tech.bib
@techreport{koh.bellovin.ea:easy*1,
author = {John Koh and Steven M. Bellovin and Jason Nieh},
date = {2018-11},
date-added = {2018-11-14 13:28:12 -0500},
date-modified = {2018-11-14 13:32:17 -0500},
institution = {Department of Computer Science, Columbia University},
month = {November},
number = {CUCS-004-18},
title = {Easy Email Encryption with Easy Key Management},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1639},
year = {2018},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1639}
}
@techreport{bellovin.blaze.ea:analysis,
abstract = {The debate over ``exceptional access''---the government's
ability to read encrypted data---has been going on for many
years and shows no signs of resolution any time soon. On
the one hand, some people came it can be accomplished
safely; others dispute that. In an attempt to make
progress, a National Academies study committee propounded a
framework to use when analyzing proposed solutions. We
apply that framework to the CLEAR protocol and show the
limitations of the design.},
author = {Steven M. Bellovin and Matt Blaze and Dan Boneh and Susan
Landau and Ronald L. Rivest},
date = {2018-05-10},
date-added = {2018-05-10 12:23:31 +0000},
date-modified = {2018-05-12 01:23:53 +0000},
institution = {Department of Computer Science, Columbia University},
month = {May 10,},
number = {CUCS-003-18},
title = {Analysis of the {CLEAR} Protocol per the {National
Academies'} Framework},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1637},
year = {2018},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1637}
}
@techreport{bellovin:further*1,
abstract = {New information has been discovered about Frank Miller's
1882 one-time pad. These documents explain Miller's threat
model and show that he had a reasonably deep understanding
of the problem; they also suggest that his scheme was used
more than had been supposed.},
author = {Steven M. Bellovin},
date = {2016-11-25},
date-added = {2016-11-26 00:10:17 +0000},
date-modified = {2016-11-26 00:10:44 +0000},
institution = {Department of Computer Science, Columbia University},
month = {November 25,},
number = {CUCS-011-16},
title = {Further Information on {Miller's} 1882 One-Time Pad},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1626},
year = {2016},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1626}
}
@techreport{androulaki.bellovin:anonymous*1,
author = {Elli Androulaki and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {February},
number = {CUCS-010-09},
title = {An Anonymous Credit Card System},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=590&format=pdf&},
year = {2009},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=590&format=pdf&}
}
@techreport{bellovin.cheswick:privacy-enhanced,
author = {Steven M. Bellovin and William R. Cheswick},
institution = {Department of Computer Science, Columbia University},
month = {September},
number = {CUCS-034-07},
title = {Privacy-Enhanced Searches Using Encrypted {Bloom}
Filters},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=483},
year = {2007},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=483}
}
@techreport{maennel.bush.ea:better,
author = {Olaf Maennel and Randy Bush and Luca Cittadini and Steven
M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {September},
number = {CUCS-041-08},
title = {A Better Approach than Carrier-Grade-{NAT}},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=560},
year = {2008},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=560}
}
@techreport{bellovin:economics,
abstract = {Cyberwar is very much in the news these days. It is
tempting to try to understand the economics of such an
activity, if only qualitatively. What effort is required?
What can such attacks accomplish? What does this say, if
anything, about the likelihood of cyberwar?},
author = {Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {April},
note = {Presented at the Institute for New Economic Thinking's
\emph{Human After All}},
number = {CUCS-010-14},
title = {The Economics of Cyberwar},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1571},
year = {2014},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1571}
}
@techreport{srivatsan.johnson.ea:simple-vpn,
abstract = {The IPsec protocol promised easy, ubiquitous encryption.
That has never happened. For the most part, IPsec usage is
confined to VPNs for road warriors, largely due to needless
configuration complexity and incompatible implementations.
We have designed a simple VPN configuration language that
hides the unwanted complexities. Virtually no options are
necessary or possible. The administrator specifies the
absolute minimum of information: the authorized hosts,
their operating systems, and a little about the network
topology; everything else, including certificate
generation, is automatic. Our implementation includes a
multitarget compiler, which generates
implementation-specific configuration files for three
different platforms; others are easy to add.},
author = {Shreyas Srivatsan and Maritza Johnson and Steven M.
Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {July},
number = {CUCS-020-10},
title = {Simple-{VPN}: Simple {IPsec} Configuration},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1433},
year = {2010},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1433}
}
@techreport{madejski.johnson.ea:failure,
abstract = {Increasingly, people are sharing sensitive personal
information via online social networks (OSN). While such
networks do permit users to control what they share with
whom, access control policies are notoriously difficult to
configure correctly; this raises the question of whether
OSN users' privacy settings match their sharing intentions.
We present the results of an empirical evaluation that
measures privacy attitudes and intentions and compares
these against the privacy settings on Facebook. Our results
indicate a serious mismatch: every one of the 65
participants in our study confirmed that at least one of
the identified violations was in fact a sharing violation.
In other words, OSN users' privacy settings are incorrect.
Furthermore, a majority of users cannot or will not fix
such errors. We conclude that the current approach to
privacy settings is fundamentally flawed and cannot be
fixed; a fundamentally different approach is needed. We
present recommendations to ameliorate the current problems,
as well as provide suggestions for future research.},
author = {Michelle Madejski and Maritza Johnson and Steven M.
Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {February},
number = {CUCS-010-11},
title = {The Failure of Online Social Network Privacy Settings},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1459},
year = {2011},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1459}
}
@techreport{androulaki.vo.ea:real-world,
abstract = {Cybersecurity mechanisms have become increasingly
important as online and offline worlds converge. Strong
authentication and accountability are key tools for dealing
with online attacks, and we would like to realize them
through a token-based, centralized identity management
system. In this report, we present aprivacy-preserving
group of protocols comprising a unique per user digital
identity card, with which its owner is able to authenticate
himself, prove possession of attributes, register himself
to multiple online organizations (anonymously or not) and
provide proof of membership. Unlike existing
credential-based identity management systems, this card is
revocable, i.e., its legal owner may invalidate it if
physically lost, and still recover its content and
registrations into a new credential. This card will protect
an honest individual's anonymity when applicable as well as
ensure his activity is known only to appropriate users.},
author = {Elli Androulaki and Binh Vo and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {April},
number = {CUCS-008-10},
title = {A Real-World Identity Management System with Master Secret
Revocation},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1421&format=pdf&},
year = {2010},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1421&format=pdf&}
}
@techreport{zhao.bellovin:policy,
author = {Hang Zhao and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {March},
note = {Also presented at the Annual Conference of the ITA, 2007},
number = {CUCS-017-07},
title = {Policy Algebras for Hybrid Firewalls},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=453},
year = {2007},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=453}
}
@techreport{bellovin:mysterious*1,
abstract = {It has long been known that George Fabyan's Riverbank
Laboratories provided the U.S. military with cryptanalytic
and training services during World War~I. The relationship
has always be seen as voluntary. Newly discovered evidence
raises the question of whether Fabyan was in fact paid, at
least in part, for his services, but available records do
not provide a definitive answer. },
author = {Steven M. Bellovin},
date = {2016-11-28},
date-modified = {2016-11-29 04:55:49 +0000},
institution = {Department of Computer Science, Columbia University},
month = {November 28,},
note = {Revised version},
number = {CUCS-012-16},
title = {Mysterious Checks from {Mauborgne} to {Fabyan}},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1627},
year = {2016},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1574}
}
@techreport{dent.bellovin:newspeak,
author = {Kyle Dent and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {February},
number = {CUCS-008-08},
title = {Newspeak: A Secure Approach for Designing Web
Applications},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=506},
year = {2008},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=506}
}
@techreport{androulaki.raykova.ea:opentor,
author = {Elli Androulaki and Mariana Raykova and Angelos Stavrou
and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {September},
number = {CUCS-031-07},
title = {OpenTor: Anonymity as a Commodity Service},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=480},
year = {2007},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=480}
}
@techreport{bellovin:frank-miller*1,
abstract = {The invention of the one-time pad is generally credited to
Gilbert S. Vernam and Joseph O. Mauborgne. We show that it
was invented about 35 years earlier by a Sacramento banker
named Frank Miller. We provide a tentative identification
of which Frank Miller it was, and speculate on whether or
not Mauborgne might have known of Miller's work, especially
via his colleague Parker Hitt.},
author = {Steven M. Bellovin},
date-modified = {2020-01-12 10:09:38 -0500},
institution = {Department of Computer Science, Columbia University},
month = {March},
note = {A revised version appeared in \emph{Cryptologia} 35(3),
July 2011},
number = {CUCS-009-11},
title = {{Frank Miller}: Inventor of the One-Time Pad},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1460&format=pdf&},
year = {2011},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1460}
}
@techreport{androulaki.bellovin:secure*1,
author = {Elli Androulaki and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {October},
note = {A revised version will appear at the 1st Workshop on
Real-Life Cryptographic Protocols and Standardization},
number = {CUCS-044-09},
title = {A Secure and Privacy-Preserving Targeted Ad-System},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=625},
year = {2009},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=625}
}
@techreport{raykova.zhao.ea:privacy*1,
abstract = {Traditional access control models often assume that the
entity enforcing access control policies is also the owner
of data and resources. This assumption no longer holds when
data is outsourced to a third-party storage provider, such
as the \emph{cloud}. Existing access control solutions
mainly focus on preserving confidentiality of stored data
from unauthorized access and the storage provider. However,
in this setting, access control policies as well as users'
access patterns also become privacy sensitive information
that should be protected from the cloud. We propose a
two-level access control scheme that combines
coarse-grained access control enforced at the cloud, which
allows to get acceptable communication overhead and at the
same time limits the information that the cloud learns from
his partial view of the access rules and the access
patterns, and fine-grained cryptographic access control
enforced at the user's side, which provides the desired
expressiveness of the access control policies. Our solution
handles both \emph{read} and \emph{write} access control.},
author = {Mariana Raykova and Hang Zhao and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
number = {CUCS-039-11},
title = {Privacy Enhanced Access Control for Outsourced Data
Sharing},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1489},
year = {2011},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1489}
}
@techreport{androulaki.choi.ea:reputation*1,
author = {Elli Androulaki and Seung Geol Choi and Steven M. Bellovin
and Tal Malkin},
institution = {Department of Computer Science, Columbia University},
month = {September},
number = {CUCS-029-07},
title = {Reputation Systems for Anonymous Networks},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=478},
year = {2007},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=478}
}
@techreport{zhao.bellovin:source,
author = {Hang Zhao and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {July},
number = {CUCS-033-09},
title = {Source Prefix Filtering in {ROFL}},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=613},
year = {2009},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=613}
}
@techreport{pappas.raykova.ea:trade-offs,
abstract = {Encrypted search---performing queries on protected data
--- is a well researched problem. However, existing
solutions have inherent inefficiency that raises questions
of practicality. Here, we step back from the goal of
achieving maximal privacy guarantees in an encrypted search
scenario to consider efficiency as a priority. We propose a
privacy framework for search that allows tuning and
optimization of the trade-offs between privacy and
efficiency. As an instantiation of the privacy framework we
introduce a tunable search system based on the SADS scheme
and provide detailed measurements demonstrating the
trade-offs of the constructed system. We also analyze other
existing encrypted search schemes with respect to this
framework. We further propose a protocol that addresses the
challenge of document content retrieval in a search setting
with relaxed privacy requirements.},
author = {Vasilis Pappas and Mariana Raykova and Binh Vo and Steven
M. Bellovin and Tal Malkin},
institution = {Department of Computer Science, Columbia University},
month = {September},
number = {CUCS-022-10},
title = {Trade-offs in Private Search},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1436&format=pdf&},
year = {2010},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1436&format=pdf&}
}
@techreport{androulaki.vo.ea:privacy-preserving*1,
abstract = {Current banking systems do not aim to protect user
privacy. Purchases made from a single bank account can be
linked to each other by many parties. This could be
addressed in a straight-forward way by generating
unlinkable credentials from a single master credential
using Camenisch and Lysyanskaya's algorithm; however, if
bank accounts are taxable, some report must be made to the
tax authority about each account. Using unlinkable
credentials, digital cash, and zero knowledge proofs of
kmowledge, we present a solution that prevents anyone, even
the tax authority, from knowing which accounts belong to
which users, or from being able to link any account to
another or to purchases or deposits.},
author = {Elli Androulaki and Binh Vo and Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {April},
number = {CUCS-005-10},
title = {Privacy-Preserving, Taxable Bank Accounts},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1418&format=pdf&},
year = {2010},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1418&format=pdf&}
}
@techreport{bellovin:vernam--mauborgne--and-friedman*1,
abstract = {The conventional narrative for the invention of the AT\&T
one-time pad was related by David Kahn. Based on the
evidence available in the AT\&T patent files and from
interviews and correspondence, he concluded that Gilbert
Vernam came up with the need for randomness, while Joseph
Mauborgne realized the need for a non-repeating key.
Examination of other documents suggests a different
narrative. It is most likely that Vernam came up with the
need for non-repetition; Mauborgne, though, apparently
contributed materially to the invention of the two-tape
variant. Furthermore, there is reason to suspect that he
suggested the need for randomness to Vernam. However,
neither Mauborgne, Herbert Yardley, nor anyone at AT\&T
really understood the security advantages of the true
one-time tape. Col.~Parker Hitt may have; William Friedman
definitely did. Finally, we show that Friedman's attacks on
the two-tape variant likely led to his invention of the
index of coincidence, arguably the single most important
publication in the history of cryptanalysis.},
author = {Steven M. Bellovin},
date-modified = {2020-11-19 00:17:46 -0500},
institution = {Department of Computer Science, Columbia University},
month = {May},
number = {CUCS-014-14},
title = {{Vernam, Mauborgne, and Friedman}: The One-Time Pad and
the Index of Coincidence},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=1576&format=pdf&},
year = {2014},
bdsk-url-1 = {http://mice.cs.columbia.edu/getTechreport.php?techreportID=1576}
}
@techreport{cheng.alexander.ea:zodiac,
author = {Yuu-Heng Cheng and Scott Alexander and Alex Poylisher and
Mariana Raykova Steven M. Bellovin},
institution = {Department of Computer Science, Columbia University},
month = {May},
number = {CUCS-023-09},
title = {The {Zodiac} Policy Subsystem: a Policy-Based Management
System for a High-Security {MANET}},
url = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=603},
year = {2009},
bdsk-url-1 = {https://mice.cs.columbia.edu/getTechreport.php?techreportID=603}
}