Applied Crypto and e-Security Lab   

Welcome to the home page for ACeS lab. Take a look at What's New on our web.
Also keep an eye on the Reading Group. You can add yourself to ACeS Group Mailing List.
               

As the name implies, the lab focuses on Computer Security research, in particular, on the issues related to Internet Security, taken in a very broad sense (so broad that they include wireless networks security and security of roaming users among others).

The computers for the lab are expected to come in shortly, but this does not prevent us from working on some projects.


   Projects:                                             
(Click on the project name for an abstract. Detailed links for the individual projects are coming soon.)

Smart Cards
NDS, a leader in smart-card based security, has donated a number of smart-cards and readers from their AccessGear product line. These will be installed on the ACeS lab computers. We plan to experiment with these and hopefully come up with new ideas how to build on such platforms, and/or how to improve on and further develop such an approach to security.
WebSafe
This is a project which started last semester as an independent study for a few students. Currently, we are in the process of both further developing the project and investigating the possibilities of taking it into a start-up
Interactive password schemes
Usual passwords have a terrible flaw (demonstrated more than once in practice) - they are easy to steal: either by shoulder-surfing, or by monitoring a single login session, and/or by introducing a "man-in-the-middle", etc. there exist cryptographic techniques to protect user's secret even if the authentication is performed by the attacker herself. But these techniques require complex computations on hundreds digit integers - thus they cannot be performed by a user "in the head". This project explores the protocols which could achieve the simplicity and conveniences of the password-based authentication (i.e. no hardware token, all computations performed by user in his head), and yet even if an attacker observes a few login sessions by the user, she is unable to impersonate him in the future sessions.
Secure Multicast & Group Key Management protocols
Asymmetric Message Authentication Codes (AMACs) are a construction which uses only cryptographic hash functions (which are very efficient, e.g. MD-5, SHA) to approximate  properties usually associated only with public key methods of digital signatures (such methods are typically orders of magnitude less efficient than the hash functions above). In this project we keep pushing the envelop to approximate more properties of the digital signatures with only the hash functions.
Wireless and Mobile Security
At this stage, this is just an information gathering effort. But we do hope to identify a real project in the near future. 
some useful Wireless + Mobile links

Reading Group

         The Reading Group will usually meet on Tuesdays at 4 pm in MCS-137.

            ACeS Group Mailing List

 

           Next Meeting:

         Previous Meetings:

Tuesday, November 7, 2000 - The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks (click for details)
Presented by Marwan Fayed.
Frank Stajano and Ross Anderson. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks.
http://www.cl.cam.ac.uk/~fms27/duckling/

ABSTRACT:

In the near future, many personal electronic devices will be able to communicate with each other over a short range wireless channel. We investigate the principal security issues for such an environment. Our discussion is based on the concrete example of a thermometer that makes its readings available to other nodes over the air. Some lessons learned from this example appear to be quite general to ad-hoc networks, and rather different from what we have come to expect in more conventional systems: denial of service, the goals of authentication, and the problems of naming all need re-examination. We present the resurrecting duckling security policy model, which describes secure transient association of a device with multiple serialized owners. Download PowerPoint Slides (54 KB)