Computer Security and
Cryptography Reading Group
September 2002 List
Date & Location |
Reading |
3 Sep 2002
1304 CS
12 - 1 PM
|
Nick Feamster, Magdalena Balazinska,
Greg Harfst, Hari Balakrishnan, and
David Karger
MIT Laboratory for Computer
Science
Infranet: Circumventing Web Censorship and Surveillance
Usenix Security 2002
URL: http://www.usenix.org/events/sec02/feamster.html
An increasing number of countries and
companies routinely block or monitor
access to parts of the Internet. To
counteract these measures, we propose
Infranet, a system that enables
clients to surreptitiously retrieve
sensitive content via cooperating Web
servers distributed across the global
Internet. These Infranet servers
provide clients access to censored
sites while continuing to host normal
uncensored content. Infranet uses a
tunnel protocol that provides a covert
communication channel between its
clients and servers, modulated over
standard HTTP transactions that
resemble innocuous Web browsing. In
the upstream direction, Infranet
clients send covert messages to
Infranet servers by associating
meaning to the sequence of HTTP
requests being made. In the downstream
direction, Infranet servers return
content by hiding censored data in
uncensored images using steganographic
techniques. We describe the design, a
prototype implementation, security
properties, and performance of
Infranet. Our security analysis shows
that Infranet can successfully
circumvent several sophisticated
censoring techniques.
|
10 Sep 2002
1304 CS
12 - 1 PM
|
Bruno Dutertre, Valentin Crettaz,
Victoria Stavridou
System Design Laboratory, SRI
International
Intrusion-Tolerant Enclaves
IEEE Conference on
Security and Privacy, Oakland, CA, May
2002
URL: http://www.sdl.sri.com/papers/o/a/oakland02/oakland02.pdf
Despite our best efforts, any
sufficiently complex computer system
has vulnerabilities. It is safe to
assume that such vulnerabilities can
be exploited by attackers who will be
able to penetrate the
system. Intrusion tolerance attempts
to maintain acceptable service despite
such intrusions. This paper presents
an application of intrusiontolerance
concepts to Enclaves, a software
infrastructure for supporting secure
group applications. Intrusion
tolerance is achieved via a
combination of Byzantine faulttolerant
protocols and secret sharing
techniques.
|
24 Sep 2002
2310 CS
12 - 1 PM
|
Jianxin Jeff Yan
Computer
Laboratory, University of
Cambridge
A Note on Proactive Password
Checking
URL: http://www.cl.cam.ac.uk/~jy212/pro-check.pdf
Nowadays, proactive password
checking algorithms are based on the
philosophy of the dictionary attack,
and they often fail to prevent some
weak passwords with low entropy. In
this paper, a new approach is
proposed to deal with this new class
of weak passwords by (roughly)
measuring entropy. A simple example
is given to exploit effective
patterns to prevent low-entropy
passwords as the first step of
entropy-based proactive password
checking.
|
|
< Back to the Sec & Crypto reading group page
|