[Busec] busec this week: Frank Wang (Wed 10am)

Sharon Goldberg goldbe at cs.bu.edu
Tue Oct 18 13:33:33 EDT 2016

I'm happy to announce that we now have seminars scheduled for every
Wednesday until the end of the semester.

Next week, Frank Wang from MIT will give a systems security talk about
about cryptographic access control for data in untrusted clouds. The
following week, Daniel Apon from UMD will give a crypto talk about deniable
attribute-based encryption.  And after that, Luke Valenta from UPenn will
talk about factoring 512-bit RSA keys.

All talks on Wednesdays at 10am with lunch to follow. See you there!


BUsec Calendar:  http://www.bu.edu/cs/busec/
The busec seminar gratefully acknowledges the support of BU's Center for
Reliable Information Systems and Cyber Security (RISCS).

Seive: Access Control for User Data in Untrusted Clouds
Speaker: Frank Wang (MIT)
Wednesday October 19, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

Modern web services rob users of low-level control over cloud storage—a
user’s single logical data set is scattered across multiple storage silos
whose access controls are set by web services, not users. The consequence
is that users lack the ultimate authority to determine how their data is
shared with other web services. In this talk, we introduce Sieve, a new
platform which selectively (and securely) exposes user data to web
services. Sieve has a user-centric storage model: each user uploads
encrypted data to a single cloud store, and by default, only the user knows
the decryption keys. Given this storage model, Sieve defines an
infrastructure to support rich, legacy web applications. Using
attribute-based encryption, Sieve allows users to define intuitively
understandable access policies that are cryptographically enforceable.
Using key homomorphism, Sieve can reencrypt user data on storage providers
in situ, revoking decryption keys from web services without revealing new
keys to the storage provider. Using secret sharing and two-factor
authentication, Sieve protects cryptographic secrets against the loss of
user devices like smartphones and laptops. The result is that users can
enjoy rich, legacy web applications, while benefiting from
cryptographically strong controls over which data a web service can access.

Deniable Attribute Based Encryption for Branching Programs from LWE
Speaker: Daniel Apon (UMD)
Wednesday October 26, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

Deniable encryption (Canetti et al. CRYPTO '97) is an intriguing
primitive that provides a security guarantee against not only
eavesdropping attacks as required by semantic security, but also stronger
coercion attacks performed after the fact. The concept of deniability has
later demonstrated useful and powerful in many other contexts, such as
leakage resilience, adaptive security of protocols, and security against
selective opening attacks. Despite its conceptual usefulness, our
understanding of how to construct deniable primitives under standard
assumptions is restricted.

In particular from standard lattice assumptions, i.e. Learning with Errors
we have only flexibly and non-negligible advantage deniable
public-key encryption schemes, whereas with the much stronger assumption
of indistinguishable obfuscation, we can obtain at least fully sender-
deniable PKE and computation. How to achieve deniability for other
more advanced encryption schemes under standard assumptions remains
an interesting open question.

In this work, we construct a flexibly bi-deniable Attribute-Based
Encryption (ABE) scheme for all polynomial-size Branching Programs from
LWE. Our techniques involve new ways of manipulating Gaussian noise
that may be of independent interest, and lead to a significantly sharper
analysis of noise growth in Dual Regev type encryption schemes.We hope
these ideas give insight into achieving deniability and related properties
for further, advanced cryptographic systems from lattice assumptions.

Joint work with Xiong Fan (Cornell) and Feng-Hao Liu (Florida Atlantic).


Factoring As A Service
Speaker: Luke Valenta (UPenn)
Wednesday Nov 2, 10am
Hariri Institute (111 Cummington St, Boston MA 02215)

The difficulty of integer factorization is fundamental to modern
cryptographic security using RSA encryption and signatures.  Although a
512-bit RSA modulus was first factored in 1999, 512-bit RSA remains
surprisingly common in practice across many cryptographic protocols.
Popular understanding of the difficulty of 512-bit factorization does not
seem to have kept pace with developments in computing power.  In this
paper, we optimize the CADO-NFS and Msieve implementations of the number
field sieve for use on the Amazon Elastic Compute Cloud platform, allowing
a non-expert to factor 512-bit RSA public keys in under four hours for
$75.  We go on to survey the RSA key sizes used in popular protocols,
finding hundreds or thousands of deployed 512-bit RSA keys in DNSSEC,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/busec/attachments/20161018/df746c37/attachment.html>

More information about the Busec mailing list