[ZISC Lunch Seminar] Analyses, measurements, and solutions — a few example cases in data security and authentication

Thu 05Oct2017

Prof. Mohammad Mannan, Concordia University

From 12.00 until 13.30

At CNB/F/110 (Lunch) + CNB/F/100.9 (Seminar), ETH Zurich

Universitätstrasse 6, 8092 Zurich

Abstract:

This talk is primarily to introduce some of our recent projects, and some project ideas for possible collaboration. The talk will touch several topics. I will go into details based on the group’s interests. Feel free to check the papers at: https://users.encs.concordia.ca/~mmannan/pubs-year.html

*Anti-coercion* we have been exploring solutions for data security in coercive situations — e.g., physical attacks when the attacker has full control over the target machine and can force the machine owner into revealing encryption passwords (cf. US FISA, clandestine NSA programs). I will discuss two recent proposals: Gracewipe (coercion-resistant disk data deletion) and Hypnoguard (cold-boot protection for RAM data in sleep). *Password authentication* we propose a system called SafeKeeper to provide password confidentiality in a stronger threat model: against password database breaches, compromised servers, rogue administrators, and phishing attacks. I will also introduce UVAuth (User-Verified Authentication) for stronger protection against online guessing attacks. *Analysis* I will discuss four projects: TLS proxies as implemented in several major antivirus and parental-control applications; TLS deployments in non-PC devices; certificates and web-privacy measurements from a global perspective; and password strength meters.

Download Event to Calendar