ZISC Information Security Colloquium HS 2009

Provisional schedule. Please check for updates (you may have to shift-reload).

The ZISC Information Security Colloquium is a wide-spectrum lecture series with topics ranging from theoretical and technical issues to business aspects of information security. It is co-organized by the ETH and industry ZISC partners. Each speaker is invited by one of the associates.

• Place: ETH Zurich, HG F 5 (main building, floor F, room 5)
  
• Time: Tuesdays, 17:15 - 18:15 h

Abstracts & Slides

'Safebook - a decentralized on-line social network for privacy' by Refik Molva

This talk is about the distributed on-line social networking system called Safebook. Safebook tackles the security and privacy problems of online social networks by putting a special emphasis on the privacy of users with respect to the application provider. In order to assure privacy in the face of potential violations by the provider, Safebook is designed in a decentralized architecture relying on the cooperation among the independent parties that represent the users of the online social network. Safebook addresses the problem of building secure and privacy-preserving data storage and communication mechanisms in a peer-to-peer system by leveraging trust relationships akin to social networks in real life. The talk includes some details of Safebook architecture and a discussion of its security and privacy properties. The protocols of Safebook are evaluated in various attack scenarios with respect to privacy, integrity and availability. 

The slides can be found here.

'Security Mechanisms with Selfish Players in Wireless Networks' by Jean-Pierre Hubaux

Various malicious and selfish misdeeds against wireless networks have already been perpetrated. But as these networks are becoming ubiquitous, much worse is to be expected. In this talk, we will briefly address the future development of wireless networks. We will then discuss secure neighbor discovery. After a brief introduction to game theory, we will address the impact of non-cooperative behavior on security mechanisms. For that purpose, we will consider the case of revocation in high-mobility (or "ephemeral") networks as well as pseudonym change in mix zones.

Note: some of the material of this talk appears in the book Security and Cooperation in Wireless Networks by L. Buttyan and J.-P. Hubaux, Cambridge University Press, 2008, available at http://secowinet.epfl.ch .

The slides can be found here.

'Differential attacks on PIN Processing APIs' by Graham Steel

International standards dictate that all processing of customer Personal Identification Numbers (PINs) in the international cash machine network must take place inside special tamper resistant Hardware Security Modules (HSMs). These HSMs have a restricted API designed so that even if an attacker is able to make arbitrary command calls to the device, no customer PINs can be obtained. However, in recent years, a number of attacks have been found on these APIs. Some of them are so-called differential attacks, whereby an attacker makes repeated calls to the API with slightly different parameters, and from the pattern of error messages received, he is able to deduce the value of a PIN. In this talk, I will present some of these attacks, and talk about efforts to analyse them formally. This will include techniques for proving the absence of such attacks in patched APIs, and a practical proposal for improving the security of the network without making large-scale changes to the current infrastructure.

The slides can be found here.

'Automated Validation of Trust and Security of Service-oriented Architectures' by Luca Vigano

The AVANTSSAR Project (www.avantssar.eu) has been developing an automated platform that provides a rigorous technology for the formal specification and Automated VAlidatioN of Trust and Security of Service-oriented ARchitectures. This technology, which is being tuned on a number of relevant industrial case studies so to allow for the migration into the development process for software solutions for the internet of Services, aims at speeding up the development of new network and service infrastructures, enhance their security and robustness, and increase the public acceptance of emerging IT systems and applications based on them.
I will present the main techniques and technologies that are part of the AVANTSSAR Platform and some of the case studies it has been applied on. In particular, to illustrate the platform on the field, I will discuss our formal analysis of a SAML Web Browser Single Sign-On Protocol. Single-Sign-On (SSO) protocols enable companies to establish a federated environment in which clients sign in the system once and yet are able to access to services offered by different companies. The Security Assertion Markup Language (SAML) Web Browser SSO Profile is the emerging standard in this context. We have provided formal models of the protocol corresponding to one of the most used use case scenarios (the SP-Initiated SSO with Redirect/POST Bindings) and of the implementation used by SAML-based SSO for Google Applications. We have mechanically analyzed these formal models and thereby revealed a severe security flaw in the Google's implementation that allows a dishonest service provider to impersonate a user and get unauthorized access to Google Applications (and viceversa). We have reproduced this attack in an actual deployment of the SAML-based SSO for Google Applications.

'Virtualization - Opportunities, Threats and Challenges' by Lukas Ruf

Virtualization of commodity servers opens up a wide range of new opportunities for functionality consolidation while preserving their logical separation.
These opportunities are accompanied by new threats on confidentiality, integrity and availability that may pose significant risks on operation if not understood and addressed properly.
In this talk, a modelling approach to virtualization is introduced together with an overview of different technologies involved. Based on this, opportunities, threats and challenges are presented that need to be addressed for dependable and secure operation of virtualized platforms.

'The wisdom of Crowds: attacks and optimal constructions' by Claudia Diaz

Crowds is a landmark in anonymity research as it proposes a simple but effective way of achieving anonymity for web browsing. In this talk I will show how minor modifications to the Crowds routing protocol, as proposed recently in a paper presented at ESORICS 2008, negatively affect anonymity properties. I will then explain why the original Crowds routing algorithm is optimal for any given mean messaging latency.
Finally, I will present D-Crowds, a scheme that supports any path length distribution, while leaking the least possible information, and quantify the optimal attacks against it.

'Some Black Swans in IT Security' by Luke O'Connor

The recent book, The Black Swan: The Impact of the Highly Improbable, by Nassim Nicholas Taleb (NNT), was a runaway best seller addressing our seemingly inherent inability to predict (let alone plan for) those events that will produce the highest impacts in our lives, professions, countries and the world at large. In this talk I will discuss some events in the history of IT Security over the last 50 years or so that can be considered Black Swans - unexpected events that have changed the course of IT Security. My list includes the one time pad, public key cryptography, the Internet worm, Bruce Schneier, passwords and "good enough" security.

More details on this topic can be found here.