skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2005-2006 · 

Colloquium - Kohno

ECCR 265

SSH Proofs, TCP Leaks, and Not-so-AccuVotes: Computer Security from Proofs to People
University of California, San Diego

One way to divide modern computer security research is to consider the level of abstraction that one deals with. At one end of the spectrum there is fundamental research on the design and analysis of cryptographic building blocks. At the other end of the spectrum there is research focused on the design and analysis of large and socially important systems. In this talk I discuss the importance of computer security research that spans multiple levels of abstraction. I motivate this discussion with three examples.

  1. The Secure Shell (SSH) protocol's core is based on an idealized cryptographic paradigm with negative theoretical support (Encrypt-and-MAC). Despite this fact, I found that the overall design of the SSH core is secure. I describe my research reconciling the differences between the idealized theoretical model and the actual engineering details of the SSH protocol. Although my research here is cryptographic in nature (new formal definitions, reduction-based proofs of security), my focus on the engineering constraints of the SSH protocol make this research systems-oriented. As part of my research I did discover and fix a bug in the SSH protocol that could lead to a loss of privacy.

  2. I describe a new privacy issue that arises because of a previously unknown interaction between the physical properties of a device's hardware and the properties of the device's software. By analyzing a stream of TCP packets from a device, it is in some cases possible to infer information about the transmitting device's clock skew. My results have applications to computer forensics, detecting virtualization technologies, counting the number of devices behind a NAT, and de-anonymizing anonymized network traces.

  3. I describe my discovery of security problems with Diebold's AccuVote-TS electronic voting machines. This research highlights the significance of a disconnect between the properties of real systems and the real requirements that people have or should have. I then describe some social and technical implications of my results.

Tadayoshi Kohno is a PhD candidate in computer science at the University of California at San Diego. His research interests include applied cryptography and computer security. Kohno received his BS in computer science from the University of Colorado. He is the recipient of an IBM PhD Fellowship and an NDSEG Fellowship, has authored several award-winning papers, and has testified about his research before the U.S. House of Representatives.

Hosted by John Black.
The speaker is a candidate for a faculty position in the Department of Computer Science.

The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Send email to

Engineering Center Office Tower
ECOT 717
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)