records. We give an information-theoretic lower bound on the communication of any multi-query information retrieval protocol. We then design an efficient non-trivial multi-query CPIR protocol that matches this lower bound. Thus we settle the multiquery CPIR problem optimally up to a constant factor.
(joint work with Jens Groth and Aggelos Kiyaias)
Slides of the talk. [pptx]
Slides of the talk. [pdf]
Abstract: In this talk I am going to cover the recent work on protocols for Sharemind computations. We show how to improve on the previous protocols by making efficient use of the fact we are dealing with just three parties and how this results in protocols that have considerably fewer rounds and less communication. We also outline how to implement division protocols, both with a public and a private divisor. This work has been heavily practice-oriented - most of the protocols are already implemented and have shown speedups by up to a factor of 100.
(joint work with Jan Willemson and Tomas Toft)
Slides: [ppt]
Abstract: Over the last two decades the Internet has changed the way people interact and do business in a profound way. However, there are also those who see malicious opportunities in this field. In addition to the relatively mature disciplines of cyber crime and cyber espionage, recent years have witnessed a strong growth in politically motivated cyber attacks. Patriotic hackers, as well as nation states are actively seeking ways to take advantage of cyberspace.
I will cover definitions for key cyber related terms and discuss the practical problems that have been identified in recent cyber conflicts, as well as theoretical problems that have yet to materialize.
Slides of the talk. [pdf]
Abstract: In his famous 1960 essay, Eugene Wigner raised the question of “the unreasonable effectiveness of mathematics in natural sciences”. After several decades of security research, one is tempted to ask: Do the security technologies that we design really make us more secure? Is security engineering not unreasonably ineffective?
As a case to the point, I describe the phenomenon of adverse selection of trust certificates. According to some recent empiric studies, it turns out that a greater percentage of unreliable or malicious web merchants are found among those with certain (most popular) types of trust certificates, then among those without. While some such findings can be attributed to a lack of diligence, and even to conflicts of interest in trust authorities, a model that I shall present suggests that public trust networks would remain attractive targets for spoofing and abuse even if trust authorities were perfectly diligent. The reason is that trust is like money: the rich get richer. The methods to mitigate its vulnerability are analyzed in the extensions of the model.
Slides of the talk. [pdf]
Abstract: SecreC is an imperative programming language which is based on the syntax of C and clearly separates public and private data. It is used as a higher-level language for writing programs for the Sharemind hybrid virtual machine. Designed as a programming language with security and privacy goals in mind, analysis tools for SecreC programs are needed. A formal specification of the SecreC programming language is being developed alongside an analyzer. In this talk we give a quick overview of work being done on the specification of language and the rest of the analysis framework.
Slides of the talk. [pdf]
Abstract: This talk will give a brief overview of different web technologies that could be used to develop online privacy-preserving questionnaire systems using the Sharemind framework. A solution using JavaScript together with a way to overcome the Same Origin Policy enforced in most web browsers is described in more detail.
Slides available upon request
Abstract: Symbolic idealizations of cryptography have shown to be very useful for automated analysis of complex security protocols. Yet, symbolic models cannot express attacks based on the mathematical properties of the underlying cryptographic algorithms. Hence, an analysis using such models will necessarily be incomplete.
A way out of this problem are computational soundness results. A computational soundness result guarantees that a security verification in a symbolic model also guarantees security in a computational model; the latter takes attacks on the cryptography itself into account.
In this talk, I will give an overview over methods, difficulties, and impossibilities of deriving computational soundness results and will present own work, the CoSP framework, that allows to prove computational soundness results in a cleaner and more modular way than previous models.
Abstract: During the last decade, network intrusion detection systems (network IDSs) have become a widely used security measure for detecting malicious and unwanted network traffic. However, network IDSs often generate many false positives and other irrelevant alerts. In this talk, we discuss a data mining based real-time method for distinguishing important network IDS alerts from frequently occurring false positives and other redundant events. Unlike conventional data mining based approaches, our method is fully automated and able to adjust to environment changes without a human intervention.
Abstract: Friend to Friend (F2F)-Computing is a new paradigm for ubiquitous and distributed computing, merging ideas from peer-to-peer, Cloud Computing, and social networks. F2F Computing is offering a middleware on top of multi-protocol instant messengers or other relayed protocols. On top of this middleware you can write simple distributed applications and services.
In my talk I will give a basic introduction into the framework and its architecture. I will then focus on its inbuilt and planned security features. I will on the one hand show our realization of the sandbox features with llvm and on the other hand explain some ideas about extending OTR for F2F to enable encryption, authentication, deniability, and perfect forward secrecy.
Slides of the talk. [pdf]
Abstract: Sharemind is an implementation of multi-party computation in real life. Currently, there are 3 miners, who additively share the data in Z2^32; therefore, the whole system is information theoretically secure under at most 1 corrupted miner assumption. In this talk, we will introduce a number of important primitive protocols for Sharemind, such as share conversion between GF(232) and Z2^32, Unbounded Bit-conjunction and Random Shuffle Protocol.
Liina Kamm