[Busec] [busec] Cristina Nita-Rotaru, NEU (Wed 9:45am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Mar 22 12:08:43 EDT 2016

Hi everyone,

Our series of exciting network security talks starts tomorrow!

Tomorrow at 9:45am Cristina Nita-Rotaru from NEU will give a talk on
the trade-offs between performance and security in network protocols
design.   The following week Zakir Durumeric will talk about uncovering
cryptographic failures with Internet measurement. And the week after that
we will have a talk by Matt Green.

See you tomorrow!

BUsec Calendar:  http://www.bu.edu/cs/busec/

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).


Title: On the trade-offs between performance and security in network
protocols design
Speaker: Cristina Nita-Rotaru, NEU
Date: Wednesday 03/23 2016,  9:45pm-10:45pm
Room: MCS148

Abstract: The proliferation of mobile and web applications and their
performance requirements have exposed the limitations of current secure
transport protocols, particularly during connection establishment. As a
result, protocols like QUIC and TLS v1.3 were proposed to address such

In this work we analyze the trade-offs between provable security and
performance guarantees in the presence of attackers by focusing on QUIC. We
first introduce a security model for analyzing performance-driven protocols
like QUIC and prove that QUIC satisfies our definition under reasonable
assumptions on the protocol’s building blocks. However, we find that QUIC does
not satisfy the traditional notion of forward secrecy that is provided by
some modes of TLS, e.g., TLS-DHE. Our analyses also reveal that with simple
bit-flipping and replay attacks on some public parameters exchanged during
the handshake, an adversary could easily
prevent QUIC from achieving minimal latency advantages either by having it
fall back to TCP or by causing the client and server to have an
inconsistent view of their handshake leading to a failure to complete the
connection. We have implemented these attacks and demonstrated that they
are practical. Our results suggest that QUIC’s security weaknesses are
introduced by the very mechanisms used to reduce latency, which highlights
the trade- off between minimizing latency and providing security guarantees.

This is joint work with Robert Lychev, MIT Lincoln Labs,  Samuel Jero,
Purdue University and  Alexandra Boldyreva, Georgia Tech
More details available in  https://eprint.iacr.org/2015/582.pdf

Uncovering Cryptographic Failures with Internet-Wide Measurement
Speaker: Zakir Durumeric, Michigan
Date: Wednesday 03/30 2016,  9:45pm-10:45pm
Room: MCS148

Despite advances in cryptography, there remains a significant gap between
developed algorithms and how systems are protected in the real world. In
this talk, I will discuss two studies in which Internet-wide measurement
has uncovered catastrophic cryptographic failures in practice. In the
first, we investigate the Diffie-Hellman key exchange, finding it far less
secure than widely believed. I'll present Logjam, a novel flaw in TLS that
lets a man-in-the-middle downgrade connections to “export-grade”
Diffie-Hellman, and then go on to consider how a small number of fixed or
standardized groups may allow for passive eavesdropping by nation-state

Next, I'll discuss our recent analysis of mail delivery security. We find
that the top mail providers all proactively encrypt and authenticate
messages. However, these best practices have yet to reach widespread
adoption with only one third of top domains successfully configuring
encryption and 1% supporting mail authentication. Unfortunately, this
patchwork has led to an ecosystem where servers favor failing open to allow
gradual deployment. We find that downgrade attacks are commonplace in the
real world and highlight seven countries where more than 20% of inbound
Gmail messages arrive in cleartext due to network attackers

Title: {something about iMessage security}
Speaker: Matt Green, JHU
Date: Wednesday 04/06 2016,  9:45pm-10:45pm
Room: MCS148

TBD, see http://wpo.st/tv8O1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20160322/1d5a1a35/attachment.html>

More information about the Busec mailing list