How to steal millions from formally verified contracts

Abstract: Decentralized Finance (DeFi) allows smart contracts to offer trustworthy and decentralized financial services. However, the trustworthiness of these systems depends on whether the human-readable specification and intent was correctly implemented. While these services handle billions of dollars, the security is still lacking. In this presentation we will examine the current state and why past

Secure Code Execution on Untrusted Remote Devices

Abstract: Our society is increasingly reliant upon a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), embedded, and so-called “smart”, devices. They often perform safety-critical functions in numerous settings, e.g., home, office, medical, automotive and industrial. Some devices are small, cheap and specialized sensors and/or actuators. They tend to have meager resources, run simple software,

Dos and Don’ts of Machine Learning in Computer Security

Abstract: With the growing processing power of computing systems and the increased availability of massive datasets, machine learning algorithms have led to major breakthroughs in many different areas. This development has influenced computer security, inspiring many learning-based security systems, such as for malware detection, vulnerability discovery, and binary code analysis. Despite great potential, machine learning

Securing the Standards: Bringing Cryptographic Security Proofs for TLS 1.3 into the Real World

Abstract: Widely used cryptographic protocols like TLS 1.3 (Transport Layer Security) have seen increased adoption recently on the basis of their claims of provable security. These claims refer to the results of rigorous academic proofs in a formal key-exchange model; however, the actual claims and guarantees rarely reach developers or implementors of TLS, let alone

Screaming Channels: When TEMPEST Meets Side Channels and Wireless Security

Abstract: TEMPEST attacks are a well-known threat that consists of spying on an electronic device through its unintended physical emissions. Physical emissions are also used by side-channel attacks to break cryptographic implementations. However, while TEMPEST attacks have been demonstrated at large distances (e.g., several meters), side-channel attacks generally work only in the proximity of the target

Participative Security – How to build digital trust

Abstract: The talk will cover: –        What makes customers trust digital services –        How do you engage communities into building strong security –        Are vulnerabilities the end of a company’s reputation Join the Zoom meeting at 12:30 on Thursday, May 27th: https://ethz.zoom.us/j/65841148696

Taming quantum computation with cryptography

Abstract: Quantum computers are expected to provide efficient solutions to problems that are conjectured to be intractable for classical computers (such as the simulation of quantum physical system). This raises the following question: can a classical computer efficiently verify the results of a quantum computation? In 2018, Urmila Mahadev answered this question in the affirmative