Please click on one of the tabs above to view information about that speaker or organization.
Dr. Mike Burmester
Dr. Mike Burmester joined the faculty at FSU as a Professor in 2001. Previously he was at Royal Holloway, London University. He got his bachelors from Athens University and his doctorate from Rome University. His current interests include privacy, network security, computer security and watermarking.
Recent Developments in Group Key Exchange
Since Whit Diffie and Martin Hellman first proposed the Diffie-Hellman key exchange protocol, several attempts have been made to extend this protocol to a group key exchange (conference) protocol. We shall consider some of these protocols and discuss their security.
Dr. Davis is the Interim Director of the Office of Academic Information Techologies and an Associate Professor in Electrical and Computer Engineering. He has been with E CPE since 1984, right after receiving his Ph.D. in Computer Science from Iowa State University. His research and primary teaching responsibilities are in the area of computer network and system security. He served as Associate Chair for two years and as Interim Department Chair in Spring 2003.
Legal and Ethical Issues
Dr. Jim Davis will analyze the legal and ethical issues surrounding information security, including the questions raised by heightened connectivity and the legal implications of free data transmission.
Employment & Education
Office of Academic Information Techologoies, Iowa State University
Virgil D. Gligor received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. He has been at the University of Maryland since 1976, and is currently a Professor of Electrical and Computer Engineering. For nearly 30 years, his research interests ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was a consultant to Burroughs (1977-1981) and IBM (1984-1999) Corporations, and is currently serving on Microsoft's Trusted Computing Academic Advisory Board. He served the profession as the chair of co-chair of several conferences and symposia including IEEE Security and Privacy Symposium, Internet Society's Network and Distributed Systems Security Symposium, IEEE Dependable Computing for Critical Applications, and IEEE-ACM Symposium on Reliability in Distributed Software and Databases. He received the outstanding paper award at the 1988 IEEE Symposium on Security and Privacy. He was a member of several US Government INFOSEC Study Groups that set research agendas in information security, and served on a National Research Council panel on information security. He was an Editorial Board member of Information Systems (1984-1994), Journal of Computer Security (1991-2000), and is currently an Editorial Board member of the ACM Transactions on Information System Security and of the IEEE Transactions on Dependable and Secure Computing. Recently he was also appointed as an Editorial Board member of the IEEE Transactions on Computers.
On the Evolution of Adversary Models in Security Protocols
Invariably, new technologies introduce new vulnerabilities which, in principle, enable new attacks by increasingly potent adversaries. Yet new systems are more adept at handling well-known attacks by old adversaries than anticipating new ones. Our adversary models seem to be perpetually out of date: often they do not capture adversary attacks enabled by new vulnerabilities and sometimes they address attacks rendered impractical by new technologies.
In this talk, Dr. Gligor will provide a brief overview of adversary models beginning with those required by program and data sharing technologies, continuing with those required by computer communication and networking technologies, and ending with those required by mobile ad-hoc and sensor network technologies. He argues that mobile ad-hoc and sensor networks require new models, different from those of Dolev-Yao and Byzantine adversaries. He illustrates this with adversaries that attack perfectly sensible and otherwise correct protocols of mobile ad-hoc and sensor networks. These attacks cannot be countered with traditional security protocols as they require emergent security properties.
Cryptolite: How Light Can Secure Crypto Get?
During the past few years we have witnessed the rapid growth in the use of network devices that are power-constrained and have limited computation and communication capabilities. These devices range from PDAs and embedded processors to arrays of sensors. They may be used in networks deployed in hostile areas where communication can be monitored and altered, and thus require cryptographic protection. However, the use of traditional cryptographic constructs (e.g., public-key cryptography, conventional authenticated encryption modes, and random number generators) may be hampered by energy and computation constraints of these network devices. We suggest that “lightweight cryptography” offers practical alternatives for use with many such devices particularly when they are networked on an ad-hoc basis.
“Lightweight cryptography,” or “cryptolight,” encompasses symmetric encryption algorithms, modes of encryption, and key-management schemes, hash functions and tree, and random polynomials of low degree that require reduced levels of energy and can be deployed without substantial infrastructures. In this presentation, we focus on the salient design characteristics of three areas of “lightweight cryptography:” (1) authenticated encryption in one processing pass over the data with a single cryptographic primitive, and (2) key pre-distribution and revocation for sensor networks, and (3) distributed detection of node replication attacks. We review past failed attempts in these areas, current solutions, and future challenges.
Employment & Education
Department of Electrical and Computer Engineering, University of Maryland at College Park
Antoine Joux is currently a Scientific Advisor at the SPOTI (Service des programmes d’observation, de télécommunication et d’information) division of the DGA (Délégation général pour l’armement) and an Associate Professor at the Université de Versailles. He previously worked as the head of the DCSSI Cryptography Lab. His research currently focuses on algorithms and cryptanalysis of public key and secret key cryptography.
Pairing based cryptography is a new trend in elliptic curve cryptography. The story started in 2000, with the discovery of cryptographic protocols that make constructive use of bilinear maps with nice properties such as the Weil pairing. Previously, these maps where used as cryptanalytic tools to break elliptic curve cryptography with some special curves, especially supersingular curves. In this talk, we will review these tools, their applications and the security of the resulting protocols. We will also discuss the choice of elliptic curves for pairing based cryptography.
Recent Advances On Iterated Hash Functions
In this talk, we will consider several new attacks on iterated hash functions such as SHA or MD5. We will address two different classes of attacks, generic attacks which apply to all iterated hash functions and specific attacks which focus on the cryptanalysis of a single function. Generic attacks permit to show that iterated hash functions behave less perfectly than the random oracle ideal model often used for hash functions. Concerning specific attacks, we will focus on the differential cryptanalysis of hash functions which, through many recent improvement by several research teams allowed the cryptanalysis of many hash functions in the SHA and MD families.
Dr. Medeiros joined the faculty of the Computer Science Department at Florida State University after completing a Ph.D. degree in Computer Science from The Johns Hopkins University (2004). His published research includes works on privacy-preserving protocols for medical transactions, group signatures schemes, identity-based cryptographic primitives with applications to e-auctions, and on distributed certified e-mail. Some of his current research interests are in the areas of public key cryptography, secret sharing schemes, and privacy-enhanced protocols and services.
What Is in a Name? An Introduction to Identity-Based Encryption
The defining characteristic of identity-based cryptography is that arbitrary strings can be used as public keys. In practice, one must choose a naming scheme so that each string identifies a unique entity, but such schemes are often already available (in each application domain) by the need to uniquely address communication parties. So, for instance, a website name or e-mail address can function as a public key in an identity-based system.
ID-based public key systems enjoy several advantages over better-known certificate-based systems, including not requiring a secondary mechanism to distribute public keys securely, achieving bandwidth savings, and providing incentives for membership. The main disadvantages are lack of a revocation mechanism, and automatic key escrow. In this talk, we discuss the developments that made ID-based cryptography possible, and the potential and limitations of this new approach to trust establishment.
Alec Yasinsac joined the faculty at FSU as an Assistant Professor in August 1999 after a twenty year career in the United States Marine Corps as a Data Systems and Communications Officer. His has operational experience in software development, information systems management, network engineering, and information security, having spent tours in Japan, Korea, North Carolina, California, and Virginia.
Alec received his doctoral degree in Computer Science from the University of Virginia, where his thesis advisor and mentor was Bill Wulf. His major research interests are network and wireless security, cryptography, and security protocols. He has published over thirty five refereed conference, symposium, and journal papers in the past five years. He is presently funded by the National Science Foundation, Department of Defense, the Army Research Office and several industrial partners. He is advising two doctoral students, three master’s students, and one undergraduate thesis student. He has taught over seventy five college courses in mathematics, computer science, and information security.
Born and raised in the mountains of North Carolina, Alec attended Appalachian State University for his undergraduate education, where he received his Bachelor of Science in Mathematics. He then earned a Masters of Science degree in Computer Science from the Naval Postgraduate School while on active duty.
Security protocol verification is the foundation of Alec's research interests. He has published papers on formal methods, cryptographic authentication, group encryption, secure routing protocols, wireless security, digital forensics, and on a variety of computing education topics. He is a recurring member of several Program Committees, including the IEEE Information Assurance Workshop the IRMA International Conferences, and the International Performance Computing and Communications Conference.
Dr. Yasinsac a senior member of IEEE, and a member of ACM and the IEEE Computer Society.
Ever lost your Blackberry? Or a laptop? Aside from the expense of replacement, if you happened to have sensitive business systems or, worse yet, integral military applications, your adversary may be able to analyze the lost device to gain important understanding about your operations and objectives. Worse yet, they use the device to infiltrate your organization and operate covertly as an insider, passively listening to sensitive communications or inserting inaccurate or misleading information. Password protection and file encryption provide a measure of protection. However, programs cannot be encrypted while they are operational and sophisticated adversaries may be able to reverse engineer these unencrypted programs. Tamper-proof software can protect against such espionage.
In order for an adversary to gain information from an operational program, they need to be able understand what the program is trying to do ... in some sense they need to be able to “recognize” the program. The goal of program obfuscation is to protect the intent of the program so that the most an adversary can do is to watch the program operate. To date, program obfuscation attempts have experienced only minor gains, possibly because there is little foundational research. For example, there is no formal definition of program obfuscation. In this talk, we introduce the notion of program encryption for tamper-proof software. We provide foundational definitions and mechanisms that allow goals to be set for systematic protection of program intent for arbitrary programs.
Cisco representatives will be available throughout the conference to meet people and answer questions.
Cisco Systems, Inc. is the worldwide leader in networking for the Internet. Today, networks are an essential part of business, education, government and home communications, and Cisco Internet Protocol-based (IP) networking solutions are the foundation of these networks. Cisco hardware, software, and service offerings are used to create Internet solutions that allow individuals, companies, and countries to increase productivity, improve customer satisfaction and strengthen competitive advantage. The Cisco name has become synonymous with the Internet, as well as with the productivity improvements that Internet business solutions provide. At Cisco, our vision is to change the way people work, live, play and learn.
Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. This tradition of IP innovation continues with industry-leading products in the core areas of routing and switching, as well as advanced technologies in areas such as:
Today, with more than 34,000 employees worldwide, Cisco remains committed to creating networks that are smarter, thanks to built-in intelligent network services; faster, in their ability to perform at ever-increasing speeds; and more durable, with a generational approach to an evolutionary infrastructure.
Datamaxx representatives will be available throughout the conference to meet people and answer questions.
The Datamaxx Group, including Datamaxx Applied Technologies, Datamaxx Enterprise Intelligence, and Datamaxx Professional Services, is the premier provider of communication systems, support and consulting to law enforcement, criminal justice and government organizations. No other group of companies offers the depth of industry expertise, breadth of product capabilities, and the ability to bring it all together with world-class integration and support.
With over 10,000 installations serving more than 70% of the law enforcement communications market, the Datamaxx Group has been setting the standard for the industry nationwide since 1991. Superb engineering, significant investments in research and development, and the talent of dedicated industry professionals have led to numerous accolades and rave reviews, but most importantly, fierce customer loyalty.