[Busec] busec this week! Luke Valenta (Today 10am) Frank Pasquale (Friday 11am)

Sharon Goldberg goldbe at cs.bu.edu
Wed Nov 2 05:51:36 EDT 2016

I wanted to add one more event I missed in my mailing last night.

Today at 10am Luke Valenta from UPenn will talk about factoring 512-bit RSA
keys and their prevalence in the wild.

On Friday at 11am, Frank Pasquale, a law professor from the University of
Maryland, is talking at Hariri about data regulation. This is seminar is
part of our ongoing interaction with BU's law school and cyberlaw clinic.

We continue to have weekly BUSEC seminars until Thanksgiving week. Full
schedule below.


BUsec Calendar:  http://www.bu.edu/cs/busec/
The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

Factoring As A Service
Speaker: Luke Valenta (UPenn)
Wednesday Nov 2, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

The difficulty of integer factorization is fundamental to modern
cryptographic security using RSA encryption and signatures.  Although a
512-bit RSA modulus was first factored in 1999, 512-bit RSA remains
surprisingly common in practice across many cryptographic protocols.
Popular understanding of the difficulty of 512-bit factorization does not
seem to have kept pace with developments in computing power.  In this
paper, we optimize the CADO-NFS and Msieve implementations of the number
field sieve for use on the Amazon Elastic Compute Cloud platform, allowing
a non-expert to factor 512-bit RSA public keys in under four hours for
$75.  We go on to survey the RSA key sizes used in popular protocols,
finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC,

Frank Pasquale
Professor of Law, Universty of Maryland

Friday, November 4, 2016
11 am - 12:30 pm
Hariri Institute for Computing
111 Cummington Mall, Room 180

Hosted in collaboration with the Center for Reliable Information
Systems & Cyber Security (RISCS) and BU/MIT Technology &
Cyberlaw Clinic

Scholars like Cathy O’Neil (Weapons of Math Destruction) and Sharona
Hoffman (Big Bad Data) have described pervasive inaccuracy or
unfairness in important data and models used in contexts ranging from
education to finance to health care. Discovering problems in big data
(or decision models based on it) should not be a burden we expect
individuals to solve on their own. Very few of us have the time to root
through the thousands of databases that may be affecting our lives.
Rather, this is something that regulators should be doing, reviewing the
files of both large firms and data brokers to find suspect data and to
demand review of the sources of data). This talk will focus on Chapters
2 and 5 of my book, The Black Box Society, which proposes a number of
principles to guide future data regulation in the United States.

About the Speaker
Frank Pasquale is a Professor of Law at the University of Maryland.
Pasquale’s research addresses the challenges posed to information law
by rapidly changing technology, particularly in the health care, internet,
and finance industries. He is a member of the NSF-funded Council for
Big Data, Ethics, and Society, and an Affiliate Fellow of Yale Law School’s
Information Society Project. He frequently presents on the ethical, legal,
and social implications of information technology for attorneys,
physicians, and other health professionals. His book, The Black Box
Society: The Secret Algorithms that Control Money and Information
(Harvard University Press, 2015), develops a social theory of
reputation, search, and finance.

Double-Spend Attack Analysis and an Improved Network Architecture for
George Bissias. (UMass)
Wednesday Nov 9, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

We contribute two complementary analyses to increase Bitcoin’s security,
efficiency, and transparency. First, we present a novel economic evaluation
of the double-spend attack with and without a contemporaneous eclipse
attack. We derive and validate a mathematical model focused on the value of
transactions that can be secured. Our model quantifies the importance of
each factor that determines the attack’s success. Our model also quantifies
the threat posed by eclipse-based double-spend attacks.

Second, we design and evaluate a replacement for Bitcoin’s inefficient,
opaque network architecture comprised of a high-degree, random graph of
peers. In our approach, called Canary, peers submit transactions directly
to miners, who announce new blocks and transactions via self-managed,
one-way trees of peers. Canary uses byte-efficient status report messages
that, like canaries in a coal mine, allow peers to detect both malicious
miners and eclipse attacks almost immediately. Canary’s structured topology
reduces total overhead traffic significantly, e.g., to about 30% of the
cost of the current topology.

Amir Houmansadr (UMass)
Wednesday Nov 16, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

Sharon Goldberg
Computer Science, Boston University

Sharon Goldberg
Computer Science, Boston University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20161102/07dca6cb/attachment.html>

More information about the Busec mailing list