[Busec] busec this week: Bhavana Kanukurthi (Tues 10AM) Haya Shulman (Friday 2PM)

Sharon Goldberg goldbe at cs.bu.edu
Mon Oct 14 17:19:01 EDT 2013


We have an exciting set of talks coming up, all at unusual times.

This week at our seminar, Bhavana Kanukurthi from UCLA will talk about
locally updatable and locally decodable codes. The talk will be at an
unusual time -- Tomorrow - Tuesday at 10AM (which is a "Monday schedule" at

On Friday of this week at 2PM we will have a talk by Haya Shulman from TU
Darmstadt; she'll tell us about her new strong attacks on DNS that defeat
some of the defenses that were put in place to defend against Kaminsky's

There will be no talk next week. But on Monday Oct 28, we'll have a talk on
digital forensics by Simson Garfinkel, who is a professor at the Naval
Postgraduate School.

Abstracts below. Hope to see you all there!


 BUsec Calendar:  http://www.bu.edu/cs/busec/
 BUsec Mailing list:  http://cs-mailman.bu.edu/mailman/listinfo/busec
 How to get to BU from MIT:  Try the CT2 bus or MIT's "Boston Daytime
 Shuttle" http://web.mit.edu/facilities/transportation/shuttles/

Locally Updatable and Locally Decodable Codes
Speaker: Bhavana Kanukurthi, UCLA
Tuesday October 15, 2013, 10AM

We introduce the notion of locally updatable and locally decodable codes
(LULDCs). In addition to having low decode locality, such codes allow us to
update a codeword (of a message) to a codeword of a different message, by
rewriting just a few symbols. While, intuitively, updatability and
error-correction seem to be contrasting goals, we show that for a suitable,
yet meaningful, metric (which we call the Prefix Hamming metric), one can
construct such codes. Informally, the Prefix Hamming metric allows the
adversary to arbitrarily corrupt bits of the codeword subject to one
constraint -- he does not corrupt more than a $\delta$ fraction of the $t$
``most-recently changed" bits of the codeword (for all $1 \leq t \leq n$,
where $n$ is the length of the codeword).

Our results are as follows. First, we construct binary LULDCs for messages
in ${0,1}^k$ with constant rate, update locality of $O(log^2 k)$, and read
locality of $O(k^\epsilon)$ for any constant $\epsilon<1$. Next, we
consider the case where the encoder and decoder share a secret state and
the adversary is computationally bounded. Here too, we obtain local
updatability and decodability for the Prefix Hamming metric. Furthermore,
we also ensure that the local decoding algorithm never outputs an incorrect
message -- even when the adversary can corrupt an arbitrary number of bits
of the codeword. We call such codes locally updatable locally
decodable-detectable codes (LULDDCs) and obtain dramatic improvements in
the parameters (over the information-theoretic setting). Our codes have
constant rate, an update locality of $O(log k)$ and a read locality of
$O(\lambda log^2 k)$, where $\lambda$ is the security parameter.

Finally, we show how our techniques apply to the setting of dynamic proofs
of retrievability (DPoR) and present a construction of this primitive with
better parameters than existing constructions. In particular, we construct
a DPoR scheme with linear storage, $O(log k)$ write complexity, and
$O(\lambda log k)$ read and audit complexity.

This is joint work with Nishanth Chandran and Rafail Ostrovsky.


Towards a Secure Domain Name System
Speaker: Haya Shulman, TU Darmstadt/Bar Ilan University
Friday October 18, 2-3PM

A number of standardised mechanisms were proposed to enhance security of
DNS against cache poisoning attacks. However, we recently found
vulnerabilities, allowing attackers to circumvent those defenses and poison
resolvers' caches. We briefly review the vulnerabilities and the techniques
that exploit them, to foil widely deployed defenses, standardised in
RFC5452,6056,4697. These results are based on publications in ESORICS'12,

Finding privacy leaks and stolen data with bulk data analysis and
optimistic decoding
Speaker: Simson L. Garfinkel, Associate Professor, Naval Postgraduate School
October 28, 2013, 11AM - 12

Modern digital forensics tools are largely based on the recovery and
analysis of files. This talk explores how identity information such as
email addresses, credit card numbers, and other of information can be more
efficiently found using bulk data analysis, and how results are
significantly improved through the use of optimistic decompression.
Together, these techniques can find important information on computer media
that are ignored by the majority of today's digital forensics tools.

This talk presents the results of a study of roughly 5000 hard drives
purchased on the secondary market and shows how different kinds of data
formats can be traced to different kinds of privacy leaks and coding
errors. It show how the results were generated using bulk_extarctor, an
easy-to-use open source digital forensics tool. Finally, it shows how
bulk_extractor was extended to detect data obscured with a simple
steganographic technique (XOR 255), and how a subsequence re-analysis of
the research corpus found significant use of the technique in commercial
software, malware, and by at least one computer criminal.

Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate
School. Based in Arlington VA, Garfinkel's research interests include
digital forensics, usable security, data fusion, information policy and
terrorism. He holds six US patents for his computer-related research and
has published dozens of research articles on security and digital forensics.

Garfinkel is the author or co-author of fourteen books on computing. He is
perhaps best known for his book Database Nation: The Death of Privacy in
the 21st Century. Garfinkel's most successful book, Practical UNIX and
Internet Security (co-authored with Gene Spafford), has sold more than
250,000 copies and been translated into more than a dozen languages since
the first edition was published in 1991.

Garfinkel received three Bachelor of Science degrees from MIT in 1987, a
Master's of Science in Journalism from Columbia University in 1988, and a
Ph.D. in Computer Science from MIT in 2005.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20131014/0c5c2e0f/attachment.html>

More information about the Busec mailing list