Everyone is encouraged (required? expected?) to present their ongoing work to the group. Email Jon McCune (jonmccune AT cmu.edu) with title and abstract if you want control over the date on which you present. We have tried two presenters per meeting (Fall 2007) and found that we generally run short on time. Thus, one presenter per meeting.

Policy change: We will allow practice talks if the talk itself consumes less than 30 minutes of the session, so that we have the remaining time for discussion. However, work-in-progress receives higher priority than practice talks, and we are striving for at least half of our meetings to cover work-in-progress.

All CSS meetings are at noon on FRIDAYS (note the change from previous semesters!) and include lunch. We have CIC 2101 reserved but suits and checkbooks have the power to preempt us.

• Sep 5, 2008 CIC 2101
  Meet and greet to begin semester; Ahren Studer. Gather, Authenticate, 'n Group, Securely.
  Abstract: A common pattern of social behavior is the formation of groups whose members want to communicate with each other securely. Unfortunately, secure group communications is inadequately supported by today's mobile systems.
  The building block for secure group communication is the distribution of authentic information to group members' devices. This is a challenging problem because members' devices generally do not share pre-existing secrets. However, it is a prerequisite for basic security primitives, such as the exchange of authentic certificates used in key establishment.
  Current security protocols for distributing authentic information fail to consider the human element. For example, many group protocols simply assume that users will always count the number of members and verify the list of members correctly. With live human beings, an implementation would become more error-prone as group size increases.
  We remove these potential vulnerabilities with the design of GAnGS, the first fully implemented mobile system for enabling secure group communications. GAnGS is scalable, secure, and tolerates user error. We implement two variants of GAnGS on Nokia N70 camera phones. One variant (GAnGS-P) relies on an untrusted communication hub. The second variant (GAnGS-T) uses no infrastructure.
• Sep 19, 2008 CIC 2201 (Room change!)
  Bryan Parno. Unidirectional Key Distribution Across Time and Space with Applications to RFID Security.
  Abstract: We explore the problem of secret-key distribution in unidirectional channels, those in which a sender transmits information blindly to a receiver. We consider two approaches: (1) Key sharing across space, i.e., via simultaneously emitted values that may follow different data paths and (2) Key sharing across time, i.e., in temporally staggered emissions. Our constructions are of general interest, treating, for instance, the basic problem of constructing highly compact secret shares. Our main motivating problem, however, is practical key management in RFID (Radio-Frequency IDentification) systems. We describe the application of our techniques to RFID-enabled supply chains and a prototype privacy-enhancing system.
• Oct 3, 2008 CIC 2101
  Jonathan McCune. Safe passage for passwords.
• Oct 17, 2008 CIC 2101
  Michael Tschantz. Measuring the Loss of Privacy from Statistics.
  Abstract: Aggregate statistics should provide information about a population in general without revealing too much information about any individual in particular. I'll present a way of using simulation to measure the amount of information a statistic-computing program provides about a single individual and compare it to other approaches for quantitative information flow analysis.
  Joint work with Aditya Nori, Microsoft Research India.
• Oct 24, 2008 CIC 2101
  Haowen Chan. Efficient security primitives derived from a secure aggregation algorithm (w/ Adrian Perrig).
  Abstract: Analysing a specific algorithm (the hierarchical secure aggregation algorithm we proposed in 2006 and improved by Frikken and Dougherty in 2008), we show that the hash tree construction and dissemination subprotocol in the original algorithm actually has highly general applications. We use it to generate various efficient network security primitives, including: a signature scheme ensuring authenticity, integrity and non-repudiation for arbitrary node-to-node communications; an efficient broadcast authentication algorithm not requiring time synchronization; a scheme for managing public keys in a sensor network without requiring any asymmetric cryptographic operations to verify the validity of public keys, and without requiring nodes to maintain node revocation lists. Each of these applications uses the same basic hash tree primitive and has $O(\log n)$ congestion performance and require only that symmetric secret keys are shared between each node and the base station. The general implication of this work is that by restricting the network topology to common structures found in practical applications (in this case, a tree) and by considering alternative metrics defined on these structures (in this case, congestion), we can open up the possibility for developing more protocols providing highly efficient implementations of even well-studied network security primitives.
• Oct 31, 2008 CIC 2101
  Jason Franklin. Tiptoeing Towards High-Assurance Hypervisors
  Abstract: Substantial efforts are being made in both industry and academia to develop small security hypervisors, programs that execute at a higher privilege level than the supervisor (OS), that provide an additional layer of protection. In this talk, I'll discuss why hypervisors are receiving so much attention, critique the assumptions that underlie the "hypervisor security hypothesis", and describe our efforts to test this hypothesis through a formal verification of the SecVisor hypervisor. This is a work in-progress talk and is accessible to all audiences.
• Nov 7, 2008 CIC 2101
  Serge Egelman. Family Accounts: A new paradigm for user accounts within the home environment.
  Abstract: In this paper we present Family Accounts, a new user account model for shared home computers. We conducted a study with sixteen families, eight who used individual profiles at home, and eight who shared a single profile. Participants found Family Accounts to be a good compromise between sharing a single profile and having individual profiles for each family member. In particular, we observed that because Family Accounts allowed individuals to switch profiles without forcing them to interrupt their current tasks, family members tended to switch to their own profiles only when a task required some degree of privacy or personalization.
• Nov 14, 2008 CIC 2101
  Steve Young. Proposal for a new architecture for anonymous peer-to-peer networks
  Abstract: Several different paradigms exist in the current generation of anonymous peer-to-peer communication systems. Tor is an anonymous peer-to-peer system that offers real-time anonymous communication between two parties over a public network using a mixnet approach based on the Onion routing protocol. Freenet and FreeHaven offer a distributed peer-to-peer storage system that utilizes encryption and a scheme of virtual addressing to store and retrieve content anonymously.
  There are many known weaknesses in the ability of these systems to ensure the anonymity of communication particularly against powerful adversaries that are able to employ traffic analysis techniques. I will discuss a proposal that combines the capabilities of anonymous communication and storage systems in a way that could significantly increase the ability of the system to maintain the anonymity of communication against attacks such as traffic analysis.
• Dec 5, 2008 CIC 2101
  Xin Zhang. Packet Dropping Adversary Identification for Data Plane Security
  Abstract: Until recently, the design of packet dropping adversary identification protocols that are simultaneously robust to both benign packet loss and malicious behavior has proven to be surprisingly elusive. In this paper, we strive to propose a secure and practical packet-dropping adversary localization scheme that is robust (in the sense as described earlier) and simultaneously achieves high detection rate and low communication and storage overhead -- the three key performance metrics for such protocols in realistic settings. Recent work optimizes either the detection rate or the communication overhead only. We systematically explore the design space of acknowledgment based protocols to identify a packet dropping adversary on a forwarding path from a source to a destination. In particular, we investigate a set of primitive protocols where each protocol exemplifies a design dimension; and examine the underlying tradeoff between the performance metrics. For each primitive protocol, we present both upper/lower performance bounds via theoretical analysis and average-case results via simulations. We conclude that the proposed PAI-1 protocol outperforms other related schemes in terms of practicality in a realistic network setting.
• Dec 12, 2008 CIC 2201 (Room change)
  Ponnurangam Kumaraguru. PhishGuru: A System to Train Users About Phishing Attacks
  Abstract: Because of the increasing sophistication and volume of cyber attacks, Internet users are making incorrect decisions that cause significant economic damage to themselves and enterprises. As a result, developing technologies that help users make better online trust decisions has become important.
  As part of his Ph.D. thesis work, PK has developed an email-based anti-phishing education system called PhishGuru. PhishGuru is a system in which training messages are designed to look like phishing messages. When users "fall" for these training messages, PhishGuru takes advantage of the "teachable moment" and immediately teaches users how to avoid falling for real scams in the future. PK has evaluated this methodology in laboratory and in real world. PK's contribution is both developing the right content and right delivery channel to present the training material to users.
  In this talk, PK plans to summarize his research in anti-phishing user education. He will also briefly discusses the impacts that his research has had in real-world applications.
  Bio: Ponnurangam Kumaraguru (PK) is a Ph.D. Candidate in the Computation, Organizations, and Society program in the School of Computer Science. To develop usable and secure systems, PK conducts research at the intersection of human computer interaction, computer security, and learning science. PK's research focuses on developing technologies and insights that help Internet users learn ways to protect themselves from security attacks and thereby improve their ability to make online trust decisions.

About CSS

The group is semi-formal, in that one person begins by presenting their ongoing work (if it is accepted for publication, it is too polished; we like the rough stuff). Meetings are considered to be a success when discussion takes over and the presentation does not proceed as planned. The main point of CSS is to stay abreast of what our local peers are up to while helping them to refine and improve their work.

We encourage researchers of all abilities to attend, from undergrads to faculty. We encourage people to ask questions, even those that may seem "stupid", as they often lead to interesting discussions and insights. Example discussion and questions may include:

• What exactly is the problem solved? Often it is hard to understand exactly what problem is really being solved by the solution. An intro may have very general statements about a very vague problem, while the solution has many assumptions built in.
• Do you buy the solution? Do you think in reality the solution won't work, is too expensive, etc..
• What improvements can be made?
• What paper/advancement would you expect to be made next in this area?

Mailing Lists

We maintain an Andrew mailing list called "cylab-student-seminar". You can subscribe/unsubscribe/view archives via the CSS mailman site.

The email address is cylab-student-seminar@lists.andrew.cmu.edu. E-mail to the list and archives is restricted to CMU accounts.

Archives

• Spring 2008
• Fall 2007