Abstract: The risks of cyber attacks are increasing: attackers are increasingly well organized and sophisticated; at the same time, more and more computer systems are accessible over the Internet to be attacked, including computer systems that operate critical infrastructure such as power generation and transportation. In this talk I’ll describe several recent research results that
Abstract: Today’s IoT deployments commonly resemble walled gardens: they are closed ecosystems in which manufacturers maintain significant control over devices after they have been deployed. This is typically the result of a centralized design approach where devices heavily rely on a monolithic, vendoroperated cloud service. We propose a distributed architecture that liberates these devices—and their
Abstract: Thanks to the widespread deployment of TLS, users can accessprivate data over channels with end-to-end confidentiality andintegrity. What they cannot do, however, is prove to third parties theprovenance of such data, i.e., that it genuinely came from aparticular website. Existing approaches either introduce undesirabletrust assumptions or require server-side modifications.As a result, the value of
Abstract: Since early 2018, with Spectre and Meltdown, a novel attack surface concerning speculative execution was discovered and successfully exploited. These new attacks are able to break privilege boundaries and leak sensitive data. New attacks and variants were presented ever since, but I believe much of the attack surface is still unexplored due to the
Abstract: Modern messaging protocols are highly complex as they are composed of multiple different cryptographic primitives. In order to understand the underlying security requirements, security guarantees, and mechanisms, this talk disassembles messaging into its components. The main focus will be ratcheting as a modern building block that provides security even if secrets from the communicating
Abstract: The past five years have seen thousands of academic papers devoted to the study of adversarial examples in machine learning. Yet, despite countless proposed defenses, robustness remains evasive even for the simplest toy threat models. I’ll discuss recent work that shows how defenses degrade when extended to multiple perturbation types, and how models can
Abstract: Firewalls are a fundamental tool for managing and protecting computer networks.They not only permit specifying which packets are allowed to enter a network, but also how these packets are modified by translating IP addresses and performing port redirection.Configuring a firewall is notoriously hard.Equally difficult are policy maintenance and refactoring, as well as porting a
Abstract: The first part of this talk introduces PROTECT, a Platform for Robust Threshold Cryptography. The design of Threshold and Proactive cryptographic systems has received attention in recently due to the rise of cloud services, blockchain and crypto-currency technologies. However the bulk of literature in the threshold cryptography area assumes synchronous networks. The goal in
Abstract: Intel SGX enables protected enclaves on untrusted computing platforms. An important part of SGX is its remote attestation mechanism that allows a remote verifier to check that an enclave was correctly constructed before provisioning secrets to it. However, SGX attestation is vulnerable to relay attacks where the attacker, such as malicious OS, redirects the
Abstract: Hardening data protection using multiple methods rather than solely encryption is of paramount importance when considering continuous and powerful attacks to spy private and confidential information. Our research focuses on reinforcing data protection using a combination of data fragmentation, encryption, and dispersion. Each operation participates in the increasing of the protection level. We aim