[Colloq] Hiring talk by Ari Juels , January 9th at 10:30 AM

Francoise Niang fniang at ccs.neu.edu
Tue Jan 7 14:51:29 EST 2014


The College of Computer and Information Science presents a hiring talk by:

             Ari Juels 

Time/Location: 10:30am, Thursday January 9th, 366 WVH

Title: The Password That Never Was

Hosted by: Engin Kirda

Abstract: Breaches of databases with millions of passwords are becoming
a commonplace threat to consumer security. Compromised passwords are
also a feature of sophisticated targeted attacks, as the New York Times,
for instance, reported of its own intrusions early this year. The most
common defense is hashing, a cryptographic transformation of stored
passwords that makes verification of incoming passwords easy, but
extraction of stored ones hard. “Hard,” though, often isn’t hard enough:
Password cracking tools (such as “John the Ripper”) often easily defeat
hashing.

I’ll describe a new defense called honeywords. Honeywords are decoys
designed to be indistinguishable from legitimate passwords. When seeded
in a password database, honeywords offer protection against an adversary
that compromises the database and cracks its hashed passwords. The
adversary must still guess which passwords are legitimate, and is very
likely to pick a honeyword instead, creating a detectible event
signaling a breach. I’ll also discuss a related idea, called honey
encryption, which creates ciphertexts that decrypt under incorrect keys
to seemingly valid messages.

Broadly speaking, Honeywords and honey encryption represent some of the
first steps toward the principled use of decoys, a time-honored and
increasingly important defense in a world of frequent and sophisticated
security breaches.

Honeywords are honey encryption are joint work respectively with Ron
Rivest (MIT) and Tom Ristenpart (U. Wisc).

Bio:  Dr. Ari Juels is a roving chief scientist specializing in computer
security.
He was Chief Scientist of RSA (The Security Division of EMC), Director
of RSA Laboratories, and a Distinguished Engineer at EMC, where he
worked until September 2013. He joined RSA in 1996 after receiving his
Ph.D. in computer science from U.C. Berkeley.

His recent areas of interest include “big data” security analytics,
cybersecurity, cloud security, user authentication, privacy,
medical-device security, biometric security, and RFID / NFC security. As
an industry scientist, Dr. Juels has helped incubate innovative new
product features and products and advised on the science behind
security-industry strategy. He is also a frequent public speaker, and
has published highly cited scientific papers on many topics in computer
security.

In 2004, MIT’s Technology Review Magazine named Dr. Juels one of the
world’s top 100 technology innovators under the age of 35. Computerworld
honored him in its “40 Under 40″ list of young industry leaders in 2007.
He has received other distinctions, but sadly no recent ones
acknowledging his youth.





More information about the Colloq mailing list