Abstract: We have a clear understanding about how to handle information security in cryptographic cases where adversaries (provably) have a negligible chance of success. Definitions are solid and all is well. However, in many cases relevant for privacy, we cannot achieve such strong notions without paying outrageous costs: a utility approaching zero, vast communication costs,
Abstract Over the past years technology has become an essential part of our daily life. Be it free time, work, research or education – with the help of technology we’re able to set foot on yet unknown terrain, save resources and be more productive. We’re assumingly about to face even more fundamental changes considering the
Abstract: In the first part of the talk, we will discuss the vision, possible applications, and the economic power behind the phenomenon of cryptocurrencies and distributed ledgers. Then, based on your basic knowledge of Bitcoin, we will have a look at current technical limitations of the approach and approaches to overcome these. We will have
Abstract: When can you trust the software running on your computer? To answer this question, it is not enough to reason about the state of an individual host — we must also understand if real-world adversaries can invalidate the assumptions behind our methods for establishing trust in software components. In this talk I will
Abstract: A well-known and recurring Internet security concern is supporting HTTPS for the privacy and integrity of data in end-to-end communications. However, many studies have shown that HTTPS adoption rate remains low nowadays and websites often fail to correctly configure HTTPS. In this talk, I will present two of our recent studies that investigate the
Abstract: Physically Unclonable Functions (PUFs) are commonly used in cryptography to identify devices based on the uniqueness of their physical microstructures. DRAM-based PUFs have numerous advantages over PUF designs that exploit alternative substrates: DRAM is a major component of many modern systems, and a DRAM-based PUF can generate many unique identifiers. However, none of the
Abstract: Secure multi-party computation (MPC) allows n distrusting parties to jointly compute a function of their inputs while revealing nothing but the output of the function. At TCC 15, Moran et al. [1] introduced “Topology-Hiding MPC”. Here, one considers MPC over an incomplete network, where the network topology, in itself, is considered sensitive information. The
Abstract: Privacy guarantees of a privacy-enhancing system have to be robust against thousands of observations for many realistic application scenarios, such as anonymous communication systems, privacy-enhancing database queries, or privacy-enhancing machine-learning methods. The notion of r-fold Approximate Differential Privacy (ADP) offers a well-established framework with clear privacy bounds and with composition theorems that capture how
Abstract: Primary considerations for enterprise customers who want to leverage apublic cloud are data security and the effort involved in migratingexisting applications. But how do enterprise customers use cloud? How dothey evaluate a cloud vendor¹s security capabilities? How do they securetheir resources in the cloud? What are the pillars of a trusted enterprisecloud? In this
Abstract: IP address spoofing allows large-scale Distributed Denial of Service (DDoS) reflection attacks. In these attacks, an adversary sends the initial packet of a communication protocol to a reflector, without performing a full handshake. An efficient first-packet authentication system can mitigate such attacks. This work presents the design, implementation, analysis, and experimental evaluation of PISKES,