ZISC Seminars – Page 10

The DRAM Latency PUF: Quickly Evaluating Physical Unclonable Functions by Exploiting the Latency-Reliability Tradeoff in Modern Commodity DRAM Devices

February 8, 2018Kari KostiainenZISC Seminars

Abstract: Physically Unclonable Functions (PUFs) are commonly used in cryptography to identify devices based on the uniqueness of their physical microstructures. DRAM-based PUFs have numerous advantages over PUF designs that exploit alternative substrates: DRAM is a major component of many modern systems, and a DRAM-based PUF can generate many unique identifiers. However, none of the

Topology-Hiding MPC

January 25, 2018Kari KostiainenZISC Seminars

Abstract: Secure multi-party computation (MPC) allows n distrusting parties to jointly compute a function of their inputs while revealing nothing but the output of the function. At TCC 15, Moran et al. [1] introduced “Topology-Hiding MPC”. Here, one considers MPC over an incomplete network, where the network topology, in itself, is considered sensitive information. The

Ratio Buckets: A Numeric Method for r-Fold Tight Differential Privacy

December 19, 2017Kari KostiainenZISC Seminars

Abstract: Privacy guarantees of a privacy-enhancing system have to be robust against thousands of observations for many realistic application scenarios, such as anonymous communication systems, privacy-enhancing database queries, or privacy-enhancing machine-learning methods. The notion of r-fold Approximate Differential Privacy (ADP) offers a well-established framework with clear privacy bounds and with composition theorems that capture how

The Art and Science of Building Customer Trust in the Cloud

December 14, 2017Kari KostiainenZISC Seminars

Abstract: Primary considerations for enterprise customers who want to leverage apublic cloud are data security and the effort involved in migratingexisting applications. But how do enterprise customers use cloud? How dothey evaluate a cloud vendor¹s security capabilities? How do they securetheir resources in the cloud? What are the pillars of a trusted enterprisecloud? In this

PISKES: Pervasive Internet-Scale Key Establishment System

December 7, 2017Kari KostiainenZISC Seminars

Abstract: IP address spoofing allows large-scale Distributed Denial of Service (DDoS) reflection attacks. In these attacks, an adversary sends the initial packet of a communication protocol to a reflector, without performing a full handshake. An efficient first-packet authentication system can mitigate such attacks. This work presents the design, implementation, analysis, and experimental evaluation of PISKES,

Bitcoin as a Transaction Ledger – A Composable Treatment

November 30, 2017Kari KostiainenZISC Seminars

Abstract: Bitcoin is perhaps the most prominent example of a distributed cryptographic protocol that is extensively used in everyday life. In this talk, we present a universally composable treatment of the Bitcoin protocol. We specify the goal that Bitcoin aims to achieve as a ledger functionality in the universal composability (UC) model of Canetti. Unlike

Anonymous Communication for Messengers via “Forced” Participation

November 23, 2017Kari KostiainenZISC Seminars

Abstract: Anonymous communication networks (ACNs) are basic building blocks for obtaining or exchanging data in a privacy-preserving manner. ACNs suffer from a bootstrapping problem: having few users leads to a small anonymity set, which renders the ACN unattractive. We propose a system, CoverUp, that tackles the bootstrapping problem for ACNs. The key idea is to draw

[ZISC Lunch Seminar] Developers are not the enemy!

October 6, 2017Kari KostiainenZISC Seminars

Abstract: Usability problems are a major cause of many of today’s IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and

[ZISC Lunch Seminar] Analyses, measurements, and solutions — a few example cases in data security and authentication

October 5, 2017Kari KostiainenZISC Seminars

Abstract: This talk is primarily to introduce some of our recent projects, and some project ideas for possible collaboration. The talk will touch several topics. I will go into details based on the group’s interests. Feel free to check the papers at: https://users.encs.concordia.ca/~mmannan/pubs-year.html *Anti-coercion* we have been exploring solutions for data security in coercive situations

[ZISC Lunch Seminar] Towards Trojan-tolerant Cryptographic Hardware

September 20, 2017Kari KostiainenZISC Seminars

Abstract: The current consensus within the security industry is that high-assurance systems cannot tolerate the presence of compromised hardware components. In this talk, we challenge this perception and demonstrate how trusted, high-assurance hardware can be built from untrusted and potentially malicious components. The majority of IC vendors outsource the fabrication of their designs to