[Busec] busec this week: Wendy Seltzer (Wed 3pm, with "Wednesdays at Hariri")

Sharon Goldberg goldbe at cs.bu.edu
Tue Oct 7 19:36:37 EDT 2014


This week, we do not have our regular seminar; instead, we join "Wednesdays
at Hariri" for a talk about privacy law by Wendy Seltzer (Wednesday 3pm).
The following week, we will be back to the usual seminar, with Merrielle
Spain from Lincoln Labs talking about physically unclonable functions
(PUFs).  Abstracts below.

Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


____
 3:00 PM on October 8, 2014 @MCS-180


*"They Never Metadata They Wouldn't Seize"*
Privacy and the Third party Doctrine

Wendy Seltzer

Policy Counsel
World Wide Web Consortium (W3C)
------------------------------

*Abstract: *We rely on a mix of technology, law, and norms to maintain our
privacy, but often misunderstand the limits of each. The challenges are
particularly steep online, where we depend on an infrastructure of private
third-party services both to publish and to keep private.
Precedent from the 1970s sets an exception to the Fourth Amendment's
warrant requirement for information voluntarily turned over to third
parties.

That's a whole lot of metadata constitutionally up for grabs. This talk
will address the limits of privacy in the digital age and steps we can take
with tech, norms, and law to reclaim it.



*Bio: *Wendy Seltzer is Policy Counsel to the World Wide Web Consortium
(W3C), where she leads the Technology & Society Domain's focus on privacy,
security, and social web standards. As a visiting Fellow with Yale Law
School's Information Society Project, she researches openness in
intellectual property, innovation, privacy, and free expression online. As
a Fellow with Harvard's Berkman Center for Internet & Society, Wendy
founded and leads the Chilling Effects Clearinghouse, helping Internet
users to understand their rights in response to cease-and-desist threats.
She serves on the Board of Directors of The Tor Project, promoting privacy
and anonymity research, education, and technology; the World Wide Web
Foundation, devoted to achieving a world in which all people can use the
Web to communicate, collaborate and innovate freely. She seeks to improve
technology policy in support of user-driven innovation and communication.
 ------------------------------

Deriving Robust Keys from Physical Unclonable Functions
Merrielle Spain. Lincoln Labs.
October 15, 2014, 10-11.30am
Hariri Seminar Room, MCS180, 111 Cummington St

Weak physical unclonable functions (PUFs) can instantiate read-proof
hardware tokens (Tuyls et al. 2006, CHES) where benign variation, such as
changing temperature, yields a consistent key, but invasive attempts to
learn the key destroy it. Previous approaches evaluate security by
measuring how much an invasive attack changes the derived key (Pappu et al.
2002, Science). If some attack insufficiently changes the derived key, an
expert must redesign the hardware.

An unexplored alternative uses software to enhance token response to known
physical attacks. Our approach draws on machine learning. We propose a
variant of linear discriminant analysis (LDA), called PUF LDA, which
reduces noise levels in PUF instances while enhancing changes from known
attacks.

We compare PUF LDA with standard techniques using an optical coating PUF
and the following feature types: raw pixels, fast Fourier transform,
short-time Fourier transform, and wavelets. We measure the true positive
rate for valid detection at a 0% false positive rate (no mistakes on
samples taken after an attack). PUF LDA improves the true positive rate
from 50% on average (with a large variance across PUFs) to near 100%.

While a well-designed physical process is irreplaceable, PUF LDA enables
system designers to improve the PUF reliability-security tradeoff by
incorporating attacks without redesigning the hardware token.
<http://www.cs.bu.edu/~goldbe>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20141007/d31ab3e4/attachment.html>


More information about the Busec mailing list