[Busec] Daniel Genkin, Technion (Fri 3pm) Physical Side Channel Attacks on PCs

Sharon Goldberg goldbe at cs.bu.edu
Thu Feb 4 10:36:22 EST 2016


We have several interesting talks coming up.

Tomorrow at 3pm we will have a talk by Daniel Genkin from Technion, on
Physical Side Channel Attacks on PCs. After the talk we will have TGIF
beers at the lounge (featuring some Lambic as well).

At next Wednesday's seminar, Kobbi Nissim and Alex Woods will be presenting
some very interesting work about using computer science to model legal
definitions, focusing specifically on FERPA and differential privacy.
Followed by lunch in the lab.

And for next Friday, we are cross-listing a CS Colloquium by Justin Thaler,
who will be talking about verifiable computation.

Hope to see you there!  Abstracts below.
Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

***************************

Title: Physical Side Channel Attacks on PCs
Speaker: Daniel Genkin, Technion Israel Institute of Technology
Date: Friday Feb. 5th 2016,  3:00pm-4:00pm
Room: Hariri Seminar Room, MCS180

Abstract: Can secret information be extracted from personal computers by
measuring their physical properties from the outside? What would it take to
extract whole keys from such fast and complex devices? We present myriads
way to do so including:
* Acoustic key extraction using microphones to record the high-pitched
noise caused by vibration of electronic circuit components during
decryption. * Electric key extraction exploiting fluctuations in the
"ground" electric potential of computers. An attacker can measure this
signal by touching the computer's chassis or the shield on the remote end
of Ethernet, VGA or USB cables. * Electromagnetic key extraction using a
cheap radio to non-intrusively attack laptop computers. The talk will
discuss the cryptanalytic physical and signal-processing principles of the
attacks and include live demonstrations. The talk is based on joint works
with Lev Pachmanov, Itamar Pipman, Adi Shamir and Eran Tromer

********
Do computer science definitions of privacy satisfy legal definitions of
privacy? The case of FERPA and differential privacy.
Kobbi Nissim, Alex Wood
Ben-Gurion University and Harvard University
Date: Wednesday,February 10, 2015. 9:45-11am
Room: Hariri Seminar Room, MCS180

Lawyers and computer scientists hold very different notions of privacy.
Privacy laws rely on narrower and less formal conceptions of risk than
those described by the computer science literature. As a result, the law
often creates uncertainty and fails to protect against the full range of
data privacy risks. In contrast, mathematical concepts such as differential
privacy provide a quantifiable, robust guarantee of privacy against a wide
range of potential attacks, including types of attacks currently unknown or
unforeseen.

The subject of much theoretical investigation, differential privacy has
recently been making significant strides towards practical implementation.
However, because the law generally relies on very different methods for
mitigating risk, a significant challenge to implementation will be
demonstrating that the new privacy technologies satisfy legal requirements
for privacy protection. In particular, most privacy laws focus on the
identifiability of data, or the ability to link an individual to a record
in a release of data. In doing so, they often equate privacy with heuristic
“de-identification” approaches and provide little guidance for implementing
more formal privacy-preserving techniques.

In this talk, we will articulate the gap between legal and technical
approaches to privacy and present a methodology for formally proving that a
technological method for privacy protection satisfies the requirements of a
particular law. This methodology involves two steps: first, translating a
legal standard into a formal mathematical requirement of privacy and,
second, constructing a rigorous proof for establishing that a technique
satisfies the mathematical requirement derived from the law. We will walk
through an example applying this new methodology to bridge the requirements
of the Family Educational Rights and Privacy Act (FERPA) and differential
privacy.

This talk summarizes early results from ongoing research by Kobbi Nissim,
Aaron Bembenek, Mark Bun, Marco Gaboardi, and Salil Vadhan from the Center
for Research on Computation and Society, together with Urs Gasser, David
O’Brien, and Alexandra Wood from the Berkman Center for Internet & Society.
Further work building from this approach is anticipated to form the basis
of a future publication. This research is also part of a broader
collaboration through Harvard's Privacy Tools for Sharing Research Data
project, which aims to build legal and technical tools, such as tools for
differentially private statistical analysis, to help enable the wider
sharing of social science research data while protecting the privacy of
individuals.


********
CS Seminar:  A Crash Course on Fast Interactive Proofs
Speaker: Justin Thaler
Date: Friday February 12, 2015,  11-12am
Room: Hariri Seminar Room, MCS180

Abstract: Protocols for verifiable computation enable a computationally
weak verifier to offload computations to a powerful but untrusted prover,
while providing the verifier with a guarantee that the prover performed the
computations correctly. Asymptotically efficient protocols for verifiable
computation have been known for several decades in the form of interactive
proofs, PCPs, and their brethren. However, it is only very recently that
these protocols have grown efficient enough for plausible use in the real
world. In this talk, I will give a crash course on interactive proofs and
the algorithmic techniques underlying their efficient implementation.

NOTE: We are cross-listing this CS seminar on the busec calendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20160204/ebe7f4d1/attachment.html>


More information about the Busec mailing list