Abstract: Micropayments are payments that are worth a few pennies. A challenge in achieving them is that payment networks charge fees that are high compared to “micro” sums of money. Wheeler (1996) and Rivest (1997) proposed probabilistic payments as a technique to achieve micropayments: a merchant receives a macro-value payment with a given probability so
Abstract Telephones remain a trusted platform for bootstrapping and conducting some of our most sensitive exchanges. From banking to taxes, wide swathes of industry and government rely on telephony as a secure fall-back when attempting to confirm the veracity of a transaction. In spite of this, authentication is poorly managed between disparate telephony systems, and
Abstract In an ideal Internet, every packet would be attributable to its sender, while host identities and transmitted content would remain private. Designing such a network is challenging be- cause source accountability and communication privacy are typically viewed as conflicting properties. In this paper, we propose an architecture that guarantees source accountability and privacy-preserving communication
Abstract In this talk, I will present a stepwise refinement framework for developing security protocols that are secure-by-construction. It is based on our previously proposed refinement strategy, which transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style adversary. As intermediate levels of abstraction, we employ
Abstract Consensus algorithms are fundamental building blocks for fault-tolerant distributed systems and their correctness is critical. However, there are currently no fully-automated methods for their verification. The main difficulty is that the algorithms are parameterized: they should work for any given number of processes. We provide an expressive language for consensus algorithms and give cutoff
Abstract We show that the new hover (floating touch) technology, available in a number of today’s smartphone models, can be abused by any Android application running with a common SYSTEM_ALERT_WINDOW permission to record all touchscreen input into other applications. Leveraging this attack, a malicious application running on the system is therefore able to profile user’s
Abstract Eye tracking devices are becoming increasingly popular as an interface between people and consumer-grade electronic devices. Due to the fact that human eye movements are fast, responsive, and carry information unique to an individual, analyzing a person’s gaze is particularly attractive for effortless biometric authentication. We demonstrate that the distinguishing power of eye movement biometrics can be used to
Abstract Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as an additional authentication factor. In this work, we explore how location information affects users’ decision-making for security and privacy. We conducted a series of qualitative interviews to learn how users relate location
Abstract – MELBL – (MELANI Botnet List): The MELANI botnet list contains botnet IPs/Domains which, we extract from malware binaries/configs or which we get from other partners. Different ISPs block the listed C&Cs via BGP Feed or on their security gateways. – MalDB: The malware database is filled up by MELANI and we inform infected website owners respectively their
Abstract Cache and differential power analysis attacks are major concerns for cryptographic implementations. Constant-time security and probing security are information flow policies used by practitioners to improve side-channel resistance of their code against cache attacks and DPA attacks respectively. I will present recent work [1,2,3] on rigorous approaches for proving that implementations verify constant-time and probing security. [1] J. C. Bacelar