Keynote Talks

Douglas Stinson

Affiliation: University of Waterloo, Canada

» homepage

Title: A coding theory approach to unconditionally secure proof-of-retrievability schemes for cloud storage

Abstract: There has been considerable recent interest in cloud storage wherein a user asks a server to store a large file. One issue is whether the user can verify that the server is actually storing the file, and typically a challenge-response protocol is employed to convince the user that the file is indeed being stored correctly. The security of these schemes is phrased in terms of an extractor which will recover or retrieve the file, given any proving algorithm that has a sufficiently high success probability. We investigate proof-of-retrievability (POR) schemes in the model of unconditional security, where an adversary has unlimited computational power. In this case retrievability of the file can be modelled as error-correction in a certain code. We provide a general analytical framework for such schemes that yields exact (non-asymptotic) reductions that precisely quantify conditions for extraction to succeed as a function of the success probability of a proving algorithm, and we apply this analysis to several archetypal schemes. In addition, we provide a new methodology for the analysis of keyed (unbounded-use) POR schemes in an unconditionally secure setting, and use it to prove the security of a modified version of a scheme due to Shacham and Waters under a slightly restricted attack model, thus providing the first example of a keyed POR scheme with unconditional security. This talk is based on joint work with Maura Paterson and Jalaj Upadhyay.

Short biography: Douglas Stinson received the B.Math. degree from the University of Waterloo, in 1978, the M.Sc. degree from the Ohio State University in 1980, and the Ph.D. degree in combinatorics and optimization from the University of Waterloo in 1981. His research interests include cryptography and computer security, combinatorics and coding theory, and applications of discrete mathematics in computer science. He is the author of over 300 research publications as well as mathematics-based cryptography textbooks. He has held academic positions at the University of Manitoba, where he was an NSERC University Research Fellow, and the University of Nebraska-Lincoln. Currently he holds the position of Professor in the David R. Cheriton School of Computer Science at the University of Waterloo. He held the NSERC/Certicom Industrial Research Chair in Cryptography from 1998 to 2003. He held a Mathematics Faculty Fellowship from 2001-2004 and a University Research Chair from 2005-2011. He was elected as a Fellow of the Royal Society of Canada in 2011.

Ana Rosa Cavalli

Affiliation: Institut Mines-Telecom, TELECOM & Management SudParis, France

» homepage

Title: How to use testing techniques for security validation

Abstract: Testing techniques are used to check if a given system implementation satisfies its specification or some predefined properties. These testing techniques can be active, based on the execution of specific test sequences against the implementation under test, or passive, based on the observation of the exchange of messages (input and output events) of the implementation under test during run-time. In the last years, important research initiatives have taken place dealing with the application of testing techniques to check security properties; in particular, to check the correctness of security policy implementations and also to define intrusion detection techniques. In this talk, we will present some of these approaches and their application to real case studies as well as some ideas of how to specify security policies.

Short biography: Ana Rosa Cavalli received her Doctorat d'Etat (Mathematics Science and Informatics), from the University of Paris VII, in 1984. In 1981, she integrated the LITP (Laboratoire d'Informatique Theorique et Programmation), CNRS, Paris, where she worked on proof methods for temporal logics and their application to communication protocols. From 1985 to 1990, she was a researcher in the department Languages and Switch Systems, at CNET (Centre National d'Etudes des Telecommunications), where she worked on software engineering and formal methods. She is Full Professor at TELECOM & Management SudParis (ex Institut National des Telecommunications) since 1990. She is the director of the Software for Networks department. She is also responsible of the research team Verification and test of services and protocols and the AVERSE team, in the CNRS research laboratory SAMOVAR. Her research interests are on specification and verification, testing methodologies for conformance and interoperability testing, active testing and monitoring techniques, the validation of security properties and their application to services and protocols. She is the leader of the European Marie Curie network TAROT (Training and Research on Testing) and participates to several national and international projects.