Abstract: A wide variety of applications, such as modern payment systems, access control for critical infrastructures, healthcare applications like contact tracing, depend on location and proximity information. There are multiple ways to establish physical distance between two entities, most of which are prone to distance modification attacks and can lead to loss of property (e.g.,
Abstract: I’ll give a demo of the Internet Computer which hosts powerful smart contracts that are general purpose, tamperproof, composable, autonomous and run at web speed. I’ll proceed with an overview of the platform, which is a sharded blockchain system which offers advanced features such as on-chain governance, scaling and system upgrades. Needless to say,
Abstract: In this talk, I will introduce LTrack, a new tracking attack on LTE that allows an attacker to stealthily extract user devices’ locations and permanent identifiers (IMSI). To remain stealthy, the localization of devices in LTrack is fully passive, relying on our new uplink/downlink sniffer. Our sniffer records both the times of arrival of
Abstract: Attacks such as Spectre and Meltdown use a combination of speculative execution and shared microarchitectural state to leak information across security domains. Defeating them without massive performance overheads requires careful co-design of software and hardware. In this talk I will present a principled approach to this problem, based on hardware-software contracts for secure speculation,
Abstract: Decentralized Finance (DeFi) allows smart contracts to offer trustworthy and decentralized financial services. However, the trustworthiness of these systems depends on whether the human-readable specification and intent was correctly implemented. While these services handle billions of dollars, the security is still lacking. In this presentation we will examine the current state and why past
Abstract: Our society is increasingly reliant upon a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), embedded, and so-called “smart”, devices. They often perform safety-critical functions in numerous settings, e.g., home, office, medical, automotive and industrial. Some devices are small, cheap and specialized sensors and/or actuators. They tend to have meager resources, run simple software,
Abstract: In this talk I’ll present the Frontal attack, a new timing side-channel attack on Intel CPU processors. Our attack exploits timing differences that arise from how the CPU frontend fetches and processes instructions while being interrupted. In particular, we observe that in modern Intel CPUs, some instructions’ execution times will depend on which operations
Abstract: The goal of secure multi-party computation (MPC) is to allow a set of parties to perform an arbitrary computation task, where the security guarantees depend on the set of parties that are corrupted. The more parties are corrupted, the less is guaranteed, and typically the guarantees are completely lost when the number of corrupted
Abstract: With the growing processing power of computing systems and the increased availability of massive datasets, machine learning algorithms have led to major breakthroughs in many different areas. This development has influenced computer security, inspiring many learning-based security systems, such as for malware detection, vulnerability discovery, and binary code analysis. Despite great potential, machine learning
Abstract: Widely used cryptographic protocols like TLS 1.3 (Transport Layer Security) have seen increased adoption recently on the basis of their claims of provable security. These claims refer to the results of rigorous academic proofs in a formal key-exchange model; however, the actual claims and guarantees rarely reach developers or implementors of TLS, let alone