Himalaya: Listen. Learn. Grow.

4.8K Ratings
Open In App
title

CERIAS Security Seminar Podcast

CERIAS <webmaster@cerias.purdue.edu>

0
Followers
0
Plays
CERIAS Security Seminar Podcast

CERIAS Security Seminar Podcast

CERIAS <webmaster@cerias.purdue.edu>

0
Followers
0
Plays
OVERVIEWEPISODESYOU MAY ALSO LIKE

Details

About Us

CERIAS Security Seminar series video podcasts.

Latest Episodes

Debajyoti Das, "Anonymity Trilemma : Strong Anonymity, Low Bandwidth Overhead, Low Latency � Choose Two."

Over the last three decades, several anonymous communication (AC) protocols have been proposed towards improving users' privacy over the internet. Among those, the Tor protocol has been particularly successful. Thanks to its low communication latency and low bandwidth overhead, Tor today is employed by millions of users worldwide. Nevertheless, its anonymity is known to be broken in the presence of global adversaries. AC protocols like the dining cryptographers network provide anonymity even in the presence of global adversaries at the expense of bandwidth overhead, while others such as the mixing network designs improve anonymity at the expense of higher latency. In this work, we investigate the fundamental constraints of anonymous communication (AC) protocols. We analyze the relationship between bandwidth overhead, latency overhead, and sender anonymity or recipient anonymity against t

43 MIN2018 APR 12
Comments
Debajyoti Das, "Anonymity Trilemma : Strong Anonymity, Low Bandwidth Overhead, Low Latency � Choose Two."

Nathan Burrow, "CFIXX -- Object Type Integrity for C++"

C++ relies on object type information for dynamic dispatch and casting. The association of type information to an object is implemented via the virtual table pointer, which is stored in the object itself. As C++ has neither memory nor type safety, adversaries may therefore overwrite an objects type. If the corrupted type is used for dynamic dispatch, the attacker has hijacked the applications control flow. This vulnerability is widespread and commonly exploited. Firefox, Chrome, and other major C++ applications are network facing, commonly attacked, and make significant use of dynamic dispatch. Control- Flow Integrity (CFI) is the state of the art policy for efficient mitigation of control-flow hijacking attacks. CFI mechanisms determine statically (i.e., at compile time) the set of functions that are valid at a given call site, based on C++ semantics. We propose an orthogonal policy,

40 MIN2018 MAR 8
Comments
Nathan Burrow, "CFIXX -- Object Type Integrity for C++"

Mitchell Parker, "Lessons Learned From the Retrocomputing Community"

The purpose of this presentation is to show that successful retrocomputing projects and groups which currently exist follow patterns we can use to help low-resource and industrial organizations that need to secure their devices. Can retrocomputing breathe new life into older technology to help secure the enterprise?

47 MIN2018 FEB 22
Comments
Mitchell Parker, "Lessons Learned From the Retrocomputing Community"

Abhishek Ray, "Ad-Blockers: Extortionists or Digital Age Robin Hoods?"

Intrusive online advertising has given birth to the trend of ad-blockers. Initially dismissed by the online advertising industry as inconsequential, ad-blockers have evolved from a mere plugin tool on browsers to full-fledged platforms that derive benefits from certifying quality of advertisers and reducing disutility of users from intrusive activities such as user tracking. However, are ad-blocking platforms the optimal solution to improving user experience online? There is no clear answer. User experience advocates term this as yet another way to target users online. Industry advocates accuse ad-blockers of using an extortion-based business model, built on fleecing advertisers. Through our game theoretic model, we inform policy-makers on this problem and establish the optimal pricing policy for such ad-blocking platforms. In addition, we theorize the socially optimal pricing policies

36 MIN2017 NOV 16
Comments
Abhishek Ray, "Ad-Blockers: Extortionists or Digital Age Robin Hoods?"

Jerome Edge, "Applying commercial best practices to DoD risk management to offer suggestions how to move from risk avoidance to cost effective risk management"

The Department of Defense has mandated a risk management rather than risk avoidance approach in Cybersecurity. All Department of Defense programs are being directed to the Risk Management Framework (RMF) process. No Cyber system can be 100% secure. RMF mandates that we clearly determine the "value" of assets, such as information and intellectual property, and design systems to properly protect those assets. The commercial domain embraces the mantra that an organization should not spend more to protect the asset than the asset is worth. This presentation will provide an overview of RMF as applied to a specific publically available case study and highlight that utilizing commercial best practices can reduce cost of delivered systems to DoD.

48 MIN2017 OCT 26
Comments
Jerome Edge, "Applying commercial best practices to DoD risk management to offer suggestions how to move from risk avoidance to cost effective risk management"

Tianhao Wang, " Locally Differential Private Protocols for Frequency Estimation"

Protocols satisfying Local Differential Privacy (LDP) enable parties to collect aggregate information about a population while protecting each users privacy, without relying on a trusted third party. LDP protocols (such as Googles RAPPOR) have been deployed in real-world scenarios. In these protocols, a user encodes his private information and perturbs the encoded value locally before sending it to an aggregator, who combines values that users contribute to infer statistics about the population. In this paper, we introduce a framework that generalizes several LDP protocols proposed in the literature. Our framework yields a simple and fast aggregation algorithm, whose accuracy can be precisely analyzed. Our in-depth analysis enables us to choose optimal parameters, resulting in two new protocols (i.e., Optimized Unary Encoding and Optimized Local Hashing) that provide better utility tha

47 MIN2017 OCT 19
Comments
Tianhao Wang, " Locally Differential Private Protocols for Frequency Estimation"

Jeremiah Blocki, "Memory Hard Functions and Password Hashing"

In the last few years breaches at organizations like Yahoo!, Dropbox, Lastpass, AshleyMadison and Adult FriendFinder have exposed billions of user passwords to offline brute-force attacks. Password hashing algorithms are a critical last line of defense against an offline attacker who has stolen password hash values from an authentication server. An attacker who has stolen a user's password hash value can attempt to crack each user's password offline by comparing the hashes of likely password guesses with the stolen hash value. Because the attacker can check each guess offline it is no longer possible to lockout the adversary after several incorrect guesses. The attacker is limited only by the cost of computing the hash function. Offline attacks are increasingly commonplace and dangerous due to weak password selection and improved cracking hardware such as a GPU, Field Programmable Gate A

54 MIN2017 OCT 12
Comments
Jeremiah Blocki, "Memory Hard Functions and Password Hashing"

Xiaonan Guo, "Friend or Foe? Your Wearable Devices Reveal Your Personal PIN"

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. In this talk, I will present a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. I will show that a wearable device can be exploited to discriminate mm-level distances and directions of the users fine-grained hand movements, which enable attackers to reproduce the trajectories of the users hand and further to recover the secret key entries.

40 MIN2017 OCT 5
Comments
Xiaonan Guo, "Friend or Foe? Your Wearable Devices Reveal Your Personal PIN"

Tony Huffman, "Vulnerability Scanning, how it works and why"

A vulnerability comes out and you need to know if you are vulnerable so you open up your vulnerability scanner and scan your systems to understand what you need to patch but what is that scanner doing to determine you are vulnerable. This talk will describe what that vulnerability scanner is doing and how we at Tenable write local, remote, and malware checks.

39 MIN2017 SEP 28
Comments
Tony Huffman, "Vulnerability Scanning, how it works and why"

Vince D'Angelo, " Counter UAS Challenges and Technology"

Unmanned airborne systems (UAS) provide a wide range of capabilities in areas such as agriculture, environmental monitoring, disaster relief, delivery of goods, media & communications and surveillance. While these systems are producing numerous benefits today they also can be used in manners that enable a broad range of security concerns. This talk will introduce the some of the technical challenges concerning the use of UAS, and approaches for counter UAS (C-UAS). SRCs Silent Archer system Counter-UAS System will also be introduced.

24 MIN2017 SEP 21
Comments
Vince D'Angelo, " Counter UAS Challenges and Technology"

Latest Episodes

Debajyoti Das, "Anonymity Trilemma : Strong Anonymity, Low Bandwidth Overhead, Low Latency � Choose Two."

Over the last three decades, several anonymous communication (AC) protocols have been proposed towards improving users' privacy over the internet. Among those, the Tor protocol has been particularly successful. Thanks to its low communication latency and low bandwidth overhead, Tor today is employed by millions of users worldwide. Nevertheless, its anonymity is known to be broken in the presence of global adversaries. AC protocols like the dining cryptographers network provide anonymity even in the presence of global adversaries at the expense of bandwidth overhead, while others such as the mixing network designs improve anonymity at the expense of higher latency. In this work, we investigate the fundamental constraints of anonymous communication (AC) protocols. We analyze the relationship between bandwidth overhead, latency overhead, and sender anonymity or recipient anonymity against t

43 MIN2018 APR 12
Comments
Debajyoti Das, "Anonymity Trilemma : Strong Anonymity, Low Bandwidth Overhead, Low Latency � Choose Two."

Nathan Burrow, "CFIXX -- Object Type Integrity for C++"

C++ relies on object type information for dynamic dispatch and casting. The association of type information to an object is implemented via the virtual table pointer, which is stored in the object itself. As C++ has neither memory nor type safety, adversaries may therefore overwrite an objects type. If the corrupted type is used for dynamic dispatch, the attacker has hijacked the applications control flow. This vulnerability is widespread and commonly exploited. Firefox, Chrome, and other major C++ applications are network facing, commonly attacked, and make significant use of dynamic dispatch. Control- Flow Integrity (CFI) is the state of the art policy for efficient mitigation of control-flow hijacking attacks. CFI mechanisms determine statically (i.e., at compile time) the set of functions that are valid at a given call site, based on C++ semantics. We propose an orthogonal policy,

40 MIN2018 MAR 8
Comments
Nathan Burrow, "CFIXX -- Object Type Integrity for C++"

Mitchell Parker, "Lessons Learned From the Retrocomputing Community"

The purpose of this presentation is to show that successful retrocomputing projects and groups which currently exist follow patterns we can use to help low-resource and industrial organizations that need to secure their devices. Can retrocomputing breathe new life into older technology to help secure the enterprise?

47 MIN2018 FEB 22
Comments
Mitchell Parker, "Lessons Learned From the Retrocomputing Community"

Abhishek Ray, "Ad-Blockers: Extortionists or Digital Age Robin Hoods?"

Intrusive online advertising has given birth to the trend of ad-blockers. Initially dismissed by the online advertising industry as inconsequential, ad-blockers have evolved from a mere plugin tool on browsers to full-fledged platforms that derive benefits from certifying quality of advertisers and reducing disutility of users from intrusive activities such as user tracking. However, are ad-blocking platforms the optimal solution to improving user experience online? There is no clear answer. User experience advocates term this as yet another way to target users online. Industry advocates accuse ad-blockers of using an extortion-based business model, built on fleecing advertisers. Through our game theoretic model, we inform policy-makers on this problem and establish the optimal pricing policy for such ad-blocking platforms. In addition, we theorize the socially optimal pricing policies

36 MIN2017 NOV 16
Comments
Abhishek Ray, "Ad-Blockers: Extortionists or Digital Age Robin Hoods?"

Jerome Edge, "Applying commercial best practices to DoD risk management to offer suggestions how to move from risk avoidance to cost effective risk management"

The Department of Defense has mandated a risk management rather than risk avoidance approach in Cybersecurity. All Department of Defense programs are being directed to the Risk Management Framework (RMF) process. No Cyber system can be 100% secure. RMF mandates that we clearly determine the "value" of assets, such as information and intellectual property, and design systems to properly protect those assets. The commercial domain embraces the mantra that an organization should not spend more to protect the asset than the asset is worth. This presentation will provide an overview of RMF as applied to a specific publically available case study and highlight that utilizing commercial best practices can reduce cost of delivered systems to DoD.

48 MIN2017 OCT 26
Comments
Jerome Edge, "Applying commercial best practices to DoD risk management to offer suggestions how to move from risk avoidance to cost effective risk management"

Tianhao Wang, " Locally Differential Private Protocols for Frequency Estimation"

Protocols satisfying Local Differential Privacy (LDP) enable parties to collect aggregate information about a population while protecting each users privacy, without relying on a trusted third party. LDP protocols (such as Googles RAPPOR) have been deployed in real-world scenarios. In these protocols, a user encodes his private information and perturbs the encoded value locally before sending it to an aggregator, who combines values that users contribute to infer statistics about the population. In this paper, we introduce a framework that generalizes several LDP protocols proposed in the literature. Our framework yields a simple and fast aggregation algorithm, whose accuracy can be precisely analyzed. Our in-depth analysis enables us to choose optimal parameters, resulting in two new protocols (i.e., Optimized Unary Encoding and Optimized Local Hashing) that provide better utility tha

47 MIN2017 OCT 19
Comments
Tianhao Wang, " Locally Differential Private Protocols for Frequency Estimation"

Jeremiah Blocki, "Memory Hard Functions and Password Hashing"

In the last few years breaches at organizations like Yahoo!, Dropbox, Lastpass, AshleyMadison and Adult FriendFinder have exposed billions of user passwords to offline brute-force attacks. Password hashing algorithms are a critical last line of defense against an offline attacker who has stolen password hash values from an authentication server. An attacker who has stolen a user's password hash value can attempt to crack each user's password offline by comparing the hashes of likely password guesses with the stolen hash value. Because the attacker can check each guess offline it is no longer possible to lockout the adversary after several incorrect guesses. The attacker is limited only by the cost of computing the hash function. Offline attacks are increasingly commonplace and dangerous due to weak password selection and improved cracking hardware such as a GPU, Field Programmable Gate A

54 MIN2017 OCT 12
Comments
Jeremiah Blocki, "Memory Hard Functions and Password Hashing"

Xiaonan Guo, "Friend or Foe? Your Wearable Devices Reveal Your Personal PIN"

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. In this talk, I will present a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. I will show that a wearable device can be exploited to discriminate mm-level distances and directions of the users fine-grained hand movements, which enable attackers to reproduce the trajectories of the users hand and further to recover the secret key entries.

40 MIN2017 OCT 5
Comments
Xiaonan Guo, "Friend or Foe? Your Wearable Devices Reveal Your Personal PIN"

Tony Huffman, "Vulnerability Scanning, how it works and why"

A vulnerability comes out and you need to know if you are vulnerable so you open up your vulnerability scanner and scan your systems to understand what you need to patch but what is that scanner doing to determine you are vulnerable. This talk will describe what that vulnerability scanner is doing and how we at Tenable write local, remote, and malware checks.

39 MIN2017 SEP 28
Comments
Tony Huffman, "Vulnerability Scanning, how it works and why"

Vince D'Angelo, " Counter UAS Challenges and Technology"

Unmanned airborne systems (UAS) provide a wide range of capabilities in areas such as agriculture, environmental monitoring, disaster relief, delivery of goods, media & communications and surveillance. While these systems are producing numerous benefits today they also can be used in manners that enable a broad range of security concerns. This talk will introduce the some of the technical challenges concerning the use of UAS, and approaches for counter UAS (C-UAS). SRCs Silent Archer system Counter-UAS System will also be introduced.

24 MIN2017 SEP 21
Comments
Vince D'Angelo, " Counter UAS Challenges and Technology"
success toast
Welcome to Himalaya LearningDozens of podcourses featuring over 100 experts are waiting for you.