Security and Privacy Research Lab

The U.S. National Institute of Standards and Technology (NIST) has selected the Skein cryptographic hash function as one of five finalists in its SHA-3 competition. The winner will become the new U.S. hash function standard. Sixty-four proposed hash function designs were submitted to NIST when the competition began two years ago. Skein was designed by a team of cryptographers and computer security experts, including UW’s Yoshi Kohno. (If you look closely, you’ll notice that the team photo was taken in the beautiful halls of the UW Paul G. Allen Center for Computer Science & Engineering.)

The annual UW Computer Science & Engineering Industrial Affiliates Meeting took place on October 27th and 28th. On the 27th, more than 100 representatives from Affiliates companies participated in a day of research presentations, and more than than 250 Seattle-area alumni joined for an evening of posters. There were also awards. UW security and privacy lab PhD students Karl Koscher, Alexei Czeskis, and Franzi Roesner won an award for their poster on car security, and PhD student Roxana Geambasu and graduate student Amit Levy won an award for their poster on Comet: An Active Distributed Key-Value Store.

The photo at the right, taken by UW CSE faculty member Bruce Hemingway, shows (from left) Karl, Alexei, and Franzi discussing their poster with an attendee.

An article at AolNews warns of five new classes of cyber attacks, research into two of which were pioneered by UW security and privacy lab researchers. In 2008 UW researchers, in collaboration with the University of Massachusetts Amherst and the Beth Israel Deaconess Medical Center, published an award-winning paper at the 2008 IEEE Symposium on Security and Privacy evaluating the computer security risks and challenges with implantable medical devices. Earlier this year, UW and UC San Diego researchers published a paper at the 2010 IEEE Symposium on Security and Privacy describing the results of an extensive experimental analysis of a modern car. This research is forward-looking. No known threats have manifested to date, and UW researchers are now focused on developing defenses for futures medical devices and automobiles.

The New York Times Magazine has an excellent article discussing the consequences of a Web that never forgets. What happens when the innocent emails and Facebook posts you send today suddenly resurface 10 or 20 years later? Is there any way for users to proactively control the lifetimes of data stored on third-party Web services, like GMail, Facebook, and Flicker? Last year UW security and privacy researchers Roxana Geambasu and Amit Levy, along with faculty members Yoshi Kohno and Hank Levy, published an award-winning paper at 2009 USENIX Security describing a new approach for empowering users with such control. Their new direction direction, called Vanish, is featured in this article.

The IEEE Symposium on Security and Privacy (“The Oakland Conference”) is one of the flagship conferences for the computer security and privacy research community. Today all UW CSE affiliates (students, faculty, alumni, affiliate faculty) at Oakland decided to wear their UW CSE T-shirts. There was an impressive number of us there!

In the photo: Roxana Geambasu (UW CSE Ph.D. student), Tammy Denning (UW CSE Ph.D. student), David Molnar (MSR, teaching in UW CSE), Alexei Czeskis (UW CSE Ph.D. student), Franzi Roesner (UW CSE Ph.D. student), Stefan Savage (UW CSE Ph.D. alumnus, now UCSD CSE faculty), Steve Checkoway (UW CSE B.S. alumnus, now UCSD CSE Ph.D. student), Damon McCoy (UW CSE Ph.D. intern, now UCSD CSE postdoc), Karl Koscher (UW CSE Ph.D. student), Tadayoshi Kohno (UW CSE faculty), Gabriel Maganis (UW CSE B.S. alumnus, now UCD Ph.D. student), Charlie Reis (UW CSE Ph.D. alumnus, now Google Seattle), Miro Enev (UW CSE Ph.D. student), Vitaly Shmatikov (UW CSE B.S. alumnus, now UT Austin faculty).

UW security and privacy researchers Karl Koscher, Alexei Czeskis, Franzi Roesner, Shwetak Patel, and Yoshi Kohno, along with collaborators from the University of California San Diego led by (UW alumnus!) Stefan Savage, describe the results of an extensive experimental security analysis of a modern car in their paper at the 2010 IEEE Symposium on Security and Privacy. More information at the Center for Automotive Embedded Systems Security Web site and in articles in The New York Times, New Scientist, Technology Review, PC World, TechFlash, and Popular Mechanics.

This week UW security researcher Tamara Denning presented her study of patients, pacemakers, and security defenses at CHI 2010. A CNN reporter was in the audience and decided to write an article about her work. Tammy used semi-structured interviews with cardiac device patients to provide a scientifically-informed understanding of how different security solutions for wireless implantable medical devices interact with patients’ values. This work was in collaboration with Seattle Pacific University and the Beth Israel Deaconess Medical Center. The CNN article also features UW’s 2008 experimental security analysis of an implantable cardiac defibrillator (in collaboration with UMass and BIDMC) and discusses the points made in a recent New England Journal of Medicine perspective article (also in collaboration with BIDMC).