You are not just yourself

May 11th, 2017

Sometimes people feel powerless, like their individual action does not matter. That is not true, it matters tremendously and it is enormously powerful, I am going to explain one of the reasons why.

When you make a decision it is not just you making that decision, it is also people like you making the same decision for similar reasons. No one exists in isolation or acts alone, every individual is part of many overlapping, interconnected, and interdependent groups, most of which they are not even aware of. When you make a decision you make it based on how you think and what you know (consciously or not). Other people like you will be in similar situations and make the same decision, you make it together.

This means that every action you take does matter because it is not just you, it is people like you doing the same thing. Your individual action might be tiny, but your collective action might be huge. If the only thing stopping you is that you do not think it will make a difference because it is just you, then do it, if you do it then other people will too, if you do not then they will not. You have the responsibility to make the decision and to do the thing, but in doing it, you will not be alone.

There are lots of reasons to vote and this is only one of them, but you should.

There is a dark side to the fact that you are not just yourself, you are a community, and that is that if others control the inputs to your community and target them carefully for every group, then you are not yourself, you are theirs.

Think carefully, think twice, install an ad-blocker and make your decision.

 

Now that sounds horribly patronising, which it is, and so this academic is going to get off his ivory tower with his simplistic notions and go and do some work.

The pursuit of peace

June 28th, 2016

The primary purpose of the EU is peace in Europe (particularly between EU members). War is expensive and so the secondary purpose of economic prosperity is well served by the primary purpose.

The pursuit of peace makes he EU act in strange and seemingly inefficient ways: Parliament gets on a train and travels to a different country. Development teams are split in half with hundreds of miles between them. Research funding is contingent on moving to a different country or collaborations between institutions in multiple countries. All of which seems rather inefficient due to the overheads of travel and communication, at least when considering only the immediate purpose of each activity.

However, considering the pursuit of peace it makes perfect sense and is much more ‘efficient’. By mixing people up and having them experience different countries, barriers are broken down. It is much harder to dehumanise and demonise people you know well and are your friends. The EU tries to tie people from all its nations so tightly together with bonds of love and friendship (and commerce and mutual dependence) that they might never again go to war.

We could learn something from that within our own nation for addressing the deep divisions between our different regions and social groups.

We must also consider how we will actively and systematically pursue peace in Europe and the wider world from outside the EU.

Remaining feelings

June 28th, 2016

A substantial factor in my feelings of despair at Brexit is guilt. I could have done more, and, given the result, should have done more. I voted, but more was required.

Anger with those who lied and misled, with those who failed to do enough. That leads however to being angry with myself.

Those who have made this mess have a duty to fix it, but that does not just mean Boris Johnson and Michael Gove. It also means each one of us. While those who behaved badly during the campaign should be held to account, the only people we individually need to hold to account are ourselves. For me at least that is painful.

You might say that no individual insignificant person like me could make a difference. However, in a democracy I am an instance of a group of people. There are other people like me and so we are both individually and collectively responsible for our actions. If I decide individually to act in one way then it is likely that, independently, other people like me will decide to act in the same way.

Hence, even though I voted to remain, I still have to bear some personal culpability for the overall leave vote.

Brexit

June 28th, 2016

The United Kingdom of England and Wales will not be great in power but it could yet be great in love.

It will not be able to lead as it formerly could when it was a great power, but it could enthusiastically follow when other countries or supranational organisations like the EU lead in good directions.

It will not have the military power to wage war but perhaps it might help maintain peace.

 

It will be a long road back from fear and division, from racism and xenophobia, to tolerance, peace and love. Let us begin.

MyCloud part 0: Why? It is my data.

September 25th, 2013

I am leaving Google and similar companies cloud services and moving to my own infrastructure for my personal data. This process is going to take a while and I am going to document it here to make it easier for others. However the obvious question is why move from free cloud services which already exist and are easy to use to paying for my own infrastructure and configuring it myself? Well partly I do not want to be the product any more which is being sold, I want to be the customer not merely a user who is being sold to advertisers. Since there is no way to pay Google to stop selling me I have to go elsewhere. I could go to someone like MyKolab which claims to care about privacy and do things properly – and people who cannot roll their own probably should think about it – but I get better guarantees from rolling my own and it should be a good learning experience.

Also Snowden. My aim is to make it such that if anyone (including state actors) want my data, then the easiest way of gaining access to it is to come and ask me nicely, we can discuss it like civilised people over tea and cake and if you make a sensible argument then you can have it. If not come back with a warrant. I am not a criminal or a terrorist and I do not expect to be treated like one with all my communications being intercepted. My data includes other people’s personally identifying information (PII) and so can only be disclosed to people who they would expect it to be given to for the purpose for which it was provided. That does not include GCHQ etc. and so I am not following the spirit of the Data Protection Act (DPA) if I make it possible for other people to obtain it without asking.

Similarly some of my friends work for Christian, environmental, aid or democracy organisations, sometimes in countries where doing so is dangerous. Information which might compromise their security is carefully never committed to computer systems (such operational security has been common in Christian circles for 2000 years) but sometimes people make mistakes, particularly when communicating internally in ‘safe’ countries like the UK. However no countries have clean records on human rights etc. and data collected by the ‘five eyes’ is shared with others (e.g. unfiltered access is given to Israel) and there are countries who are our allies in the ‘war on terror’ but which also persecute (or have elements of their security forces who persecute) minorities or groups within their country. I might in some sense be willing to trust the NSA and GCHQ etc. (because they have no reason to be interested in me) but I cannot because that means trusting 800,000 people in the US alone, some of whom will be working for bad governments.

Similarly while our present government is mostly trying to be good if frequently foolish. It is very easy for that to change. So we need to ensure that the work required to go from where we are to a police state is huge so that we have enough time to realise and do something about it. Presently the distance to cover in terms of infrastructure is far too small, being almost negligible. It is our duty as citizens to grow that gap and to keep it wide.

So I am going to try and find solutions which follow best practises of current computer security, following the principle of least privilege and using compartmentalisation to limit the damage that the compromise of any one component can cause. I am going to document this so that you can point out the holes in it so that we can learn together how to do this properly.

Maybe some of this might even help towards my PhD…

Observations on the Netherlands

August 11th, 2013

I have spent a couple of weeks cycling around the Netherlands with family this summer and there follows things which I noticed and thought interesting. In the main I was very impressed with the Netherlands, they have great infrastructure and friendly people who are very willing to help lost or confused visitors.

Living closer to the edge

The Dutch know that they live dangerously, on the edge of what is possible with much of the land below sea level. I got the impression that this left them with a closer affinity with their land than we have with ours; they know they need to care for it or they will lose it. Partly this was seen in the way that climate change is so much on their radar.
They know what is coming and are taking steps to try and stop it and to deal with it when it comes. Unfortunately their prospects do not look good. This year as last year my summer holiday took me somewhere which might not be there for my children or grandchildren to see, the Netherlands will be a very different place in 2100 than it was this summer.
You also find that this attitude runs further back; it is not a recent change brought about by a new threat but a strengthening of resolve which has been required throughout the history of the Netherlands.

Churchill Laan in Amsterdam has two roads - one for each direction separated by a large green area, each road has a cycle path and there are six lines of trees along the road.

Six lines of trees on one road

It is seen in the trees. The Netherlands has an artificial landscape but it is full of trees, tiny cycle paths are lined with trees, roads small and large are lined with trees, some roads have as many as six lines of trees running down them separating the houses from the road from the footpath from the garden and back through the footpath and road to the houses again. This is wonderful. You only really notice how integral trees are to the street-scape when you see this done properly.
In Delft for example (a beautiful city), there were blocks of flats such as you might see in sink estates in the UK, yet they were on roads lined with trees and many balconies were filled with flowers by residents who clearly enjoyed living there. Similarly the university (TU Delft) is beautiful, yet clearly built in the 20th century, using styles that elsewhere have produced horrendous eyesores, yet here perhaps with better architects they are beautiful, surrounded by trees.

It was also found in the attitude of the people, towards cycling, renewable energy, recycling and so on. They are on-board with a project to build a better future in a way that they UK clearly is not for they know that if they do not achieve a better future then they will find they have none. We might find ourselves in a similar situation but doom for us seems less certain and so more easily ignored.

Cycling

Cycling in the Netherlands is wonderful. Our infrastructure is nothing in comparison with what they have. Everywhere there were dedicated cycle paths, even minor roads in the middle of nowhere would have cycle lanes marked down both sides and much of the time there would be a segregated cycle lane.
There were also many cycle paths where there are no roads. The Dutch canal system with its dykes gives them an advantage here in that they need access roads along the tops of dykes but cannot have vehicles like cars running along them or the dykes would be damaged. Bicycles however are fine, this makes cycling a much more versatile form of transport as there are many more routes by bike than by car.
Similarly in cities many streets are one way, being too narrow for two way traffic with cycle lanes, but almost every ‘no entry’ or ‘one way’ sign has the Dutch ‘except cycles’ sign underneath. These dedicated cycle lanes are better than ours in that they deal with junctions properly having clear lights for the cycles with two sets, one high up and one low down so that they can still be read by the cyclist who is right next to the post.
They also give cycles priority over traffic joining from minor roads or turning off roundabouts so that the normal difficulty of having to negotiate every junction carefully is alleviated because it becomes mostly the car driver’s problem and they already have to deal with it to avoid other cars.
This combines to develop an attitude in the Dutch people that their cycle is much more useful than their car (if they have one). Talking to one Dutch lady, she said that she could live without her car but not without her bicycle.
The only slightly irritating habit was the way that they like their streets lined with bricks rather than tarmac more than I do which results in a little vibration.

They also define a ‘cycle’ rather more loosely than we do, motorcycles are also ‘cycles’ small four wheeled vehicles which can carry two people seated next to each other and which look like a tiny car with a motorcycle engine are ‘cycles’. Wheelchair bikes either driven by the wheelchair user with their hands or by someone else on a more conventional looking bike frame attached to the back are cycles, as are huge range on innovations with varying numbers of wheels, luggage space and passengers. Some of these designs have already been imported to Cambridge, but the Netherlands still has greater variety.

Having invented the bicycle we picked the side for the chain based on cycling on the left hand side of the road – such that when standing on the pavement the chain is on the other side of the bike.
Unfortunately in the Netherlands they cycle on the wrong side of the road and so they all have chain guards.

In the Netherlands the people do not wear helmets except when on racing bikes and wearing lycra, this distinguished us somewhat from the locals as we were on town bikes and wearing normal clothes and yet had helmets.

A rather good BBC article on cycling in the Netherlands has been published recently.

Open Street Map

I used Open Street Map (OSM) (specifically the OSMAnd app which has paid and free versions) and it was great, with offline route finding and location searching, which were invaluable. Being able to answer questions like ‘where is the nearest post box’ or ‘where can I get food’ and ‘how do I get there’ without having any internet is incredibly useful. I am definitely going to switch to using OSM rather than Google Maps in future and to actively contributing things which are missing from the OSM data. This also has the benefit that Google will not know what I am planning quite all the time.

Tourist destinations

We followed “Cycling in The Netherlands – The very best routes in a cyclist’s paradise” by Eric van der Horst (ISBN: 978-1900623193) which was excellent.
Amsterdam is a beautiful city with lots of beautiful streets like the tree-lined Churchill Laan mentioned earlier and lots of canals. There are also many parks such as the Vondelpark where we cooked dinner two nights. The Rijksmuseum is full of great painting and well worth a visit, I did not find the Van Gough Museum as impressive but still worthwhile.
Utrecht had some interesting buildings and streets. The castle of De Haar (or at least its gardens) were beautiful and the Farm Hazenveld camp site was lovely. Gouda had a large market and lots of cheese with many nice buildings.

The view of the town hall from the top of the church tower in Delft

The view from the church tower in Delft

Delft as previously mentioned is particularly beautiful – my favourite city in the Netherlands – the view from the church tower is particularly good and the [De Grutto camp site](http://www.degrutto.eu/) particularly excellent (particularly for the ecologically minded being solar powered and situated in an orchard in a nature reserve).
‘t Kraaijenest in De Lier was a particularly excellent B&B though we stayed there through the ‘Friends of the bike’ organisation where members open their homes to cyclists. The organisation is to be recommended we enjoyed both the stays we had with these ‘friends of the bike’.
The Hauge is good, though not as good a place to cycle as Amsterdam (still better than Cambridge or London). The Peace Place visitor centre is well worth a visit (and free) and we enjoyed wandering around the town centre.
Haarlem is beautiful and the guided tour of the Ten Boom museum particularly excellent. There was also an arts quarter with some very interesting shops such as one full of Lego and 3D printers.
IJmuiden’s Havenmuseum was unexpectedly impressive with a huge variety of sea related displays and lots of knowledgeable volunteers explaining about the exhibits. Particularity highlights included a working radar station (clearly not being interfered with by the wind turbines) and an ancient computer doing telegraph Morse to text conversion.

Disturbing things

Cycling down a street/canal and suddenly the horror of brothels down the side. Cycling down the canal to Utrecht suddenly there were brothel boats down the side with insufficiently clothed women in the window. It was disgusting, more so the cars slowly crawling along the road purpose built beside it with turning loops at each end. There is only so fast it is possible to cycle when you need to overtake other cyclists and there are oncoming cyclists but that is how fast I went, it is not fast enough. This was a disturbing experience, it was about midday…
Similarly in Amsterdam despite carefully staying well clear of the Red Light District walking back from dinner it was in places necessary to keep eyes very carefully on the canal.
While the experience of having tea in cafés in the Netherlands was much better than in the UK – nearly always offered a choice of tea and given a biscuit with it and a little plate on top of the cup of boiling water to keep it hot and to provide a place for the tea bag to go – there were several times when we looked at ‘coffee shops’ suspiciously and walked on as it looked like they might be selling more than ‘coffee’. Accidentally walking into a drug dealer’s establishment is not normally something I need to be concerned with ensuring and I prefer it that way.

Conclusion

The Netherlands is a great country to visit and everyone we spoke to had enough English that we could get by. Taking your bike on a ferry and cycling around it is definitely a good way to go.

Filters that work

August 8th, 2013

Summary: The architecture for David Cameron’s filtering plans is wrong and has a negative consequences, however there are alternative architectures which might work.

There has been much news coverage about David Cameron’s plans for opt-out filters for all internet users in the UK. With opt-in systems barely anyone will opt-in and with opt-out systems barely anyone will opt-out and so this is a proposal for almost everyone to have a filter on their internet traffic. Enabling households to easily filter out bad content from their internet traffic is useful in that there are many people who do want to do this (such as myself[1]). However the proposed architecture has a number of significant flaws and (hopefully unintended) harmful side effects.

Here I will briefly recap what those flaws and side-effects are and propose an architecture which I claim lacks these flaws and side-effects while providing the desired benefits.

  1. All traffic goes through central servers which have to process it intensively. This makes bad things like analysing this traffic much easier. It also means that traffic cannot be so efficiently routed. It means that there can be no transparency about what is actually going on as no one outside the ISP can see.
  2. There is no transparency or accountability. The lists of things being blocked are not available and even if they were it is hard to verify that those are the ones actually being used. If an address gets added which should not be (say that of a political party or an organisation which someone does not like) then there is no way of knowing that it has been or of removing it from the list. Making such lists available even for illegal content (such as the IWF’s lists) does not make that content any more available but it does make it easier to detect and block it (for example TOR exit nodes could block it). In particular it means having found some bad content it is easier to work out if that content needs to be added to the list or if it is already on it.
  3. Central records must be kept on who is and who is not using such filters, really such information is none of anyone else’s business. They should not know or be able to tell, and they do not need to.

I am not going to discuss whether porn is bad for you though I have heard convincing arguments that it is. Nor will I expect any system to prevent people who really want to access such content from doing so. I also will not use a magic ‘detect if adult’ device to prevent teenagers from changing the settings to turn filters off.

Most home internet systems consist of a number of devices connected to some sort of ISP provided hub which then connects to the ISP’s systems and then to the internet. This hub is my focus as it is provided by the ISP and so can be provisioned with the software they desire and configured by them but is also under the control of the household and provides an opportunity for some transparency. The same architecture can be used with the device itself performing the filtering, for example when using mobile phones on 3G or inside web browsers when using TLS.

So how would such a system work? Well these hubs are basically just a very small Linux machine, like a Raspberry Pi and it is already handling the networking for the devices in the house, probably running a NAT[0] and doing DHCP, it should probably also be running a DNS server and using DNSSEC. It already has a little web server to display its management pages and so could trivially display web pages saying “this content blocked for you because of $reason, if this is wrong do $thing”. Then when it makes DNS requests for domains to the ISP’s servers then they can reply with additional information about whether this domain is known to have bad content and where to find additional information on that which the hub can then look up and use to as input to apply local policy.
Then the household can configure to hub that applies the policy they want and it can be shipped with a sensible default and no one knows what policy they chose unless they snoop their traffic (which should require a warrant).
Now there might want to be a couple of extra tweaks in here, for example there is some content which people really do not want to see but find very difficult not to seek out, for example I have friends who have struggled for a long time to recover from a pornography addiction. Hence providing the functionality whereby filter settings can be made read only such that a user can choose to make ‘impossible’ to turn off can be useful as in a stronger moment they can make a decision that prevents them being able to do something they do not want to in a weaker moment. Obviously any censorship system can be circumvented by a sufficiently determined person but self blocking things is an effective strategy to help people break addictions, whether to facebook in the run up to exams or to more addictive websites.

So would such a system actually work? I think that it is technically feasible and would achieve the purposes it is intended to and not have the same problems that the current proposed architecture has. However it might not work with currently deployed hardware as that might not have quite enough processing power (though not by much). However an open, well specified system would allow incremental roll out and independent implementation and verification. Additionally it does not provide the services for which David Cameron’s system is actually being built which is to make it easier to snoop on all internet users web traffic. This is just the Digital Economy bill all over again but with ‘think of the children’ rather than ‘think of the terrorists’ as its sales pitch. There is little point blocking access to illegal content as that can always be circumvented, much better to take the content down[2] and lock up the people who produced it, failing that, detect it as the traffic leaves the ISP’s network towards bad places and send round a police van to lock up the people accessing it. Then everything has to go through the proper legal process in plain sight.

[0]: in the case of Virgin Media’s ‘Super Hub’ doing so incredibly badly such that everything needs tunnelling out to a sane network.
[1]: Though currently I do not beyond using Google’s strict safe search because there is no easy mechanism for doing so, the only source of objectionable content that actually ends up on web pages I see is adverts, on which more later.
[2]: If this is difficult then make it easier, it is far too hard to take down criminal website such as phishing scams at the moment and improvements in international cooperation on this would be of great benefit.

Surveillance consequences

August 7th, 2013

Mass surveillance of the citizens of a country allows intelligence services to use ‘big data’ techniques to find suspicious things which they would not otherwise have found. They can analyse the graph structure of communications to look for suspicious patterns or suspicious keywords. However as a long term strategy it is fundamentally flawed. The problem is the effect of surveillance on those being watched. Being watched means not being trusted, being outside and other, separate from those who know best and under suspicion. It makes you foreign, alien and apart, it causes fear and apprehension, it reduces integration. It makes communities which feel that they are being picked on, distressed and splits them apart from those around them. This causes a feeling of oppression and unfairness, of injustice. This results in anger, which grows in the darkness and leads to death.

That is not the way to deal with ‘terrorism’. Come, let us build our lives together as one community, not set apart and divided. Let us come together and talk of how we can build a better world for us and for our children. Inside we are all the same, it does not matter where we came from, only where we are going to and how we get there.
Come, let us put on love rather than fear, let us welcome rather than reject, let us build a country where freedom reigns and peace flows like a river through happy tree lined streets where children play.

I may be an idealist but that does not make this impossible, only really hard, and massively worth it. The place to begin is as always in my own heart for I am not yet ready to live in the country I want us to be. There is a long way to go, and so my friends: let us begin.

Communicating with a Firefox extension from Selenium

May 20th, 2013

Edit: I think this now longer works with more recent versions of Firefox, or at least I have given up on this strategy and gone for extending Webdriver to do what I want instead.

For something I am currently working on I wanted to use Selenium to automatically access some parts of Firefox which are not accessible from a page. The chosen method was to use a Firefox extension and send events between the page and the extension to carry data. Getting this working was more tedious than I was expecting, perhaps mainly because I have tried to avoid javascript whenever possible in the past.

The following code extracts set up listeners with Selenium and the Firefox extension and send one event in each direction. Using this to do proper communication and to run automated tests is left as an exercise for the author but hopefully someone else will find this useful as a starting point. The full code base this forms part of will be open sourced and made public at some future point when it does something more useful.

App.java


package uk.ac.cam.cl.dtg.sync;

import java.io.File;
import java.io.IOException;

import org.openqa.selenium.JavascriptExecutor;
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.firefox.FirefoxProfile;

public class App {
private static final String SEND = "\"syncCommandToExtension\"";
private static final String RECV = "\"syncCommandToPage\"";

public static void main(String[] args) throws IOException {
// This is where maven is configured to put the compiled .xpi
File extensionFile = new File("target/extension.xpi");
// So that the relevant Firefox extension developer settings get turned on.
File developerFile = new File("developer_profile-0.1-fn+fx.xpi");
FirefoxProfile firefoxProfile = new FirefoxProfile();
firefoxProfile.addExtension(extensionFile);
firefoxProfile.addExtension(developerFile);
WebDriver driver = new FirefoxDriver(firefoxProfile);
driver.get("about:blank");
if (driver instanceof JavascriptExecutor) {
AsyncExecute executor = new AsyncExecute(((JavascriptExecutor) driver));
executor.execute("document.addEventListener( " + RECV + ", function(aEvent) { document.title = (" + RECV
+ " + aEvent) }, true);");
executor.execute(
"document.dispatchEvent(new CustomEvent(" + SEND + "));");

} else {
System.err.println("Driver does not support javascript execution");
}
}

/**
* Encapsulate the boilerplate code required to execute javascript with Selenium
*/
private static class AsyncExecute {
private final JavascriptExecutor executor;

public AsyncExecute(JavascriptExecutor executor) {
this.executor = executor;
}

public void execute(String javascript) {
executor.executeAsyncScript("var callback = arguments[arguments.length - 1];"+ javascript
+ "callback(null);", new Object[0]);
}
}
}

browserOverlay.js Originally cribbed from the XUL School hello world tutorial.


document.addEventListener(
"syncCommandToExtension", function(aEvent) { window.alert("document syncCommandToExtension" + aEvent);/* do stuff*/ }, true, true);

// do not try to add a callback until the browser window has
// been initialised. We add a callback to the tabbed browser
// when the browser's window gets loaded.
window.addEventListener("load", function () {
// Add a callback to be run every time a document loads.
// note that this includes frames/iframes within the document
gBrowser.addEventListener("load", pageLoadSetup, true);
}, false);

function syncLog(message){
Application.console.log("SYNC-TEST: " + message);
}

function sendToPage(doc) {
doc.dispatchEvent(new CustomEvent("syncCommandToPage"));
}

function pageLoadSetup(event) {
// this is the content document of the loaded page.
let doc = event.originalTarget;

if (doc instanceof HTMLDocument) {
// is this an inner frame?
if (doc.defaultView.frameElement) {
// Frame within a tab was loaded.
// Find the root document:
while (doc.defaultView.frameElement) {
doc = doc.defaultView.frameElement.ownerDocument;
}
}
// The event listener is added after the page has loaded and we don't want to trigger
// the event until the listener is registered.
setTimeout(function () {sendToPage(doc);},1000);
};
};

21st International Workshop on Security Protocols

March 20th, 2013

For the last couple of days I have been at the Security Protocols Workshop which was conveniently located a short cycle ride away. I thoroughly enjoyed it and will definitely be coming back next year (hopefully with a short paper to present). I want to mention some of my  favourite new (to me) ideas which were presented. I am only covering them briefly so if it looks interesting go and read the paper (when it comes out at some unspecified point in the future or find someone with a copy of the pre-proceedings).

Towards new security primitives based on hard AI problems – Bin B. Zhu, Jeff Yan

The core idea here is that if there are problems which computers can’t solve but humans can (e.g. 2D Captchas) then these can be used to allow humans to input their passwords etc. in such a way that a computer trying to input passwords in has no idea what password it is inputting (CaRP). This means that on each attempt the attacker gains nothing because they don’t know what password they tried as they just sent a random selection of click events which the server then interpreted as a password using information that the attacker does not have without human assistance. This helps against online brute force attacks, particularly distributed attacks which are hard to solve with blacklisting without also locking the legitimate user out. It also helps as part of the ‘authentication is machine learning‘ approach as accounts which are flagged as being used suspiciously can be required to login using a CaRP which requires human input and so mitigates automated attacks in a similar way to requiring the use of a mobile number and sending it a text (though it is less strong than that – it does require less infrastructure). Additionally I think that if a particular Captcha scheme is broken then the process of breaking each one will still be computationally intensive and so this should still rate limit the attacker.

Remote device attestation with bounded leakage of secrets – Jun Zhao, Virgil Gligor, Adrian Perrig, James Newsome

This is a neat idea where if the hardware of a device is controlled such that its output bandwidth is strictly limited then it is still possible to be certain that the software on it has not been compromised even if an attacker can install malware on it and has full control of the network. This works by having a large pool of secrets on the device which are updated in a dependent way each epoch and there is not enough bandwidth in an epoch to leak enough data to construct the pool of secrets outside the device. Then the verifier can send the device a new program to fill its working RAM and request a MAC over the memory and secrets storage and this cannot be computed off the device or on the device without filling the RAM with the requested content and so when the MAC is returned the verifier knows the full contents of the hardware’s volatile state and so if it was compromised it no longer is.

Spraying Diffie-Hellman for secure key exchange in MANETs – Ariel Stulman, Jonathan Lahav, and Avraham Shmueli

This idea is for use in providing confidentiality of communication on mobile ad-hoc networks. Since the network is always changing and comprised of many nodes it is hard for an attacker to compromise all the nodes on all paths between two nodes which wish to communicate confidentiality. The idea is to do Diffie-Hellman but split the message into multiple pieces with a hash and send each message via a different route to the recipient. If any one of those pieces gets through without being man-in-the-middled then the attack has failed. In a random dynamically changing network it is hard for an attacker to ensure that. Though not impossible and so a very careful analysis needs to be done to mitigate those risks in practice.

Layering authentication channels to provide covert communication – Mohammed H. Almeshekah, Mikhail Atallah, Eugene H. Spafford

The idea here is that some additional information can be put in the authentication information such as typing <password> <code word> rather than just <password> in the password field and hence transmitting <code word> to the bank which can have many meanings, e.g. have three different code words for 3 levels of access (read only, transactions, administrative) and one for coercion. I particularly liked the idea of being able to tell the bank ‘help someone is coercing me to do this, make everything look as normal but take steps to reverse things afterwards and please send the police’.

 

There were also lots of other interesting ideas some of which I had seen before in other contexts. I thought I made some useful contributions to discussions and so maybe this whole PhD in computer security thing might work out. There were some really friendly welcoming people there and I already knew a bunch of them as they were CL Security Group people.