By Karlin Lillington
NAAS, Ireland -- In a lush country hotel 20 miles south of Dublin, the barroom conversation turns to steganography and database vulnerabilities, encryption algorithms and biometric scanners, SWAP files and cookie poisoning.
Not your average pub denizens, the speakers are some of the best-known names in cryptography and security, gathered for one of the industry's best-kept secrets: the annual COSAC conference, held every fall in Ireland.
For nine years, the low-profile, high-caliber event has drawn the cream of the crypto crowd, people like Sun engineer and public key cryptography inventor Whitfield Diffie and Michael Wiener, the man who broke the once widely used encryption algorithm known as Data Encryption Standard (DES).
Attendance is limited to just over 100, sessions are small and participants consider it a COSAC virtue that many speakers never make it through their formal presentations because of enthusiastic audience participation.
COSAC organizer David Lynas said the conference was born out of a desire to gather all the security pros he most wanted to see in one room together.
"You go to one of the big conferences and if you're lucky, maybe one person says something really interesting and makes the conference worthwhile," said Lynas, whose day job is director of global service development for British computer security firm QinetiQ. "I thought that I'd invite each of those 'one persons' that I'd seen."
Now some of the sharpest minds in the computer security business come to COSAC to pick each other's brains. "It's the only environment in which they actually learn," Lynas said.
Speakers also give hands-on demonstrations. In a conference highlight, Yokohama National University professor Tsutomu Matsumoto and some of his graduate students showed how easy it is to trick biometric fingerprint-scanning systems with fake fingers.
Matsumoto recently got international attention when he proved that gelatin "gummy fingers" could unlock biometric scanners.
With moisture content similar to that of live fingers, the gummy fingers fooled the scanners nearly every time. More devastatingly, Matsumoto also showed that a fingerprint could be lifted from a pane of glass and overlaid on a fake finger using an electron microscope, an inkjet printer and Photoshop software.
At the conference, Matsumoto's students demonstrated that adding carbon black, a conductive material made from industrial carbon-based powder, enabled silicone fingers to fool the scanners too.
The four-day event covered a smorgasbord of other relevant topics, including forensics, wireless security and the persistent head-in-the-sand mentality of business when it comes to security.
Computer forensics expert and director of Inforenz, Andy Clark, explained how "evidence eliminator" software that is used to wipe files from computers doesn't do its purported job.
Such programs don't pose a serious hurdle for forensic investigators, he said. "They get in the way, but they certainly do not remove all traces of activity. In fact, they can be more of a pain for the user."
Instead, Clark advised, add encryption to your PC "if you really want to make our life hard."
As the conference wound up over lunch last week, many delegates were already planning for next year. COSAC has a return rate of about 90 percent.