We discuss current topics related to cyber security, including technical as well as non-technical aspects. The seminars feature presentations of current topics within the interdisciplinary field of cybersecurity.
We would like to thank all presenters and participants for making this seminar a success.
Tuesday, April 5, 2016, 2pm in SE 215
Security Analysis of Brazilian Voting Machines
Diego F. Aranha, Institute of Computing, University of Campinas
Abstract: This talk presents a security analysis of the Brazilian voting machine software based on our participation in official restricted tests organized in 2012 by the national electoral authority. During the event, vulnerabilities in the software were detected and explored, with significant impact on ballot secrecy and integrity. We present scenarios where these vulnerabilities allow electoral fraud and suggestions to restore the security of the affected mechanisms. We also discuss how a crowdsourcing approach was used to partially verify the transmission of results in 2014 and improvements for upcoming elections.
Tuesday, March 1, 2016, 3pm in SE 215
Certificateless Parallel Key-Insulated Signature
Zhongmei Wan, Hohai University, College of Science
Abstract: To alleviate the damage caused by private key exposures, signing keys in certificateless key-insulated signature (CLKIS) schemes have to be updated at very short intervals, which will increase the risk of helper key exposures. To overcome this problem, we extend Hanaoka et al.’s parallel key-insulated mechanism to certificateless signature (CLS) scenarios, and study parallel key-insulated signatures in certificateless public key settings. We first present the formal definition and security model for certificateless parallel key-insulated signature (CLPKIS) schemes. Then we devise a concrete CLPKIS scheme which is proven to be secure against adaptive chosen message attacks in the random oracle model. Compared with the existing secure CLKIS schemes in the standard model, our scheme achieves the following features: (1) it may simultaneously increase the security of helpers and users by frequently updating the key without incurring a higher risk of helper key exposures. (2) even if an adversary corrupts any of user’s temporary signing keys and exactly one helper, it still does not compromise the security of the non-exposed stages. (3) it has shorter public system parameters, shorter public key size and less operation cost.
Tuesday, Feb 16, 2016, 2pm in SE 215
Security and Privacy Considerations in Vehicle-to-Grid Communications
Kemal Akkaya, Florida International University, Electrical and Computer Engineering
Abstract: Plug-in Electric Vehicles (PEVs) have recently received increasing popularity to promote adoption of intermittent renewable energy sources by acting as energy storage systems. In this way, PEVs can inject power to the Smart Grid during periods of reduced production to balance demand. The US Department of Energy expects that about one million PEVs will be on the roads by the end of 2016. These PEVs will typically be equipped with wireless communication capabilities (e.g., DSRC or LTE) to coordinate charging and injection among themselves and the Smart Grid. Such communication, however, exposes information such as the PEVs' locations, their parking duration, the battery status, etc. which can be misused. Long-term analysis of schedule and location information may expose user's driving patterns and whereabouts that can be used by marketers. In addition, the coordinated charging system needs to securely bill the drivers for their payments which necessitates the design of secure protocols. This talk will first focus on the privacy and security aspects of vehicle-to-grid (V2G) and vehicle-to-vehicle (V2V) communications in general. In particular, privacy, authentication and confidentiality challenges will be discussed. We will then present a framework for privacy-preserving power injection protocol for the PEVs that can sell power to the grid. The talk will conclude with other security-related projects in ADWISE Lab at FIU.
Friday, Jan 29, 2016, 4pm in SE 215
Sensory-Channels Threats in the IoT and CPS Era
Arif Selcuk Uluagac, Florida International University, Electrical and Computer Engineering
Abstract: Cyber space is expanding fast with the introduction of new Internet of Things (IoT) and CPS devices. Wearables, smart watches, glasses, fitness trackers, medical devices, Internet-connected house appliances and vehicles have grown exponentially in a short period of time. Our everyday lives will be dominated by billions of smart connected devices by the end of this decade. An important component of the IoT/CPS devices is the sensors they use to interact with each other and the physical world around them. Nonetheless, current security models consider protecting only networking components of the CPS devices utilizing traditional security mechanisms (e.g., an intrusion detection system for the data that traverse the network protocol stacks). The protection mechanisms are not sufficient to protect IoT/CPS devices from threats emanating from sensory channels. Using sensory channels (e.g., light, temperature, infrared), an adversary can successfully attack IoT/CPS applications and devices. Hence, in this talk, I will first introduce these novel sensory channel threats to IoT/CPS devices and applications. Then, the performance of various sensory channel threats will be presented. Finally, a design of a novel sensory channel-aware intrusion detection system as a protection mechanism against the sensory channel threats for IoT and CPS devices will be discussed.
Monday, November 30, 2015, 2pm in EE 503
Yevgeniy Dodis, New York University, Computer Science
Abstract: More recently, the cryptographic community has learned of a disturbingly wide array of new security vulnerabilities. The revelations of Edward Snowden show that the United States National Security Agency successfully gained access to secret information by extraordinary means, including subverting cryptographic standards, intercepting messages and tampering with hardware on its way to users. Due to the complexity of modern cryptographic software, such vulnerabilities are extremely hard to detect in practice, and, ironically, cryptographic modules are often the easiest to attack, as attackers can often use cryptographic mechanisms to mask their activities or opportunistically hide their communications within encrypted traffic. This leads to the question if any meaningful security is possible in the setting where the designers of the algorithm/standard might intentionally or accidentally introduce hidden backdoors which are unknown to the unsuspecting public, but will allow them to break security without detection. Motivated by these considerations, we initiate the study of backdoorless cryptography, and present positive and negative results for building both backdoored as well as backdoorless pseudorandom generators.
Wednesday, September 30, 2015, 11am in EE 405
From Rational to Social and Socio-Rational Secret Sharing Schemes
Presenter: Mehrdad Nojoumian, Florida Atlantic University, Computer & Electrical Engineering and Computer Science
Abstract: Secret Sharing is widely used in distributed secure systems as a cryptographic primitive. In this scheme, a secret is divided into shares to be distributed among a set of players. An authorized subset of players can then cooperate to recover the secret. In this talk, we initially review Shamir's secret sharing as well as rational secret sharing (RSS) schemes. Subsequently, the notion of social secret sharing (SSS) is introduced in which shares are allocated based on a player's reputation and the way she interacts with other parties. In other words, this scheme renews shares at each cycle without changing the secret and allows the trusted parties to gain more authority. Finally, the concept of socio-rational secret sharing (SRS) is introduced in which rational foresighted players have long-term interactions in a social context, that is, players run secret sharing while founding and sustaining a trust network. We show how this social reinforcement stimulates players to be cooperative.
Wednesday, September 16, 2015, 11am in SE 215
A framework for biometric visual cryptography
Presenter: Angela Robinson, Florida Atlantic University, Mathematical Sciences
Abstract: Visual cryptography is an increasingly popular cryptographic technique which allows for secret sharing and encryption of sensitive data. This method has been extended and applied to secure biometric data in various protocols. We propose a general framework to help assess the security of these extended biometric visual cryptographic schemes (e-BVC). We formalize the security of e-BVC schemes with respect to indistinguishability and irreversability notions. Based on our definitions, we present theoretical analysis of e-BVC schemes and propose non-trivial attacks. We show that our framework can be applied to derive quantitative security analysis of e-BVC schemes. As an application, we present a case analysis for a recent implementation of a face recognition protocol and argue that the scheme is not secure with respect to our definitions. We discuss the practical impact of our attacks in detail. This is a joint work with Koray Karabina (Florida Atlantic University).
Wednesday, September 2, 2015, 11am in EE 405
Constant-round multiparty computation with fairness and guarantee of output delivery
Presenter: Feng-Hao Liu, Florida Atlantic University, Computer & Electrical Engineering and Computer Science
Abstract: We study the round complexity of multiparty computation with fairness and guaranteed output delivery, assuming existence of an honest majority. We demonstrate a new lower bound and a matching upper bound. Our lower bound rules out any two-round fair protocols in the standalone model, even when the parties are given access to a common reference string (CRS). The lower bound follows by a reduction to the impossibility result of virtual black box obfuscation of arbitrary circuits. Then we demonstrate a three-round protocol with guarantee of output delivery, which in general is harder than achieving fairness (since the latter allows the adversary to force a fair abort). We develop a new construction of a threshold fully homomorphic encryption scheme, with a new property that we call "flexible" ciphertexts. Roughly, our threshold encryption scheme allows parties to adapt flexible ciphertexts to the public keys of the non-aborting parties, which provides a way of handling aborts without adding any communication. This is a joint work with S. Dov Gordon (George Mason University) and Elaine Shi (Cornell University)
For questions or comments on the seminar please contact Adriana Suárez Corona .