Search For:

Displaying 1-17 out of 17 total
Signaling Vulnerabilities in Wiretapping Systems
Found in: IEEE Security and Privacy
By Micah Sherr, Eric Cronin, Sandy Clark, Matt Blaze
Issue Date:November 2005
pp. 13-25
Many law enforcement wiretap systems are vulnerable to simple, unilateral countermeasures that exploit the unprotected in-band signals passed between the telephone network and the collection system. <p>This article describes the problem as well as so...
Decentralized Trust Management
Found in: Security and Privacy, IEEE Symposium on
By Matt Blaze, Joan Feigenbaum, Jack Lacy
Issue Date:May 1996
pp. 0164
We identify the trust management problem as a distinct and important component of security in network services. Aspects of the trust management problem include formulating security policies and security credentials, determining whether particular sets of c...
Going Bright: Wiretapping without Weakening Communications Infrastructure
Found in: IEEE Security & Privacy
By Steven M. Bellovin,Matt Blaze,Sandy Clark,Susan Landau
Issue Date:January 2013
pp. 62-72
Mobile IP-based communications and changes in technologies, including wider use of peer-to-peer communication methods and increased deployment of encryption, has made wiretapping more difficult for law enforcement, which has been seeking to extend wiretap ...
Taking Surveillance Out of the Shadows
Found in: IEEE Security and Privacy
By Matt Blaze
Issue Date:September 2009
pp. 75-77
Wiretapping and surveillance are often covered by veils of secrecy that intelligence and law enforcement agencies reflexively apply to what they consider their most sensitive operations. Unfortunately, when the veils are lifted, we frequently discover that...
Dynamic Trust Management
Found in: Computer
By Matt Blaze, Sampath Kannan, Insup Lee, Oleg Sokolsky, Jonathan M. Smith, Angelos D. Keromytis, Wenke Lee
Issue Date:February 2009
pp. 44-52
Trust management forms the basis for communicating policy among system elements and demands credential checking for access to all virtual private service resources—along with careful evaluation of credentials against specified policies—before a party can b...
Risking Communications Security: Potential Hazards of the Protect America Act
Found in: IEEE Security and Privacy
By Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, Peter G. Neumann, Jennifer Rexford
Issue Date:January 2008
pp. 24-33
A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trus...
Rights Amplification in Master-Keyed Mechanical Locks
Found in: IEEE Security and Privacy
By Matt Blaze
Issue Date:March 2003
pp. 24-32
<p>This article examines mechanical lock security from a computer-science and cryptology perspective, focusing on new and practical attacks for amplifying rights in master-keyed mechanical pin tumbler locks.</p>
Practicality of accelerometer side channels on smartphones
Found in: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)
By Adam J. Aviv, Benjamin Sapp, Jonathan M. Smith, Matt Blaze
Issue Date:December 2012
pp. 41-50
Modern smartphones are equipped with a plethora of sensors that enable a wide range of interactions, but some of these sensors can be employed as a side channel to surreptitiously learn about user input. In this paper, we show that the accelerometer sensor...
Key escrow from a safe distance: looking back at the Clipper Chip
Found in: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11)
By Matt Blaze
Issue Date:December 2011
pp. 317-321
In 1993, the US Government proposed a novel (and highly controversial) approach to cryptography, called key escrow. Key escrow cryptosystems used standard symmetric- and public- key ciphers, key management techniques and protocols, but with one added featu...
Familiarity breeds contempt: the honeymoon effect and the role of legacy code in zero-day vulnerabilities
Found in: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10)
By Jonathan Smith, Matt Blaze, Sandy Clark, Stefan Frei
Issue Date:December 2010
pp. 251-260
Work on security vulnerabilities in software has primarily focused on three points in the software life-cycle: (1) finding and removing software defects, (2) patching or hardening software after vulnerabilities have been discovered, and (3) measuring the r...
Application containers without virtual machines
Found in: Proceedings of the 1st ACM workshop on Virtual machine security (VMSec '09)
By Matt Blaze, Micah Sherr
Issue Date:November 2009
pp. 39-42
This position paper introduces lightweight cryptographic jails (CryptoJails) that protect the privacy of application data by intercepting write accesses and redirecting them to encrypted application containers. CryptoJails ensure that application data (for...
Can they hear me now?: a security analysis of law enforcement wiretaps
Found in: Proceedings of the 16th ACM conference on Computer and communications security (CCS '09)
By Eric Cronin, Gaurav Shah, Matt Blaze, Micah Sherr, Sandy Clark
Issue Date:November 2009
pp. 512-523
Although modern communications services are susceptible to third-party eavesdropping via a wide range of possible techniques, law enforcement agencies in the US and other countries generally use one of two technologies when they conduct legally-authorized ...
QuanTM: a quantitative trust management system
Found in: Proceedings of the Second European Workshop on System Security (EUROSEC '09)
By Adam J. Aviv, Andrew G. West, Insup Lee, Jian Chang, Jonathan M. Smith, Matt Blaze, Oleg Sokolsky, Sampath Kannan, Vinayak S. Prabhu
Issue Date:March 2009
pp. 28-35
Quantitative Trust Management (QTM) provides a dynamic interpretation of authorization policies for access control decisions based on upon evolving reputations of the entities involved. QuanTM, a QTM system, selectively combines elements from trust managem...
Efficient, DoS-resistant, secure key exchange for internet protocols
Found in: Proceedings of the 9th ACM conference on Computer and communications security (CCS '02)
By Angelos D. Keromytis, John Ioannidis, Matt Blaze, Omer Reingold, Ran Canetti, Steven M. Bellovin, William Aiello
Issue Date:November 2002
pp. 48-58
We describe JFK, a new key exchange protocol, primarily designed for use in the IP Security Architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a number of novel engineering parameters that permit a var...
Protocol failure in the escrowed encryption standard
Found in: Proceedings of the 2nd ACM Conference on Computer and communications security (CCS '94)
By Matt Blaze
Issue Date:November 1994
pp. 59-67
The Escrowed Encryption Standard (EES) defines a US Government family of cryptographic processors, popularly known as “Clipper” chips, intended to protect unclassified government and private-sector communications and data. A basic feature of ke...
A cryptographic file system for UNIX
Found in: Proceedings of the 1st ACM conference on Computer and communications security (CCS '93)
By Matt Blaze
Issue Date:November 1993
pp. 9-16
Although cryptographic techniques are playing an increasingly important role in modern computing system security, user-level tools for encrypting file data are cumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (...
Tapping on my network door
Found in: Communications of the ACM
By Matt Blaze, Steven M. Bellovin
Issue Date:January 1988
pp. 136
The online Risks Forum has long been a hotbed for discussions of the relative merits of openness relating to the dissemination of knowledge about security vulnerabilities. The debate has now been rekindled, and is summarized here.