skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2008-2009 · 

Colloquium - Osterweil

ECCR 150

Using the Public-Space for Key Verification
University of California, Los Angeles

A public key verification system for the global Internet has long been thought of as prerequisite for enhancing Internet security with cryptographic protections. However, after years of efforts by numerous groups, such a facility remains absent in the operational Internet. In this talk, we formally define a novel concept called the Public-Space, and through the design of a system called Vantages we describe how it can be leveraged to develop a public key verification system for the global Internet. More specifically, the Vantages system is a general platform whose first application is designed to solve the DNSSEC key learning problem. Currently, DNSSEC is in the verge of wide deployment and is in desperate need of an operationally realistic key learning system that allows DNS resolvers to obtain and verify public keys (known as DNSKEYs). We further demonstrate the improvement that Vantages provides over DNSSEC's native key verification by formally quantifying each of them and empirically measuring their effectiveness.

Eric Osterweil is a PhD candidate at UCLA. His research focuses on large-scale network measurement systems, network security, and distributed data verification. His thesis work focuses on a concept called the Public-Space. Unlike cryptographic approaches, the Public-Space uses distributed measurements and comparisons to perform data verification in large-scale systems such as the Internet's Domain Name System (DNS). Osterweil is also the developer of SecSpider, the premier site for monitoring the deployment and operational of DNS Security (DNSSEC). SecSpider provides both a platform to study DNSSEC and has also identified critical issues in DNSSEC deployment. For example, SecSpider has identified record sets that are vulnerable to replay due to signing practices, identified flaws in the operation of authentication chains, and revealed how path maximum transmission unit (PMTU) limitations interact unexpectedly with secure DNS queries and deny service to to some DNS resolvers.

Sponsored by the Interdisciplinary Telecommunications Program.

The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Send email to

Engineering Center Office Tower
ECOT 717
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)