Abstract: Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, physical properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary’s physical proximity to the
Abstract: The Universal Serial Bus has become a pervasive means by which users connect peripherals to computers. USB devices were ubiquitous within organizations and enterprises, but their role in introducing malware and acting as vectors for data exfiltration have significantly curtailed their usage in these environments. We have found that USB hosts often blindly trust
Abstract: Mobile platforms such as Android and iOS have become a primary form of computing for millions of users. These modern platforms are built around the notion of “apps,” providing rich runtime environments that provide application developers easy access to sensors (e.g., location, camera), user information (e.g., contacts, social networks), and device functionality (e.g.,
Abstract: The number of security-sensitive location-aware services over the Internet continues to grow, such as location-aware authentication, location-aware access policies, fraud prevention, complying with media licensing, and regulating online gambling/voting. An adversary can evade existing Internet geolocation techniques, e.g., by faking GPS coordinates or employing a non-local IP address through proxy servers and virtual private
Abstract: A credit network models trust between agents in a distributed environment and enables payments between arbitrary pairs of agents. With their flexible design and robustness against intrusion, credit networks form the basis of several Sybil-tolerant social networks, spam-resistant communication protocols, and payment systems. In this talk, I will introduce the concept of credit network
Abstract: Bitcoin enjoys a public perception of being a privacy-preserving financial system. In reality, Bitcoin has a number of privacy vulnerabilities, including the well-studied fact that transactions can be linked through the public blockchain. More recently, researchers have demonstrated deanonymization attacks that exploit a lower-layer weakness: the Bitcoin peer-to-peer (P2P) networking stack. In particular, the
Abstract: This talk will show why we should be concerned about the increasing use of machine-learning (ML) algorithms in safety- and security-critical applications; but also how machine learning can help users maintain their privacy. First, I will show that state-of-the-art face-recognition algorithms are vulnerable to _physically realizable_ and _inconspicuous_ attacks, allowing attackers to evade
Abstract: Secure storage and management of data generated by the myriad of IoT devices present new challenges in the cloud era. How do we empower the user with ownership and fine-grained access control for IoT data without sacrificing performance or security? To address this challenge, we leverage the blockchain technology to bootstrap trust, for a
Abstract: Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security–critical, e.g., automotive electronics, medical devices, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be
Abstract: “A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them. The proof-of-concept exploit uses a low-cost transmitter to embed malicious