Tadayoshi Kohno
Department of Computer Science and Engineering
University of California, San Diego
http://www-cse.ucsd.edu/users/tkohno/
Thursday, March 16
3 :10-4:00 p.m.
1065 Kemper - refreshments to follow in 1131 Kemper Hall
SSH Security, TCP Leaks, and Not-so-AccuVotes: Computer Security from Proofs to People
One way to divide modern computer security research is by the level of abstraction that one deals with. At one end of the spectrum there is fundamental research on the design and analysis of cryptographic building blocks. At the other end of the spectrum there is research focused on the design and analysis of complex and socially important systems. In this talk I suggest the importance of security research spanning multiple levels of abstraction. I motivate this discussion with three examples. (1) The Secure Shell (SSH) protocol's core is based on an idealized cryptographic paradigm with negative theoretical support (Encrypt-and-MAC). Despite this fact, I found that the overall design of the SSH core is secure. To reconcile this difference, I extend the reduction-based provable security approach to encompass the full goals and details of the SSH core. As part of my research I did discover and fix a bug in the SSH protocol that could lead to a loss of privacy. (2) I describe a new privacy issue that arises because of an interaction between the physical properties of a device's hardware and the properties of the device's software. By analyzing a stream of TCP packets from a device, it is in some cases possible to infer information about the transmitting device's clock skew. Applications of my technique include computer forensics, counting the number of devices behind a NAT, and de-anonymizing anonymized network traces. (3) I describe my discovery of security problems with Diebold's AccuVote-TS electronic voting machines. I then describe some social and technical implications of my results.