Decentralized Cryptocurrencies such as Bitcoin or Ether have become popular over the last few years, a development that has not gone unnoticed by central banks. Due to this popularity, as well as the increasing digitalization of payments and the constantly reducing role of cash in society, central banks around the world are increasingly interested in deploying a digital equivalent of cash, a so-called central bank digital currency (CBDC).
Events & News
ZISC organizes a number events. The annual ZISC Workshop brings together leading experts to present and discuss their latest research results on a chosen information security and privacy topics. The weekly ZISC Lunch Seminar presentations illustrate the research done at the affiliated research groups and invite exciting speakers from other research institutes and companies.
Cookie banners are fooling users into consent and the websites do not respect user choices. ETH researchers show the prevalence of this deceptive website behavior and developed a solution: a browser extension CookieBlock that uses machine learning to protect user’s privacy.
Cookies make web browsing stateful. They enable websites’ customization and authenticated sections. However, they are also used to track users’ behavior for targeted advertising. Privacy regulations such as GDPR and ePrivacy Directive therefore came into force to limit the latter usage. Websites are no longer allowed to set tracking cookies without users’ consent, so they use cookie banners to inform users and allow users to choose what private data the website can use.
However, the practice of cookie banners is far from what the regulations intended. Prior research showed that these consents are largely non-compliant as they nudge users to accept all cookies or they are incomplete and according to regulations.
Given the vast prevalence of these violations, it is difficult for data protection authorities to enforce the law.
“We cannot expect the websites to mitigate all the violations, we have to give the power to users to protect themselves. That is why we developed the browser extension CookieBlock.“
CookieBlock uses machine learning to categorize cookies into privacy categories, namely useful cookies as “necessary” or “functional” and tracking cookies as “analytics” and “advertising”. When users install CookieBlock, they are asked which categories they allow and which should be rejected and this is meant to be the last consent that the users ever need to grant to cookies. CookieBlock then monitors all cookies, automatically classifies them, and removes those in rejected categories.
Since CookieBlock works in the browser, it truly removes privacy threatening cookies even if the website would use them disregarding the law. It also works independently of the user’s location, so users outside of the EU can enforce the same privacy protection as GDPR mandates for EU citizens.
CookieBlock is available for Chrome, Firefox, Edge, and Opera browsers (Safari cannot be supported for technical reasons). The installation and setup is easy: just three clicks enable the protection. Since machine learning is prone to errors, the extension popup allows adding exceptions to websites similarly as ad blockers. The authors improve CookieBlock continuously and try to prevent issues on websites. Lastly, CookieBlock is not meant for removing the cookie banners themselves, it just supersedes them. Yet for the user’s convenience, the authors recommend installing an extension I don’t care about cookies or uBlock Origin with Annoyances filters (e.g., EasyList Cookie). The latter provides further privacy protection for safe browsing.
Bollinger D, Kubicek K, Cotrini C, Basin D: Automating Cookie Consent and GDPR Violation Detection, 31st USENIX Security Symposium, August 2022, (Preprint). https://www.usenix.org/conference/usenixsecurity22/presentation/bollinger
Members of the ETH community who need a fast, secure and reliable internet connection for their data now have an alternative: SCION network technology, invented at ETH Zurich, is now also available to any ETH lecturers, researchers or employees with special security, performance or reliability requirements.
SCION is a fast, secure and reliable alternative to conventional internet infrastructure. It was invented and developed at ETH Zurich by Adrian Perrig, Professor of Computer Science, and his Network Security Group. Other computer science professors play a key role, too: David Basin’s Information Security Group helps maintain the high security of the system and Peter Müller’s Program Methodology Group helps ensure the security of the implementation.
The name SCION stands for “Scalability, Control, and Isolation On Next-Generation Networks”. In contrast to conventional internet infrastructure, a data packet sent via SCION is not only provided with the receiving address, but already contains the entire route it is to take on its way through the internet at the time of sending. This means that with SCION, data packets don’t take detours – as they often do in today’s internet – and confidential data doesn’t go astray unexpectedly.
Now, as part of its “SCION @ ETH Domain (SCI-ED)” project, IT Services (ITS) has installed the SCION network at ETH Zurich. From now on, ITS will operate the data network for the ETH community and make it available to members on demand. SCION has yet to be integrated into the IT Service catalogue. Should any group have a need to use SCION, they can contact ITS and ITS will look at how best to provide it to them.
Read the full article here.
SCION Day 2022
26 January 2022, from 9:00 a.m.
To present the latest developments in the SCION secure internet architecture to various interested parties from science and industry, the Network Security Group, together with ETH spin-off Anapaya and AWK Group, has organised the SCION Day 2022.
This full-day event will take place on 26 January 2022 as an online event with a livestream. It is divided into two parts: in the morning, there will be a presentation of the latest technical advances in research and industry, and the afternoon will focus on the latest business developments concerning SCION. The event is free of charge and requires registration.
For registration and details, please visit https://scion-architecture.net/pages/scion_day_2022/
The IEEE Fellow Committee announced the newly elevated IEEE Fellows of 2021 — amongst them is ZISC faculty member and ETHZ Professor Adrian Perrig. This distinction recognises the extensive research and outstanding accomplishments in any of the IEEE fields of interest.
Adrian Perrig has been named IEEE Fellow for his contributions to network and system security. Perrig’s research in attestation has led to the new research area of software-based attestation and has had profound impact in HW attestation techniques. His TESLA protocol has shaped the field of broadcast authentication, has been widely used in industry and academia, and is today considered for the authentication of Galileo GNSS. Perrig’s work on SPINS has formed the foundation for ZigBee security, which is deployed today in hundreds of millions of devices. Furthermore, his work on the SCION Internet architecture is the first inter-domain routing architecture with global deployment since BGP’s deployment in 1994.
We congratulate Professor Perrig for this great respect in the technical community which is considered an important career achievement!
With the year 2021 being a challenging one in regards to the ongoing Covid situation, our ZISC researchers still continued their excellent work and were able to deliver promising results in both main mandates: applied research projects with the industry partners and long-term basic research.
Our researchers and partner companies worked on multiple projects and addressed fundamental challenges in information security and privacy, while also making contributions to projects that have societal importance beyond academia and industry.
Please read the details in our recently published ZISC REPORT 2021.
The ZISC center wishes you all a healthy and successful 2022!