Blog Archives: Research
Workshop on Usable Security 2012
I am on the program committee for the Workshop on Usable Security 2012 which will be colocated with the Financial Cryptography and Data Security 2012 conference. The call for papers is posted with a deadline of November 16, 2011.
View comments (0) or Post a comment
Dining Cryptographers
I’m in Singapore attending the ASIACRYPT 2010 conference. Tonight I gave a talk, with my colleague “Dic Bolony”, at the rump session, on the topic of A menu for the Dining Cryptographers. Our talk was very well received and in fact won the exceptionally prestigious Best Rump Session Talk Award. I’ve posted the slides from this historic presentation.
View comments (0) or Post a comment
Presentation on SSL security indicators
I recently gave a talk at an Australian conference on computer-human interaction (OzCHI 2010) on some recent work I did on analyzing security indicators in web browsers. I’ve posted the talk and the paper in case any one is interested in looking at the slides; it’s probably my least technical presentation/paper to date, and hence accessible even to a relatively non-technical audience.
I also want to take this opportunity to make a brief public service announcement on the lessons from the talk. Security indicators are the things that a web browser displays to help the user decide if the connection from the web browser to the server is encrypted. These include the presence of a lock icon in the browser window, a URL in the location bar that starts with “https”, and the domain name of the website matching the domain name the user typed in.
As a user, be sure to check for these security indicators before typing your username, password, or credit card information.
As a website programmer, please design sites that properly display security indicators at the right time. For example, it’s not just enough to submit the login form over HTTPS, you should also deliver the login form over HTTPS, otherwise how will the user know that the password will be protected when they click submit? Sadly, lots of sites get this wrong, as my research uncovered. Design recommendations — which are known to some but are worth repeating — appear in the paper.
View comments (0) or Post a comment
Denial of service article
Earlier this year I wrote an article for a Canadian defense magazine, called Vanguard Magazine, about denial of service attacks on the Internet. This is broadly my subject of research here in Australia. The article provides some background on the threats the government and commercial websites face from botnets of compromised PCs. The article is available online.
View comments (0) or Post a comment
RFC 5656
Today, my first RFC was published: RFC 5656, which describes the use of elliptic curve cryptography in the Secure Shell (SSH) protocol. For those who don’t know, Requests For Comments (RFCs) describe technical standards that are used to specify how computers interact on the Internet. The Secure Shell protocol is used for remote command-line login and is very important for us geeky folks. My standard describes how to use elliptic curve cryptography in SSH. I published the first draft of this standard all the way back in November 2003 while I was working with Sun Labs. After six years, it’s finally made it through the process to become a standard!
View comments (1) or Post a comment
Copyright Consultations
The text below is a copy of the letter I submitted to the Copyright Consultations currently being conducted by the Government of Canada. My response focuses on the effect of copyright legislation on cryptography research. Previous bills for copyright reform have also negatively impacted consumer rights, but many of the other responses in the consultation describe the problems in that area, so I’ve tried to stay focused on one particular issue.
August 4, 2009
Copyright Consultations
Government of Canada
Email: info@copyrightconsultation.gc.ca
To Whom It May Concern:
This letter contains my formal response to the Copyright Consultations currently underway by the Government of Canada.
My name is Douglas Stebila. I am a researcher in cryptography, which studies the mathematics of securing information and communications using encryption. I received my PhD in mathematics from the University of Waterloo and am currently a postdoctoral research fellow in the Information Security Institute at the Queensland University of Technology in Brisbane, Australia.
I am concerned about the impact of digital locks (also known as digital rights management (DRM) or technological measures) on cryptography research. The United States Digital Millennium Copyright Act (DMCA) and the previously proposed Canadian legislation, Bill C-61, contained provisions making it a violation to circumvent a technological measure protecting a copyrighted work. Such “anti-circumvention” clauses will negatively impact the quality of research and innovation in Canada and must be avoided in future copyright legislation.
An important part of designing secure encryption systems is analyzing the security of existing systems; this is a subfield of cryptography called cryptanalysis. It is essential that cryptographic research not be artificially constrained due to anti-circumvention clauses. Bill C-61 contained some exemptions regarding circumvention of technological measures for the purposes of encryption research and security testing. However, the exemptions would still have severely hindered encryption research. The exemptions in Bill C-61 required a researcher to inform the owner of a protected copyrighted work that the protection was being circumvented for encryption research purposes. This requirement of notice would impose a large burden on encryption researchers, may be difficult or impossible to satisfy, and would have a chilling effect on research in this area. Additionally, the exemption in Bill C-61 did not allow for peer review of encryption research related technological measures.
Rather than trying to craft more detailed, and consequently more onerous, exemptions for encryption research, I believe that any forthcoming copyright bill should not prohibit the circumvention of digital locks in any way. Copyright legislation should prohibit the unauthorized distribution or acquisition of a copyright work, not the use of a legitimately obtained copy, regardless of any technological measures. This should apply for all citizens in all media.
This approach of prohibiting unauthorized distribution, not the act of digital lock circumvention, will alleviate the concerns I raised above regarding encryption research. Researchers will be able to analyze the security of encryption schemes without risking violating copyright legislation.
Furthermore, there should be no restriction on the distribution of circumvention research, instructions, or software. Cryptanalysts need to be able to communicate their results with other researchers in order to advance the state of the art. Researchers in the United States have faced legal pressure to avoid publishing or discussing encryption research as a result of the DMCA, and this must be avoided to maintain Canada’s position as a global leader in the field of cryptography.
To summarize: any restrictions on digital lock circumvention will negatively impact encryption research and innovation in Canada, even with exemptions that try to allow for encryption research. Digital lock circumvention should not be considered a violation of copyright.
Sincerely,
Douglas Stebila, PhD
View comments (0) or Post a comment
Denial of service paper
SU09 I’m pleased to announce that some of the work that appeared in my PhD thesis has recently been accepted to a conference. My work with fellow University of Waterloo student Berkant Ustaoglu (now a postdoc at NTT in Tokyo) on denial-of-service-resilient key agreement protocols will be presented at the 14th Australasian Conference on Information Security and Privacy (ACISP) 2009 which is being held here in Brisbane in July, and the proceedings will be published in Springer’s Lecture Notes in Computer Science.
Denial of service attacks are where an attacker tries to consume all the resources that a computer, such as a web server, has available — filling up all of its memory or overloading its processor, for example. One of the most expensive operations that a web server performs is the cryptographic key agreement protocol, where it sets up a secure channel between the user’s computer and the web server.
Before doing expensive operations like cryptography or database lookups, a server could request that the user “prove” it’s not trying to cause trouble. One way of doing so is to give the user’s computer a puzzle to solve, something that might take the user’s computer a couple of seconds of hard work to solve, but the solution to which can be verified instantaneously by the server. This way, an attacker has to do a lot of work to create many requests to overload the web server, but a normal user is not too burdened by this requirement. These techniques have been known for some time, but how they should be used has only been studied in an ad hoc fashion.
Our work develops a formal mathematical model for how cryptographic communication protocols should try to resist denial of service attacks by using puzzles, similar to the formal mathematical models for the confidentiality of key agreement. We give a protocol that achieves these goals, and more importantly our framework could be used by many protocols to describe their denial of service resistance properties.
The main project I am working on during my postdoc here at QUT is further studying how to model denial of service, so this paper has been a great start to my work down here.
View comments (0) or Post a comment
Thesis, summarized
Words in my thesis by frequency In case you haven’t finished reading my thesis yet, here’s a summary. (Word size denotes frequency of use in the thesis. Generated by Wordle.)
View comments (0) or Post a comment
