Abstract: Bitcoin enjoys a public perception of being a privacy-preserving financial system. In reality, Bitcoin has a number of privacy vulnerabilities, including the well-studied fact that transactions can be linked through the public blockchain. More recently, researchers have demonstrated deanonymization attacks that exploit a lower-layer weakness: the Bitcoin peer-to-peer (P2P) networking stack. In particular, the
Abstract: This talk will show why we should be concerned about the increasing use of machine-learning (ML) algorithms in safety- and security-critical applications; but also how machine learning can help users maintain their privacy. First, I will show that state-of-the-art face-recognition algorithms are vulnerable to _physically realizable_ and _inconspicuous_ attacks, allowing attackers to evade
Abstract: Secure storage and management of data generated by the myriad of IoT devices present new challenges in the cloud era. How do we empower the user with ownership and fine-grained access control for IoT data without sacrificing performance or security? To address this challenge, we leverage the blockchain technology to bootstrap trust, for a
Abstract: Countless systems ranging from consumer electronics to military equipment are dependent on integrated circuits (ICs). A surprisingly large number of such systems are already security–critical, e.g., automotive electronics, medical devices, or SCADA systems. If the underlying ICs in such applications are maliciously manipulated through hardware Trojans, the security of the entire system can be
Abstract: “A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them. The proof-of-concept exploit uses a low-cost transmitter to embed malicious
Abstract: Location data can be extremely useful to study commuting patterns and disruptions, as well as to predict real-time traffic volumes. At the same time, however, the fine-grained collection of user locations raises serious privacy concerns, as this can reveal sensitive information about the users, such as, life style, political and religious inclinations, or even
Abstract: Intel Software Guard Extension (SGX) is an extension to the x86 instruction set that enables an application to isolate code and data in a container, called enclave. SGX hardware protects the enclave code and data against a malicious operating system, hypervisor, and even low-level firmwares. In particular, the hardware protects the confidentiality of enclave
Abstract: Eye tracking devices have recently become increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eyes are fast, responsive, and carry information unique to individuals, analyzing person’s gaze is particularly attractive for effortless biometric authentication. We build upon the fact that some eye movements can
Abstract: Current security systems such as Tor make use of cryptographic approaches to achieve their properties — however, common cryptographic approaches do not provide any guarantees of the code that has executed. Thanks to the commodity Intel SGX execution environment, which offers a remotely verifiable isolated execution environment called enclave, we can achieve strong security
Abstract End-users often struggle with security systems that are too difficult to use and not designed to fulfil the users’ needs. In the current age, disruptive technologies are proliferating rapidly and a plethora of devices is interconnected and exchanges data. This always-online paradigm poses significant challenges to users as the underlying information-sharing models are difficult