Computer Security and
Cryptography
Reading Group
October 2002 List
Date &
Location |
Reading |
1 Oct 2002
2310 CS
12 - 1 PM
|
Joysula R. Rao, Pankaj
Rohargi, Helmut Scherzer, Stephane
Tinguely
IBM Watson Research
Center / Swiss Federal Institute of
Technology
Partitioning Attacks: Or How to
Rapidly Clone Some GSM Cards
URL: http://www.research.ibm.com/intsec/gsm.ps
In this paper, we introduce a new
class of side-channel attacks called
partitioning attacks. We have
successfully launched a version of
the attack on several
implementations of COMP128, the
popular GSM authentication algorithm
that has been deployed by different
service providers in several types
of SIM cards, to retrieve the 128
bit key using as few as 8 chosen
plaintexts. We show how partitioning
attacks can be used effectively to
attack implementations that have
been equipped with ad hoc and
inadequate countermeasures against
side-channel attacks. Such ad hoc
countermeasures are systemic in
implementations of cryptographic
algorithms, such as COMP128, which
require the use of large tables
since there has been a mistaken
belief that sound countermeasures
require more resources than are
available. To address this problem,
we describe a new resource-efficient
countermeasure for protecting table
lookups in cryptographic
implementations and justify its
correctness rigorously.
|
7 Oct 2002
3331 CS
2:30 - 3:30 PM
|
Joint meeting with
the PL reading group
David Wagner, Drew Dean
University of
California, Berkeley / Xerox PARC
Intrusion Detection via Static Analysis
URL: http://www.cs.berkeley.edu/~daw/papers/ids-oakland01.pdf
One of the primary challenges in
intrusion detection is modelling
typical application behavior, so
that we can recognize attacks by
their atypical effects without
raising too many false alarms. We
show how static analysis may be used
to automatically derive a model of
application behavior. The result is
a host-based intrusion detection
system with three advantages: a high
degree of automation, protection
against a broad class of attacks
based on corrupted code, and the
elimination of false alarms. We
report on our experience with a
prototype implementation of this
technique.
|
15 Oct 2002
1304 CS
12 - 1 PM
|
Paper # 1
Pamela Samuelson,
Randall Davis, Mitchell D. Kapor,
J.H. Reichman
University of
Pittsburgh School of Law / Artificial
Intelligence Laboratory, MIT / EFF /
Vanderbilt Law School
A Manifesto Concerning the Legal
Protection of Computer Programs
URL: http://www.law.cornell.edu/commentary/intelpro/manifint.htm
Paper # 2
Randall Davis, Pamela
Samuelson, Mithcell Kapor, Jerome
Reichman
MIT / Cornell Law
School / MIT / Vanderbilt
University
A New View of Intellectural
Property and Software
URL: http://citeseer.nj.nec.com/davis96new.html
|
22 Oct 2002
1304 CS
12 - 1 PM
|
Peter Szor, Eric
Chien
Symantec AntiVirus
Research Center
Blended Attacks Exploits,
Vulnerabilities and Buffer-overflow
Techniques in Computer Viruses
(presented at Virus
Bulleting Conference 2002)
URL: http://www.peterszor.com/blended.pdf
Exploits, vulnerabilities, and
buffer-overflow techniques have been
used by malicious hackers and virus
writers for a long time. However,
until recently, these techniques were
not common place in computer
viruses. The CodeRed worm was a major
shock to the antivirus industry since
it was the first worm that spread not
as a file, but solely in memory by
utilizing a buffer overflow in
Microsoft IIS. Many antivirus
companies were unable to provide
protection against CodeRed, while
other companies with a wider focus on
security were able to provide
solutions to the relief of end users.
Usually new techniques are picked up
and used by copy cat virus
writers. Thus, many other similarly
successful worms followed CodeRed,
such as Nimda and Badtrans.
In this paper, the authors will not
only cover such techniques as buffer
overflows and input validation
exploits, but also how computer
viruses are using them to their
advantage.
Finally, the authors will discuss
tools, techniques and methods to
prevent these blended threats.
|
|
< Back to the Sec & Crypto reading group page
|
