TITLE: Primary-Secondary-Resolvers Membership Proof Systems and their Application to DNSSEC
ABSTRACT: We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) that enable a secondary to convince a resolver whether or not a given a element is in a set defined by the primary without revealing more information about the set. The main motivation is studying the problem of zone enumeration in DNSSEC. DNSSEC is designed to prevent network attackers from tampering with domain name system (DNS) messages. The cryptographic machinery used in DNSSEC, however, also creates a new vulnerability - Zone Enumeration, where an adversary launches a small number of online DNSSEC queries and then uses offline dictionary attacks to learn which domain names are present or absent in a DNS zone. We explain why current DNSSEC (NSEC3) suffers from the problem of zone enumeration: we use cryptographic lower bounds to prove that in a PSR system the secondary must perform non trivial online computation and in particular under certain circumstances signatures. This implies that the three design goals of DNSSEC --- high performance, security against network attackers, and privacy against zone enumeration --- cannot be satisfied simultaneously. We provide PSR constructions matching our lower bound and in particular suggest NSEC5, a protocol that solves the problem of DNSSEC zone enumeration while remaining faithful to the operational realities of DNSSEC. The scheme can be seen as a variant of NSEC3, where the hash function is replaced with an RSA based hashing scheme. Other constructions we have are based on the Boneh–Lynn–Shacham signature scheme, Verifiable Random and Unpredictable Functions and Hierarchical Identity Based Encryption.
The talk is based on the papers "NSEC5: Provably Preventing DNSSEC Zone Enumeration" by Sharon Goldberg, Moni Naor, Dimitrios Papadopoulos, Leonid Reyzin, Sachin Vasant and Asaf Ziv and "PSR Membership Proof Systems" by Moni Naor and Asaf Ziv.
BIO: Moni Naor is a professor of computer science at the Weizmann Institute of Science in Rehovot, Israel. He was born, raised and educated in Haifa, Israel. He received his B.A. in computer science from the Technion, Israel Institute of Technology, in 1985, and his Ph.D. in computer science from the University of California at Berkeley in 1989. He has been with the IBM Almaden Research Center from 1989 to 1993. In 1993, he joined the Department of Computer Science and Applied Math of the Weizmann Institute of Science, where he is currently the Judith Kleeman Professorial chair. He works in various fields of computer science, mainly the foundations of cryptography. He was named an IACR fellow in 2008 and received the Goedel Award in 2014.
TITLE: Ask us before you download: Lessons from Analyzing 3 Million Android Apps
ABSTRACT: Android is the most popular mobile platform currently, with over 1 billion devices activated. Millions of Android Apps have been downloaded billions of times. What are the security and privacy issues in these millions of apps? What lessons can we learn to ensure better app security and mobile security? In this talk, I will share our insights and lessons learned from analyzing over 3 million apps.
BIO: Dawn Song is an Associate Professor of Computer Science at UC Berkeley. Prior to joining UC Berkeley, she was an Assistant Professor at Carnegie Mellon University from 2002 to 2007. Her research interest lies in security and privacy issues in computer systems and networks, including areas ranging from software security, networking security, database security, distributed systems security, to applied cryptography. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, the IBM Faculty Award, the George Tallman Ladd Research Award, the Okawa Foundation Research Award, the Li Ka Shing Foundation Women in Science Distinguished Lecture Series Award, and Best Paper Awards from top conferences. She founded Ensighta Security Inc. which was acquired by FireEye. She is currently Fellow at FireEye.
TITLE: Security applications of GPUs
ABSTRACT: Modern graphics processors have been traditionally used for gaming, but in the last few years they have been used more and more in the area of high performance computing. In this talk we will explore alternate uses of graphics processors, in the area of security. We will discuss how a defender can use graphics hardware to bolster system defenses, and how miscreants can exploit them to build better and stealthier malware.
BIO: Dr. Sotiris Ioannidis received a BSc degree in Mathematics and an MSc degree in Computer Science from the University of Crete in 1994 and 1996 respectively. In 1998 he received an MSc degree in Computer Science from the University of Rochester and in 2005 he received his PhD from the University of Pennsylvania. Ioannidis held a Research Scholar position at the Stevens Institute of Technology until 2007 and since then he is a Principal Researcher at the Institute of Computer Science of the Foundation for Research and Technology - Hellas. His research interests are in the area of systems and network security, security policy, privacy and high-speed networks. Ioannidis has authored more than 80 publications in international conferences and journals, as well as book chapters, and has both chaired and served in numerous program committees in prestigious conferences. Ioannidis is a Marie-Curie Fellow and has participated in numerous international and European projects. He has coordinated the European projects PASS and EU-INCOOP, and is currently the coordinator of GANDAL, a Greek Excellence grant.