archive-edu.com » EDU » C » COLUMBIA.EDU

Total: 442

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • SMBlog -- 24 November 2015
    2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 Why I Wrote Thinking Security 24 November 2015 I have a new book out Thinking Security Stopping Next Year s Hackers There are lots of security books out there today why did I think another was needed Two wellsprings nourished my muse The desire for that sort of poetic imagery was not among them The first was a deep rooted dissatisfaction with common security advice This common wisdom I use the word advisedly often seemed to be outdated Yes it was the distillation of years of conventional wisdom but that was precisely the problem the world has changed the advice hasn t Consider for example passwords and that specifically was the other source of my discomfort We all know what to do pick strong passwords don t reuse them don t write them down etc That all seems like very sound advice but it comes from a 1979 paper by Morris and Thompson The world was very different then Many people were still using hard copy electromechanical terminals people had very few logins and neither defenders nor attackers had much in the way of computational power None of that is true today Maybe the advice was still sound or maybe it wasn t but very few people seemed to be questioning it In fact the requirement was embedded in very static checklists that sites were expected to follow Suppose that passwords are in fact terminally insecure What the alternative The usual answer is some form of two factor authentication Is that secure Or is two factor authentication subject to its own problems If it s secure today will it remain secure tomorrow Computer technology is an extremely dynamic field not only does the technology change the applications and the threats change as well Let s put it like this why should you expect the answers to any of these questions to remain the same The only solution I concluded was to go back to first principles What were the fundamental assumptions behind security It turns out that for passwords the main reason you need strong passwords is if a site s password database is compromised In other words a guessed password is the second failure if the first could be avoided the second isn t an issue But if a site can t protect a password file can it protect some other sort of authentication database That doesn t seem likely What does that mean for the security of other forms of authentication Threats also change 21 years ago when Bill Cheswick and I wrote Firewalls and Internet Security no one was sending phishing emails to collect bank account passwords Of course there were no online banks then there was barely a Web but that s precisely the point I eventually concluded that threats could be mapped along two axes how skilled the attacker was and how much your site was being targeted Your defenses

    Original URL path: https://www.cs.columbia.edu/~smb/blog/2015-11/2015-11-24.html (2016-02-17)
    Open archived version from archive

  • SMBlog -- 15 October 2015
    2007 September 2007 August 2007 July 2007 June 2007 I m Shocked Shocked to Find There s Cryptanalysis Going On Here Your plaintext sir 15 October 2015 There s been a lot of media attention in the last few days to a wonderful research paper on the weakness of 1024 bit Diffie Hellman and on how the NSA can and possibly does exploit this People seem shocked about the problem and appalled that the NSA would actually exploit it Neither reaction is right In the first place the limitations of 1024 bit Diffie Hellman have been known for a long time RFC 3766 published in 2004 noted that a 1228 bit modulus had less than 80 bits of strength That s clearly too little Deep Crack cost 250 000 in 1997 and cracked a 56 bit cipher Straight Moore s Law calcuations takes us to 68 bits we can get to 78 bits for 250 million and that s without economies of scale better hardware better math etc Frankly the only real debate in the cryptographic community and I mean the open community not NIST or the NSA is whether 2048 bits is enough or if people should go to 3072 or even 4096 bits This is simply not a suprise That the NSA would exploit something like this assuming that they can is even less surprising They re a SIGINT and cryptanalysis agency that s their job Tell me that you don t think that SIGINT is ethical shades of Stimson s gentlemen do not read each other s mail but that the NSA would cryptanalyze traffic of interest is even less of a surprise than that 1024 bit Diffie Hellman is crackable There s also been unhappiness that IPsec uses a small set of Diffie Hellman moduli Back

    Original URL path: https://www.cs.columbia.edu/~smb/blog/2015-10/2015-10-15.html (2016-02-17)
    Open archived version from archive

  • SMBlog -- 7 July 2015
    June 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 Keys under the Doormat 7 July 2015 To those of us who have worked on crypto policy the 1990s have become known as the Crypto Wars The US government tried hard to control civilian use of cryptography They tried to discourage academic research restricted exports of cryptographic software and most memorably pushed something called escrowed encryption a scheme wherein the government would have access to the short term keys used to encrypt communications or stored files The technical community pushed back against all of these initiatives One side effect was that it got a number of computer scientists including me professionally involved in policy issues Quite apart from privacy and civil liberties issues there were technical issues we needed strong cryptography to protect the Internet compatibility meant that it had to be available world wide and simplicity was critical Why Most security problems are due to buggy code increasing the complexity of a system always increases the bug rate Eventually the government gave up The need for strong crypto had become increasingly obvious non US companies were buying non US products and no one wanted escrowed encryption Apart from the fact that it didn t do the job it did increase complexity as witnessed by the failure of one high profile system There were many papers and reports on the subject I joined a group of very prominent security and cryptography experts besides me Hal Abelson Ross Anderson Josh Benaloh Matt Blaze Whitfield Diffie John Gilmore Peter G Neumann Ronald L Rivest Jeffrey I Schiller and Bruce Schneier that wrote one in 1997 The question of strong cryptography appeared to be settled 15 years ago but

    Original URL path: https://www.cs.columbia.edu/~smb/blog/2015-07/2015-07-07.html (2016-02-17)
    Open archived version from archive

  • Alfred V. Aho's webpage
    of the Crosscutting Concern Problem Research Interests Programming languages compilers algorithms software engineering quantum computing Publications and Citations on Google Scholar Recent Invited Talks Teaching Compilers SIGCSE 2010 The Quintessential Questions of Computer Science Bell Labs Murray Hill NJ June 22 2011 C the Enduring Legacy of Dennis Ritchie Dennis Ritchie Tribute at Bell Labs September 7 2012 Text of talk Computational Thinking NEC 2013 Programming Languages and Compilers for

    Original URL path: http://www.cs.columbia.edu/~aho/ (2016-02-17)
    Open archived version from archive

  • Peter K. Allen
    and the Ph D in Computer Science from the University of Pennsylvania where he was the recipient of the CBS Foundation Fellowship Army Research Office fellowship and the Rubinoff Award for innovative uses of computers His current research interests include robotic grasping 3 D vision and modeling and medical robotics In recognition of his work Professor Allen has been named a Presidential Young Investigator by the National Science Foundation Columbia

    Original URL path: http://www.cs.columbia.edu/~allen/ (2016-02-17)
    Open archived version from archive

  • Steven M. Bellovin
    0140 Twitter SteveBellovin Blog Blog 454 Computer Science Building Department of Computer Science Columbia University 500 West 120th St M C 0401 New York NY 10027 7003 Teaching Spring 16 W3410 Computers and Society Previous Semesters Research interests Networks security privacy and related public policy issues Spring 2016 office hours Monday 4 00 5 00 Tuesday 3 00 4 00 Links My research group at Columbia About me Systems Security

    Original URL path: https://www.cs.columbia.edu/~smb/ (2016-02-17)
    Open archived version from archive


  • Yael Kalai Interactive Coding for Interactive Proofs TCC 2016 with Yevgeniy Dodis PDF Bilinear Entropy Expansion from the Decisional Linear Assumption CRYPTO 2015 with Lucas Kowalczyk PDF Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption FOCS 2015 with Craig Gentry Amit Sahai and Brent Waters PDF A Profitable Sub Prime Loan Obtaining the Advantages of Composite Order in Prime Order Bilinear Groups PKC 2015 with Sarah Meiklejohn PDF Witness Encryption from Instance Independent Assumptions CRYPTO 2014 with Craig Gentry and Brent Waters PDF Why Proving HIBE Systems Secure is Difficult Eurocrypt 2014 with Brent Waters PDF On the Complexity of Asynchronous Agreement Against Powerful Adversaries PODC 2013 with Mark Lewko arXiv Dual Form Signatures An Approach for Proving Security from Static Assumptions ASIACRYPT 2012 with Michael Gerbush Adam O Neill and Brent Waters PDF Formulas Resilient to Short Circuit Errors FOCS 2012 with Yael Kalai and Anup Rao PDF New Proof Methods for Attribute Based Encryption Achieving Full Security through Selective Techniques CRYPTO 2012 with Brent Waters PDF Tools for Simulating Features of Composite Order Bilinear Groups in the Prime Order Setting Eurocrypt 2012 PDF Detecting Dangerous Queries A New Approach for Chosen Ciphertext Security Eurocrypt 2012 with Susan Hohenberger and Brent Waters PDF Bounded Collusion IBE from Key Homomorphism TCC 2012 with Shafi Goldwasser and David A Wilson Storing Secrets on Continually Leaky Devices FOCS 2011 with Yevgeniy Dodis Brent Waters and Daniel Wichs PDF The Contest Between Simplicity and Efficiency in Asynchronous Byzantine Agreement DISC 2011 arXiv How to Leak on Key Updates STOC 2011 with Mark Lewko and Brent Waters PDF Decentralizing Attribute Based Encryption Eurocrypt 2011 with Brent Waters PDF Unbounded HIBE and Attribute Based Encryption Eurocrypt 2011 with Brent Waters PDF Achieving Leakage Resilience Through Dual System Encryption TCC 2011 with Yannis Rouselakis and Brent

    Original URL path: http://www.cs.columbia.edu/~allison/ (2016-02-17)
    Open archived version from archive

  • Office Hours
    room 703 Schapiro CEPSR Tuesdays and Thursdays from 3 00pm to 5 00pm and Fridays from 2 00pm to 3 00pm These hours begin Tuesday September 8th and run through Friday December 18th There will be no office hours on

    Original URL path: http://www.cs.columbia.edu/~pblaer/oh.html (2016-02-17)
    Open archived version from archive