[HGI-news-int] HGI Seminar on Th. April 10th and Fr. April 11th: Talks by J. Walker (Intel, USA) and G. Di Crescenzo (Telcordia, USA)

English Newsletter of the Horst Gö rtz Institute of IT Security in Bochum hgi-news-international at lists.ruhr-uni-bochum.de
Wed Apr 9 11:41:17 CEST 2008 

Hallo,

we would like to invite you to very interesting presentations taking
place in the framework of the research seminar of the Horst-Görz
Institute for IT Security (Ruhr-University Bochum, Germany) this week:

Speaker:  *Jesse Walker* (Intel Corporation, USA)
Title:    Distributed Trust in Community Networks
Abstract: Please see below
Time:     Thursday, April 10th, 11.00 am
Place:    HGI at Ruhr-University Bochum, Building IC, 4th floor, Room 161.

Speaker:  *Giovanni Di Crescenzo* (Telcordia Research, USA)
Title:    *Perfectly Secure Password Protocols in the Bounded Retrieval Model* 
Abstract: Please see below
Time:     Friday, April 11th, 1.00 pm
Place:    HGI at Ruhr-University Bochum, Building IC, 4th floor, Room 39-41.

For more information see http://www.hgi.rub.de/index_en.html

You can find directions and hotel recommendations on http://www.trust.rub.de/home/contact/

If you have any further Questions please don't hesitate to contact us.


******************************************************************************************************************************

Jesse Walker (Intel Corporation, USA)
Title: "Distributed Trust in Community Networks"

Abstract:
Traditionally manufacturers have treated device introduction and direct 
device-to-device authentication as afterthoughts, if at all. Mobility, ad hoc 
networking, meshes, ubiquitous computing, and other unmanaged networks have 
given urgency to the consideration of first class features to address these 
problems. In this talk, we examine reasons why the centralized authentication 
systems fall short for these new classes of networks and suggest some 
foundations for a distributed trust model to address these issues. We argue that instead of a simple label, an identity signifies a relationship the named entity has with the community. We describe a PGP-like paradigm in which every member can serve as a root to enroll and authenticate devices for the community. Members of the community share certificates they issue with each other, as well as other evidence relevant to identification. We illustrate our ideas with a technique we call identity laundering, to introduce device using existing relationships in other communities. 

***************************************************************************************************************************

Speaker:  Giovanni Di Crescenzo (Telcordia Research, USA)
Title:    Perfectly Secure Password Protocols in the Bounded Retrieval Model 

Abstract:

We introduce a formal model, which we call the /Bounded Retrieval
Model/, for the design and analysis of cryptographic protocols remaining
secure against intruders that can retrieve a limited amount of parties'
private memory. The underlying model assumption on the intruders'
behavior is supported by real-life physical and logical considerations,
such as the inherent superiority of a party's local data bus over a
/remote/ intruder's bandwidth-limited channel, or the detectability of
voluminous resource access by any /local/ intruder. More specifically,
we assume a fixed upper bound on the amount of a party's storage
retrieved by the adversary. Our model could be considered a non-trivial
variation of the well-studied Bounded Storage Model, which postulates a
bound on the amount of storage available to an adversary attacking a
given system.
In this model we study perhaps the simplest among cryptographic tasks:
user authentication via a password protocol. Specifically, we study the
problem of constructing efficient password protocols that remain secure
against offline dictionary attacks even when a large (but bounded) part
of the storage of the server responsible for password verification is
retrieved by an intruder through a remote or local connection. We show
password protocols having satisfactory performance on both /efficiency/
(in terms of the server's running time) and /provable security/ (making
the offline dictionary attack not significantly stronger than the online
attack). We also study the tradeoffs between efficiency, quantitative
and qualitative security in these protocols. All our schemes achieve
/perfect security/ (security against computationally-unbounded
adversaries). Our main schemes achieve the interesting efficiency
property of the server's lookup complexity being much smaller than the
adversary's retrieval bound.

**************************************************************************

We are lookong forward on your comming!

Best regards,
Biljana Cubaleska


Dipl.-Ing Biljana Cubaleska
Research assistant
Chair for System Security
Ruhr-University Bochum
++49 234 / 32 27757

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ruhr-uni-bochum.de/pipermail/hgi-news-international/attachments/20080409/55758e04/attachment.html>

More information about the HGI-News-International mailing list