Speaker Archive: 2020
This is an archive of weekly meeting talks from 2020. See the speaker archives for the talks from the current year, and links to archives from other years.| Date | Speaker | Links from talk | Summary |
|---|---|---|---|
| 2020-01-09 | Cecylia | Related links:
|
How do we measure network level censorship? 1) Usage Metrics (Tor metrics, jumps in usage)
|
| 2020-01-09 | Ashokan | Related Links/Papers: |
In the FBI vs Apple case, based on the technical and implementation details of the iPhone, were Apple's reasons for refusing to unlock the phone justified? |
| 2020-01-16 | Douglas | Related Links:
|
CurveBall a.k.a. Whose Curve is it Anyway? a.k.a. CVE 2020-0601 Full notes (Markdown) |
| 2020-01-16 | Francesco | Related Papers:
|
An overview of thesis work done to date on Sensor-based Gait biometrics |
| 2020-01-23 | Simon | Related Papers: |
Differential Privacy (a rant) - it doesn't work for all problems, yet it is applied to (or attempted for) many questionably: Geo-Indistinguishability
|
| 2020-01-23 | David | Related Papers: |
Overview of eSIDH: the revenge of the SIDH Including: - Reinventing Rectilinear Steiner Arborescence (the other RSA), using SIDH - Making SIDH faster using parallelization with more primes |
| 2020-01-30 | Akshaya | Related Papers: |
Voice controlled Devices attacks & Defences Goals:
Challenges:
Attack Utility:
Attack: Defense:
|
| 2020-01-30 | Mika | Related Papers:
|
Common attacks on machine learning models and defences including but not limited to: Attacks:
Defenses:
|
| 2020-02-06 | Matthew | Related Papers: |
Review 50 Ways to Leak Your Data, a Paper by former CrySP student Joel Reardon
|
| 2020-02-06 | Urs | Related Papers: |
Review of Benchmarking Flaws in System Security
Contributions:
Requirements:
A. Selective Benchmarking
B. Improper Handling of Benchmark Results
C. Using the Wrong Benchmarks
D. Improper Comparison of Benchmarks
E. Benchmarking Omissions
|
| 2020-02-13 | Sergey | ||
| 2020-02-13 | IanM | ||
| 2020-02-20 | Justin | Related Papers etc. |
Signal Private Group System - not a private messaging system, instead: How do you organize the metadata such that the servers never have access to it? Currently: - Signal doesn't have a conception of "groups" per se, instead message is 'coincidentally' sent to individual users (that are part of the group) at the same time. - Race conditions and noticeable strange behaviour Problems with possible Solutions? - Plaintext single source of truth allows server to have access to sensitive data. Not an option - Metadata, timing information, etc is difficult to hide |
| 2020-02-20 | Stan | Related Papers: |
How do experts vs non-experts protect themselves online? With the goal of understanding how best to improve security practices among users. From a 2013 study. . . Top 3 Practices for Experts: - Update their systems Top 3 Practices for Non-Experts: - Use Anti-virus software From a 2019 study. . . Top 3(+) Practices for Experts: - Update their systems Top 3 Practices for Non-Experts: - Use Anti-virus software Recommendations: Password security, 2FA, links/attachments in emails, application updates |
| 2020-03-05 | Lindsey | Related Papers: |
Highlights from the relevant paper which was published in the Journal of Marketing Science and outlines how firms can use conversational agents to "nudge" individuals to disclose their private data through conversation when they would otherwise prefer to keep their private data concealed. From this paper: "We are now entering an era of hyper-privacy, where over the next 10-15 years, aspects of the dark web will be increasingly adopted to the overall web and this will have dire consequences for the modern marketing machinery that relies on rich, abundant and timely consumer data, resulting in a hyper-private, more adversarial environment" (for firms) It is pinned to the wall of shame ("Know your enemies") in the CrySP lab |
| 2020-03-05 | Nils | Related Papers: |
An overview of the project the speaker is working on: Exploiting Latent Similarity for Membership Inference on Generative Neural Networks
|
| 2020-03-12 | Florian | Related Papers: |
The presentation reviewed a recent paper for NDSS that, though it seems to have serious flaws, has an interesting premise that builds upon work by IanG and Ryan Henry. |
| 2020-03-12 | Chelsea | Related Papers: |
Presentation on FROST: Flesible Round Optimized Schnorr Threshold Signatures, upcoming work by the speaker and IanG. - KeyGen - Pederson DKG Important Concepts from the Presentation |
| 2020-03-19 | Ted | Related Papers: |
Theme: Gaps that appear between proofs in papers and how they're actually implemented Oracle cloning: instantiating many different oracles from a single oracle (more like propagation) There are bad ways to do this. ex. H1=H2=H3=SHA = BAD. This can result in a total breakage of the scheme. Common ways to do Oracle cloning badly: Big Quake (Code-based) DAGS (Code-based) Round 2 (Lattice Based) |
| 2020-03-19 | Matt | Related Papers: |
The paper presents Self-Authenticating Traditional Domain Names. Version 3 onion services embed an entire ed25519 public key directly in the name. This allows a client to validate information about the server (such as how one may connect to it) because the information can be cryptographically signed by the corresponding private key. |
| 2020-03-26 | IanG | Related Papers: |
An overview of Borrowmean Ring Signatures based on the linked relevant paper From the paper: "the concept of Borromean ring signatures can be described as a straightforward generalisation. Where ordinary ring signatures take a set of verification keys {v_i }^n, i =1 and describe a signature signed with s_1 OR s_2 OR � � � OR s_n , where s_i is the secret key corresponding to v_i , Borromean ring signatures can describe signatures signed with arbitrary functions of the signing keys." |
| 2020-04-02 | Miti | ||
| 2020-04-02 | Sajin | Related Papers: | Overview of the Differential Privacy Has Disparate Impact on Model Accuracy paper. From the paper: "Differential Privacy (DP) amplifies a model's "bias" towards the most popular elements of the distribution being learned. That is to say, if the original model is "unfair" in the sense that its accuracy is not the same across all subgroups, differential privacy exacerbates this unfairness." |
| 2020-04-09 | Andre | MaFIA: Mapping the Filesystems in Android Presentation of a class project for CS858 W20 on Mobile platform security. MaFIA circumvents the challenges faced by current code analysis techniques (static and dynamic) establishing a framework that enables tracking all requests made to the framework layer down to the resource level and in abscence of tainted data. MaFIA works by: 1. Make the IDs available to the kernel 2. Propagates the IDs through the framework messages 3. Propagates the IDs through IPC (Binder calls) |
|
| 2020-04-09 | Ezz | Related Papers: |
Overview of ATMoS: Autonomous Threat Mitigation in SDN Using Reinforcement Learning which was accepted as a technical session at NOMS 2020 : ATMoS is a general framework designed to facilitate the rapid design of Reinforcement Learning applications for network security management using SDN. |
| 2020-04-16 | Nik | Safehouse : a secure group chat protocol to support groups of people who want to be able to communicate with: - e2e encryption - insider security - non-interactivity - anonymity preservation -dynamic membership In Safehouse the server verifies the state whereas in MLS, the server is blind. Features: - Coordinated state locking - Simultaneous messaging - Reliable/unreliable messaging - Join queuing Difficult stuff: - Verifiable key encapsulation (BRAKE) (Exhaused keys, Proof batching/zk-SNARKs) - Deniabilitiy - Identity proofs with anonymity preservation + deniability - Mass joins - Post-compromise security and forward secrecy - Encryption to invitation keys - Research: comparing key graph performance - Software engineering: transcript consistency, storage strategies, group video chats, high-performance crypto, etc. |
|
| 2020-04-23 | Jiayi | Related Papers: | Device Sharing Awareness: How can we enable device sharing awareness of smartphones and user applications Security Solutions for Sharing Presentation of a DSA framework that consists of a foreground service and a client library. The foreground service is responsible for detecting sharing events and providing a global sharing mode. The client enables user applications to have an implicit authentication module and communicate with the service. In the talk, we showcased a DSA-IA enabled gallery app to explain how our framework works. |
| 2020-05-12 | Navid | Related Papers:
|
Overview of Convergent Dispersal: Toward Storage-Efficient Security in a Cloud-of-Clouds
|
| 2020-05-12 | Bailey | Interactive lecturing for CS How do we do active learning in CS? ex) Jupyter Notebooks, lightweight teams, think-pair-share, clickers/polling Many students have experienced classes where active learning was used, but this is far from the norm. Why not? Institutional Support Convincing Faculty
Example: Jupyter NotebooksAdvantages vs. Disadvantages
|
|
| 2020-05-19 | Thomas | Related Papers: |
An overview of: Boosting the Accurarcy of Differentially Private Histograms Through Consistency |
| 2020-05-26 | Jalaj | Related Papers |
Differential Privacy under sliding window Situations exist where analyzing data between two periods of time from a stream of data are preferable. This work shows that you can efficiently (time as well as space wise) perform matrix analysis in the privacy with expiration model. |
| 2020-05-26 | Yousra | Related Papers: To be added later | Smart TVs Vulnerability Discovery via Log-Guided Fuzzing - Smart TVs are probably spying on you right now! |
| 2020-06-02 | Simeon | Related Papers: |
Side-channel Attack Analysis: A Sample of Approaches A review of the side-channel attacks presented in the relevant papers linked. Key Takeaways Formal model and automated analysis Advantages: -Broadly applicable, few assumptions - Simple model, easy to implement algorithm Future Directions - Better approach than exhaustive search? - Experiments on less trivial types of leakage Guarding against timing attacks through discretization Advantages - very simple approach Future Directions - applicability to decryption depends on how it compares to simply using a smaller key size (security/performance-wise) |
| 2020-06-02 | Rasoul | Related papers: |
Homomorphic Encryption (A short history) |
| 2020-06-09 | Cecylia | Related papers: |
Evading Firewalls By Exploiting State How do Censors work? Evasion is possible if the endpoints are more sensitive than the middlebox |
| 2020-06-16 | Marios | Related links:
|
An introduction to Biton (from the website) a peer-to-peer network built around swarms � groups of peers that store encrypted files and relay requests through one another. biton swarms interconnect in a global network that provides plausible deniability, meaning that adversaries cannot be sure about who originally made a request. In this way, biton can be used for evading information controls and for building community networks around local data and services. Including a live demo with: https://biton.herokuapp.com/entangled#
|
| 2020-06-16 | John | Related papers: |
Cheaper Private Set Intersection via Differentially Private Leakage paper overview Rindal and Rosulek protocol works by first having the parties hash their items into bins. (Fastest malicious-secure PSI protocol prior to this paper) |
| 2020-06-23 | Ahmed | Related Papers: |
Touch Screens - residual greasy smudges, fingerprints, termal information from touching the screen |
| 2020-06-23 | Hans | Related Papers:
|
Memory Safety and Stuff The seemingly best way of ensuring memory safety is formal verification [1] and latter extensions such as separation logic [3]. The seL4 microkernel being a notable example of a formally verified low-level systems software [2]. However, due to complexity and deployment constraints, it is impractical, if not impossible, for many projects Instead, memory safety is often augmented using various �hardening� techniques that often amount to ad-hoc changes on program structure based on observed attacks. Such approaches are often incomplete and only address specific security properties (e.g., W⊕X policies that prevent code-injection but do not prevent data-only attacks). Because such incomplete defenses do not prove the absence of errors, it is not clear what a specific set of defenses means in terms of exploitability of a program. For instance, W⊕X policies are clearly powerful and prevent a whole class of errors, but they still allow Turing complete exploitation. This brings up three questions: 1) How can we evaluate and compare different hardening schemes? 2) How can we evaluate the exploitability of a (partially) hardened program, and 3) Can we use the defense schemes themselves to aid analysis or even verification efforts? |
| 2020-06-30 | David | ANTS XIV invited talk (practice talk) Isogeny based cryptography: past, present and future |
|
| 2020-07-07 | Douglas | Related Links : Post-quantum TLS without handshake signatures  |
Post-Quantum TLS without Handshake Signatures Implicitly authenticated KEX is not new, both in theory (DH-based: SKEME, MQC and KEM-based: BCGP09, FXXY12) and in practice (RSA key transport in TLS<=1.2, Signal, Noise, Wireguard, OPTLS) |
| 2020-07-21 | Asokan | Related Papers: |
A global-scale authentication/authorization infra (a scary story) Composing two authentication protocols (aka "compound authentication) is a common approach to bootstrap new functionality from already deployed protocol infrastructure, often in the hope of combining security properties from individual protocols. But such composition should (cryptographically) bind the protocol channels together. Absence of proper channel binding can lead to man-in-the-middle attacks. Channel-binding vulnerabilities were discovered ca. 2003 in a bunch of protocols being standardized at that time. They were fixed. Academics think that this is basic stuff. But channel-binding problems recur regularly in several widely used systems. |
| 2020-07-21 | Simon | Related Papers:
|
Hiding the access Pattern is Not Enough: Exploiting Search Current privacy-preserving SSEs do not hide search patterns Search pattern leakage allows an adversary to get frequency info Hiding search patterns or frequency info is hard: |
| 2020-07-28 | Akshaya | Abuse Detection of Tor Exit Nodes Tor Exists are often blacklisted for all the malicious content routed through Tor Zero Knowledge Based Exit Abuse Detection (ZXAD) - provides cryptographic tokens which client uses to make connections to destination server - Aims to provide fine-grained rate-limiting solution - Attack on malicious middle - Load placed on DirAuths and exits |
|
| 2020-07-28 | Mika | Related Papers: |
Supervised Machine Learning Common assumptions: - supervised signal (backpropogation) - IID test data Inductive bias: -what decision rules are learnable? - what decision rules are reachable? Shortcut learning in DNNs - unintended decision rules that perform well on benchmarks but fail in more challenging tests Shortcut Learning Elsewhere Common phenomena in general learning systems, for example: - Mice in mazes: - weak color vision - orientation by paint odor Connection to Security of Machine Learning Applications Out-of-distribution data in Sec of ML: - Adversarial training - Model (dataset) watermarking - Backdoor attacks - Model extraction attacks Inductive bias might work against security goals: - Accuracy on test data drops with adeversarial training/watermarking - Inductive learning with dataset that is distributionally different than test data |
| 2020-08-04 | Andre | ||
| 2020-08-04 | Urs | ||
| 2020-08-14 | Matt | Related Papers: |
Project H.O.N.K Harmonized cONtext detection frameworK Implicit Authentication Technique to authenticate a device user without explicit authentication - avoids PIN, Password, etc - increases usability Continuous Authentication - Type of implicit authentication -Continuously evaluates if the current user is the owner of the device - Uses biometric and behavioral data to authenticate Context Detection - Attempts to determine the user's context - Uses biometric, behavioural and environment data Background: See Related papers Motivations - Existing systems are limited to a single application - Exisiting systems are frequently pessimistic in determining safety - Context Detection in security is generally limited to geolocational information Overview - Project H.O.N.K aims to provide a general context detection framework (not limited to geolocational contexts) - Takes an "optimisitic" approach to context detection (assumes location is safe until proven otherwise?) - Doesn't aim to provide authentication or other features itself Privacy - Based on the number of people in the current context - Interested solely in the privacy of the context Unfamiliarity - A measure of the number of unfamiliar people in a given context - Increases as more unfamiliar people are detected Proximity - How close is the device to the owner - Decreases as the device gets further away Alpha - A method of modifying how the values grow or decay - Increases the more times a context is visited What do we do with these values? - exposes unfamiliarity, proximity, privacy to plugins Implementation: Android App Strucure |
| 2020-08-14 | Ezz | Variational Auto Encoders (for Anomaly Detection) Implicit and Continuous Authentication with unsupervised ML to detect anomalies AutoEncoder |
|
| 2020-09-15 | Lindsey | Related Papers:
|
A Brief and Incomplete History of Breakthroughs and Challenges in Decoy Routing Touched on the creation and iterations of Decoy routing from Telex, Cirripede and Curveball to more recent developments like Waterfall and A Fox in SOCKS in a Box which is our current project (Anna, Cecylia, Lindsey, Renee and Ian) |
| 2020-09-15 | Ian | ||
| 2020-09-22 | Justin | Related Papers etc.
|
Signal and Secure Value Recovery (recent internet drama)
|
| 2020-09-29 | Florian | Related Papers: |
Overview of the Pancake Paper and questions about how it works, drawing in ideas from both Tangler and Hiding Individuals and communities in a social network
|
| 2020-09-29 | Nils | Related Papers etc:
|
Scalable Privacy Attacks Against Generative Adversarial Networks (GANs) - GANs can generated sophisticated images that look nearly real Privacy Threats in GANs Reconstruction Failures in GAN Training Mode Collapse Mode Dropping |
| 2020-10-13 | Matt | Related Papers: |
Self-Authenticating Traditional (SAT) Addresses
|
| 2020-10-13 | Stan | Related Papers: | Reputation Systems (How things are rated online) What do Privacy Preserving Reputation Systems look like? Different properties for voter and votee What does "privacy" mean in reputation? - Vote Confidentiality - Voter-Vote Unlinkability - Voter Participation Confidentiality - Two Vote unlinkability - Reputation-Usage Unlinkability - Exact Reputation Blinding Big Picture Approaches to Providing Privacy in Reputation - Coin-based - Signature-based - Reputation Transfer - SMC-based - Ticket-based PRSONA "Privacy in Reputation Support for Ongoing Networked Activities" Big Picture Contributions - Users still get to use their reputations unlinkably - Individuals get one (changeable) vote per votee - We support uesrs to demonstrate that their reputation is above some threshold rather than an exact value - We add no more reliance on third parties than AnonRep uses to gain these extra features Currently building this with the intention of benchmarking it to see how wide we will need to make epochs, result to come soon |
| 2020-10-20 | Sergey | Related Papers: |
Pixel-Signatures Pixel, a pairing-based forward-secure multi-signature scheme optimized for use in blockchains, achieves substantial savings in bandwidth, storage requirements, and verification effort. Pixel signatures consist of two group elements, regardless of the number of signers, can be verified using three pairings and one exponentiation, and support non-interactive aggregation of individual signatures into a multi-signature. Pixel signatures are also forward-secure and let signers evolve their keys over time, such that new keys cannot be used to sign on old blocks, protecting against posterior corruptions attacks on blockchains. |
| 2020-10-20 | Luna | Half Shadow Research <a brief intermission> | |
| 2020-10-20 | Ted | Related Papers: |
A Note on the Instantiability of the Quantum Random Oracle Generally, there exist schemes secure in the QROM that are insecure in the real world, no matter what hash function you use. |
| 2020-10-27 | Chelsea | Related Papers: |
FROST: Flexible Round-Optimized Schnorr Threshold Signatures Tradeoffs Among Constructions - Number of Signing Rounds: Required network rounds to generate one signature - Robust: Can the protocol complete when participants misbehave? - Requires Number of Signers: - Parallel Secure: Can signing operations be done in parallel without a reduction in security (Drijvers attacker)? - Can be performed by either a trusted dealer or a Distributed key Generation (DKG) Protocol - The DKG is an n-wise Shamir Secret Sharing protocol, with each participant acting as a dealer - After KeyGen, each participant holds secret share si and public key Yi FROST Sign - Can be performed in two rounds, or optimized to single round with preprocessing Security - We prove the EUF-CMA security of an ainteractive variant of FROST, then extend to plain FROST - FROST-Interactive generates the binding value pi Real-World Applications - Use in cryptocurrency (Zcash) protocols for signing transactions - Consideration for standardization by CFRG - Will present FROST at the upcoming NIST workshop on standaradizing threshold schemes Takeaways - FROST improves upon prior schemes by defining a single-round threshold signing protocol (with preprocessing) |
| 2020-10-27 | Miti | Related Papers: |
Cuckoo-hashing in DHTs Background: Distributed hash tables (DHTs) - Hash table - (key,value) pairs -- that is distributed across n machines (nodes). Each node is assigned a virtual address, and stores values for keys near that address - Good properties: Low path length: Each node would do at most O(ln(n)) looksups to find the value of a key stored in the DHT. The stored content doesn't need to get moved around a lot as more nodes join the network *network churn). Joining a SHT: mechanisms and attacks - Self-chosen virtual addresses: Exlipse attack: Choose strategic virtual addresses so adversarial nodes are "in path" of the request. These nodes "eclipse" the user's view of the DHT - Peer node assigns an incoming node a random address. - Join-leave attack: adversary makes the nodes repeatedly join the network until it gets enough nodes as neighbours of an honest node. Cuckoo-hashing Defense Main idea: Every time a node joins the network, its neighbours get rearranged, so new malicious nodes can't stick together around an honest node. Assume: Adversary controls at most epsilon fraction of nodes in the network Guarantees: With a high probability, groups contain s nodes. Performance constraint: it must work for small s Also, w.h.p, each group contains at most b Byzantine nodes Cuckoo-hashing fails: "with high probability" - Proofs were not fleshed out enough: Proofs used concentration inequalities (Chernoff, union bounds) that give loose bounds. Proofs were asymptotic: they skipped the constants Our fixes - Proof constants: bas security (epsilon)/performance (s) trade-off - Also ran a simulation that backed up the proof with the constants - Gave up on the trade-off until. . . Commensal Cuckoo-ing to the rescue! Joining process: - Primary join: Assign a new node with an address within a random sub-group New: The target group will check if it has had enough nodes joining it from the secondary joins |
| 2020-11-03 | IanG | Related Papers: |
Merkle Trees (and how they're related to voting) Review of Merkle Trees (an extremely useful data structure) - Using logarithmic Merkle path, can verify location of a data point in the tree - Append only data-structure Application: TLS - Website has a certificate issued by a CA - There are 1000s of CAs authorized to create certificates for anywhere in the world - If any of these CAs are compromised, Adversary can create valid certs for any website Certificate Transparency: - Every certificate that is issued is put into a Merkle Tree - When visiting a website, must give you the Certificate + Merkle path, allows you to verify the certificate In Elections past. . . - Political ads were part of the conversation - In 2016: 20,000 different ads were run by the Trump campaign. No consensus about ads being seen/issues to discuss - Merkle Trees may be an interesting tool to use to provide such a consensus |
| 2020-11-03 | Sajin | Related Papers: |
Oblivious Tight Compaction algorithms of level 3 obliviousness from the framework of obliviousness provided by Krastnikov et al. The baseline algorithm we considered is Goodrich's Tight Compaction Algorithm. For our purposes, we did not need the order-preserving property of this algorithm, so we designed our own compaction algorithm that has the same asymptotic complexity as Goodrich's algorithm, but non-order preserving and more efficient as it induces only half the number of Oblivious Swap operations compared to Goodrich's. We also cursorily went over some more recent theoretical results on tight compaction and pointed why these aren't practically relevant. |
| 2020-11-17 | Nik | Related Papers:
|
A Cautionary Crypto Tale (or. . . The ElGamal Error. . .or One Way to Security. . .or Terms and Conditions May Apply [To Security Proofs]. . .or. . .) How do we model confidentiality in public key encryption? OW-CPA (One-way chosen plaintext attack) usually isn't enough in practice IND-CPA (Indistinguishability under chosen plaintext attack) also usually isn't enough - padding oracle attacks, etc. - Always use IND-CCA2 Diffie-Hellman Problems (overview) ElGamal: do a DH key exchange, use DH shared secret as a mask Is it OW-CPA? Is it IND-CPA? "Finite Field" ElGamal Practical ElGamal - Preserving homomorphic properties (see papers to the left) - Hybrid encryption (with IND-CCA) is what everybody actually uses Takeaways - ElGamal is DH, then multiply the message - Security reductions: using new thing attack, break old thing - OW-CPA-> CDH, IND-CPA->DDH - ElGamal is only IND-CPA if messages are group elements (Otherwise, it's OW-CPA at best) - Use IND-CCA2 cryptosystems in practice - If you skip doing an 'obvious' security proof don't build 2 years of work on top of it >.< |
| 2020-11-17 | Jiayi | Multi-User Implicit Authentication - Implicit Authentication (IA) - Authenticate the owner based on their behaviours - Common behavioural biometrics (keystrokes, touch patterns, gaits) Advantages: - Defend against unauthorized access throughout the session - Enhance explicit authentication mehtods (PIN, passcodes, etc) Multi-User IA - Exisiting IA scheme assume only one valid user - Multi-User: more than one valid user can have access to a shared session Enrollment Research Question: How to label the training data? - Single User IA assumes it is always the owner - Multi-User IA requires explicit indication of the current user's identity Possible solutions: -Explicit enrollment - In-sharing enrollment Explicit Enrollment - Ask each user to complete tasks for model training Pros -Fast creation of a usable general IA model - Accurate data labelling Cons -Extra interactions In-Sharing Enrollment - Detect a sharing session and assign collected data to a certain profile - For the owner-sharee user model Pros - Natural behavioural data of practical usage - Auto data segmenting Cons - Manual profile assignment - Sufficient data is required for a usable model Incremental Enrollment - Identitfy the current user and assign newly collected data to this user automatically - For existing profiles Pros - Auto assignment - Continuous updating Cons - Possible misidentification Imbalanced training data - In the owner-sharee model, the owner contributes significantly more behavioural data than sharees Possible solutions: - Oversampling: SMOTE (Synthetic Minority Oversampling Technique) - Per-user binary classifiers Authentication & Identification Context - Most of the time, the owner is expected to be using the device 1. Use a binary classifier with owner's profile 2. If non-owner detected, use a multi-class classification to identify the current user 3. If no match, block the current user - Possible user identity changes usually happen after a certain action (ie. sharing action) - Use contextual information to reduce the classification task complexity |
|
| 2020-11-24 | Bailey | Related Papers: | Girls Mean Business First (Online) Workshop (An Introduction to Network Security using Netsim) - Workshop as part of WICs outreach program which aims to encourage female and non-binary youth to explore technology Netsim: https://cs.uwaterloo.ca/~m2mazmud/netsim/ Network Security (Goals of the workshop): - Define foundations of internet computer networks - Define security and its role in networks - Identify - Execute Start with Basic Definitions: Packets, Network Layers (a bit), Transport Layer, Application Layer Activity Facilitation online: - Harder to track participant progress - Group interaction varied - Chat vs. audio - Screen visibility - Progress was more varied - Unsure how much peer teaching occurred |
| 2020-11-24 | Thomas | Related Papers: |
Cache Me If You Can: Accuracy-Aware Inference Engine for DP Data Exploration Brief overview of DP: - PR[A(D1)=o] e^ε Pr[A(D2)=o] - Controls the degree to which D1 and D2 can be distinguished, a smaller ε gives more privacy (but less utility) Setup: - Interactive DP - Data owner specifies privacy budget ε - Data analysts care about accuracy; they do not know DP techniques - Accuracy: A set of queries (workload) has two accuracy parameters: α, β Motivation: Status quo: APEx provides accurate reponses to workloads while minimizing ε Drawbacks: -Does not consider prior noisy responses -> more ε than required - Analysts may not know how to plan workloads for total ε usage Proposed System: - Choosing a cache-aware optimal strategy matrix - Implementing our algorithm and cache structures - Evaluating our implementation for the following use-cases - Entity resolution tasks - Private spatial data exploration Proactive Approach: - Includes disjoint queries within the workload - Exploits the parallel composition theorem - Threshold to bound a minor increase in the privacy budget (for meeting the accuracy guarantee of overall workload) |
| 2020-12-01 | Navid | Related Papers: |
Probabilistic Secret Sharing A secret sharing scheme breaks a secret in to n shares such that any subset of shares that is in the "qualified"/"authorized" set, can reconstruct the secret and any subset of shares that is in the forbidden set cannot obtain any information about the secret. In this paper, D'Arco et al. introduce \alpha-probabilistic secret sharing, where the restriction on the forbidden sets still holds, but the authorized sets may fail; however, they will be able to correctly reconstruct the secret with probability \alpha. For example, the usual secret sharing schemes are 1-probabilistic secret sharing schemes. This talk covered the following parts of the paper: - Definition of \alpha-probabilistic secret sharing - An example from visual cryptography, and how it can be modified to an \alpha-probabilistic secret sharing scheme to have smaller shares. - Definition of evolving secret sharing schemes. - Definition of \alpha-probabilistic evolving secret sharing schemes. - A construction for an \alpha-probabilistic evolving secret sharing scheme that any two shares can be used to reconstruct the secret. - A modified version of Shamir secret sharing scheme (assigning shares by choosing a point randomly with substitution) with constant-size shares and its properties as an \alpha-probabilistic evolving secret sharing scheme that requires k shares to reconstruct the secret. |
| 2020-12-01 | Yousra | Related Papers: |
Probabilistic Protection Recommendation Inference: Vendor Customization Mobile OSes are continuously customized into a variety of system images - More than 2000 device models exist for Samsung devices Customization parties: Hardware manufacturers, device manufacturers, carriers - Purposes: Tailoring the devices to different hardware, countries, regions etc. Security Hazards caused by Access Control Anomalies Cause: lack of regulation policies that oversee framework-level customization - totally up to the developer to figure out the access control enforcement at the level of APIs - highly manual Prior Approaches for detecting Access Control Inconsistencies Kratos, Acedroid, ACMiner - Convergence anaslysis for detecting convergence Limitations of existing approaches Inconsistent AC along the paths to a given resource access may not be accurately indicative of a vulnerability In practice, access control checks proceed access to more than 1 resource: - it is difficult to point out exactly which resource(s) is the actual target of the protection Probabilistic Inference We are motivated by these kinds of stealthy and difficult to detect access control anomalies - The examples shown require combining multiple information sources (at different entry points) each with a different degree of certainty -From more certain hints: 1-1 resource to permission enforcement -To less certain hints: multiple resources are protected by a single AC We need to draw conclusions based on incomplete or uncertain information Uncertainty is usually modeled in the form of a probabilistic distribution Probabilistic Permission Recommendation Inference In our case, we need to compute he marginal probability that a resource x has a protection p from the probability distribution of all variables with protection p, in a target Android ROM there are two components for permission recommendation inference - constraint collector - inference engine Constraint Collector Normalizing Diverse Android Access Control Checks for Inconsistency DetectionPreprocesses the system services to collect all public entries (or public APIs) Analyzes each entry to identify various types of "primitive" resources Preprocess the system services to collect all public entries (or public APIS) - Using static bytecode analysis - Collect system services reistation points - identify public entries: identify exposed interfaces classes of each service and extract their public APIs Analyze each entry to identify various types of "primitive" resources Infer "certain" protections: - Using a predefined set of rules - Rule 1:1-1 resource permission to resource mappings (derived statically) Constraint Collector: Probabilistic Protection Transfer Traverse the framework codebase to collect protections Protection transfer also requires gathering implications - Implications denote inter-dependences between resource predicates If a dattaflow dependence is detected between two resources, we add an implication constraint Inference Engine Transforms the constraints into a factor graph - Factor graphs are used to represent the structure of conditional dependences Performs belief propagation in the graph for each Protection p - Note that protections are the set of traditional Android permissions and other non-traditional access control attributes Belief propagation will derive a new probability for each resource R having a protection PR If there is some hint for a Resource R has a protection PR where p>0.5 and PR is more likely than any other protection, then R is assigned |
| 2020-12-08 | John | Related Papers: |
Efficient Private Record Linkage for the Streaming Data Model (WIP) Summary Motivation: Create an efficient private record linkage protocol which uses a service provider Approach: Three possible general methods for three party record linkage in the data streaming model What is the streaming data model - Similar to PSI - Approximate matches Why the streaming data model? - Binning not required - Works well in the offline scenario There are a few different methods for different scenarios Method 1 (Protocol 1) - Paillier encryption - Berlekamp-Welch to decode reed solomon codes Method 2 (Protocol 2) - Cosine similarity - Records are vectorized Method 3 (Protocol 3 and 4) - Inner product predicate encryption - n-grams Protocol 3 1: Grams of a record represented as a polynomial - ( (x - id1)(x-id2)......) 2: Polynomial evaluation can be represented as an inner product Protocol 4 1: Grams of a record hashed into a bloom filter 2: Bloom filters compared using inner product operations Future (current) work - Accuracy and performance testing - Security model and proof |
| 2020-12-08 | Rasoul | Related Papers: |
Scalable PIR using Constant Hamming Weight Encodings (WIP) Homomorphic Encryption Overview - Additive HE -> Elgamal, RSA. . . only support one homomorphic operation (addition) - Somewhat (Leveled) HE - Fully HE <^ both support 2 homomorphic operations (Lattice based) Leveled HE & Multiplicative Depth - Limited sequential multiplications (5 or 6? more likely 3) Additions (almost) free - Circuit depth, depth = 3 = AB + C^4 - Multiplicative depth, mult depth = 2 - For HE, mult depth is important Equality in HE If we use 2 HE numbers, are they equal or not? How can we determine this? The circuit we have to derive over two numbers involves large p multiplication which is very expensive Private Information Retrieval - Definition ITPIR/ C-PIR C-PIR: to keep the query private the naive approach of is to download the entire DB Computation = Ω(IDI) PIR & Selection Vectors - Binary vector as big as the DP - Communication! Constant Hamming Weight Encoding - A mapping of numbers to elements with constant hamming weight = K Example: Order preserving encoding (K = 2) Equality Circuit for CHaW Encoding Summary Better asymptotic communication complexity given multiplicative depth Keyword PIR (Sparse PIR) - Very large domain/ very few elements - Retrieve by name instead of index - Password checkup |
| 2020-12-15 | Hans | Related Papers:
|
ARM PAuth Pointer Integrity: memory safety for pointers - Ensure pointers in memory remain unchanged Code pointer integrity implies CFI: Control- flow attacks manipulate code pointers - Data pointer integrity: Reduces data-only attack surface ARMv8.3-A Pointer Authentication General purpose hardware primitive approximating pointer integrity - Ensure pointers in memory remain unchanged Introduced in ARMv8.3-A specification (2016) to be improved in ARM-8.6-A (2020) ARMv8.3-A PA-PAC Generation - Adds Pointer Authentication Code . . . PA-based protection schemes PA instructions are primitives, assembled to form protection schemes - Two main components: When are pointers PACed and unPACed? Which modifier is used at a given point? - What should the modifier be for a given pointer? |
| 2020-12-15 | Douglas | My information security goal: academic integrity of MATH 239 exams during remote learning Some tips and operational strategies for preserving academic integrity in online learning (Talk to Douglas for details) |
Edit | Attach | 
Home
Index
Search
Changes
New Page
AIMAS |
|
Copyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback