Stanford Security Lunch
Spring 2017

Get announcements: Mail Ical

April 05, 2017 Internet of Things (IOT) Security

Speaker:  Brian Witten (Symantec Labs)

Abstract:  This talk will describe the security mistakes behind some of the headlines of recent IOT security debacles, and also describe current best practices for protecting IOT systems end-to-end, as background for leading edge research in network security and machine learning applicable to IOT security, and walk through a sampling of those research efforts.

April 12, 2017 Upcoming Anti-Crypto Measures in Europe

Speaker:  Riana Pfefferkorn

Abstract:  Riana Pfefferkorn is the Cryptography Fellow at the Center for Internet and Society (CIS) at Stanford Law School. She will discuss growing efforts in Europe to enhance law enforcement access to encrypted information. In June, the European Commission plans to propose several options for police access to encrypted data, including binding legislation and non-legislative measures such as "voluntary" agreements with companies. Germany, France, and the UK have led the current push to regulate encryption, calling for "balance" between law enforcement interests, privacy, and security. The details of the proposals have not been announced, meaning it remains to be seen whether they will be (1) technologically coherent and (2) responsive and proportionate to law enforcement's actual needs. Riana will present the responses by 12 EU countries to a questionnaire about which encryption technologies the authorities encounter as an impediment to their investigations, how they respond to that challenge, and what they need in order to improve their investigatory capabilities. CIS plans to produce a report that analyzes the questionnaire responses and offers public-policy and technical recommendations on the forthcoming EC proposals, and seeks CS students interested in assisting with the report.

April 19, 2017 Securing the perimeter at LinkedIn

Speaker:  David Freeman

Abstract:  As the world's largest professional network, LinkedIn is subject to a barrage of fraudulent and/or abusive activity aimed at its member-facing products. LinkedIn's Anti-Abuse Team is tasked with detecting bad activity and building proactive solutions to keep it from happening in the first place. In this talk we'll explore various types of abuse we see at LinkedIn and discuss some of the solutions we've built to defend against them. We'll focus on perimeter defense: keeping bad guys from creating fake accounts at scale, from taking over real members' accounts, and from using bots to steal large amounts of data. Most member-facing abuse is perpetrated by fake accounts; in order to stop abuse we thus want to catch fake accounts as soon as possible after they are created. In the first part of the talk we will describe a machine-learning system we have built that detects clusters of fake accounts based on patterns observed in the account profile data alone, allowing us to catch the accounts before they do any damage. This system has found and removed more than one million fake accounts from LinkedIn. Login defense presents a challenge because passwords are known to have many weaknesses, but no alternative authentication mechanism has been successfully rolled out at scale. In the second part of the talk we will present a statistical login-scoring model we have developed that strengthens password- based authentication without changing the user experience. Finally, we discuss the problem of stopping unauthorized bot access. The main challenges here are that we need to decide whether to serve the data based on a single request, and we need to make this decision quickly so as not to impact user experience. We will give an overview of the infrastructure we have developed to score requests and our modeling approach that attempts to funnel bots into paths already covered by our fake account models. Bio: David Freeman leads Anti-Abuse and Anomaly Detection Relevance at LinkedIn. His team of machine learning engineers builds statistical models to detect fraud, abuse, and unusual activity across the LinkedIn site and ecosystem. He has a Ph.D. in mathematics from UC Berkeley and did postdoctoral research in cryptography and security at CWI and Stanford University.

April 26, 2017 Functional Encryption: Deterministic to Randomized Functions from Simple

Speaker:  David Wu

Abstract:  Assumptions Functional encryption (FE) enables fine-grained control of sensitive data by allowing users to only compute certain functions for which they have a key. The vast majority of work in FE has focused on deterministic functions, but for many applications, the functionality of interest is more naturally captured by a randomized function. Recently, Goyal, Jain, Koppula, and Sahai (TCC 2015) initiated a formal study of FE for randomized functionalities with security against malicious encrypters, and gave a selectively secure construction from indistinguishability obfuscation. To date, this is the only construction of FE for randomized functionalities in the public-key setting. This stands in stark contrast to FE for deterministic functions which has been realized from a variety of assumptions. In this talk, I will describe a generic transformation that converts any general-purpose, public-key FE scheme for deterministic functionalities into one that supports randomized functionalities. Our transformation can be instantiated using very standard number-theoretic assumptions. Then, applying our transformation to existing FE constructions, we obtain several adaptively-secure, public-key functional encryption schemes for randomized functionalities with security against malicious encrypters from many different assumptions such as concrete assumptions on multilinear maps, indistinguishability obfuscation, and in the bounded-collusion setting, the existence of public-key encryption, together with standard number-theoretic assumptions. Joint work with Shashank Agrawal. To appear in Eurocrypt 2017.

May 03, 2017 TBA

Speaker:  Henry Corrigan-Gibbs

May 10, 2017 Efficient Quantum Resistant Confidential Transactions for Bitcoin

Speaker:  Benedikt Bünz

May 17, 2017 TBA

Speaker:  Florian Tramer

May 24, 2017 TBA

Speaker:  Riad Wahby

May 31, 2017 TBA

Speaker:  Yan Michalevsky

Title:  Tbd

June 07, 2017 TBA