Jefferson's Wheel

Our USENIX WebApps 2011 Paper is now available:

Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans. GuardRails: A Data-Centric Web Application Security Framework. 2nd USENIX Conference on Web Application Development (WebApps 2011). Portland, Oregon, 15-16 June 2011.

Abstract
Modern web application frameworks have made it easy to create powerful web applications. Developing a secure web application, however, still requires a developer to posses a deep understanding of security vulnerabilities and attacks. Even for experienced developers it is tedious, if not impossible, to find and eliminate all vulnerabilities. This paper presents GuardRails, a source-to-source tool for Ruby on Rails that helps developers build secure web applications. GuardRails works by attaching security policies defined using annotations to the data model itself. GuardRails produces a version of the input application that automatically enforces the specified policies. GuardRails helps developers prevent a myriad of security problems including cross-site scripting attacks and access control violations while providing a large degree of flexibility to support a range of policies and development styles.

Full paper (12 pages): [PDF]
GuardRails website

The first release of the GuardRails source code is now available at https://github.com/guardrails/guardrails. GuardRails was developed by Jonathan Burket, Patrick Mutchler, Michael Weaver, and Muzzammil Zaveri.

GuardRails is a web application framework that extends Ruby on Rails to provide automatic support for data-centric security policies. Developers add annotations to their data models to describe their security policies, and GuardRails performs a source-to-source transformation to enforce those policies throughout the application. There will be a paper at USENIX WebApps 2011, GuardRails: A Data-Centric Web Application Security Framework, available soon, that provides more details.

Our paper,

Faster Secure Two-Party Computation Using Garbled Circuits by Yan Huang, David Evans, Jonathan Katz, Lior Malka.

was accepted to USENIX Security. Yan will present the paper at the conference in San Francisco in August. If you would like an advance copy, email me and I will let you know when it is available.

Our paper on using lattice ciphers for low-power public-key encryption targeted to RFID tags is now available. Yu Yao will present the paper in Wuxi, China in April.

Yu Yao, Jiawei Huang, Sudhanshu Khanna, abhi shelat, Benton Highsmith Calhoun, John Lach, and David Evans. A Sub-0.5V Lattice-Based Public-Key Encryption Scheme for RFID Platforms in 130nm CMOS. 2011 Workshop on RFID Security (RFIDsec’11 Asia)
Wuxi, China. 6-8 April 2011.

Abstract: Implementing public-key cryptography on passive RFID tags is very challenging due to the limited die size and power available. Typical public-key algorithms require complex logical components such as modular exponentiation in RSA. We demonstrate the feasibility of implementing public-key encryption on low-power, low cost passive RFID tags to large-scale private identification. We use Oded Regev’s Learning-With-Error (LWE) cryptosystem, which is provably secure under the hardness assumption of classic lattice problems. The advantage of using the LWE cryptosystem is its intrinsic computational simplicity (the main operation is modular addition). We leverage the low speed of RFID application by using circuit design with supply voltage close to transistor threshold (V_t) to lower power. This paper presents protocols for using the LWE cipher to provide private identification, evaluates a design for implementing those protocols on passive RFID tags, and reports on simulation experiments that demonstrate the feasibility of this approach.

Full paper (19 pages): [PDF]

We’ve released our code and paper on efficient privacy-preserving biometric identification:

Yan Huang (University of Virginia), Lior Malka (Intel/University of Maryland), David Evans (University of Virginia), and Jonathan Katz (University of Maryland). Efficient Privacy-Preserving Biometric Identification. To appear in 18^th Network and Distributed System Security Conference (NDSS 2011), 6-9 February 2011. [PDF, 14 pages]

We present an efficient matching protocol that can be used in many privacy-preserving biometric identification systems in the semi-honest setting. Our most general technical contribution is a new backtracking protocol that uses the by-product of evaluating a garbled circuit to enable efficient oblivious information retrieval. We also present a more efficient protocol for computing the Euclidean distances of vectors, and optimized circuits for finding the closest match between a point held by one party and a set of points held by another. We evaluate our protocols by implementing a practical privacy-preserving fingerprint matching system.

Yan will present the paper at NDSS in February. The code for our system is available under the MIT open source license.

flickr cc: didbygraham

Yuchen Zhou will present a paper [PDF] on HTTP-only cookies and why it is so hard to deploy security technologies at Web 2.0 Security and Privacy (attached to the Oakland conference) on May 20.

HTTP-only cookies were introduced eight years ago as a simple way to prevent cookie-stealing through cross-site scripting attacks. Adopting HTTP-only cookies seems to be an easy task with no significant costs or drawbacks, but many major websites still do not use HTTP-only cookies. This paper reports on a survey of HTTP-only cookie use in popular websites, and considers reasons why HTTP-only cookies are not yet more widely deployed.

UVa Today has an article about our (myself, abhi shelat, John Lach, and Ben Calhoun) recent NSF Cybertrust grant on RFID security and privacy: U.Va. Team Receives $1 Million Grant To Improve RFID Security, by Brevy Cannon, 9 January 2009.

Some excerpts:

To address the problematic use of custom cryptography, the U.Va. research team will develop an encryption scheme that is relatively strong — providing some measure of privacy and security — but that can be implemented at almost zero cost by repurposing the meager hardware resources already available on common RFID tags. Providing a solution that adds virtually no cost is crucial, because these RFIDs are made by the billions, at such low costs (5 cents or less apiece) that there is no margin for any added expense.

…

The team is breaking new ground by using a holistic design approach that considers how all the various levels of the design — the hardware, the encryption algorithm and how it is used — work together, mindful of how an attacker will target the single weakest link in the design.

…

The research team hopes their research will forestall that possibility, enabling RFIDs to be used in countless ingenious applications not yet dreamt of, without sacrificing privacy and security in a Faustian bargain.

The story about Adrienne Felt’s Facebook privacy study made the list of UVA Today Most Popular Stories of 2008.

The University of Virginia Press has published a book, What Should I Read Next?: 70 University of Virginia Professors Recommend Readings in History, Politics, Literature, Math, Science, Technology, the Arts, and More edited by Jessica Feldman and Robert Stilling, University of Virginia Press, 2008.

The premise of the book is to collect essays from UVa professors that introduce their field to a general audience by recommending five books to read about it. I contributed an essay on computer science, How Computing Changes Thinking [HTML, PDF, 4 pages]. Here’s the blurb for the book:

What Should I Read Next? taps seventy University of Virginia professors in an array of fields for suggestions on how to satisfy this nagging intellectual curiosity. Each contributor recommends five titles that speak to their area of inquiry, providing both a general introduction and commentary on each selection. The results read like a series of personal tutorials: Larry Sabato considers how political power is acquired, used, and held onto; climatologist Robert E. Davis provides a timely navigation of global-warming literature; and Michael Levenson offers five ways to approach James Joyce’s Ulysses. Other topics include how computing changes thinking, the life and afterlife of slavery, understanding cities, and ecstatic poetry. The entries convey the contributors’ expertise but also, more importantly, the enthusiasm, the original kernels of curiosity, that drew these scholars to their life’s work.

Designed for the lifelong learner who wants to branch out from his or her own profession or discipline, these explorations–of art, science, history, technology, politics, and much more–offer an inspiring place to start.

UVa Today has an article about the book: Faculty Reading Recommendations May Guide Book Lovers, Oct 14, 2008.

Our upcoming USENIX Security Symposium paper is now available: Reverse-Engineering a Cryptographic RFID Tag by Karsten Nohl, David Evans, Starbug, and Henryk Plötz.

The paper describes the methods used to reverse engineering the encryption on the Mifare Classic RFID tag and some of the things we learned by doing it. Karsten Nohl will present the paper at the USENIX Security Symposium in San Jose on July 31.

Abstract

The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

Full paper (9 pages): [PDF] [HTML]