[Busec] 1st talk of semester next week (Wed 10am)

Foteini Baldimtsi foteini at baldimtsi.com
Fri Sep 11 16:54:07 EDT 2015


Hi everyone,

The BUsec seminars are back! The first talk of the semester will be next
Wednesday (9/16) at 10am by Jeremiah Blocki. Jeremiah just joined MSR as a
post-doc and he will be talking about Usable and Secure Human
Authentication.


Hope to see you all there!
Foteini


BUsec Calendar:  http://www.bu.edu/cs/busec/
BUsec Mailing list: http://cs-mailman.bu.edu/mailman/listinfo/busec

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

******

Towards Usable and Secure Human Authentication
Speaker: Jeremiah Blocki, MSR New England
Wednesday Sept 16, 2015  10-11am
Hariri Seminar Room, MCS180

Abstract: A typical computer user today manages passwords for many
different online accounts. Users struggle with this task — often
forgetting their passwords or adopting insecure practices, such as using
the same passwords for multiple accounts and selecting weak passwords.
While there are many books, articles, papers and even comics about
selecting strong individual passwords, there is very little work on
password management schemes — systematic strategies to help users create
and remember multiple passwords. Before we can design good password
management schemes it is necessary to address a fundamental question: How
can we quantify the usability or security of a password management scheme.
One way to quantify the usability of a password management scheme would be
to conduct user studies evaluating each user’s success at remembering
multiple passwords over an extended period of time. However, these user
studies would necessarily be slow and expensive and would need to be
repeated for each new password management scheme. In this talk we argue
that user models and security models can guide the development of password
management schemes with analyzable usability and security properties. We
present several results in support of this premise. First, we introduce
Naturally Rehearsing Password schemes. Notably, our user model, which is
based on research on human memory about spaced rehearsal, allows us to
analyze the usability of this family of schemes while experimentally
validating only the common user model underlying all of them. Second, we
introduce Human Computable Password schemes, which leverage human
capabilities for simple arithmetic operations. We provide constructions
that make modest demands on users and we prove that these constructions
provide strong security: an adversary who has seen 100 10-digit passwords
of a user cannot compute any other passwords except with very low
probability. Our password management schemes are precisely specified and
publishable: the security proofs hold even if the adversary knows the
scheme and has extensive background knowledge about the user (hobbies,
birthdate, etc.).

The talk is based on joint works with Manuel Blum, Anupam Datta, Lorrie
Cranor, Saranga Komanduri and Santosh Vempala.


Bio: Jeremiah Blocki is a Post Doc at Microsoft Research New England Lab.
He completed his PhD at Carnegie Mellon University in 2014 under the
supervision of Manuel Blum and Anupam Datta. His thesis on Usable Human
Authentication explored the following question: Can we develop password
management schemes --- systematic user strategies for creating and
remembering multiple passwords --- that provably balance security and
usability? His general research interests include: cryptography, usable
authentication, passwords, differential privacy, game theory and learning
theory. One of his more ambitious research goals is to develop
cryptographic protocols that are so simple that a human could execute them
without receiving assistance from a trusted computer. In the Fall of 2016,
he will join the Computer Science Department at Purdue University as an
Assistant Professor.


************
Authentication in Constrained Settings: challenges and directions
Speaker: Katerina Mitrokotsa, Chalmers University of Technology, Sweden.
Wednesday Sept 23, 2015  10-11am
Hariri Seminar Room, MCS180

Abstract: Wireless communications technologies have received great
attention in recent years, mainly due to the evolution of wireless
networking and mobile computing hardware and their broad applicability.
However, their inherent vulnerabilities have serious security and privacy
implications. In this talk, we will discuss authentication in wireless
communications which is often performed in: i) noisy conditions, ii)
hostile environments and iii) constrained settings. By noisy conditions, we
refer to noise in the communication channel that may lead to modification
of the transmitted information. By hostile environments we mainly refer to
environments where attackers may attempt to impersonate legitimate users,
while by constrained settings we refer to environments that may include
communication among wireless devices with limited resources.  We have
extensively investigated a family of authentication protocols called
distance bounding protocols that can be employed as the main countermeasure
against relay attacks. We analyse the security of such protocols and we
discuss the main challenges of designing efficient and secure
distance-bounding protocols. The authentication problem will also be
connected to the need of privacy-preservation of  a prover's location as
well as when the credentials used for authentication (e.g. biometrics) need
to remain private.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20150911/3f99c873/attachment.html>


More information about the Busec mailing list