Sean W. Smith

Learn More
Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user's privacy at any time,(More)
Secure coprocessors enable secure distributed applications by providing safe havens where an application program can execute (and accumulate state), free of observation and interference by an adversary with direct physical access to the device. However, for these coprocessors to be effective, participants in such applications must be able to verify that(More)
Anonymizing networks such as Tor allow users to access Internet services privately using a series of routers to hide the client’s IP address from the server. Tor’s success, however, has been limited by users employing this anonymity for abusive purposes, such as defacing Wikipedia. Website administrators rely on IP-address blocking for disabling access to(More)
Computer security protocols usually terminate in a computer; however, the human-based services which they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. We examine this gap, as it is manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for malicious(More)
The <i>Border Gateway Protocol (BGP)</i> controls inter-domain routing in the Internet. BGP is vulnerable to many attacks, since routers rely on hearsay information from neighbors. <i>Secure BGP (S-BGP)</i> uses DSA to provide route authentication and mitigate many of these risks. However, many performance and deployment issues prevent S-BGP's real-world(More)
What does it take to implement a server that provides access to records in a large database, in a way that ensures that this access is completely private—even to the operator of this server? In this paper, we abstract this problem to a real world computer security application, and examine the question: using current commercially available technology, is it(More)
Several anonymous authentication schemes allow servers to revoke a misbehaving user's ability to make future accesses. Traditionally, these schemes have relied on powerful TTPs capable of deanonymizing (or linking) users' connections. Recent schemes such as <i>Blacklistable Anonymous Credentials (BLAC)</i> and <i>Enhanced Privacy ID (EPID)</i> support(More)
How can Alice trust computation occurring at Bob's computer? Since it exists and is becoming ubiquitous, the current-generation TCPA/TCG hardware might enable a solution. When we started investigating this technology, the specification of the TCG software stack was not publicly available, and an implementation is still not; so, we designed and built an(More)
Anonymizing networks such as Tor allow users to access Internet services privately by using a series of routers to hide the client's IP address from the server. The success of such networks, however, has been limited by users employing this anonymity for abusive purposes such as defacing popular Web sites. Web site administrators routinely rely on(More)