News and Events

iCIS Group Talk: Matthieu Giraud, June 15, 2018 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Delegating the computation of a polynomial to a server in a verifiable way is challenging. An even more challenging problem is ensuring that this polynomial remains hidden to clients who are able to query such a server. In this talk, I will formally define the notion of Private Polynomial Evaluation (PPE) and give a rigorous security model for indistinguishability against Chosen Function Attack (IND-CFA). I will also present our PPE scheme called PIPE that is IND-CFA secure under the decisional Diffie-Hellman assumption in the random oracle model.

iCIS Seminar: Simpy Parveen, June 1, 2018 - 1:00pm to 2:00pm. Venue: ICT 516

Abstract: The certificates in Public Key Infrastructure helps establish a secure communication channel between communicating en- tities. However, the major concern PKI faces is revocation of certificates which can no longer be trusted and dissemi- nation of this information. The goal of this project is to provide high-level overview of mechanisms that yield revocation information, with the help of Merkle Hash Tree(MHT), while comparing(general evaluation) timeliness, scalability, performance and security with that of traditional schemes. It primarily focuses on the three schemes that use Merkle tree and its variant, namely, Kocher’s CRT(Certificate Revocation Tree), Micali’s Novomodo Scheme and Elwailly et al’s QuasiModo scheme. Also, there is another section for assessment of all the aforementioned schemes based on the data-structure and proof-size complexity.

iCIS Seminar: Shahrokh Valaee, May 14, 2018 - 2:00pm to 3:00pm. Venue: ICT 516

Abstract: Location based applications are receiving much attention recently. Examples include Google maps, Geotagging, Find my friend, virtual reality, and mobile location-based gaming. The need for location estimation will only grow in future when new technologies and services, such as Internet-of-Things, and Smart Cities become prevalent. Gaming industry will also be another strong market for location-based services. The recent interest in playing games such as Treasure hunts and Pokémon GO and their extension into indoor environment suggest that the need for designing and developing effective location estimation technologies will continue to grow in future. In this talk, we will discuss how the new generation of smartphones can provide accurate location estimates. New smartphones are equipped with plurality of sensors such as accelerometer, gyro, barometer, and magnetometer. Using recent advances in signal processing, we have developed precise positioning schemes that can find user’s location in covered areas where the GPS service is not available. Our technology uses RF signals received from WiFi access points or iBeacons, along with the readings from multiple sensors, to locate the user. Our solutions are device-agnostic, which makes them excellent candidates for crowdsourcing. In this talk, we will present some of our localization techniques and will demo our application

iCIS Seminar: Andrew Walenstein, Director of Security R&D, Blackberry's Center for High-Assurance Computing Excellence (CHACE), April 4, 2018 - 3:00pm to 4:00pm. Venue: ICT 516

Abstract: Displayed text is frequently at risk of loss of confidentiality due to shoulder surfing.  We have been exploring techniques for combining text with visual distractors in a way that makes the text easily readable at close distances, but distinctly less so at typical shoulder-surfing distances without attracting undue attention.  The techniques can be adjusted to the context-of-use to manage tradeoffs between ease of reading and the protection offered.  Results obtained with human readers show that the we can generate protected text that is significantly less readable at 120cm yet not significantly less readable for nearer readers at 60cm.  In addition to the technique, we also find interesting the questions raised about the interplay between security and usability, most particularly how to measure the security offered by this or similar confidentiality-protection techniques.  We explain the measure we have used for evaluation and draw implications for future research in hardware-independent text security.

iCIS Group Talk: Efficient Authorization of Graph Database Queries in an Attribute-Supporting ReBAC Model

Zain Rizvi, February 16, 2018 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Neo4j is a popular graph database that offers two versions; a paid enterprise edition and a free community edition. The enterprise edition offers customizable Role-Based Access Control (RBAC) features through custom developed procedures, while the community edition does not offer any access control support. Being a graph database, Neo4j is a natural application for Relationship-Based Access Control (ReBAC), an access control paradigm where authorization decisions are based on relationships between subjects and resources in the system. We developed AReBAC, an attribute-supporting ReBAC model for Neo4j (applicable to both editions) that provides finer grained access control. AReBAC employs Nano-Cypher, a declarative policy language based on Neo4j's Cypher query language, the result of which allows us to weave database queries with access control policies and evaluate both simultaneously. Evaluating the combined query and policy produces a result that i) matches the search criteria, and ii) the requesting subject has access to. Our experiments show that our evaluation algorithm performs faster than Neo4j's query evaluation engine when evaluating queries that are expressible using Nano-Cypher.  

iCIS Group Talk: Dr. Sabyasachi Karati, November 17, 2017 - 1:00pm to 2:00pm. Venue: ICT618B

Abstract: This work considers the problem of fast and secure scalar multiplication using curves of genus one defined over a field of prime order. Previous work by Gaudry and Lubicz in 2009 had suggested the use of the associated Kummer line to speed up scalar multiplication. In this work, we explore this idea in detail. The first task is to obtain an elliptic curve in Legendre form which satisfies necessary security conditions such that the associated Kummer line has small parameters and a base point with small coordinates. In turns out that the ladder step on the Kummer line supports parallelism and can be implemented very efficiently in constant time using the single-instruction multiple-data (SIMD) operations available in modern processors. For the 128-bit security level, this work presents three Kummer lines denoted as K1 := KL2519(81; 20), K2 := KL25519(82; 77) and K3 := KL2663(260; 139) over the three primes $2^{251} -9$, $2^{255}-19$ and 2^{266}-3$ respectively. Implementations of scalar multiplications for all the three Kummer lines using Intel intrinsics have been done and the code is publicly available. Timing results on the recent Skylake and the earlier Haswell processors of Intel indicate that both fixed base and variable base scalar multiplications for K1 and K2 are faster than those achieved by Sandy2x which is a highly optimised SIMD implementation in assembly of the well known Curve25519; for example, on Skylake, variable base scalar multiplication on K1 is faster than Curve25519 by about 25%. On Skylake, both fixed base and variable base scalar multiplication for K3 are faster than Sandy2x; whereas on Haswell, fixed base scalar multiplication for K3 is faster than Sandy2x while variable base scalar multiplication for both K3 and Sandy2x take roughly the same time. In fact, on Skylake, K3 is both faster and also offers about 5 bits of higher security compared to Curve25519. In practical terms, the particular Kummer lines that are introduced in this work are serious candidates for deployment and standardization.

iCIS Seminar: Joel Reardon, October 26, 2017 - 1:00pm to 2:00pm. Venue: ICT 516

Abstract: Mobile phones store a great deal of sensitive information and also get used by a great number of different 'apps'. Permission systems are a security technique to control access to sensitive resources by granting or denying permission based on the application and the user's desires. Android's permission system, however, has suffered from many design failures. In this talk, we give an overview of these systems, and present our own design of a machine-learning-based classifier to improve decision accuracy based on real-world studies of users in practice. Making automated decisions, however, means that the user must be able to review and redress any decision, which is particularly important if it was not what the user desired. To that end, we design and evaluate a permission management dashboard that we evaluated through a 600-person user study.

iCIS Seminar: Idan ShohamCTO-Hitachi ID Systems, Inc. October 20, 2017 - 1:00pm to 2:00pm. Venue: ICT 516

Abstract: The talk will cover:

* An overview of the business drivers and processes that underpin identity and access management in medium to large organizations.

* Mapping business drivers to required capabilities in IAM, credential management and privileged access management (PAM) systems.

* An overview of Hitachi ID Systems, which develops IAM software, based in Calgary.

* Discussion of research topics (to consider and to avoid) in the IAM area.

 * Wrap up with a shameless plug for job openings at Hitachi ID

Christina Nita-Rotaru, Northeastern University, October 6, 2017 - 11:00am. Venue: ICT 618B

Abstract:  The proliferation of mobile and web applications and their performance requirements have exposed the limitations of current secure transport protocols, particularly during connection establishment. As a result, protocols like QUIC and TLS v1.3 were proposed to address such limitations. In this work we analyze the trade-offs between provable security and performance guarantees in the presence of attackers by focusing on QUIC. We first introduce a security model for analyzing performance-driven protocols like QUIC and prove that QUIC satisfies our definition under reasonable assumptions on the protocols building blocks. However, we find that QUIC does not satisfy the traditional notion of forward secrecy that is provided by some modes of TLS, e.g., TLS-DHE.

iCIS Seminar: Giulia Traverso, August 31, 2017 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Distributed storage allows to outsource a document to the cloud such that multiple users can easily access the file. The protection of the document stored relies on secret sharing, which generates and distributes shares of the document to the storage servers. However, the users have to trust that a certain amount of storage servers behaves honestly and do not lose (retrievability) or reveal (confidentiality) the document. To address this so called social secret sharing schemes were developed that allow to adjust the distribution of shares according to the experience made with the involved storage servers. In this work, we provide a framework called AS$^3$ that allows to build social secret sharing schemes based on dynamic secret sharing. The resulting protocol has more freedom in adjusting the parameters of the shares distribution and therefore leads to more efficient and accurate solutions as well as an optimal storage consumption. Furthermore, we provide measures to detect and to prevent that the document is lost or accidentally revealed to individual storage servers. We also demonstrate how to compute trust values for storage servers, how to initialize trust values for newcomers, and provide a proof of concept implementation.

Privacy Security Trust 2017 (PST 2017)

University of Calgary, Rozsa Centre

Mon. August 28, 2017 (All day) to Wed. August 30, 2017 (All day)

iCIS Group Talk: Sepideh Avizheh, July 14, 2017 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Bitcoin is the first decentralized digital currency which has attracted a great market from its emerging date, 31 October 2008. According to International Business Times, as of February 2015, the number of merchants who accept Bitcoin as a payment method has passed 100,000. This statistic reveals the fact that good understanding of the protocol along with its security evaluation against new attacks is of great importance. Unfortunately, in spite of the improvements applied to Bitcoin protocol, by the Bitcoin community and security experts, it still suffers from some security vulnerabilities. 

In this presentation, I will mainly focus on explanation of Bitcoin protocol as well as its components such as the famous backbone public ledger, blockchain. It is interesting to mention that blockchain, nowadays, has found its way not only in new alternative cryptocurrencies, but also in other different areas such as internet of things, health care systems, and pharmaceutical chain management systems, to name but a few. In addition to the protocol description, if time permits, I will introduce two new attacks targeting the Bitcoin protocol; one of them aims at stealing money and the other tries to run money laundry through Bitcoin protocol without being detected. Finally, a modification to Bitcoin protocol is proposed to mitigate these attacks

iCIS Group Talk: Shawn Eastwood, PhD candidate in ECE Department/Biometric Technologies Laboratory, June 22, 2017 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract:  Risk Assessment is the practice of determining the threat posed to a system by using “risk quantities” to evaluate potential unwanted scenarios. In biometric security systems, information is collected from various sources and compiled into risk values using the process of information fusion. Information fusion is the process of combining the observations of various sensors (in our case biometric sensors) into a single conclusion. The process of information fusion varies depending on the limitations of the input data, and the requirements of the fused result. This presentation will cover various approaches to information fusion. Approaches that will be covered will be based on probability theory, credal sets (which are convex sets of probability distributions), probability interval distributions, and Dempster-Shafer models. These approaches are founded in objective requirements. In addition, more heuristic approaches will also be introduced.

iCIS Seminar: Dr. Florian Kerschbaum, June 15, 2017 - 2:00pm. Venue: ICT 618B

Abstract: We present a cryptographic approach to privacy in IoT, using the examples of Smart Grid and Road Toll Collection. All data is encrypted before transmitting to the service provider and all computations are done on encrypted. We ensure multi-lateral security by using zero-knowledge proofs and controlled observation to ensure the integrity of computation for correct billing. This talk will briefly present protocols for billing, aggregation and general computations in the smart grid and billing in road toll collection

iCIS Group Talk: Zain Rizvi, June 2, 2017 - 1:00pm. Venue: ICT 618B

Abstract: Relationship-Based Access Control (ReBAC) bases its authorization decisions on the relationships between the entities in the system, while Attribute-Based Access Control (ABAC) bases its authorization decisions on the attributes of the requestor, the resource, and the environment. The focus of this project is to combine ReBAC and ABAC to form an access control model that supports both relationships and attributes for authorization decision. This combined model uses Neo4j, a graph database, as its backend for storing the protection state. Along with formalizing this model, I will also provide a simple policy language that will allow end users to easily specify access control policies as well as an efficient authorization checking algorithm. The formalization described in this work will be accompanied with supporting tools/libraries so that end users can find the model easily useable.

ARCP: An architecture for the use of cloud computing in pervasive computing environments

iCIS Group Talk: Henrique Pereira, May 12, 2017 - 1:00pm. Venue: ICT 618B

Abstract: Modern world can be characterized by the quick proliferation of mobile devices and by the intense use of computers on our daily lives. Some of the problems found in pervasive computing are not from a technical order, but due to a lack of standards and models that allow devices to interoperate. Pervasive environments are marked by having sudden and frequent changes, making it necessary to think of a way to manage context representation and information. This talk aims to show a solution that could be used to create pervasive computing environments using cloud-based resources and ontologies for context management.

iCIS Group Talk: Carlos Fuentes Carranza, March 29, 2017 - 1:00pm. Venue: ICT 516

Abstract: The Internet of Things (IoT) is the concept of connecting any type of devices to the Internet. This includes cellphones, washing machines, thermostats, wearable devices, industrial machinery, etc. This concept has caught the attention of numerous companies who are trying to come up with their own solutions for the different vertical markets of IoT such as: Home Automation, Automotive, Healthcare and Manufacturing. In this presentation, I will talk about three of the many different types of middleware architectures used to enable devices to communicate to one another, even under very constrained environments.

iCIS Group Talk: Arash Afshar, March 10, 2017 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: This talk is meant to be an introductory talk to the field of Secure Two-Party Computation (2PC). Secure two-party computation allows two mutually distrusting parties to run a computation on an arbitrary function such that at the end of the computation nothing about their private input is leaked except for the output of the computation. The seminal work of Yao in 1986 provided the first feasibility proof that such a computation is possible using the so called garbled circuits and given an Oblivious Transfer protocol assuming that the adversary is honest-but-curious (i.e. the adversary follows the steps of the protocol but tries to learn more than he should by looking at the protocol transcript).

In this talk we describe the scope of  2PC and present the Yao's protocol. We also introduce the Real/Ideal world paradigm that is used to prove the security of 2PC protocols. Finally, we introduce some of recent works in this field

iCIS Group Talk: Dr. Sabyasachi Karati, March 3, 2017 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: SWIFFT is a collection of compression functions that are highly parallelizable and admit very efficient implementations on modern microprocessors. The main technique underlying these functions is a novel use of the Fast Fourier Transform (FFT) to achieve “diffusion,” together with a linear combination to achieve compression and “confusion.”  These functions are set apart from prior proposals to it (having comparable efficiency) by a supporting asymptotic security proof : it can be formally proved that finding a collision in a randomly-chosen function from the family (with noticeable probability) is at least as hard as finding short vectors in cyclic/ideal lattices in the worst case.

We are also going to discuss a One-Time-Signature scheme that takes the advantage of the SWIFFT. The signatures are short and of constant-size, and also computationally efficient. This scheme is post-quantum secure as long as the SVP in ideal lattices is hard in the presence of a quantum computer.

iCIS Group Talk: Dr. Fuchun Lin, February 10, 2017 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Tamper resilient cryptography has recently gained attention,and novel coding solutions have been proposed. One such solution is Tamper Detection (TD) codes that are used to detect tampering with a codeword when the tampering function belongs to a specified family of functions. We consider a tampering function class that consists of functions where the adversary first selects a subset of size n \rho of the codeword components to see (n is the codeword length), and then uses this view to choose a noise vector that will be added (algebraically) to the codeword. We show it is impossible to construct codes that protect against tampering of all functions in this class. By removing the set of bad functions from the class, we obtain a subset of this class for which TD codes exist, and give a construction of TD codes for this subset of the tampering functions. We discuss our results and directions for future work

iCIS Group Talk: Morshedul Islam, December 2, 2016 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Profile-based authentication systems store users' profile data at the verifier and use it to verify their  authentication claims. A profile captures user-specific information  that could be privacy sensitive and so a profile-based authentication system leaks additional (to what is required for their authentication) information about the user to the verifier.  We propose a novel non-cryptographic approach to providing privacy for user profiles against an honest-but-curious verifier.  It also allows the correctness of the authentication to remain the same

iCIS Group Talk: Raushan Dilruba, November 18, 2016 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Software Defined Networking (SDN) is one of the key networking technologies with application to data centers and cloud, as well as growing application in networking. SDN uses isolation of data planes and control planes to offer more effective control of networks. Security and reliability of communication between controllers and network switches are essential in SDN architecture. We propose a post-quantum secure and reliable solution to securing the OpenFlow channel between SDN controller and the OpenFlow switch, using Shamir Secret Sharing. Our solution delivers (i) Post-Quantum security, (ii) Reliable Message Delivery, and has (iii) Low communication delay, under the defined system and adversarial model.

iCIS Group Talk: Ahmad Ahmadi, November 4, 2016 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: Distance bounding (DB) protocol allow a prover to convince a verifier  that they are within a distance bound to the verifier. We consider anonymous distance-bounding protocols that provide security against all known DB attacks, besides providing anonymity of provers against verifier.

Our model provides a natural way of modeling the strongest man-the-middle attack, making security of DB protocols  in line with identification protocols. This model is an extension of the recent distance-bounding identification DBID model, that allows provers to remain anonymous from the verifier. We propose a converter, AnonGDB,  that takes  a specific distance-bounding identification protocol and converts it to an anonymous DB protocol. An important advantage of this protocol is computational efficiency compared to similar protocols, which makes it to be applicable in small devices

iCIS Seminar: Brian LaMacchia, October 12, 2016 - 2:00pm to 3:00pm. Venue: ICT 516

Abstract: In an August 2015 announcement, the Information Assurance Directorate of the US National Security Agency announced plans to begin a transition from the existing “Suite B” cryptography to quantum-resistant algorithms.  Since Peter Shor of AT&T Bell Laboratories first published an efficient quantum algorithm for factoring in 1994, we have known that when a general-purpose quantum computer of sufficient size is built then all our commonly-used public-key cryptographic algorithms will be broken.  Recent progress in the physics and engineering of quantum computation is changing our assumptions about the feasibility of building a cryptographically-relevant quantum computer, and while there are still technical challenges to address, the best estimates today are that such a machine could become feasible in as little as 10-15 years.  Given our experience with past cryptographic algorithm transitions, this time horizon means that we need to start today the process of identifying hard problems that are quantum resistant, developing efficient cryptographic algorithms based on those problems, standardizing these algorithms and deploying them broadly, and deprecating our existing public-key cryptosystems.

iCIS Group Talk: Masoumeh Shafieinejad, September 30, 2016 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: One-time signature (OTS) schemes are important cryptographic primitives that can be constructed using one-way functions, and provide post-quantum security unlike many widely used signature schemes which are based on hardness of factorization or discrete logarithm problems. In this this talk I will explain the idea of using Bloom Filters as the one way function in an OTS, in combination with 1-Cover Free Families in order to sign as many messages as possible. I will demonstrate the security and performance evaluation of the scheme and the challenges I face.

iCIS Group Talk: Dr. Hadi Ahmadi, September 16, 2016 - 1:00pm to 2:00pm. Venue: ICT 616

Abstract:  Access Management is concerned with authenticating users and determining whether they have permission to access requested resources. Core to any Access Management platform is the design and implementation of access control policies. In this talk, we will discuss about graph databases and their advantages to the Access Management world and illustrate a few interesting application scenarios that show how to solve custom and complicated access control policies taking advantage of this concept, by integrating ForgeRock(TM) Identity Platform and Neo4j(TM) Graph Database.

iCIS Group Talk: Mamunur Akand, September 2, 2016 - 1:00pm to 2:00pm. Venue: ICT 616

Abstract:  Location-based services have grown rapidly in recent years. In location-based access control, a user's location information is the basis for granting access to resources and so it is important that location claims are correctly verified. A competing requirement is the users' desire for not revealing their exact location for privacy reasons. In-region location verification systems check if a user is within a region. We propose a privacy enhanced location verification system that uses in-region location verification approach for a given a policy region, and verifies if a location claim is from within the region or not. The novelty of our work is to use distance bounding protocols to construct a pseudo-rectangle (P-rectangle) that is the best cover for the region, and verify the claim with respect to the P-rectangle. We define the error in verification decision, and show that it can be reduced by subdividing the area and using multiple rectangles to cover it. We analyze privacy of the system against an adversary who monitors the radio communication and use it to infer the location of the prover, and provide methods of protecting against this attack. We discuss our results and propose directions for future research.

iCIS Seminar: Dr. Go Ohtake, August 12, 2016 - 2:00pm to 3:00pm. Venue: ICT 618B

Abstract: Integrated broadcast-broadband services allow viewers to simultaneously receive broadcast content over the airwaves and additional information related to the content over the Internet. These services can be enriched and personalized by using viewers' personal information such as viewing history. This, however, requires viewers to share their viewing history with service providers, hence raising privacy concerns. Using attribute-based encryption (ABE) one can empower viewers to share their viewing history with service providers who satisfy certain criteria (e.g. have well-established reputation). ABE systems require computation that may not be affordable by less resourceful clients. To reduce this computation, in this paper we propose an outsourcing scheme for ABE encryption. Our work is the first to consider security against a malicious cloud server that does not follow the protocol and may collude with other entities in the system. We motivate and introduce the required security notions that guarantee correctness of the outsourced operation and privacy of the viewers' personal information, and prove the security of our scheme in the proposed model. We implement our scheme and show that the encryption cost of a user terminal can be dramatically reduced compared to that by using the conventional ABE system.

iCIS Group Talk: Ebrahim Tarmeshloo, August 10, 2016 - 3:30pm to 4:30pm. Venue: ICT 618B

Abstract: With the proliferation of the Internet and GPS enabled smartphones, Geo-Social Computing Systems (GSCS) have seen widespread adoption. Facebook, Twitter, Waze, Geofeedia, WeLink are among the many GSCS with various members and services.  These systems rapidly gained traction for two types of target users, a) GSCS members (data contributors), and b) GSCS data consumers.

For GSCS data contributors, these systems empower mobile members with knowledge of their vicinity, and thus significantly promote social interactions in contexts including transportation, marketing, health, and the general cultivation of personal and professional relationships.

The benefits of using GSCS are not limited to their members. The data that has been collected has high value in the analysis of different use cases within the context of urban planning, public safety, and social behaviors. One of the most well known consumers of GSCS data is Social Media Monitoring Systems (SMMS) that actively collect information from different social media channels. SMMS analyze volume, trend, and opinion about a topic or brand in different geographical area. WeLink, Snaptrends, and BlueJay are a few instances of SMMS.

Although GSCS deliver valuable services, they also generate a host of privacy challenges. Protecting members' identity and their location information is a notable challenge in GSCS. Close examination of nine real life GSCS applications enabled me to identify four major challenges that can lead to insufficient privacy protection for members of GSCS.

My seminar is structured based on the four identified privacy challenges that are categorized into two core perspectives on privacy issues in GSCS. Part I focuses on the privacy issues inside GSCS either as a single system or a federation of systems. The perspective for Part I is to look at privacy issues when a member wants to access another member's data. Part II looks at the privacy problems when geo-social networking systems make their members' data publicly available. The perspective for this part is to look at privacy issues when data recipient can access all members’ data yet in a sanitized format. I will discuss details of my contributions and findings as well as future directions within these two main perspectives

iCIS Group Seminar: Neal Isaac, June 24, 2016 - 2:00pm to 3:00pm. Venue: ICT 616

Abstract: In today’s rapidly expanding security marketplace cyber risk, cyber crime, cyber threats, cyber intelligence are all making cyber headlines. All of these have one common theme: Cyber.

Join our guest Neal Isaac, the “Cyber Guy”, for an open discussion on what lessons can be learned from recent incidents of cybercrime, such as the ransomware that we recently experienced, what he is seeing across various sources of information and what opportunities he feels may exist  in the future.

iCIS Group Seminar: Dr. Go Ohtake, November 24, 2015 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract: A number of integrated broadcast-broadband services have been launched and a viewer can enjoy the broadcast content via the airwaves and also receive additional information related to the content via the Internet. These services, however, can be enriched by using the viewers' personal information such as a viewing history. To this end, it is required that the viewer can securely share their viewing history with the broadcaster and the service providers. We proposed a privacy preserving system for integrated broadcast-broadband services that uses an attribute-based encryption (ABE) scheme. However, an ABE scheme has usually a heavy cost for user terminal including television, smartphone, and tablet that might have a low-performance CPU. Recently, several outsourcing schemes of ABE encryption have been proposed to reduce the encryption cost for user terminal. In these schemes, a cloud server performs a large part of ABE encryption algorithm. However, it is assumed that a cloud server is honest or honest-but-curious. In this talk, we propose an outsourcing scheme of ABE encryption which is secure against a malicious cloud server. We define three security notions and prove that our scheme satisfies all of them in the random oracle model.

iCIS Group Seminar: Dr. Viliam Lisy, September 21, 2015 - 1:00pm to 2:00pm. Venue: ICT 618

Abstract: Game Theory provides theoretic and algorithmic framework for analyzing optimal behaviour in competitive situations. After its initial development in economics and success in electronic commerce, it has been increasingly often used for modelling real world physical and network security problems.

In my talk, I will introduce the main modelling tools, advantages and limitations of using game theory for real world applications. I will explain the most basic formal models as well as several specific applications from physical and network security. I will demonstrate the most important concepts on a game theoretic model of selecting detection thresholds in a network intrusion detection system and show that strategic randomization can ensure higher expected detection rates than any static threshold setting. I will focus on computational/algorithmic game theory, which allows analyzing models hard to study analytically, because of their size or dependence on real world data that cannot be expressed analytically

iCIS Group Seminar: Dr. Borzoo Bonakdarpour, August 27, 2015 - 11:00am to 12:00pm. Venue: ICT 616

Abstract:  Cybersecurity is an area of information technology where dependability plays a crucial role. This is because even a short transient violation of security policies may result in leaking private or highly sensitive information, compromise safety, or lead to the interruption of vital public or social services. This talk will go over a general runtime monitoring technique for a rich class of security polices (e.g., information flow) that cannot be expressed by traditional trace-based specification languages. To this end, we employ Clarkson and Schneider's theory of hyperproperties. We first define the notion of monitorability and identify monitorable policies. Then, I will describe the complexity of runtime monitoring of such policies and introduce related algorithms.

Using Secure Multiparty Computation to Secure Outsourcing of Computation: What Theoreticians Missed

iCIS Group Seminar: Prof. Yvo Desmedt, August 13, 2015 - 12:00pm to 1:00pm. Venue: ICT 618B

Abstract: Amazon, Facebook, Twitter, and other companies have invested heavily in social networks, in cloud computing, and in cloud storage. They depict a great new world in which local in person contacts/friends are being replaced by global virtual ones, local storage of data is being replaced by cloud storage, and so forth. The US government and presidents/provosts of numerous universities have been lured into switching to the use of the cloud.

First, one can wonder how secure these cloud servers are. Second, even though a lot of fundamental/theoretical research on cloud security is extremely exiting, there is no motivation for social networks, cloud storage and cloud computing corporations to implement and incorporate the results. Moreover, in countries such as Japan and the USA, lobbyists dominate the government and Europe's regulation (such as the need to authorise the use of cookies) is ineffective.

We start this lecture by explaining the rise of cloud storage, cloud computing and social networks as a consequence of a failure in the design of adequate OS (operating systems). We survey some of the solutions proposed to address security problems. Some of these solutions are user-developed ones, which do not require the cooperation of the companies, and might therefore have a better chance of success.

Theoreticians have been pushing the use of secure multiparty computation (MPC) to address the problem of outsourcing computation in a secure way.  A major part of this presentation is focused on analyzing whether MPC is the correct technique for this problem. We identify several problems that have been overlooked in the context of the secure outsourcing of computation.

iCIS Group Seminar: Dr. Mahdi Cheraghchi, August 6, 2015 - 1:00pm to 2:00pm. Venue: ICT 616

Abstract:  The Hadamard transform, also known as the Fourier transform over the hypercube, is an orthogonal transformation extensively used in signal processing, learning theory, coding theory, and Boolean function analysis. Using the standard FFT algorithm, the N-dimensional Hadamard transform can be computed deterministically and exactly in time O(N log N). However, when one wishes to only approximate the most significant coefficients of the transformation, it is possible to obtain faster algorithms that work in sublinear time in the signal's dimension. We design an algorithm for computing a k-sparse approximation of the Hadamard transform of an N-dimensional vector x in time O(k^1.01 polylog N). Our algorithm is fully deterministic and only uses non-adaptive queries to x (i.e., all queries are determined and performed in parallel when the algorithm starts). Along the way, we also obtain a nearly optimal and explicit compressed sensing scheme equipped with a deterministic sublinear-time recovery algorithm.

[Based on joint work with Piotr Indyk; arXiv manuscript 1504.07648]

iCIS Group Seminar: Dr. Mahdi Cheraghchi, August 4, 2015 - 1:00pm to 2:00pm. Venue: ICT 618B

Abstract:  The general area of non-malleable cryptography aims for providing the maximum degree of security in a cryptosystem; that is, securing against a tampering adversary who is able to observe an encrypted message and wishes to create the encryption of a correlated message. Non-malleable codes, introduced by Dziembowski, Pietrzak and Wichs (ICS 2010) are regarded as a central combinatorial tool in this area. A direct application of a non-malleable coding scheme makes it possible to secure a cryptosystem against tampering of memory components that store sensitive information. While this has been the original application leading to the development of non-malleable codes, the abstraction is so natural that has led to numerous other applications within non-malleable cryptography. As a coding-theoretic object extending the notion of error-detecting codes, non-malleable codes are also of interest to the information and coding theory communities.

In this talk, I discuss the background on non-malleable cryptography and introduce the notion of non-malleable codes. The talks follows by a discussion of the following:

1. How non-malleable codes can be applied to provide security against tampering of the storage;

2. Existence of non-malleable codes for any given family of tampering adversaries, and matching upper and lower bounds on their redundancy;

3. Constructions of non-malleable codes; including a general and efficient randomized construction as well as an explicit optimal constructions for the so-called “bit-tampering” adversaries;

4. More recent applications of non-malleable codes in cryptography, such as public-key encryption and string-commitment schemes secure against chosen ciphertext attacks;

5. Remaining open problems in the area.

Based on joint work with Venkatesan Guruswami and articles arXiv:1309.0458 (ITCS 2014) and arXiv:1309.1151 (TCC 2014).

iCIS Group Seminar: Liam Keliher, May 20, 2015 - 1:00pm to 2:00pm. Venue: ICT 618

Abstract:  BSPN (byte-oriented SPN) is a general block cipher structure presented at SAC'96 by Youssef et al.  It is a more efficient version of the bit-oriented SPN structure published earlier in 1996 by Heys and Tavares.  BSPN is a flexible SPN design in which only the linear transformation layer is exactly specified, while s-boxes, key-scheduling details, and number of rounds are intentionally left unspecified.  Because it is designed to be involutional (self-inverting), BSPN has influenced other involutional ciphers such as Khazad and CURUPIRA.  And because it can be implemented very efficiently in hardware, several researchers have recommended the 64-bit version of BSPN for use as a lightweight cipher.  Youssef et al. perform preliminary analysis on BSPN, and claim it is resistant to differential and linear cryptanalysis for typical block sizes and numbers of rounds.  However, we show that even if BSPN is instantiated with strong AES-like s-boxes, there exist high probability differentials and linear hulls that allow BSPN to be broken using differential and linear cryptanalysis.  In particular, up to 9 rounds of BSPN with a 64-bit block size can be attacked, and up to 18 rounds with a 128-bit block size can be attacked.

iCIS Group Seminar: Douglas Stinson, May 11, 2015 - 4:00pm to 5:00pm. Venue: ICT 616

Abstract:  We study a method for key predistribution in a network of n users where pairwise keys are computed by hashing users' IDs along with secret information that has been (pre)distributed to the network users by a trusted entity. A  communication graph G can be specified to indicate which pairs of users should be able to compute keys. We determine necessary and sufficient conditions for schemes of this type to be secure. We also consider the problem of minimizing the storage requirements of such a scheme; we are interested in the total storage as well as the maximum storage required by any user. Minimizing the total storage is NP-hard, whereas minimizing the maximum storage required by a user can be computed in polynomial time.

iCIS Group Seminar: Krzysztof Wróbel, February 26, 2015 - 11:00am to 12:00pm. Venue: ICT 618B

Abstract:  The most popular biometric identification methods include: signature recognition, iris recognition, fingerprint recognition and profiling.  There are also other methods, e.g. cheiloscopy, which are becoming more popular. A single lip print contains, on an average, 1145 individual features forming a unique pattern different for each person. There is no doubt that such a huge potential of lip prints can be used for personal identification.

In this talk the methods of lip print recognition on the basis of Standard and Generalized Hough Transform will be introduced. The advantage of these methods is the possibility of use in biometric systems and forensic science.

iCIS Group Seminar: Rafal Doroz, February 26, 2015 - 11:00am to 12:00pm. Venue: ICT 618B

Abstract:  Many methods of determining the similarity between signatures require that the signatures being compared have the same length. This requirement is not always fulfilled. This causes a necessity to use a method of equalizing the length of signatures. Lengths of sequences can be equalized using many methods, such as DTW or scaling methods. A disadvantage of these methods is the need to interfere with the analysed data, which in turn may lead to distortion of the signatures being compared.

In this talk a on-line signature identification system using Windows Technique will be describe. The identified signature is compared with signatures stored in database and decision is made by three different voting schemes: Borda’s, Copeland’s and Coomb’s method.

iCIS Group Seminar: Aaron Sheldon, January 22, 2015 - 11:00am to 12:00pm. Venue: ICT 618B

Abstract:  Recently the ministry of Alberta Health and the health authority of Alberta Health Services have been discussing the technical privacy implications of the disclosure of information. This discussion is motivated by the growth in both the release of summary, aggregate, and statistical data, and the requests for confidential data for research purposes. As part of this discussion a series of simple toy examples were developed, and summary notes of the foundational topics in the computer science field of information privacy were written. This presentation will cover these notes and examples, and should be accessible to an audience with undergraduate training in the sciences. To keep the presentation within a reasonable length of time an exhaustive list of references to the underlying literature will not be included, however the relevant material can be readily found using any of the currently popular search engines.

iCIS Group Seminar: Dr. Michael Reiter, November 21, 2014 - 9:30am to 10:30am. Venue: ICT 618B

Abstract:  In a typical large enterprise or Internet service provider setting, the configurations of potentially hundreds of distributed network devices collectively enforce security on the network.  In contrast to the isolated operation and manual configuration of these devices today, we are exploring frameworks to enable these devices to work in a coordinated fashion and to be configured collectively, using only device-specific capabilities and high-level operator objectives as inputs.  We will discuss our progress on accomplishing this vision for intrusion-detection monitoring, intrusion-prevention policy enforcement, and network flow monitoring, for example.  Topics covered will range from formulation of these applications as optimization problems through development and performance of working implementations

iCIS Group Seminar: Dr. Aysajan Abidin, November 19, 2014 - 11:00am to 12:00pm. Venue: ICT 618B

Abstract: Biometrics are increasingly becoming popular as a promising alternative for user authentication and identification. At the same time, however, privacy concerns associated with the widespread use of biometrics are also increasing, since biometrics cannot be revoked if compromised, and more serious, biometrics reveals sensitive private information. Moreover, biometrics can be used to profile and track users. Hence, privacy-preserving biometric authentication is of utmost importance.

The overall focus of the talk is on the security of existing privacy-preserving biometric authentication protocols against malicious internal adversaries. I will first briefly talk about privacy issues with biometrics and common cryptographic techniques employed to build privacy-preserving biometric authentication. Then, I will present two protocols that are built using the Goldwasser-Micali cryptosystem and ring-LWE based somewhat homomorphic encryption, respectively. After motivating why the security against malicious internal adversaries is important in practice, I will describe some attacks on these protocols. Finally, possible countermeasures to mitigate the attacks and to eventually achieve provable security are discussed.

iCIS Group Seminar: Dr. Yvo Desmedt, University of Texas at Dallas, August 14, 2014 - 2:00pm to 3:00pm. Venue: ICT 616

Abstract: On 26th of October 2012, at the closed workshop on ``Online Security & Civil Rights: a Fine Ethical Balance,'' Hertfordshire, UK, the author put forward the idea that intelligence agencies should work for the People and not for the government. That means that the intelligence agencies should spy on these working in the government and these working for lobbyists.  The recipient of this information should be the public at large. The foundation of this idea comes from the Magna Carta and the US Civil Rights Bill that regard ``We the People'' as the trust worthy party and the government as potentially corrupt.

After the Snowden leaks, it has become evident that a discussion is needed on how to reorganize the huge intelligence agencies so that they fit a Western thinking and to avoid they are evolving into a clone of what the KGB and the Stasi used to be.

An updated version of this this lecture was presented a second time at the Security Protocols Workshop, Cambridge on March 20, 2014

iCIS Group Seminar: Dr. Shaoquan Jiang, August 7, 2014 - 2:00pm to 3:00pm. Venue: ICT 616

Abstract: Commitment is a cryptographic protocol, in which a sender can promise a message to a receiver without disclosing it (hiding property) but later he can only unambiguously open it (binding property).   A traditional commitment assumes that the channel between the sender and the receiver is noiseless.     In this talk, we consider the commitment problem over a discrete memoryless channel (DMC) and assume both the sender and the receiver are deterministic. We call it a DET-DMC commitment. We are concerned with the hiding error $\delta_h$ and binding error $\delta_b$ and will discuss them   regarding the security definition.   We give a framework of  a  DET-DMC commitment and characterize the condition   under which $\delta_h$ is nearly zero and $\delta_h$ is exponentially small.  We also present some impossibility results for a DET-DMC commitment.

iCIS Group Seminar: Prof. Keith Martin, August 6, 2014 - 11:00am to 12:00pm. Venue: ICT 618B

Abstract:  There are Cyber Security summits, Cyber Security strategies, Cyber Security agendas, an Office of Cyber Security, Cyber Security degrees, Cyber Security Centres of Excellence and even a Cyber Security skills crisis. But what is everybody getting so agitated about? Is Cyber Security anything new, or just something that we (the “profession”) all knew about before everyone else caught up with it? In this talk we’ll examine Cyber Security from a number of different perspectives and consider some of the things that might have changed, as well as identify some of the challenges for the future.

iCIS Group Seminar: Dr. Matt Robshaw, March 21, 2014 - 11:00am to 12:00pm. Venue: ICT 616

Abstract:  In this presentation we will take a technical look at the deployment of cryptographic solutions on RFID tags.

iCIS Group Seminar: Ed Dawson, Queensland University of Technology, September 3, 2013 - 2:00pm to 3:00pm. Venue: ICT516

Abstract:  In this presentation I will present an overview of my main contributions to cryptology over last 25 years. Areas of presentation include automated cryptanalysis of encryption algorithms using ciphertext alone, design of statistical package to analyse encryption algorithms, using  discrete optimisation techniques to find highly nonlinear boolean functions, design and analysis of stream ciphers,  efficient implementation in software of elliptic curve cryptography and compliant cryptographic protocols including electronic cash, electronic voting and electronic auctions.

iCIS Group Seminar: Yvo Desmedt, University of Texas at Dallas, August 9, 2013 - 11:00am to 12:00pm. Venue: ICT 616

Abstract:  Perfectly secure message transmission (PSMT) schemes have been studied in the field of cryptography for nearly 20 years and have found applications in other fields of research beyond cryptography.

We introduce a new aspect to PSMT. We consider the case when the hardware/software used by the receiver might be corrupted by the adversary. To address this, we replace the receiver by a human (the dual of this is when the sender is a human).

In this lecture we give a brief survey of Perfectly Secure Message Transmission and then propose two different constructions for such protocols in which the receiver is a human with limited computational power. We also survey experiments that were carried out with human participants to evaluate what humans can compute.

Part of this work was presented at SCN 2012.

iCIS Group Seminar: Yvo Desmedt, University of Texas at Dallas, August 7, 2013 - 11:00am to 12:00pm. Venue: ICT 616

Abstract:  Functional encryption is now receiving a lot of attention. However, the topic of functional encryption was preceded by functional secret sharing (SIAM Journal on Discrete Mathematics, 2000).

In this lecture, we explain some of the motivations behind functional secret sharing. We note that in functional secret sharing, we have, as in normal secret sharing, a dealer. However, after the participants received shares from the dealer, a function f will be chosen and the participants will be asked to evaluate f(secret), without any help of the dealer.

Two approaches are surveyed. The first one is non-interactive in the sense that the participants need to broadcast some partial evaluation of f(secret). Since broadcast is used, these partial evaluations should not facilitate a non-authorized set to compute f'(secret), except if f'(secret) follows logically from f(secret). The second approach is interactive in which stricter privacy requirements can be enforced. Most of our solutions are reusable.

We conclude with giving open problems.

iCIS Group Seminar: Frederique Elise Oggier, Nanyang Technological University, June 10, 2013 - 10:00am to 11:00am. Venue: ICT 618B

Abstract:  Consider a communication channel, where a transmitter, Alice, sends some information to a receiver Bob, in the presence of an eavesdropper Eve. Wiretap codes are coding strategies that provide reliability between Alice and Bob, but also confidentiality. In this talk, we will survey our recent line of work, by showing how an error probability analysis can provide explicit wiretap code design criteria for Gaussian, fading, and MIMO channels. Progresses on corresponding code constructions will be presented as well

iCIS Group Seminar: Jason Crampton, Royal Holloway University of London, May 9, 2013 - 2:00pm to 3:00pm. Venue: ICT 618B

Abstract:  A workflow specification defines a set of steps and the order in which those steps must be executed. Security requirements may impose constraints on which groups of users are permitted to perform subsets of those steps. A workflow specification is said to be satisfiable if there exists an assignment of users to workflow steps that satisfies all the constraints. An algorithm for determining whether such an assignment exists is important, both as a static analysis tool for workflow specifications, and for the construction of run-time reference monitors for workflow management systems. Finding such an assignment is a hard problem in general, but recent work using the theory of parameterized complexity suggests that efficient algorithms exist under reasonable assumptions about workflow specifications. We improve the complexity bounds for the workflow satisfiability problem. We also generalize and extend the types of constraints that may be defined in a workflow specification and prove that the satisfiability problem remains fixed-parameter tractable for such constraints.

iCIS Group Seminar: Susan Landau, April 5, 2013 - 11:00am to 12:00pm. Venue: ICT 616

Abstract: As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for  an Internet architecture that enables better network attribution at the packet layer.  The intent is for a mechanism that links a packet to some packet level personally identifiable information. But cyberattacks and cyberexploitations are more different  than they are the same. One result of these distinctions is that packet-level attribution is neither as useful nor as necessary as it would appear. In this talk, I analyze the different types of Internet-based attacks, and observe the role that currently available alternatives to attribution already play in deterrence and prosecution. I focus on the particular character of multi-stage network attacks, in which machine A penetrates and ``takes over'' machine B, which then does the same to machine C, etc. and consider how these types of attacks might be traced, and observe that any technical contribution can only be contemplated in the larger regulatory context of various legal jurisdictions.

This represents joint work with David Clark of MIT.

iCIS Group Seminar: Giovanni Vigna, University of California in Santa Barbara, February 8, 2013 - 11:00am to 12:00pm. Venue: ICT 616

Abstract:  In recent years, attacks targeting web browsers and their plugins have become a prevalent threat. Attackers deploy web pages that contain exploit code, typically written in HTML and JavaScript, and use them to compromise unsuspecting victims. The malicious code involved in web-based attacks changes over time. Attackers routinely tweak it to create new and more effective variants (for example, by incorporating exploits targeting newly-discovered vulnerabilities) or to evade commonly-used defensive tools. Such tweaks (that is, code evolution) have not yet been studied in depth.

In this presentation we present our initial efforts in tracking the evolution of malicious scripts. Our approach uses efficient techniques to identify similarities between a large number of JavaScript programs (despite their use of obfuscation techniques, such as packing, polymorphism, and dynamic code generation), and to automatically interpret their differences.

Using large-scale experiments, we show that our approach is effective at detecting evasion attempts in JavaScript and identifying the code generated by exploit toolkits.

iCIS Group Seminar: Marten van Dijk, January 18, 2013 - 3:00pm to 4:00pm. Venue: ICT 516

Abstract:  One of the key issues in cloud computing is \emph{how to keep private data private}. From financial information to medical records, sensitive data is stored and computed upon in the cloud. Computation requires the data to be exposed to the cloud servers, which may be attacked by malicious applications, hypervisors, operating systems, or by insiders. Encrypted computation has the potential to solve this data privacy problem: e.g., Fully Homomorphic Encryption (FHE) has been coined the Holy Grail of cryptography since it allows an untrusted server to perform computation directly on an encrypted ciphertext without having access to the decryption key. As opposed to current secure hardware solutions (e.g., Intel+TXT, XOM or Aegis), FHE does not require the user to trust any component on the server side -- even the application program can be untrusted.

To investigate FHE's promise, which is prohibitively slow in current implementations, we will explore techniques to run general purpose programs given an efficient FHE scheme. It turns out that, for encrypted execution of general programs, even efficient FHE schemes will suffer a large performance loss compared to plain computation: ambiguity in program control flow and data structures leads to large overheads for certain programs, in addition to the crypto overheads already imposed by FHE.

Motivated by large FHE overheads, the second part of the talk describes how to solve the problem of placing trust in programs by designing a tamper-resistant single-chip processor called Ascend (Architecture for Secure Computation on ENcrypted Data), that can run untrusted batch programs, unlike Aegis and related processors that assume trusted programs. Ascend performs program obfuscation in hardware: given an untrusted program and private user data running within the Ascend chip, the chip's external input/output and power pins give off a signal that is independent of the private user data. To avoid privacy leakage over the I/O pins and power pins, Ascend uses Oblivious RAM to manage its external RAM, assumes DPA resistant logic and implements new insights such as accessing all internal circuits at distinct intervals.

Surprisingly, Ascend incurs only 6.1x performance overhead relative to insecure computation, which is orders of magnitude better than what FHE can achieve. The trusted computing base is only the Ascend chip: no software (the user application, server operating system, etc) or anything outside the Ascend processor (external RAM or communication channels) is trusted.

This is joint work with Christopher Fletcher, Srini Devadas, Ling Ren and Xiangyao Yu.

The low-call diet: Authenticated Encryption for call counting HSM users... (plus some new work on EMV)

iCIS Group Seminar: Gaven Watson, January 15, 2013 - 11:00am to 12:00pm. Venue: ICT 516

Abstract:  In this talk I shall present a new mode of operation for obtaining authenticated encryption suited for use in environments, e.g. banking and government,  where cryptographic services are only available via a Hardware Security Module (HSM) which protects the keys but offers a limited API. The practical problem is that despite the existence of better modes of operation, modern HSMs still provide nothing but a basic (unauthenticated) CBC mode of encryption, and since they mediate all access to the key, solutions must work around this.  Our mode of operation makes only a single call to the HSM, yet provides a secure authenticated encryption scheme. This is joint work with Mike Bond, George French and Nigel Smart and is accepted to appear at CT-RSA 2013.

In the second part of the talk I will give a brief overview of ongoing joint work with Christina Brzuska, Nigel Smart and Bogdan Warinschi. EMV, also known as Chip-and-PIN, is the global standard for authenticating credit and debit card transactions.  It has been deployed in Europe since 2005 and has become widely used in Canada in recent years.  We perform the first formal security analysis of a proposed update to the key agreement protocol of EMV.

iCIS Group Seminar: Paul Van Oorschot, January 9, 2013 - 11:00am to 12:00pm. Venue: ICT 618B

Abstract: A great number of user authentication technologies have been proposed as password replacements over the past 20 years.  The claimed superiority of each is apparently, however, contradicted by a small real-world detail: text passwords continue to dominate, and quite dramatically at that.  What explains this disconnect between researchers' claims and the real world?  The answer is many-fold, including problem definition and evaluation criteria. In fact, only a small subset of evaluation criteria relevant to the real world are considered in most research papers, and the security research community lacks consensus, and consistency, on which should be used.  Our exploration considers numerous proposals from a broad spectrum of authentication schemes, and suggests a framework and methodology for comparative evaluation.  We also consider a research agenda motivated by these considerations.