French Invited speakers:
- Tutorial A on "Fault attacks from theory
to practise: what is possible to do?" by Assia TRIA
(CEA-LETI/ENSMSE).
Abstract In this talk we will make presentations of the principal algorithms used in embedded systems. We will show that faults injection in these theoretical models can make it possible to find secrete information such as keys. We will explain then how in experiments we are based on these models and which are the main difficulties and challenges in this field - Castelluccia Claude (Planete Project INRIA) "Tracking Malicious Servers on the Internet"
- Abdalla Michel (ENS) "Robust Public-Key and Identity-Based Encryption"
- Blanchet Bruno (Laboratoire d'Informatique de l'ENS) :" CryptoVerif: A Computationally Sound Mechanized Prover for Security Protocols"
- Marine Minier (CITI laboratory): "Some integral properties of Rijndael"
- Tutorial B on
"New Techniques in Privacy-Preserving Data Mining and Machine Learning" by Ali Miri (University of Ottawa)
Abstract: Applications of distributed data mining and machine learning techniques represent an expanding and challenging area of research in which many of these applications demand data privacy. Related data is often distributed among two or more parties in different configurations, where these parties do not want to, or may not be allowed to disclose their own private information to each other. Over the last decade, many privacy-preserving data mining and machine learning protocols have been proposed for various algorithms, each of which has a different level of security, efficiency and accuracy. However, there are still many open problems in this field of study in terms of security and efficiency such as developing privacy-preserving protocols for public channels and incremental algorithms, preventing collusion attacks, reducing intermediate outputs, and balancing the distribution of the final results. In this talk, we review the background, present some solutions, and discuss possible future directions in this area. This is a joint work with Saeed Samet. - Kumar Murty, (UToronto): The ERINDALE Hash Function
- Jose M. Fernandez (EPM): Botnets: No calm after the Storm
- Bruce Kapron (University of Victoria) COMPUTATIONAL INDISTINGUISHABILITY LOGIC
- Rei Safavi-Naini (University of Calgary) Unconditionally secure key agreement over noisy channels
- Joaquin Garcia-Alfaro (CarletonU) "Security & Privacy on EPC Networks"
| Friday, June 26 | MITACS 2009 | |
|---|---|---|
| 8:15 — 08:30 | Welcome Slides |
|
| 8:30 — 10:00 | Session 1: Internet Security Chair: Lafourcade Pascal | |
| 8:30 — 9:15 | Castelluccia Claude Tracking Malicious Servers on
the Internet Abstract: Cyber-criminals frequently use redirection techniques to hide the actual location of their malicious servers in order to evade identification and prevent or, at least delay, the shutdown of these illegal servers by law enforcement. We developped a framework to geolocalize hidden servers, that is, to determine the physical location of these servers based on network measurements. During this talk, I will present our preliminary experimental results of this project. Slides |
|
| 9:15 — 10:00 | Jose M. Fernandez "Botnets: No calm after the Storm"
Abstract: In this presentation, we will survey the developments in botnet technology as they have being deployed and employed in the "real world" in the last few years. Of most notable importance and notoriety is the Storm worm that appeared in 2007 and that had all but disappeared by the end of 2008. From a technical and research point of view, it marks the departure from IRC-controlled botnets to sophisticated command and control architectures using a combination of peer-to-peer networking and a network of http servers with fast changing domain names (aka fast flux networks). This has made Storm one of most researched on malware in the last few years. We will present the results of our research on graph theory-based simulations of the P2P networks employed by such botnets and the relative efficacy of various mitigation strategies, some of which were indeed been tested "in-the-wild" against the Storm botnet. We will conclude by discussing more recent developments in botnet technology. Nature abhors a vacuum and Storm has indeed been replaced by other equally sophisticated botnets. We will discuss their similarities and differences with the good ol' Storm, and how the models we used to describe Storm can be adapted (or not) to analyse them. We will close by discuss ongoing research on these more recent botnets. Slides |
|
| 10:00 — 10:30 | Break I | |
| 10:30 — 12:00 | Session 2: Cryptosystems, Chair: Kumar Murty | |
| 10:30 — 11:15 |
Joaquin Garcia-Alfaro
Security & Privacy on EPC Networks
Abstract: The Electronic Product Code (EPC) is a low-cost technology based on passive Radio Frequency IDentification (RFID) devices. It is the basis of a distributed architecture, called the EPC Network, for the automatic identification of objects in motion on supply chain and industrial production applications. A globally unique number is assigned to the RFID device assigned to every tagged object. This number is then used to identify the object and get further information about it through Internet based applications (e.g., using Web services). The information about an object is not stored on a tag, but instead supplied by distributed servers on the Internet. Security threats can target the different services of the EPC network, if weaknesses are not handled properly. This talk will provide examples of threats targeting the insecure wireless channel used for the exchange of information between RFID devices. Additionally, it will discuss some countermeasures to mitigate the risk of some of these threats. Slides |
|
| 11:15 — 12:00 |
Abdalla Michel Robust Public-Key and Identity-Based Encryption. Abrstact: Motivated by applications to auctions, searchable encryption, and anonymous wireless communication, we provide a provable-security treatment of the notion of a ``robust'' encryption scheme, namely one where the decryption algorithm rejects when the ``wrong'' secret key is used. First, we provide formal definitions of robustness under chosen-plaintext and chosen-ciphertext attack. We find that contrary to what seems intuitive, robustness ---at least in combination with privacy and anonymity as required by applications--- is actually rarely, if ever, present and obvious ways to confer it fail. We however provide general ways to efficiently confer robustness without sacrificing other security properties, for both public-key and identity-based encryption. Next, we examine the robustness of several well-known encryption schemes. Finally, we also show how to apply our results to searchable encryption schemes to obtain the first schemes with security against chosen-ciphertext attacks in the standard model. We believe these results are important to clarify and help fill gaps in the literature arising from the implicit use of a robustness property that until now lacked formal definitions. This is joint work with Mihir Bellare, Chanathip Namprempre, and Gregory Neven. Slides |
|
| 12:00 — 1:30 | Lunch | |
| 1:30 — 3:00 | Session 3: Secure key agreement, Chair: Bruce Kapron | |
| 1:30 — 2:00 | Rei Safavi-Naini
Unconditionally secure key agreement over noisy channels Abstract: We discuss the problem of secure key agreement when Alice and Bob are connected by noise channels and their communication is intercepted by Eve through noisy channels also. We will show that in this scenario secret key agreement is possible in some surprising cases where the main channel is much noisier than Eve's channels. We discuss our results and relate them to other known work in this area. Slides |
|
| 2:00 — 3:30 | Tutorial A
1st part Fault attacks from theory to practise: what is possible to do?
Slides |
|
| 3:30 — 4:00 | Break II | |
| 4:00 — 5:30 | Session 4: Chair: Bruce Kapron | |
| 4:00 — 5:30 | Tutorial B
1st Part New Techniques in Privacy-Preserving Data Mining and Machine Learning |
|
| Saturday, June 27 | MITACS 2009 | |
|---|---|---|
| 8:30 — 10:00 | Session 5: Security Chair: Yassine Lakhnech | |
| 8:30 — 9:15 | Student Presentation | |
| 9:15 — 10:00 | Kumar Murty
The ERINDALE Hash Function Abstract: We describe the construction of a hash function based on polynomials over finite fields. The construction does not follow the Merkle-Daamgard philosophy. Slides |
|
| 10:00 — 10:30 | Break I | |
| 10:30 — 12:00 | Session 6: Computational Security, Chair: Ali Miri | |
| 10:30 — 11:15 |
Bruce Kapron
COMPUTATIONAL INDISTINGUISHABILITY LOGIC
Abstract: We present a logic for reasoning about computational indistinguishability of poly-time samplable probability distributions and about negligibility of conditional probability of poly-time decidable predicates, in the presence of random oracles and adaptive adversaries. We trace the development of related logics, and examine applications to correctness proofs for cryptographic primitives, schemes and protocols (Joint work with Gilles Barthe, Marion Daubignard and Yassine Lakhnech) Slides |
|
| 11:15 — 12:00 | Blanchet Bruno
CryptoVerif: A Computationally Sound Mechanized Prover for Security Protocols"
Abrstact: We present the prover CryptoVerif: it is the first mechanized prover for security protocols sound in the computational model. It produces proofs presented as sequences of games, like the manual proofs of cryptographers; these games are formalized in a probabilistic polynomial-time process calculus. CryptoVerif provides a generic method for specifying security assumptions on cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. It can prove secrecy and correspondence properties (including authentication). It produces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. Slides | |
| 12:00 — 1:30 | Lunch | |
| 1:30 — 3:00 | Session 7: Symmetric Encryption, Chair: | |
| 1:30 — 2:00 |
Marine Minier (CITI laboratory) Some integral properties of Rijndael
Abstract: in this talk, we present new integral properties for all the Rijndael versions and show how to build unknown key distinguishers and also known key distinguishers. We also give a formal definition of a known key distinguisher and show how to apply this result for a particular hash function of the SHA3 competition. Slides Slides |
|
| 2:00 — 3:30 | Tutorial B
2nd Part New Techniques in Privacy-Preserving Data Mining and Machine Learning Abrstact: |
|
| 3:30 — 4:00 | Break II | |
| 4:00 — 5:30 | Session 8: Chair: TBA | |
| 4:00 — 5:30 | Tutorial A
2nd part Fault attacks from theory to practise: what is possible to do?
Slides |
|