Learn More
Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11(More)
—In this work we consider the problem of monitoring information streams for anomalies in a scalable and efficient manner. We study the problem in the context of network streams where the problem has received significant attention. Monitoring the empirical Shannon entropy of a feature in a network packet stream has previously been shown to be useful in(More)
The "Hacker Curriculum" exists as a mostly undocumented set of principles and methods for learning about information security. Hacking, in our view, is defined by the ability to question the trust assumptions in the design and implementation of computer systems rather than any negative use of such skills. Chief among these principles and methods are two(More)
We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our(More)
— In elections, it is important that voters be able to verify that the tally reflects the sum of the votes that were actually cast, as they were intended to be cast. It is also important that voters not be subject to coercion from adversaries. Currently most proposed voting systems fall short: they either do not provide both properties, or require the voter(More)
I t's been nearly 30 years since Ken Thompson's " Reflections on Trusting Trust " lecture and its famous verdict that " You can't trust code that you did not totally create yourself. " 1 If there is one practical lesson that the Internet has taught us since then, it's that you can't even trust your own code if it receives arbitrary inputs from the Internet.(More)