Presented at
DEF CON 16 (2008),
Unknown date/time
(Unknown duration).
Our talk will start with some of our latest and greatest hacks. In 2003 we were the first to analyze the security of Diebold's AccuVote-TS voting machine software. We'll discuss the inside scoop on how we got the code, broke it, and then went public. In 2008 we also published the first attacks against a real, common wireless implantable medical device - an implantable defibrillator and pacemaker - and we did so using off-the-shelf software radios. What else will we talk about? Well, there was our research in measuring just how frequently ISPs are injecting ads into people's web pages, our framing of network printers for copyright infringement (and receiving DMCA takedown notices to those printers), our invention of clock skew-based remote physical device fingerprinting, and much more.
Are we hackers? No, we're scientists at a leading public university. So what turns hacking into "science" when it's done by academics? We'll answer these and other questions in the second half of the talk, which is geared to give you an inside glimpse into the world of academic security research. Along the way we'll answer questions like: How do we choose which technologies to hack - or as we say - "analyze," "study," and "investigate?" What might we hack next? What can we do as academic researchers in public institutions that industry researchers can't? What ethical and legal issues do we need to consider? And why is what we do considered "science?"
Anyone who doesn't want their product to be the next technology hacked (sorry, "studied") by academics like us should definitely attend this talk. And, of course, come to this talk if you're considering grad school in computer security. We'll also debate how academics and industry security researchers could better work together. Here we'd particularly like your feedback. What can academics learn from you? What do you think we could do better? What would you like us to look at next?
(Standard academic disclaimer: Many of the works will discuss were previously published in conjunction with other researchers. We'll acknowledge all relevant parties in the talk.)
Presenters:
-
Karl Koscher / supersat
- PhD Student, University of Washington
as Karl Koscher
Karl Koscher is a computer science PhD student at the University of Washington. While interested in a wide variety of security topics, the bulk of his work has focused on the privacy and security issues surrounding RFID and other ubiquitous technologies. He is informally known around the department as "big brother."
-
Dan Halperin
- PhD Student, University of Washington
Dan Halperin is a PhD student in computer science and engineering at the University of Washington. His research includes wireless networking, with a current focus on next-generation technologies, and practical security and privacy in the wired and wireless, digital and physical domains. He received his BS in computer science and mathematics from Harvey Mudd College and his MS at Washington. He likes to make and break things in his spare time, and on the side helps teach lock picking to Washington undergraduates and is an avid participant in urban spelunking. In addition to memberships in dry academic communities, Daniel is a member of the EFF.
-
Tadayoshi Kohno
- Assistant Professor, University of Washington
Tadayoshi (Yoshi) Kohno is an Assistant Professor of Computer Science and Engineering at the University of Washington. He worked as a cryptography and computer security consultant with Bruce Schneier, back when Counterpane Systems had less than a handful of full-time cryptographers and before the days of Counterpane Internet Securities, Inc. Since then he's conducted published security analyses of technologies as varied as: electronic voting machines, implantable wireless defibrillators, file encryption systems, popular consumer devices, and ISP ad injectors. Kohno has a Ph.D. in Computer Science (cryptography) from the University of California at San Diego.
-
Alexei Czeskis
- PhD Student, University of Washington
Alexei Czeskis is a graduate student in the Computer Science and Engineering department of the University of Washington, where he hacks, or more benignly -- performs research, under Professor Yoshi Kohno. Formerly, he was a part of CERIAS -- Center for Education and Research in Information Assurance and Security at Purdue University. Alexei has also spent time in industry working with Amazon.com's transaction risk management group.
-
Jon Callas
- Chief Technology Officer, PGP Corporation
Jon Callas served as Chief Scientist at PGP Inc. and as CTO of the Network Security Division for Network Associates Technologies Inc. Mr. Callas served as Director of Software Engineering at Counterpane Internet Security Inc. and was a co-architect of Counterpane's Managed Security Monitoring system. Most recently, he was Senior Systems Architect at Wave Systems Corporation. His career includes work at Digital Equipment Corporation, World Benders, and Apple Computer. He is the principal author of the Internet Engineering Task Force's (IETF's) OpenPGP standard and a writer and frequent lecturer on system security and intellectual property issues. Mr. Callas has a B.S. in Mathematics from the University of Maryland.
-
Michael Piatek
- PhD Student, University of Washington
Michael Piatek is a PhD at the University of Washington. After spending his undergraduate years working on differential geometry, his research interests now include incentive design in distributed systems, network measurement, and large-scale systems building.
Links:
Similar Presentations: