[Busec] [busec] Zakir Durumeric (Wed 9.45am)

Sharon Goldberg goldbe at cs.bu.edu
Mon Mar 28 16:06:17 EDT 2016


Hi everyone,

Our series of exciting network security talks continues!

On Wednesday, Zakir Durumeric will talk about uncovering cryptographic
failures with Internet measurement. (Note for those who do network
measurement: Zakir is the lead author of zmap.) Next week Matt Green will
talk about his recent attack on iMessage (http://wpo.st/8YwP1).  And the
following week we have a talk by Brian Ford.

See you Wednesday!
Sharon

BUsec Calendar:  http://www.bu.edu/cs/busec/

The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

***
Uncovering Cryptographic Failures with Internet-Wide Measurement
Speaker: Zakir Durumeric, Michigan
Date: Wednesday 03/30 2016,  9:45pm-10:45pm
Room: MCS148

Despite advances in cryptography, there remains a significant gap between
developed algorithms and how systems are protected in the real world. In
this talk, I will discuss two studies in which Internet-wide measurement
has uncovered catastrophic cryptographic failures in practice. In the
first, we investigate the Diffie-Hellman key exchange, finding it far less
secure than widely believed. I'll present Logjam, a novel flaw in TLS that
lets a man-in-the-middle downgrade connections to “export-grade”
Diffie-Hellman, and then go on to consider how a small number of fixed or
standardized groups may allow for passive eavesdropping by nation-state
attackers.

Next, I'll discuss our recent analysis of mail delivery security. We find
that the top mail providers all proactively encrypt and authenticate
messages. However, these best practices have yet to reach widespread
adoption with only one third of top domains successfully configuring
encryption and 1% supporting mail authentication. Unfortunately, this
patchwork has led to an ecosystem where servers favor failing open to allow
gradual deployment. We find that downgrade attacks are commonplace in the
real world and highlight seven countries where more than 20% of inbound
Gmail messages arrive in cleartext due to network attackers

****
Title: {something about iMessage security}
Speaker: Matt Green, JHU
Date: Wednesday 04/06 2016,  9:45pm-10:45pm
Room: MCS148

TBD, see http://wpo.st/tv8O1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20160328/c0d64d54/attachment.html>


More information about the Busec mailing list