Speaker Schedule

April 2nd, 2008

  • No lunch this week

April 9th, 2008

  • Organizational meeting: Speaker sign up

April 16th, 2008

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
  • Abstract: As wireless networks proliferate, web browsers operate in an increasingly hostile network environment. The HTTPS protocol has the potential to protect web users from network attackers, but real-world deployments must cope with misconfigured servers, causing imperfect web sites and users to compromise browsing sessions inadvertently. ForceHTTPS is a simple browser security mechanism that web sites or users can use to opt in to stricter error processing, improving the security of HTTPS by preventing network attacks that leverage the browser's lax error processing. By augmenting the browser with a database of custom URL rewrite rules, ForceHTTPS allows sophisticated users to transparently retrofit security onto some insecure sites that support HTTPS. We provide a prototype implementation of ForceHTTPS as a Firefox browser extension.

April 23rd, 2008

Emerging Fraud Trends at Internet Speeds
  • Speaker: Ori Eisen (pdf), 41st Parameter
  • Abstract: In the rapidly expanding and ever-changing world of Card-Not-Present fraud, five key emerging trends pose the greatest risk to Internet retailers today. Join Ori Eisen, as he takes you step-by-step through the tactics behind these devastating schemes and how to identify and react to minimize impact to your bottom line.

April 30th, 2008


A Layered Architecture for Detecting Malicious Behaviors
  • Speaker: Liz Stinson
  • Abstract: We build on previous research which characterized the remote- control behavior of malicious bots by identifying system call invocations on data received over the network. Our current research explores the feasibility of correlating system calls in order to identify high-level, semantically meaningful actions, such as "proxying", "keystroke logging", "data leaking", and "downloading and executing a program". Our system consists of three components: behavior specifications, a system-wide emulator, and a behavior matcher.

    We specify high-level behaviors through a hierarchy of manually constructed system-call dependence graphs with constraints on the calls' ordering and arguments. Our collection of graphs constitutes a behavior specification language with which novel, high-level behaviors can be easily described. The emulator monitors process execution, performing fine-grained, instruction-level data-flow analysis, and generates a stream of events, which the behavior matcher attempts to match to the provided specifications.

    To assess our graphs' coverage of semantically equivalent but programmatically different execution paths, we ran eleven benign programs within our monitoring framework and performed matching against a set of behavior graphs corresponding to innocuous actions. In all cases the benign programs matched the expected specifications. We then tested these benign programs and seven malicious bots against seven specifications corresponding to malicious behaviors and obtained low false positives and no false negatives.    www.securitylunch.com - Stanford Security Lunch Spring 2008 - edit
  • Joint work with: Lorenzo Martignoni, Matt Fredrikson, Somesh Jha, and John C. Mitchell

May 7th, 2008


Attacks on HB Authentication Protocols
  • Speaker: Leo Ducas
  • Abstract: With the ubiquitous deployment of programmable RFID tags in applications such as supply-chain management and passports, privacy concerns dictate the need to authenticate RFID tags. To this end, Hopper and Blum introduced the HB protocol, the security of which is based on the learning parity with noise (LPN) problem, which is NP-Hard.

    In the HB protocol, the tag and the reader have a 64-bit shared secret S. The reader transmits a challenge bitstring q to the tag, which performs a bit-wise AND of q and S then computes the parity p of the resulting bitstring. If the tag transmitted p then a passive attacker could learn the value of S given some number of <q,p> tuples. Consequently, the tag will obtain r by flipping p with some probability ε then transmit r to the reader. After n iterations, the reader will accept the tag only if the tag's responses have approximately (n *     ε) errors. The flipping of parity bits is referred to as injecting noise and imposes substantial computational complexity for the passive adversary.

    An active attacker, however, can repeatedly send the same q to the tag and obtain the likely corresponding p by taking the majority of the tag's outputs (given     ε < 0.5). Hence, the HB protocol is not secure against active attacks. Derivations such as HB+, HB++, and HB# have been introduced to address this limitation. I will first present general ideas for performing noise reduction on all noise-based protocols, then show an attack on the most recent HB derivation, HB#.

May 14th, 2008

  • Joint work with:

May 21st, 2008

May 28th, 2008

  • Joint work with:

June 4th, 2008

  • Speaker:
  • Abstract:
  • Joint work with:

Related Links