weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, April 22, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Stefan Savage

Title: Spamalytics: Exploring the Technical and Economic
Underpinnings of Bulk E-mail Scams

Abstract:   When asked why he robbed banks, Willie Sutton famously responded, “Because that’s where the money is”.  Today, the same sentiment is widely applied to the Internet as well.  The tremendous growth of on-line commerce has made Internet users, their computers and their data a valuable target for criminal actors.  However, in spite of the fact that virtually all on-line crime is economically motivated, the underlying economics are poorly understood and even more poorly quantified.  In this talk I will explore this issue in the context of spam-based advertising, a business whose “return-on- investment” depends both on delivery technology and consumer appetites.  While the security community has traditionally focused on the former issue, producing an arms race between spammer and anti- spammer, the the other half of the spam value proposition is the “conversion rate” — the probability that an unsolicited e-mail will ultimately elicit a “sale”.  In this talk, I will describe a methodology for using parasitic botnet infiltration to empirically infer the delivery and conversion rates of spam campaigns.  I will present a preliminary analysis of over 400 million instrumented spam e-mails across two campaigns and quantify the underlying processes that modulate profits.

Bio: Stefan Savage is an associate professor of Computer Science and Engineering at the University of California, San Diego. He received his Ph.D. in Computer Science and Engineering from the University of Washington and a B.S. in Applied History from Carnegie-Mellon University.  Savage’s research interests lie at the intersection of operating systems, networking and computer security and he currently serves as director of the Cooperative Center for Internet Epidemiology and Defenses (CCIED), a joint effort between UCSD and the International Computer Science Institute.  Savage is a fairly down-to-earth guy and only writes about himself in the third person when asked.

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, April 15, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Mike Collins

Title: Its The Hackers’ World, and We Just Live Here: The Pragmatics of Network Defense

Abstract: In 2002, several colleagues and I wanted to get a couple weeks of network traffic traces in order to study user behaviors in react to public holidays. That research effort led to the CENTAUR capability, used by the DoD to monitor its internal networks to this day.

Intrusion detection systems historically have relied on an implicit
assumption that attacks are rare and targeted specifically at
high-value targets. In this talk, I intend to discuss how those
assumptions hold up against the data collected from watching a very large network for the past five years over 150 million+ IP addresses.

On the whole, the results are not heartening: several protocols have been effectively abandoned due to worm traffic, and anomaly detection technology is drowned in a constant flood of garbage data and failed attacks. The constant stream of garbage traffic and the ease with which new attacks are injected into the system bring up serious questions about the viability of endpoint defenses. Conversely, evidence exists to suggest that bad actors appear persistently in specific locations, the most notable recent example being the McColo
shutdown.

In my talk, I will discuss the impact of attacks on the training, use and application of anomaly detection mechanisms, as well as the potential impact of shutdowns and takedowns. The question we now face is whether we want to aggressively shut and take down hostile actors – how to develop judgments for doing so, and whether this is a path we want to take.

We never did figure out how users react to public holidays.

Bio:
Michael Collins is the chief scientist for RedJack, LLC., a Network
Security and Data Analysis company located in the Washington
D.C. area. Prior to his work at RedJack, Dr. Collins was a member of the technical staff at the CERT/Network Situational Awareness group at Carnegie Mellon University. His primary focus is on network instrumentation and traffic analysis, in particular on the analysis of large datasets and the impact of distributed attacks on Internet infrastructure.

Dr. Collins graduated with a PhD in Electrical Engineering from
Carnegie Mellon Univeristy in 2008, he holds Master’s and Bachelor’s Degrees from the same institution. In his spare time, he enjoys talking about himself in the third person.

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, April 8, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speakers : Stuart Schechter (Microsoft)  and Serge Egelman (CMU)

Title:   Paying people to buy vibrators and lie to their spouse’s friends. Two short talks on the latest social science results in online security and privacy

Abstract:   Many commerce websites post privacy policies to address Internet shoppers’ privacy concerns, but few users read or understand them.

Serge Egelman will present the results of a laboratory study in which researchers asked users to purchase items — some highly privacy-sensitive – to determine whether the timing and placement of online privacy indicators impacted browsing and purchasing decisions.

We’ll then change topics from privacy to authentication.  When a user forgets the password to an online account, she can use a backup authentication mechanism to regain access—or at least try.  The most popular backup authentication mechanisms in use today – alternate email addresses and ’secret’ questions – are too likely to reject legitimate account holders or are susceptible to guessing by imposters.  Stuart Schechter will introduce a new backup authentication mechanism, describe the methodology used to test its reliability and security against social engineering attacks, and present results.

Bios:

Serge Egelman is a PhD student within Carnegie Mellon’s School of Computer Science and a member of the CyLab Usable Privacy and Security Laboratory.  Serge is primarily interested in improving user interactions with security software.  To give some examples, he has worked on designing intuitive online security warnings, accessible privacy policies, and safer authentication systems.  Serge’s hobbiesinclude graduating and applying for jobs.

Stuart Schechter is a man of few accomplishments and so, the reluctant reader should be pleased to hear, his biography is correspondingly short.  Stuart has worked on systems security, security economics, and has spent the last few years developing and applying new methodologies for measuring users’ security behavior.  Since joining Microsoft Research, Stuart has focused on building and measuring the efficacy of new mechanisms for backup authentication and on projects that simplify and streamline permissioning.  Stuart received his B.S. from Ohio State, Ph.D. from Harvard’s School of Engineering and Applied Sciences, and previously worked at MIT Lincoln Laboratory.  While in Cambridge, Stuart spent nine years as a Resident Tutor in Leverett House.

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, April 1, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Katie Shilton

Title:  Participating in Privacy: Enabling Disclosure and Discretion in Mobile Sensing

Abstract: Mobile sensing harnesses mobile phone capabilities, such as location awareness, image capture, motion sensitivity, and user input, to create a platform for individual discovery and community exploration. Transforming mobile phones into ubiquitous systems for data capture and analysis poses challenges both technical and social. Among these challenges is empowering users to understand and control their data as they sense and share information at unprecedented granularity and scale.

At the Center for Embedded Networked Sensing, we are developing the Personal Data Stream (PDS) architecture. The architecture positions participants as the central decision-makers in mobile sensing. To enable and encourage participant decisions about data collection and sharing, our project proposes three design principles for the PDS architecture: participant primacy, longitudinal engagement, and legibility of data. Making this architecture successful requires three complementary social structures: vigorous public discussion and debate, transparency of data analysis services, and a legal privilege for raw location data. I demonstrate how the resulting sensing infrastructure can increase personal control over, and engagement with, data using an example of a mobile sensing application, the Personal Environmental Impact Report (PEIR).

Bio: Katie Shilton is a doctoral student in Information Studies in the Graduate School of Education & Information Studies at the University of California, Los Angeles. She coordinates a project with the Center for Embedded Networked Sensing (CENS) exploring and responding to privacy and ethical challenges raised by ubiquitous sensing technologies. Before joining CENS, Katie worked on privacy research with faculty in UCLA’s Department of Information Studies. She received a B.A. from Oberlin College in 2003 and a Masters of Library and Information Science from UCLA in 2007. Her work is supported by a grant from the NSF Ethics Education in Science and Engineering program (IIS-0832873).

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, March 18, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Paul Ohm

Title: The Probability Of Privacy

Abstract: Nearly every data privacy regulation separates information into two categories: sensitive and non-sensitive. Often, the rules dole out special treatment for those who transform sensitive into non-sensitive information through anonymization—the elimination of personal identifiers like names and social security numbers. For example, to satisfy regulators, Google anonymizes data in its search query database after nine months and health researchers aggregate statistics before publishing them.

Two recent, newsworthy events have upended our understanding of the privacy-protecting power of anonymization. America Online and Netflix each released millions of anonymized records containing the secrets of hundreds of thousands of users. In both cases, to the surprise of all, researchers were able to “deanonymize” or “reidentify” some of the people in the data with ease.

In part by studying these events, Computer Scientists have recently taken giant strides in developing theories of anonymization and reidentification. Through this research, none of which has been rigorously imported into legal scholarship until now, they have concluded that the utility and anonymity of data are connected. The only way to anonymize a database perfectly is to strip all of the information from it, and any database which is useful is also imperfectly anonymous. This profoundly important result will do no less than reshape every privacy law and regulation and revolutionize every privacy-related policy debate.

Bio: Paul Ohm joined the faculty of the University of Colorado Law School in 2006. He specializes in computer crime law, information privacy, criminal procedure, and intellectual property.

Prior to joining Colorado Law he worked for the U.S. Department of Justice’s Computer Crime and Intellectual Property Section as an Honors Program trial attorney. Professor Ohm is a former law clerk to Judge Betty Fletcher of the U.S. Ninth Circuit Court of Appeals and Judge Mariana Pfaelzer of the U.S. District Court for the Central District of California. He attended the UCLA Law School where he served as Articles Editor of the UCLA Law Review and received the Benjamin Aaron and Judge Jerry Pacht prizes. Prior to law school, he worked for several years as a computer programmer and network systems administrator, and before that he earned undergraduate degrees in computer science and electrical engineering.

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, March 11, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speaker: Scott Dynes, Dartmouth

Title: Information Security and Critical Infrastructure Resiliency: Results From Field Studies

Abstract: It’s no surprise that some firms are better at managing information risk than other firms. What is a surprise is that firms that should do well don’t. This talk will present field studies of information risk management (IRM) efforts at a hospital, within and across members of the retail grocer food supply network, and other firms. Issues to be discussed in the context of the results include the internal motivation for pursuing IRM efforts, the potential societal impact from doing poorly, and why some firms seem to be better at IRM than others.

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, March 4, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Tal Moran (CRCS Harvard)

Title: Shuffle-Sum: Coercion-Resistant Verifiable Tallying for STV Voting

Abstract: There are many advantages to voting schemes in which voters rank all candidates in order, rather than just choosing their favorite. However, these schemes inherently suffer from a coercion problem when there are many candidates, because a coercer can demand a certain permutation from a voter and then check whether that permutation appears during tallying.Recently developed cryptographic voting protocols allow anyone to audit an election (universal verifiability), but existing systems are either not applicable to ranked voting at all, or reveal enough information about the ballots to make voter coercion possible.

We solve this problem for the popular single transferable vote (STV) ranked voting system (used in Australia, Ireland, Malta and in Cambridge, MA, among others), by constructing an algorithm for the verifiable tallying of encrypted votes. In the talk I will describe this algorithm, along with all the necessary background about cryptographically verifiable elections, the STV voting system and voter coercion problems.

Bio: Tal Moran is interested in employing ideas and techniques from theoretical cryptography to design secure systems in the “real world”. Two examples, from Tal’s PhD thesis, are simple protocols for polling sensitive questions that maintain privacy for the responder (using physical envelopes or scratch-off cards), and protocols for human-verifiable, secure elections. These are backed by formal definitions and proofs, making the security assumptions and guarantees explicit, and implementations easier to verify. Tal completed his PhD at the Weizmann Institute of Science, under the supervision of Moni Naor, and his undergraduate and master’s degrees at Tel-Aviv University.

Watch Video

weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, February 25, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Alessandro Acquisti

Title:  Of Frogs and Herds: Behavioral Economics, Malleable Privacy Valuations, and Context-dependent Willingness to Divulge Personal Information

Abstract:  We investigate privacy valuations and decision making through the lenses of behavioral economics. Contrary to the assumption in much social science that people have stable, coherent preferences with respect to personal privacy, we find that privacy valuations (measured by willingness to trade-off personal information for monetary rewards) and concerns about privacy (measured by divulgence of private information) are highly sensitive to subtle, non-normative contextual factors. We report results from a number of experiments, one of which was designed to measure individual willingness to pay money to protect, and willingness to accept money to divulge, personal data; while others were designed to elicit or to suppress privacy concerns. This research raises questions about whether individuals are able to navigate in a self-interested fashion increasingly complex issues of privacy in modern information economies.

Bio: Alessandro Acquisti is an Assistant Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University, a member of Carnegie Mellon Cylab, and a fellow of the Ponemon Institute. His work investigates the economics and behavioral economics of privacy and information security. Prior to joining CMU Faculty, he researched with the Internet Ecologies group at the Xerox PARC labs in Palo Alto (as intern); with the Human-Centered Computing group at RIACS, NASA Ames Research Center (as visiting student); and at SIMS, UC Berkeley, where he received a Master and a Ph.D. in Information Systems in 2001 and 2003. He received a Master in Economics from Trinity College, Dublin, in 1999; and a Master in Econometrics and Mathematical Economics from the London School of Economics also in 1999. Alessandro has received national and international awards, including the 2005 PET Award for Outstanding Research in Privacy Enhancing Technologies and the 2005 IBM Best Academic Privacy Faculty Award. He is and has been member of the program committees of various international conferences and workshops, including ACM EC, PET, WEIS, ETRICS, WPES, LOCA, QoP, and the Ubicomp Privacy Workshop at Ubicomp. In 2007 he chaired the DIMACS Workshop on Information Security Economics and the WEIS Workshop on the Economics of Information Security. In 2008, he co-chaired the first Workshop on Security and Human Behavior with Ross Anderson, Bruce Schneier, and George Loewenstein. His research on the economics of privacy has been disseminated through journals (including Marketing Science, IEEE Security & Privacy, the Berkeley Law and Technology Journal, and the Journal of Comparative Economics), leading international conferences, book chapters, and, recently, a book (”Digital Privacy: Theory, Technologies, and Practices.” Auerbach, 2007). His findings have been featured in media outlets such as NPR Fresh Air, NBC, MSNBC.com, the Washington Post, the New York Times, and the New Scientist. His work has been funded by the National Science Foundation, the Humboldt Foundation, the National Aeronautics & Space Administration, Microsoft Corporation, as well as CMU CyLab and CMU Berkman Fund.

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, February 18, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119

Speaker: Latanya Sweeney

Title:  Capturing Fingerprints from a Hand Wave

Abstract: Imagine someone taking a picture of you as you wave in greeting and as a result they have a copy of your fingerprints. The market trend is for image resolution (measured in megapixels) and capture speed of over-the-counter digital cameras to increase, thereby enabling the fast capture of prints without subjects making any physical contact with devices or necessarily being aware of the capture.

In this talk, we look at new technology and devices my students and I created based on our scientific exploration of photographic contactless capture of fingerprints, palm prints, and hand geometry in order to achieve accurate capture quickly. The capture environment, which consists of constraints placed on lighting and background, may be structured (requiring insertion of hands into a box like device), semi-structured (controlling background and or lights without enclosing the hands), or unstructured (using naturally occurring locations with little or no concern to lighting or background). Under a grant from the National Institutes of Justice, my students and I have already constructed frontal capture prototypes in structured, semi-structured, and unstructured environments. Our devices can additionally be used to simultaneously capture the face, ear, and/or iris. In this talk, we will present these devices and explain the significant benefits they promise to law-enforcement, homeland security, and others. We will also briefly discuss implications to privacy, legal cases, and fingerprint matching.

BIO: Latanya Sweeney, PhD is an Associate Professor of Computer Science, Technology and Policy in the School of Computer Science at Carnegie Mellon University. She also founded and serves as the Director of the Data Privacy Lab, which works with real-world stakeholders to solve today’s privacy technology problems. Her work involves creating technologies and related policies with provable guarantees of privacy protection while allowing society to collect and share person-specific information for many worthy purposes. Her work has received awards from numerous organizations, including the American Psychiatric Association, the American Medical Informatics Association, and the Blue Cross Blue Shield Association. The American College of Medical Informatics inducted her as a Fellow in 2006. Dr. Sweeney received her PhD in computer science from the Massachusetts Institute of Technology in 2001. Her undergraduate degree in computer science was from Harvard University where she graduated cum laude. She joined the faculty of Carnegie Mellon as an Assistant Professor in 1998. She is the co-Director of the PhD Program in Computation, Organizations and Society at Carnegie Mellon and she is the Editor-in-Chief of the Journal of Privacy Technology. More information about Dr. Sweeney is available at her website privacy.cs.cmu.edu/people/sweeney/index.html.

Watch Video

The Center for Research on Computation and Society continues its
weekly lunch seminar:

CRCS Privacy and Security Lunch Seminar
Date: Wednesday, February 11, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 2nd Floor Lounge Area

Speaker: Sara “Scout” Sinclair

Title: Access Control as Risk Management

Abstract: Access control aims to provide the correct permissions to users of a computer system: if Alma can access resources that are not necessary to her job, she may (either willfully or accidentally) cause harm. Similarly, if Ben is denied legitimate access to resources, the resultant slowdown can pose additional cost to his organization. Much work has focused on access control for highly sensitive environments, such as the intelligence community, and on the formally provable assurances of such policies. Other work on Role-Based Access Control (RBAC) and Role Engineering has tried to address issues in the deployment and maintenance of access control systems, but important challenges remain for practitioners in investment banking, healthcare, and other industries. Looking beyond the expressive powers and provable characteristics of access policies, this talk casts access control as a problem of cost and risk management. Building on a number of case studies drawn from real organizations, we will consider the tradeoffs inherent to access control management, and identify specific costs and risks therein. We will also use this framework to examine a number of trends in access control research, and to argue for new approaches to these familiar problems.

Bio: Bio:Sara “Scout” Sinclair is a Ph.D. candidate in Computer Science at Dartmouth College, where she is a member of the PKI/Trust Laboratory and the Institute for Security, Technology and Society.  Her research interests are at the intersection of human organizations and secure computer systems; she focuses particularly on access control, system usability at the enterprise level, and information security management practice and policy.  During her dissertation research she has partnered extensively with the healthcare and investment banking industries, and collaborates with research colleagues in business, sociology, psychology, and law.  In 2008 she co-edited “Insider Attack and Cyber Security: Beyond the Hacker,” a volume in Springer’s Advances in Information Security series.

Scout received her B.A. in Computer Science and French from Wellesley College in 2004.  In addition to computer security, she is an informal student of graphic design, fiber arts, and aviculture.

Watch Video