home · mobile · calendar · colloquia · 2005-2006 · 

Colloquium - Kohno

SSH Proofs, TCP Leaks, and Not-so-AccuVotes: Computer Security from Proofs to People
University of California, San Diego

One way to divide modern computer security research is to consider the level of abstraction that one deals with. At one end of the spectrum there is fundamental research on the design and analysis of cryptographic building blocks. At the other end of the spectrum there is research focused on the design and analysis of large and socially important systems. In this talk I discuss the importance of computer security research that spans multiple levels of abstraction. I motivate this discussion with three examples.

  1. The Secure Shell (SSH) protocol's core is based on an idealized cryptographic paradigm with negative theoretical support (Encrypt-and-MAC). Despite this fact, I found that the overall design of the SSH core is secure. I describe my research reconciling the differences between the idealized theoretical model and the actual engineering details of the SSH protocol. Although my research here is cryptographic in nature (new formal definitions, reduction-based proofs of security), my focus on the engineering constraints of the SSH protocol make this research systems-oriented. As part of my research I did discover and fix a bug in the SSH protocol that could lead to a loss of privacy.

  2. I describe a new privacy issue that arises because of a previously unknown interaction between the physical properties of a device's hardware and the properties of the device's software. By analyzing a stream of TCP packets from a device, it is in some cases possible to infer information about the transmitting device's clock skew. My results have applications to computer forensics, detecting virtualization technologies, counting the number of devices behind a NAT, and de-anonymizing anonymized network traces.

  3. I describe my discovery of security problems with Diebold's AccuVote-TS electronic voting machines. This research highlights the significance of a disconnect between the properties of real systems and the real requirements that people have or should have. I then describe some social and technical implications of my results.

Tadayoshi Kohno is a PhD candidate in computer science at the University of California at San Diego. His research interests include applied cryptography and computer security. Kohno received his BS in computer science from the University of Colorado. He is the recipient of an IBM PhD Fellowship and an NDSEG Fellowship, has authored several award-winning papers, and has testified about his research before the U.S. House of Representatives.

Hosted by John Black.
The speaker is a candidate for a faculty position in the Department of Computer Science.

Department of Computer Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
May 5, 2012 (14:13)