BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:IC Colloquium : The Password That Never Was
DTSTART:20140203T161500
DTEND:20140203T173000
DTSTAMP:20260413T140736Z
UID:0e486287c56a9746b46696c18fe77b5c2cabf9bc67c21bfd49731633
CATEGORIES:Conferences - Seminars
DESCRIPTION:By Ari Juels\, UC Berkeley\nIC Faculty candidateAbstract\nBrea
 ches of databases with millions of passwords are becoming a commonplace th
 reat to consumer security. Compromised passwords are also a feature of sop
 histicated targeted attacks\, as the New York Times\, for instance\, repor
 ted of its own intrusions early this year. The most common defense is hash
 ing\, a cryptographic transformation of stored passwords that makes verifi
 cation of incoming passwords easy\, but extraction of stored ones hard. 
 “Hard\,” though\, often isn’t hard enough: Password cracking tools (
 such as “John the Ripper”) often easily defeat hashing.\nI’ll descri
 be a new defense called honeywords. Honeywords are decoys designed to be i
 ndistinguishable from legitimate passwords. When seeded in a password data
 base\, honeywords offer protection against an adversary that compromises t
 he database and cracks its hashed passwords. The adversary must still gues
 s which passwords are legitimate\, and is very likely to pick a honeyword 
 instead\, creating a detectible event signaling a breach. I’ll also disc
 uss a related idea\, called honey encryption\, which creates ciphertexts t
 hat decrypt under incorrect keys to seemingly valid messages.\nBroadly spe
 aking\, Honeywords and honey encryption represent some of the first steps 
 toward the principled use of decoys\, a time-honored and increasingly impo
 rtant defense in a world of frequent and sophisticated security breaches.\
 nHoneywords are honey encryption are joint work respectively with Ron Rive
 st (MIT) and Tom Ristenpart (U. Wisc).Biography\nDr. Ari Juels is a roving
  chief scientist specializing in computer security.\nHe was Chief Scientis
 t of RSA (The Security Division of EMC)\, Director of RSA Laboratories\, a
 nd a Distinguished Engineer at EMC\, where he worked until September 2013.
  He joined RSA in 1996 after receiving his Ph.D. in computer science from 
 U.C. Berkeley.\nHis recent areas of interest include “big data” securi
 ty analytics\, cybersecurity\, cloud security\, user authentication\, priv
 acy\, medical-device security\, biometric security\, and RFID / NFC securi
 ty. As an industry scientist\, Dr. Juels has helped incubate innovative ne
 w product features and products and advised on the science behind security
 -industry strategy. He is also a frequent public speaker\, and has publish
 ed highly cited scientific papers on many topics in computer security.\nIn
  2004\, MIT’s Technology Review Magazine named Dr. Juels one of the worl
 d’s top 100 technology innovators under the age of 35. Computerworld hon
 ored him in its “40 Under 40″ list of young industry leaders in 2007. 
 He has received other distinctions\, but sadly no recent ones acknowledgin
 g his youth.More information
LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR