Abstract: Bitcoin is perhaps the most prominent example of a distributed cryptographic protocol that is extensively used in everyday life. In this talk, we present a universally composable treatment of the Bitcoin protocol. We specify the goal that Bitcoin aims to achieve as a ledger functionality in the universal composability (UC) model of Canetti. Unlike
Abstract: Anonymous communication networks (ACNs) are basic building blocks for obtaining or exchanging data in a privacy-preserving manner. ACNs suffer from a bootstrapping problem: having few users leads to a small anonymity set, which renders the ACN unattractive. We propose a system, CoverUp, that tackles the bootstrapping problem for ACNs. The key idea is to draw
Abstract: Usability problems are a major cause of many of today’s IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and
Abstract: This talk is primarily to introduce some of our recent projects, and some project ideas for possible collaboration. The talk will touch several topics. I will go into details based on the group’s interests. Feel free to check the papers at: https://users.encs.concordia.ca/~mmannan/pubs-year.html *Anti-coercion* we have been exploring solutions for data security in coercive situations
Abstract: The current consensus within the security industry is that high-assurance systems cannot tolerate the presence of compromised hardware components. In this talk, we challenge this perception and demonstrate how trusted, high-assurance hardware can be built from untrusted and potentially malicious components. The majority of IC vendors outsource the fabrication of their designs to
Abstract: Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary’s physical proximity to the
Abstract: The Universal Serial Bus has become a pervasive means by which users connect peripherals to computers. USB devices were ubiquitous within organizations and enterprises, but their role in introducing malware and acting as vectors for data exfiltration have significantly curtailed their usage in these environments. We have found that USB hosts often blindly trust
Abstract: Mobile platforms such as Android and iOS have become a primary form of computing for millions of users. These modern platforms are built around the notion of “apps,” providing rich runtime environments that provide application developers easy access to sensors (e.g., location, camera), user information (e.g., contacts, social networks), and device functionality (e.g.,
Abstract: The number of security-sensitive location-aware services over the Internet continues to grow, such as location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing Internet geolocation techniques, e.g., by faking GPS coordinates or employing a non-local IP address through proxy servers and virtual private
Abstract: A credit network models trust between agents in a distributed environment and enables payments between arbitrary pairs of agents. With their flexible design and robustness against intrusion, credit networks form the basis of several Sybil-tolerant social networks, spam-resistant communication protocols, and payment systems. In this talk, I will introduce the concept of credit network