The seminar is informal and everybody can participate, ask
questions, suggest topics to be discussed etc.
If you want to,
this could count as a 1hr pass/fail credit course. Otherwise just
come for the discussion.
Each meeting will have a central theme
on some timely security issue, and at least one person will steer
the discussions. However there is no fixed itinerary, although we
will always have a backup plan in case we all run out of ideas.
Want to submit a topic for future discussion?
E-mail one of the
chairs: {burmeste,breno} + `at` symbol + <cs domain name>
See the announcement for this week's discussion topic below:
Coming Topic
Date: 01/28/2005
Speaker: Breno de Medeiros
Topic: Biometric Key Encapsulation
Abstract:
Traditional authentication mechanisms based on passwords provide poor
security because users tend to chose easily cracked passwords. In this scenario,
biometrics appear as an interesting alternative, as their use requires few adjustments of
user behavior and may provide considerably more difficult challenge to attackers. Therefore
there has been a surge of interest in the use of biometrics as an access control mechanism.
On the other hand, there is a trend in using cryptography to implement access control,
namely substituting key management techniques for system engineering approaches.
Biometrics-based authentication provides a set of problems in this scenario, because
of the inherent imprecision of biometric readings. Biometric key encapsulation is an approach
to combine the advantages of both biometric authentication and cryptography-based
access control by addressing the problem of how to reliably recover a cryptographic
key from imprecise biometric readings.
Previous
talks
Date: 01/21/2005
Speaker: Matthew Rice
Topic: Putting the human element back into the digital signature.
Abstract:
Digital signatures bind a signer (or more properly a public key) more tightly
to a document than a handwritten signature can. In particular,
digital signatures are computationally impossible to forge without knowledge of
the associated secret key. As such, they can be used in many legal circumstances
as non-repudiation evidence. However, digital signatures (unlike handwritten ones)
can be generated without the signer's knowledge, making them less than ideal
for certain types of contracts such as wills. Technically, a digital signature
only provides evidence that the signer's key was involved in authenticating the
message; it says nothing about the signer's intentions ---For instance, malware
installed in the signer's computer could have unlocked the secret key and used
it to sign documents on behalf of the signer without his/her acknowledgment or
permission. In this talk, Matthew Rice will examine this topic and investigate
some technological approaches to acquiring evidences of consent and willful
participation of a signer in the act of issuance of a digital signature.
This work is part of Matthew's master thesis dissertation research.
Date: 01/14/2005
Speaker: Goce Jakimoski
Topic: Primitives and schemes for non-atomic information
authentication
Abstract: When proving the security of a message authentication scheme, the
messages are considered to be atomic objects. Straightforward
application of such schemes to some non-atomic information resources
may introduce security flaws.
Streams are an example of one such class of information resources that
cannot be considered to be message-like.
A stream is a bit sequence of finite, but a priori unknown length that
a sender sends to one or more recipients.
The difference between a stream and a message is that the stream must
be processed as it is received. Therefore, streams are usually divided
into chunks that can be easily manipulated.
The goal of the stream authentication schemes is to allow authenticity
verification of the stream as a whole also.
