[Busec] busec this week: Leonid Reyzin (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Mon Sep 22 12:30:53 EDT 2014

*** Sorry for the spam, the abstracts did not come through on the previous

This week, Leo Rezyin will speak about key derivation from noisy
sources. The following week, Manuel Egele, who is a new faculty member in
BU's ECE department, will present his work on static analysis..

As usual, lunch is after the seminar, and abstracts are below.

Hope you can make it!

BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


Title: Key Derivation From Noisy Sources With More Errors Than Entropy
Speaker: Leonid Reyzin, BU
Wednesday September 24, 10-11:30 am
Hariri Seminar Room, MCS180

Fuzzy extractors convert a noisy source of entropy (such as a visual
password, a biometric reading, or a physically unclonable function) into a
consistent uniformly distributed key. In the process of eliminating noise,
they lose some of the entropy of the original source. Specifically, to
tolerate t errors, most natural constructions lose at least as much entropy
as the logarithm of the volume of the ball of radius t. This loss is too
high for many practically important sources, which do not have sufficient
starting entropy to tolerate it.

We construct the first fuzzy extractors that work for a large class of
sources whose starting entropy is not high enough to tolerate such a loss.
Our constructions correct Hamming errors over a large alphabet and
(necessarily) impose certain restrictions on the distribution of the
source. Their security is computational; unlike information-theoretic
constructions, they are ``reusable''--i.e., permit multiple independent
enrollments of correlated readings.

We also explore the limits of achievable error-tolerance by fuzzy
extractors, showing that customization for a particular distribution can be
a powerful tool.

Joint work with Ran Canetti, Benjamin Fuller, Omer Paneth, and Adam Smith


Title: Static analysis on mobile applications for security and privacy
Speaker: Manuel Egele, BU
Wednesday October 1, 10-11:30 am
Hariri Seminar Room, MCS180

 Mobile devices are ubiquitous. Apple sold more than 400 million iOS
devices to date, and it has been reported that more than 500 million
Android-based devices are in customers' hands. These devices open
exciting new avenues of innovation, such as location-based services and
mobile payment. Of course, the user has a legitimate desire to keep the
privacy-sensitive data that is managed by these smart devices safe and
secure. Unfortunately, mobile devices frequently expose such information
to prying third-party applications (apps). In this talk, I will
demonstrate how novel static analysis techniques can be used to
automatically assess whether apps adhere to the user's expectation of
privacy. My binary static analysis platform (PiOS) evaluates different
security properties on iOS applications. For example, PiOS automatically
detected numerous popular applications that leak privacy sensitive data,
such as address book contents or location information over the Internet.
Android surpassed iOS as the most popular smart phone operating system.
In this talk, I will also present CryptoLint -- a fully automated static
analysis system that detects the misuse of cryptographic primitives in
Android applications. An extensive evaluation of over 11,000
applications from Google's play store indicates that 88% of these
applications misuse cryptographic primitives.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20140922/797730f1/attachment.html>

More information about the Busec mailing list