CS Forum: Mohammad Mannan

2016-05-26 10:15:00 2016-05-26 11:15:00 Europe/Helsinki CS Forum: Mohammad Mannan Data security under coercion and physical attacks http://old.cs.aalto.fi/en/midcom-permalink-1e606e331ab567806e311e69863ef6fad2000680068 Otakaari 2, 02150, Espoo

Data security under coercion and physical attacks

26.05.2016 / 10:15 - 11:15

mannan.jpg

  
  
   Speaker: Mohammad Mannan
   Speaker affiliation: Concordia University, Montreal, Canada
   Host: Prof. N. Asokan
   Time: 10:15 (coffee at 10:00)
   Venue: T2 in CS building

 

Data security under coercion and physical attacks

Abstract

We have been exploring several solutions for data security, considering potentially dangerous but realistic situations. We look beyond data confidentiality -- including scenarios such as hiding the very existence of security sensitive data, and physical attacks when the attacker has full control over the target machine and can coerce the machine owner into revealing encryption passwords. We believe such a strong attacker model is in accordance with current state-level adversaries with high technical capabilities and legal/questionable/illegal powers (e.g., US FISA, clandestine NSA programs, physical/psychological tortures).  I will discuss three proposals: Mobiflage (deniable encryption for Android), Gracewipe (coercion-resistant deletion) and Hypnoguard (cold-boot protection for data in sleep). While our implementations are possibly a step forward, more importantly, we highlight pitfalls of such solutions against a strong adversary. Details of these systems are available here.

Bio

Mohammad Mannan is an Assistant Professor at the Concordia Institute for Information Systems Engineering, Concordia University, Montreal. He has a Ph.D. in Computer Science from Carleton University (2009) in the area of Internet authentication and usable security. He was a post-doctoral fellow at the University of Toronto from 2009 to 2011. His research is focused on analyzing and solving high-impact security and privacy problems for the benefit of society at large. He is involved in several security conferences (e.g., program committees: ACM CCS, ACSAC, USENIX Security, NSPW; program co-chair: ACM SPSM 2016), and journals (e.g., ACM TISSEC, IEEE TDSC, IEEE TIFS).  His industrial R&D experience prior to graduate school included three years in large-scale software design.