Abstract: This talk presents our research into the security of programmable smartcards, which are widely used devices that implement a wide range of cryptosystems, yet are mostly black-box with hardly any public information about their workings. By the end of the talk, you will learn – How we find vulnerabilities in smartcards using our open-source tools, even though
Abstract: After a plethora of high-profile Rowhammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the definitive hardware solution against the Rowhammer problem: Target Row Refresh (TRR). A common belief among practitioners is that, for the latest generation of DDR4 systems that are protected by TRR, Rowhammer is no longer an issue in practice. During
Abstract: The security and architecture communities will remember 2018 as the year of side channels. Starting from Spectre and Meltdown, time and again we have seen how basic performance-improving features can be exploited to violate fundamental hardware security guarantees. In this talk, I will survey a line of work on speculative execution attacks, showing how
Abstract: Software systems are ever-growing in size and complexity while being rife with vulnerabilities. Patches and defenses are continuously deployed, but the software attack surface is extremely large and attackers invariably find ways to gain a persistent foothold. An effective way to end the arms race between vulnerabilities and defense tools is by isolating the
Abstract: Security and safety-critical remote applications such as e-voting, online banking, industrial control systems and medical devices rely upon user interaction that is typically performed through web applications. Trusted path to such remote systems is critical in the presence of an attacker that controls the user’s computer. Such an attacker can observe and modify any
Abstract: Permissionless blockchains offer many advantagesbut also have significant limitations including high latency. Thisprevents their use in important scenarios such as retail payments,where merchants should approve payments fast. Prior works haveattempted to mitigate this problem by moving transactions off thechain. However, such Layer-2 solutions have their own problems:payment channels require a separate deposit towards eachmerchant
Abstract: We present the first protocols for private information retrieval that allow fast (sublinear-time) database lookups without increasing the server-side storage requirements. To achieve these efficiency goals, our protocols work in an offline/online model. In an offline phase, which takes place before the client has decided which database bit it wants to read, the client
Abstract: Many mobile and wearable devices interact with their environment, with other devices, and with human users – and yet most of their communications occur invisibly via wireless networks. How can users express their intent about which devices should communicate – especially in situations when those devices have never encountered each other before? These devices
Abstract: The risks of cyber attacks are increasing: attackers are increasingly well organized and sophisticated; at the same time, more and more computer systems are accessible over the Internet to be attacked, including computer systems that operate critical infrastructure such as power generation and transportation. In this talk I’ll describe several recent research results that
Abstract: Today’s IoT deployments commonly resemble walled gardens: they are closed ecosystems in which manufacturers maintain significant control over devices after they have been deployed. This is typically the result of a centralized design approach where devices heavily rely on a monolithic, vendoroperated cloud service. We propose a distributed architecture that liberates these devices—and their