Challenges in Remote Attestation of Low-End Embedded Devices

Embedded computing devices increasingly permeate many aspects of modern life: from medical to automotive, from building and factory automation to weapons, from avionics to home entertainment. Despite their specialized nature as well as limited resources and connectivity, these devices are becoming an increasingly popular and attractive target for remote malware infestation attacks, exemplified by Stuxnet [1].

Securing Code in a More Trustworthy Fashion

Much of our computing infrastructure is still built using C and C++, in spite of overwhelming language-level problems that lead to security exploits. I will discuss a range of compiler-oriented techniques that researchers have explored to try and harden C/C++ code.

Prof. Adrian Perrig: "SCION: Scalability, Control, and Isolation On Next-Generation Networks"

We present an Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communications. SCION separates ASes into groups of independent routing sub-planes, called isolation domains, which then interconnect to form complete routes.

Prof. Farinaz Koushanfar: "Big Data, Big Security, Bigger Challenges and Opportunities"

The construction and study of systems that can extract useful knowledge from the massively growing data have become extremely challenging. The conventional knowledge extraction tools, which handle computations on matrices/graphs, do not typically scale to extremely large data sizes. Major difficulties particularly arise when the data correlations are dense like in the case of large scale Internet security and malware analysis: the underlying matrix/graphs cannot be fit into a single machine or, effectively partitioned, parallelized, and communicated within multiple processing units (i.e., system’s bandwidth limitations.)

Prof. Fred Schneider: "Toward a Science of Security"

While today much security research is about defending against the attack du jour, there has been theoretical work in computer security and there are the beginnings of a science base for security.  This talk will discuss the kinds of questions one might expect a scince base to address.

Prof. Amir Herzberg: "Plug-and-Play IP Security: Anonymity Infrastructure Instead of PKI"

Distinguished Lecture at TU Darmstadt

Cryptography: A personal perspective

Distinguished Lecture

"TLS and DTLS: A Tale of Two Protocols"

TLS is the de facto protocol of choice for securing Internet communications, while DTLS is an increasingly important variant of TLS that was designed for use in lightweight applications. In this talk, I will provide an overview of what is known about the security of the TLS and DTLS protocols. I'll discuss the BEAST attack on TLS and what its implications are.

"Selected Protocols for RFID Security and Privacy"

"Street-Level Semantics for Attribute Authentication"

A fundamental problem of trust is a receiver’s decision of whether to accept input from an unknown sender in a protocol where the sender and receiver cooperation benefits both, whereas lack of cooperation benefits only the sender; e.g., in a classic trust game of behavioral economics.