A Gathering of Big Crypto Brains

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/technology/0,1282,55209,00.html

By Karlin Lillington 
2:00 a.m. Sep. 19, 2002 PDT 

NAAS, Ireland -- In a lush country hotel 20 miles south of Dublin, the
barroom conversation turns to steganography and database
vulnerabilities, encryption algorithms and biometric scanners, SWAP
files and cookie poisoning.

Not your average pub denizens, the speakers are some of the best-known
names in cryptography and security, gathered for one of the industry's
best-kept secrets: the annual COSAC conference, held every fall in
Ireland.

For nine years, the low-profile, high-caliber event has drawn the
cream of the crypto crowd, people like Sun engineer and public key
cryptography inventor Whitfield Diffie and Michael Wiener, the man who
broke the once widely used encryption algorithm known as Data
Encryption Standard (DES).

Attendance is limited to just over 100, sessions are small and
participants consider it a COSAC virtue that many speakers never make
it through their formal presentations because of enthusiastic audience
participation.

COSAC organizer David Lynas said the conference was born out of a
desire to gather all the security pros he most wanted to see in one
room together.

"You go to one of the big conferences and if you're lucky, maybe one
person says something really interesting and makes the conference
worthwhile," said Lynas, whose day job is director of global service
development for British computer security firm QinetiQ. "I thought
that I'd invite each of those 'one persons' that I'd seen."

Now some of the sharpest minds in the computer security business come
to COSAC to pick each other's brains. "It's the only environment in
which they actually learn," Lynas said.

Speakers also give hands-on demonstrations. In a conference highlight,
Yokohama National University professor Tsutomu Matsumoto and some of
his graduate students showed how easy it is to trick biometric
fingerprint-scanning systems with fake fingers.

Matsumoto recently got international attention when he proved that
gelatin "gummy fingers" could unlock biometric scanners.

With moisture content similar to that of live fingers, the gummy
fingers fooled the scanners nearly every time. More devastatingly,
Matsumoto also showed that a fingerprint could be lifted from a pane
of glass and overlaid on a fake finger using an electron microscope,
an inkjet printer and Photoshop software.

At the conference, Matsumoto's students demonstrated that adding
carbon black, a conductive material made from industrial carbon-based
powder, enabled silicone fingers to fool the scanners too.

The four-day event covered a smorgasbord of other relevant topics,
including forensics, wireless security and the persistent
head-in-the-sand mentality of business when it comes to security.

Computer forensics expert and director of Inforenz, Andy Clark,
explained how "evidence eliminator" software that is used to wipe
files from computers doesn't do its purported job.

Such programs don't pose a serious hurdle for forensic investigators,
he said. "They get in the way, but they certainly do not remove all
traces of activity. In fact, they can be more of a pain for the user."

Instead, Clark advised, add encryption to your PC "if you really want
to make our life hard."

As the conference wound up over lunch last week, many delegates were
already planning for next year. COSAC has a return rate of about 90
percent.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.