Add to collection(s) Add to saved
  1. No category

Security Highlights

advertisement 
Highlights of the 8th USENIX
Security Symposium
Greg Rose
QUALCOMM Australia
ggr@qualcomm.com
1-Jul-16
Copyright © QUALCOMM Inc, 1998
Introduction
• Held at the JW Marriott Hotel, Washington DC
• Two days of tutorials
• two days of symposium
• Invited talks and Works in Progress
• Program Chair: Win Treese (Open Market Inc)
• Invited Talks: Avi Rubin (AT&T Labs)
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 2
Keynote: Experience is the
Best Teacher
• Peter Neumann, SRI International
• Examined the design of “secure systems”
• By anecdote, showed that many problems
recur even though they have been “fixed”
• recommends:
– better specification of requirements
– strong and robust protocols
– good cryptographic infrastructure
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 3
The Design and Analysis of
Graphical Passwords
• Ian Jermyn (NYU), Alain Mayer, Fabian
Monrose, Mike Reiter (Bell Labs) and Avi
Rubin (AT&T Labs)
• Both “Best Paper” and “Best Student Paper”
• Presented a couple of schemes for entering
passwords graphically, on say a PDA.
• Research shows that people can remember
such things better
• There’s no “dictionary” to search
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 4
Why Johnny Can’t Encrypt
• Alma Whitten (Carnegie Mellon), Doug Tygar
(UC Berkeley)
• Showed that a selection of people had
difficulty using PGP to send encrypted email
• Analysed what kinds of problems tripped
even experienced users
– security as a secondary goal
– the “barn door problem”
– Software only as strong as the weakest link
– lack of feedback
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 5
The Design of a Cryptographic
Security Architecture
• Peter Gutmann (Uni. Auckland)
• Design a security architecture first, then wrap
an API around it
• It’s possible to offload the sensitive work, say
to a cryptographic co-processor
• The longest half hour talk ever given…
• http://www.cs.auckland.ac.nz/pgut001/cryptlib
.html
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 6
Networks and Security and
why the two don’t get
along
• Steve Bellovin, AT&T Labs
• Filled in at last minute, still a great talk
• Problems:
– Servers get bogged down
– everything has to be secure, eg. Routing, time …
– trust management, lack of a PKI
– the difference between theory and practice, or
between design and implementation
• only 15% of 1998 CERT advisories could be
solved by encryption! Still too many buffer
overruns.
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 7
ActiveX Insecurities
• Richard Smith (Phar Lap Software)
• Develops and collects examples of ActiveX
insecurities
• This was a very scary talk!
• Included one demonstration where reading
mail gave over control of the machine
• Some controls marked “secure” are not
• Turning on “security” can sometimes lead to
an infinite number of dialog boxes
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 8
Works In Progress:
Advanced Encryption
Standard selection
• Elaine Barker, NIST
• 15 block cipher algorithms submitted in 1998
• Two conferences to discuss them
• 5 “finalists” chosen in August
– Serpent (Anderson, Biham and Knudsen)
– Twofish (Counterpane)
– Rijndael (Joan Daemen and Vincent Rijmen)
– MARS (IBM)
– RC6 (RSA)
• Conference next april, final selection late 2000
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 9
Internet Mapping
• Bill Cheswick (Bell Labs)
• Very interesting talk because it had a huge
map of the internet
• Useful to find holes in the wall of intranets
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 10
GSM A5/2 algorithm
revealed
• Nikita Borisov (UC Berkeley) reported on work
done by Lucky Green, Ian Goldberg, and
David Wagner
• Reverse engineered the algorithms for GSM
cellphone encryption
• Released printed source code for both
– stampede
• Announced a break of A5/2 (weaker)
– 2 hours to find it
– less than a second to run it
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 11
Next one
• Denver, Colorado, August 14-17
• Chaired by Steve Bellovin and Greg Rose
• Invited talks: Win Treese
• Keynote: Dr. Blaine Burnham, Georgia Tech
Information Security Centre (ex NSA)
• Focus on “holistic security”
1-Jul-16
Copyright© QUALCOMM Inc, 1998
slide 12
Related documents
Presentation Abstract Senior Project Manager, Corporate Technical Marketing QUALCOMM Incorporated
Presentation Abstract Senior Project Manager, Corporate Technical Marketing QUALCOMM Incorporated
Presentation Abstract Vice President, Business Development, Sub Sahara Africa QUALCOMM International
Presentation Abstract Vice President, Business Development, Sub Sahara Africa QUALCOMM International
Document11311573 11311573
Document11311573 11311573
now
now
Samantha Craig
Samantha Craig
Samantha Craig de Vient
Samantha Craig de Vient
Download
advertisement