Palestras


Palestra 1 - Tendências em Atividades Maliciosas na Internet Brasileira

  • Palestrante: Sr. Klaus Steding-Jessen (CERT.br)
  • Resumo: Nesta palestra serão discutidas diversas atividades maliciosas e ameaças atuais na Internet brasileira. A palestra reunirá as tendências observadas pelo CERT.br nos incidentes tratados, nos dados coletados em projetos de monitoramento de redes e no intercâmbio com grupos de outros países. Entre os tópicos abordados estão o abuso da infra-estrutura de Internet por spammers e fraudadores, as vulnerabilidades recentes na infra-estrutura de DNS e o crescente foco dos invasores em ataques de força bruta e fraudes. Também serão abordados o impacto dessas novas tendências no dia-a-dia da monitoração de redes e a necessidade de mudança de perspectiva nessa monitoração, em função do aumento da velocidade das redes e dos ataques cada vez mais automatizados.
  • Biografia: Klaus Steding-Jessen é formado em Engenharia de Computação pela UNICAMP e Doutor em Computação Aplicada, com ênfase em segurança, pelo Instituto Nacional de Pesquisas Espaciais (INPE). Como Analista de Segurança Senior e Gerente Técnico do CERT.br trabalha com tratamento de incidentes de segurança e com o desenvolvimento de ferramentas que permitam, através de honeypots, entender melhor os ataques atuais e correlacionar estes dados com aqueles dos incidentes de segurança reportados ao CERT.br. Tem trabalhado no apoio à implantação de novos CSIRTs no Brasil e tem sido palestrante em diversos eventos, no Brasil e no exterior, sobre os temas de seguranca da informação, prevenção de spam e phishing, honeypots, honeynets e perícia de crimes por computador. É certificado "CERT Certified Computer Security Incident Handler" e instrutor dos cursos do CERT/CC, da Carnegie Mellon University, oferecidos no Brasil.

Palestra 2 - Davis Social Links: P2P, Online Social Network, and Autonomous Community

Image
  • Palestrante: Prof. Felix Wu (University of California - Davis, EUA)
  • Resumo: In this talk, we will discuss the impact of Internet architecture design on network security. In the past few years, there have been many attempts to develop solution to protect our networked system against large-scale attacks such as worm, DDoS, and spam. However, it seems to us (and more and more clearly) that most, if not all, of the proposed solutions are not likely to be effective, given the growth of attacks in numbers and depth. Therefore, the network community has been trying to understand the fundamental issues and the root cause for these large-scale network attacks. One possible idea, currently being actively developed at UC Davis, is called DSL (Davis Social Links). Under DSL, we integrate the concepts of P2P, social networks, and trust management into the network layer, while we remove the requirement of global network identity (e.g., IP addresses or even email addresses, for the context of spam). While we are still in a very early stage regarding DSL, we will go through a few examples of DSL as well as technical considerations.
  • Biografia: Prof. Felix Wu received his BS from Tunghai University, Taiwan in 1985, MS., and Ph.D. from Columbia University in 1989 and 1995 respectively, all in Computer Science. He is currently a Professor of Computer Science at University of California at Davis, and doing “experimental” research, i.e., building prototype systems to justify and validate novel architectural concepts. He and his students have built many experimental systems in the areas of fault tolerant network, IPSec/VPN security policy, attack source tracing, wireless network security, intrusion detection and response, unknown vulnerability analysis, email spam, information visualization for security, anomaly analysis and explanation. At one point in his career, he realized that he was probably interested in too many things though. Therefore, his latest focus has been on the DSL (Davis Social Links) project, which is currently being sponsored by NSF, DoD, Intel, and ETRI. Prof. Wu has served as a program committee member, an area editor, and a panelist, for many conferences, journals, and funding agencies. He was the program committee co-chair and currently serving in the steering committee for RAID (Symposium on Recent Advances in Intrusion Detection). He was the program chair for DSOM 2004 and IPOM 2007 both under IFIP/IEEE. Prof. Wu has published more than 85 research papers.

Palestra 3 - Privacy Preserving Information Transfer

Image
  • Palestrante: Prof. Gene Tsudik (University of California - Irvine, EUA)
  • Resumo: This talk is motivated by the need to strike a balance between two conflicting issues: (1) the need of the law enforcement to obtain information pertaining to individuals who are subject of an authorized investigation without revealing the identity of the subject of the investigation to external parties, and (2) the society's need to create checks and balances so that individual's data is protected from abuse by unwarranted retrieval and exposure. Standard off-the-shelf security tools do not currently provide the means to protect security and/or privacy of both sides. We show how to solve this problem using Privacy-Preserving Information Transfer (PPIT) protocols, which allow the data owner to transfer to the requesting agencies those (and only those) items for which the latter has authorization, while ensuring privacy for both sides. In particular, the data owner does not learn whether or not the information transfer is successful and whether or not the subject of the authorized investigation matches any of the data items the data owner holds. Using modern cryptographic techniques we design protocols that securely satisfy basic PPIT security properties stated above, while being efficient enough for practical use. Proposed PPIT protocols work with standard certificates and signature types. Note: this is joint work with S. Jarecki and J. Kim (UCI).
  • Biografia: Gene Tsudik is a Professor in the Department of Computer Science at the University of California, Irvine. He has been conducting research in internetworking, network security and applied cryptography since 1987. He obtained his PhD in Computer Science from USC in 1991 for research on firewalls and Internet access control. Before coming to UC Irvine in 2000, he was a Project Leader at IBM Zurich Research Laboratory (1991-1996) and USC Information Science Institute (1996-2000). Over the years, his research interests included: routing, firewalls, authentication, mobile networks, secure e-commerce, anonymity, group communication, digital signatures, key management, mobile ad hoc networks, as well as database privacy and secure storage. Between 2003 and 2007, Professor Tsudik was the Associate Dean of Research and Graduate Studies in the School of Information and Computer Sciences at UCI. He spent April-September 2007 in Italy as a Fulbright Scholar lecturing and conducting research at the Universita' di Roma (La Sapienza). He is currently serving as the Director of Secure Computing and Networking Center (SCONCE) at UCI and the Vice-Chair for Graduate Studies in the Computer Science Department.

Palestra 4 - Twenty-Three Years of Elliptic Curve Cryptography

Image
  • Palestrante: Prof. Alfred Menezes (University of Waterloo, Canadá)
  • Resumo: Twenty-three years have passed since elliptic curve cryptography was invented by Neal Koblitz and Victor Miller. I will discuss the history of elliptic curve cryptography, and its long struggle for acceptance in the academic and commercial worlds. I will also cover latest developments including attacks, hyperelliptic curves, and bilinear pairings.
  • Biografia: Alfred Menezes is a professor in the Department of Combinatorics and Optimization at the University of Waterloo, in Ontario, Canada, where he also serves as managing director of the Centre for Applied Cryptographic Research. His research interests are in curve-based cryptography, key agreement protocols, provable security, and algorithmic number theory. He is co-author of the "Handbook of Applied Cryptography" and "Guide to Elliptic Curve Cryptography".