CONIKS: A Privacy-Preserving Consistent Key Service for Secure End-to-End Communication, by Marcela S. Melara and Aaron Blankstein and Joseph Bonneau and Michael J. Freedman and Edward W. Felten
Recent revelations about government surveillance have significantly
increased the demand for end-to-end secure communications. However, key management remains a major barrier to adoption. Current
systems are often either vulnerable to a malicious or coerced key directory or they make unrealistic assumptions about user behavior,
for example, that users will verify key fingerprints out of band.
We present CONIKS, a system that provides automated key management for end users capable of seamless integration into existing secure messaging applications. In CONIKS, key servers maintain consistent directories of username-to-public key bindings that
allow participants to detect any equivocation or unexpected key
changes by malicious key servers. CONIKS also preserves user\'s
privacy by ensuring that adversaries cannot harvest large numbers
of usernames from the directories. Our prototype chat application
extends the Off-the-Record Messaging plug-in for Pidgin. A single
commodity server can support up to 10 million users and clients
need only download less than 100 kB per day of additional data.
Assistant Professor in Computer Science with Specialization in Computer Security, KTH Royal Institute of Technology
The Department of Theoretical Computer Science (the TCS group) at the School of Computer Science and Communication (CSC) invites applications for a full-time tenure-track assistant professor in Computer Science with specialization in Computer Security, starting in the second half of 2015.
The TCS group has a strong academic record and good external funding from EU and national sources. There is active research in foundational topics such as complexity theory, logic, and formal methods, as well as more applied ones such as computer security, cryptography, programming languages, databases, natural languages, and computer science education. Within computer security, research topics include software security and secure execution platforms, network security and privacy preserving computation, and cryptography, in particular in the foundations of electronic voting.
For more information about KTH, the CSC school, and the TCS group visit www.kth.se, www.csc.kth.se, www.csc.kth.se/tcs.
For full information about the position, requirements, and the application procedure visit
PhD Student, Worcester Polytechnic Institute, United States
The Vernam Lab at WPI in Worcester, MA has two open PhD positions in applied cryptography and side channel analysis.
Candidates should have a degree in electronics, computer science or applied mathematics, with strong interest in algorithms and signal processing. Prior experience in side channel analysis and embedded software or hardware design is an asset.
We offer a competitive salary and an international cutting-edge research program in an attractive working environment. WPI is one of the highest-ranked technical colleges in the US. Located in the greater Boston area, it maintains close interaction with many of the nearby universities and companies.
Post-Doc, Université Libre de Bruxelles
Applications are invited for a three-years Post-Doc position in the Quality and Computer Security research Lab (http://qualsec.ulb.ac.be) of the Université Libre de Bruxelles.
In the framework of a research project in machine learning and computer security and in collaboration with the Machine Learning Group of the Université Libre de Bruxelles and the Machine Learning Group of the Université Catholique de Louvain, the successful applicant will work on the use of machine learning techniques in the design of secure architectures.
Christophe Tartary: Authentication for Multicast Authentication
Name: Christophe Tartary
Topic: Authentication for Multicast Authentication
Multicast communication enables the distribution of digital content from a single source to a large audience via a public channel such as the Internet. Broadcasting has applications in sensor networks, pay-TV, software updates and military defense systems to name a few. As these applications will distribute private or sensitive information, multicast protocols must provide data origin authentication as well as data confidentiality. In this thesis, we focus our investigations on ensuring authentication of the data source.
Large-scale broadcasts normally do not repeat lost contents since the loss of any piece of data could generate a prohibitive number of redistribution requests at the sender. In addition, the communication channel can be under the control of adversaries performing malicious actions on the data stream. Thus, the security of authentication protocols relies on two aspects: the opponents' computational powers and the network properties. Cryptographic protocols without a security proof cannot be considered as secure in practice as many constructions originally thought secure were successfully broken. Many unconditionally secure schemes were designed. Unfortunately their optimal security is at the cost of a large storage requirement or a one-time use which makes these constructions unsuitable for practical applications. In this work, we assume that the adversaries have polynomially bounded computational powers.
The purpose of this thesis is to design provable secure protocols providing non-repudiation of the origin of a data stream over an unsecured communication channel. We will emphasize that our constructions provide practical solutions to the stream authentication problem, i.e. the requirements of provable security are compatible with the settings of broadcasting.[...]
Postdoc, Microsoft Research
I wanted to bring your attention to the availability of post-doc research positions at MSR Cambridge.
The Constructive Security team within Programming Principles and Tools devises formal techniques and models for understanding cryptographic primitives, protocols and security critical systems, and develops related implementation technology. Our approach is informed by code-based cryptographic reasoning as well as cutting-edge language-based security and program verification. We are looking for exceptional postdoctoral research candidates to join our vibrant research community.
MSR Cambridge: http://research.microsoft.com/en-us/labs/cambridge/
Programming Principles and Tools: http://research.microsoft.com/ppt
Constructive Security: http://research.microsoft.com/security
To apply for a post-doc position, use the tool here: http://research.microsoft.com/en-us/jobs/fulltime/apply_researcher.aspx
The deadline for completed applications and references is January 5 – do start early so your referees can upload their letters in time.
It’s a good idea to drop me (markulf (at) microsoft.com) or Cedric (fournet (at) microsoft.com) an email too, to let us know you plan to apply.