[Busec] BUsec next week: Nadia Heninger (Tues Oct 9, 10am MCS137)
goldbe at cs.bu.edu
Tue Oct 2 23:00:19 EDT 2012
Next week, Nadia Heninger will speak about her USENIX secuirty best
paper on detecting weak RSA and DSA keys, on Tuesday Oct 9 at 10AM.
(Note we meet on *Tuesday*, due to Columbus day) The following week,
Alessandro Chiesa from MIT will tell us how proof-carrying data makes
delegation more affordable on Monday Oct 15 at 10AM.
As usual, talks will be in MCS137 at 111 Cummington St, Boston, with
lunch provided. Abstracts below.
BUsec Calendar: https://sites.google.com/site/busecuritygroup/calendar
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec
"Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices"
Speaker: Nadia Heninger, MSR.
*** TUESDAY***** Oct 9, 2012, 10:00am – 11:30am in MCS 137
RSA and DSA can fail catastrophically when used with malfunctioning
random number generators, but the extent to which these problems arise
in practice has never been comprehensively studied at Internet scale.
We perform the largest ever network survey of TLS and SSH servers and
present evidence that vulnerable keys are surprisingly widespread. We
find that 0.75% of TLS certificates share keys due to insufficient
entropy during key generation, and we suspect that another 1.70% come
from the same faulty implementations and may be susceptible to
compromise. Even more alarmingly, we are able to obtain RSA private
keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their
public keys shared nontrivial common factors due to entropy problems,
and DSA private keys for 1.03% of SSH hosts, because of insufficient
signature randomness. We cluster and investigate the vulnerable hosts,
finding that the vast majority appear to be headless or embedded
devices. In experiments with three software components commonly used
by these devices, we are able to reproduce the vulnerabilities and
identify specific software behaviors that induce them, including a
boot-time entropy hole in the Linux random number generator. Finally,
we suggest defenses and draw lessons for developers, users, and the
Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
Title: How Proof-Carrying Data Makes Delegation More Affordable
Speaker: Alessandro Chiesa
Succinct arguments are computationally-sound proof systems that allow
verifying NP statements with lower complexity than required for
classical NP verification
In this talk, we will discuss two important efficiency aspects of
(1) the time and space complexity of the prover
(2) the offline complexity of the verifier (a.k.a. preprocessing complexity)
We will look at how well (or badly) do existing succinct argument
constructions perform with respect to the above aspects. We will then
discuss how the framework of proof-carrying data can be used to
"bootstrap" non-interactive succinct arguments that suffer from
expensive offline complexity or poor prover complexity (or both) into
SNARKs that no longer suffer from either.
Overall, we achieve a solution that performs very well relative to the
Joint work with Nir Bitansky, Ran Canetti, and Eran Tromer.
Computer Science, Boston University
More information about the Busec