CS Friday Seminar Series - "Strengthening Online User Authentication"

Friday, 11 November 2016 - 11:00am - 12:00pm
Dr. Alexei Czeskis
SL 012

The Department of Computer & Information Science hosts Dr. Alexei Czeskis for our Friday Seminar Series.  Dr. Czeskis will present a talk on "Strengthening Online User Authentication."  The seminar will be held, Friday, November 11th at 11am in Room SL 012.

Abstract: Today, one of the most fundamental problems affecting the security of on-line user authentication is our reliance on bearer tokens -- such as cookies and passwords.  Stealing a bearer token need not be hard: users often fall prey to phishing attacks or use insecure wifi-access points.  If an attacker is able to steal a bearer token, he or she can then use it to access the user’s account data.  In this talk, I will present two internet standards that we have developed and deployed at Google in order to make stolen bearer tokens less powerful in the hands of potential attackers.  The first technology, TLS Token Binding, allows web servers to cryptographically bind cookies to particular hosts — preventing a stolen cookie from being useful to an attacker.  The second technology, Security Keys, is a second-factor device that protect users against phishing and man-in-the-middle attacks.  The devices are simple to implement and deploy, simple to use, privacy preserving, and secure against strong attackers.  Security Keys make it much more difficult for an attacker to use a stolen user password to access a user's account.  I'll end with some unsolved challenges and proposed directions for future research.

Alexei Czeskis designs and writes software for Google’s identity, authentication, and security team.  Since he joined Google in 2013, Alexei has been working on various technologies to make authentication easier and more secure for all of Google’s users.  Towards this goal, Alexei has been tightly involved with Google’s strong second factor efforts and the standardization and open protocol development through the FIDO Alliance and the W3C.  Prior to joining Google, Alexei worked at Amazon, Microsoft Research, and has competed in various cyber-security competitions.  Alexei received his undergraduate degrees in Mathematics and Computer Science from Purdue University and his Masters degree and PhD in Computer Science from the University of Washington.