News
MACS to co-host Workshop on Cryptography for the RAM Model
Together with the DIMACS Special Focus on Cryptography, the MACS project is pleased to co-host a workshop on Cryptography for the RAM Model of Computation.
Workshop Overview
When: June 8-10, 2016
Where: MIT's Media Lab, room E14 LH-633
To register, or to see more details about the events such as program information and travel accommodations, please visit the workshop's website.
Workshop Announcement
The growing prevalence of cloud computing and other forms of outsourced computation has made protecting computations executed over untrusted platforms or by untrusted agents a central focus of cryptography. Examples include secure distributed computation, secure database and memory access, secure delegation of computation, secure software distribution, and leakage- and tamper-resilient computation. Indeed, the need to harden or protect computations has become acute in the face of the proliferation of digital data and the growing need to outsource such data, its handling, and its monetization. In a world of outsourced data, we need to avoid the risk and/or policy violations that outsourcing trust to these outsourced providers would create.
Cryptographic schemes that address these issues have traditionally been developed in the circuit model of computation, and this model provides a good testing ground for the feasibility of solutions. However, in order to improve practical applicability, considerable recent effort has been devoted developing schemes that incur acceptable overhead even when applied to realistic computations and programs that are (as most programs are) designed for machines with random access memory.
This workshop will bring together cryptographers as well as security and programming language researchers to address the challenges of RAM-model cryptography, and to bridge the abstraction gap between cryptography and real-world programs.
Topics of interest include the challenges of RAM-model cryptography, the abstraction gap between cryptography and real-world programs, schemes for oblivious memory access, oblivious algorithms, homomorphic encryption, program obfuscation, leakage resilient computation, functional encryption, as well as programming language techniques that automate RAM-model cryptography.
Cyber-security workshop at the MGHPCC
In conjunction with Computer Science Education Week, researchers from Boston University hosted a free, hands-on cyber-security workshop at the MGHPCC on Saturday, December 12th.
“Hacking with Holyoke Codes” introduced over 20 middle and high school students, along with their teachers and parents, to issues of cyber-security in today’s internet with instruction and activities geared towards helping participants reflect on how we balance access and privacy.
During the workshop participants learned about secret codes and cryptography, and password cracking, joining forces for a final “Capture the Flag” hacking contest!
Read more and see photos of the event at the MGHPCC website.
Indistinguishability obfuscation: a basis for all cryptography
“Indistinguishability obfuscation” is a powerful concept that would yield provably secure versions of every cryptographic system we’ve ever developed and all those we’ve been unable to develop. But nobody knows how to put it into practice.
Last week, at the IEEE Symposium on Foundations of Computer Science, MIT researchers showed that the problem of indistinguishability obfuscation is, in fact, a variation on a different cryptographic problem, called efficient functional encryption. And while computer scientists don’t know how to do efficient functional encryption, either, they believe that they’re close — much closer than they thought they were to indistinguishability obfuscation.
“This thing has really been studied for a longer time than obfuscation, and we’ve had a very nice progression of results achieving better and better functional-encryption schemes,” says Nir Bitansky, a postdoc in MIT’s Computer Science and Artificial Intelligence Laboratory who wrote the conference paper together with Vinod Vaikuntanathan, an associate professor of electrical engineering and computer science. “People thought this is a small gap. Obfuscation — that’s another dimension. It’s much more powerful. There’s a huge gap there. What we did was really narrow this gap. Now if you want to do obfuscation and get all of crypto, everything that you can imagine, from standard assumptions, all that you have to do is solve this very specific problem, making functional encryption just a little bit more efficient.”
Read more at MIT News
Core Partnerships Established for Massachusetts Open Cloud
The Rafik B. Hariri Institute for Computing and Computational Science & Engineering at Boston University (BU) today announced the core industry partnerships for the Massachusetts Open Cloud (MOC). The core partners that have joined the project are: Brocade, Cisco, Intel, Lenovo, Red Hat and Two Sigma. These companies span all the segments of the industry critical to the success of the MOC project including the hardware, software, and services sectors. Each has also made crucial in-kind commitments such as computer infrastructure, support for deploying and operating the MOC, and engineering support needed to develop and integrate the capabilities required for the OCX model.
“We are thrilled to be working with and have the support of these industry leaders,” says Orran Krieger, Professor of Electrical and Computer Engineering at BU and the MOC project lead. “Their involvement in this project is central to the mission and success of the MOC and we look forward to bringing Massachusetts to the forefront of cloud computing technology.”
Sharon Goldberg Finds Flaw in Computers’ Timekeeping
Working with students Aanchal Malhotra (GRS’19), Isaac Cohen (CAS’16), and Erik Brakke (CAS’16) last spring, Goldberg discovered a potential vulnerability in the Network Time Protocol (NTP), the software and rules that synchronize clocks on computers. The team developed attacks that could alter the time on computer systems, compromising other applications, such as the encryption schemes that protect internet communications to bank websites. Other apps, from bitcoin systems to website authentication and login protocols, also could be breached.
“If NTP breaks, many other computing applications break as well,” says Goldberg.
Read more at BU Today, Ars Technica, and ZDNet.
Azer Bestavros explains his work to Representative Katherine Clark in Washington
Recently, Bestavros and a Washington lobbyist for BU sat in the Capitol Hill office of Representative Katherine Clark, a Massachusetts Democrat on the House committee that oversees funding for the National Science Foundation. Bestavros wanted to thank her for pushing for recent funding, impress upon her the importance of continued support, and arm Clark with ammunition for future budget and policy fights.
“I don’t want to bore you with the details of what we do,” he said, before launching into a story of how he uses cloud computing, supported by the NSF grant, to analyze top secret data. And, he explained, he is able to calculate gender wage gaps at major corporations in Boston without the companies ever having to divulge proprietary salary information. The research could be applied to cybersecurity, medical sciences, anything using sensitive data that organizations want to keep private. “This sounds like magic,” he said, using a phrase he had practiced in training. “But it’s not.”
The congresswoman, who had signed onto a bill addressing income disparity between men and women, was impressed by the relevance he outlined. “It’s linking it back for the members of Congress,” Clark said. “Nobody would think, oh, the Paycheck Fairness Act, how is that tied into NSF funding?” Read more...
Shoring up Tor
With 2.5 million daily users, the Tor network is the world’s most popular system for protecting Internet users’ anonymity. For more than a decade, people living under repressive regimes have used Tor to conceal their Web-browsing habits from electronic surveillance, and websites hosting content that’s been deemed subversive have used it to hide the locations of their servers.
Researchers at MIT and the Qatar Computing Research Institute (QCRI) have now demonstrated a vulnerability in Tor’s design. At the Usenix Security Symposium this summer, they will show that an adversary could infer a hidden server’s location, or the source of the information reaching a given Tor user, by analyzing the traffic patterns of encrypted data passing through a single computer in the all-volunteer Tor network.
Fortunately, the same paper also proposes defenses, which representatives of the Tor project say they are evaluating for possible inclusion in future versions of the Tor software.
Nickolai Zeldovich: How to Compute With Data You Can’t See
Despite massive efforts to guard sensitive data, hackers often manage to steal it anyway. It’s a problem that’s becoming especially acute, now that huge amounts of information are being concentrated on the servers of various cloud service providers. Most times we don’t even know where these machines are located; how can we possibly feel that our data is safe with them?
Here’s one way: Encrypt the data before it’s stored. That way, even if attackers manage to break into the cloud provider’s system and steal data, they’ll just get meaningless gibberish. This might seem a simple solution, but it has a big shortcoming: When data is encrypted, it’s useless to the bad guys, for sure. But in many instances encryption makes it useless to the good guys as well.
Today’s cloud providers typically perform many different kinds of useful computations on the data you entrust them with—looking things up, compiling statistics, analyzing trends, and so forth. Some apply very sophisticated machine-learning techniques to your data. But no one can do any of that if the data is encrypted.
So it would seem foolhardy to pursue encryption for anything other than perhaps simple data storage. In the past few years, however, a technique has emerged that achieves the seemingly impossible: It enables a cloud provider to perform many kinds of computations on data that has been encrypted. Read More...
Azer Bestavros Confers with Federal Officials on Cybersecurity
On July 8, Azer Bestavros met with staffers from the Department of Defense (DOD) and Homeland Security (DHS) to discuss several cybersecurity initiatives, including the Modular Approach to Cloud Security (MACS), a $10 million, five-year, National Science Foundation–funded project to help develop information systems with several layers of security measures.
Bestavros also briefed officials on the Massachusetts Open Cloud (MOC), a computing cloud Hariri is developing that he says will be more secure than other clouds. (In cloud computing, users have on-demand access to shared, massive, off-site computer resources.) The information on BU’s projects was “very well received” by the officials, he says.
Bestavros stated: “At the DOD, the discussions focused on how our MACS project and the Massachusetts Open Cloud might provide operational cybersecurity capabilities for [supporting] the IT infrastructure for the DOD, and also on opportunities to better engage with the Army, Air Force, and Navy basic research offices. At the DHS, the discussion focused on the challenges associated with applications that require sharing of big data assets across agencies and corporations, including support for data security and privacy.”
Multi-party computation helps address Boston’s male-female pay gap
Led by Mayor Martin J. Walsh, Boston is preparing to analyze the wages of male and female employees at more than 60 local companies — a step officials say is the first attempt in the country by a major city to tackle the gender wage gap by examining and releasing actual salary information.
“We’re not trying to punish companies, we’re trying to have people understand where they’re at,” said Megan Costello, executive director of the Mayor’s Office of Women’s Advancement.
So how do you persuade a major corporation to unveil sensitive salary information that their competitors would love to get their hands on? By keeping it anonymous. Even when the aggregate salary information is made public, the companies attached to specific data will not be revealed.
But companies’ payrolls are proprietary, because their disclosure could be a boon to competitors, a black eye for the firms, and ammo for disgruntled employees who could sue over pay inequities. Even if firms could trust a third party that swore secrecy to look at their numbers and calculate industry averages, hackers might breach that party’s online security and steal these precious informational nuggets.
“So this project hit a hurdle,” Azer Bestavros said. “It wasn’t going to happen unless there was a way to do it, and there didn’t seem to be a way.”
Enter Bestavros, who proposed using multiparty computation to allow the city to calculate those industry pay averages, by gender, without any daylight shining on an individual company’s proprietary information. BU students and a Hariri colleague developed software to perform the algorithm.
“Society thinks that things cannot be done when they can,” Bestavros says. “It’s not magic. It’s a simple algorithm.…We can compute things that would seem impossible to compute, given the constraints.”
Read more at the Boston Globe and BU Today.