[Busec] BUsec next week: Nadia Heninger (Tues Oct 9, 10am MCS137)

Sharon Goldberg goldbe at cs.bu.edu
Tue Oct 2 23:00:19 EDT 2012


Next week, Nadia Heninger will speak about her USENIX secuirty best
paper on detecting weak RSA and DSA keys, on Tuesday Oct 9 at 10AM.
(Note we meet on *Tuesday*, due to Columbus day)   The following week,
Alessandro Chiesa from MIT will tell us how proof-carrying data makes
delegation more affordable on Monday Oct 15 at 10AM.

As usual, talks will be in MCS137 at 111 Cummington St, Boston, with
lunch provided.  Abstracts below.


BUsec Calendar:  https://sites.google.com/site/busecuritygroup/calendar
BUsec Mailing list:  http://cs-mailman.bu.edu/mailman/listinfo/busec

"Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices"
Speaker: Nadia Heninger, MSR.
*** TUESDAY***** Oct 9, 2012, 10:00am – 11:30am in MCS 137

RSA and DSA can fail catastrophically when used with malfunctioning
random number generators, but the extent to which these problems arise
in practice has never been comprehensively studied at Internet scale.
We perform the largest ever network survey of TLS and SSH servers and
present evidence that vulnerable keys are surprisingly widespread. We
find that 0.75% of TLS certificates share keys due to insufficient
entropy during key generation, and we suspect that another 1.70% come
from the same faulty implementations and may be susceptible to
compromise. Even more alarmingly, we are able to obtain RSA private
keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their
public keys shared nontrivial common factors due to entropy problems,
and DSA private keys for 1.03% of SSH hosts, because of insufficient
signature randomness. We cluster and investigate the vulnerable hosts,
finding that the vast majority appear to be headless or embedded
devices. In experiments with three software components commonly used
by these devices, we are able to reproduce the vulnerabilities and
identify specific software behaviors that induce them, including a
boot-time entropy hole in the Linux random number generator. Finally,
we suggest defenses and draw lessons for developers, users, and the
security community.

Joint work with Zakir Durumeric, Eric Wustrow, and J. Alex Halderman


Title: How Proof-Carrying Data Makes Delegation More Affordable
Speaker: Alessandro Chiesa


Succinct arguments are computationally​-sound proof systems that allow
verifying NP statements with lower complexity than required for
classical NP verification

In this talk, we will discuss two important efficiency aspects of
succinct arguments:
(1) the time and space complexity of the prover
(2) the offline complexity of the verifier (a.k.a. preprocessing complexity)

We will look at how well (or badly) do existing succinct argument
constructions perform with respect to the above aspects. We will then
discuss how the framework of proof-carrying data can be used to
"bootstrap" non-interactive succinct arguments that suffer from
expensive offline complexity or poor prover complexity (or both) into
SNARKs that no longer suffer from either.
Overall, we achieve a solution that performs very well relative to the
above aspects.

Joint work with Nir Bitansky, Ran Canetti, and Eran Tromer.

Sharon Goldberg
Computer Science, Boston University

More information about the Busec mailing list