Abstract: This talk reports on the latest computational records in integer factoring and finite field discrete logarithms. These hard computational problems underpin the security of the public-key cryptographic primitives known as RSA and finite field Diffie-Hellman, which are still the most used public-key cryptographic primitives in many contexts. This work required a quite formidable amount of computing power, from various
Abstract: Probabilistic data structures use space-efficient representations of data in order to (approximately) respond to queries about the data. Traditionally, these structures are accompanied by probabilistic bounds on query-response errors. These bounds implicitly assume benign attack models, in which the data and the queries are chosen non-adaptively, and independent of the randomness used to construct
Abstract: A central element of designing IT security infrastructures is the logical segmentation of information assets into network zones sharing the same security requirements and policies. As more business ecosystems are migrated to the cloud, additional demands for cybersecurity emerge and make the network-zone operation and management for large corporate networks challenging. In this talk,
Abstract: For many cryptographic proofs and arguments, the burden of proof is on the prover. Computing proofs for large statements is a bottleneck, despite the fact that we know how to produce amazingly succinct proofs with incredibly fast verification times. Very few works can claim prover algorithms which are truly asymptotically optimal, so that the
Abstract: This talk presents our research into the security of programmable smartcards, which are widely used devices that implement a wide range of cryptosystems, yet are mostly black-box with hardly any public information about their workings. By the end of the talk, you will learn – How we find vulnerabilities in smartcards using our open-source tools, even though
Abstract: After a plethora of high-profile Rowhammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the definitive hardware solution against the Rowhammer problem: Target Row Refresh (TRR). A common belief among practitioners is that, for the latest generation of DDR4 systems that are protected by TRR, Rowhammer is no longer an issue in practice. During
Abstract: The security and architecture communities will remember 2018 as the year of side channels. Starting from Spectre and Meltdown, time and again we have seen how basic performance-improving features can be exploited to violate fundamental hardware security guarantees. In this talk, I will survey a line of work on speculative execution attacks, showing how
Abstract: Software systems are ever-growing in size and complexity while being rife with vulnerabilities. Patches and defenses are continuously deployed, but the software attack surface is extremely large and attackers invariably find ways to gain a persistent foothold. An effective way to end the arms race between vulnerabilities and defense tools is by isolating the
Abstract: Security and safety-critical remote applications such as e-voting, online banking, industrial control systems and medical devices rely upon user interaction that is typically performed through web applications. Trusted path to such remote systems is critical in the presence of an attacker that controls the user’s computer. Such an attacker can observe and modify any
Abstract: Permissionless blockchains offer many advantagesbut also have significant limitations including high latency. Thisprevents their use in important scenarios such as retail payments,where merchants should approve payments fast. Prior works haveattempted to mitigate this problem by moving transactions off thechain. However, such Layer-2 solutions have their own problems:payment channels require a separate deposit towards eachmerchant