Stanford Security Lunch
Winter 2019

Get announcements: Mail Ical

January 09, 2019 No meeting due to Real World Crypto Symposium

January 16, 2019 Client-side Encrypted Cloud Backups for Android

Speaker:  Shabsi Walfish

Abstract:  In the latest release of the Android OS, there is a new feature that enables users to encrypt their device's backup data at the client-side so that the Cloud provider cannot read it. When the user wants to restore their backup to a new device, they are now prompted to enter the lock screen knowledge factor (PIN, pattern, or password) that was used on their old device before their old backup data can be decrypted. While this might sound trivial to implement by using the lock screen to derive an encryption key, that approach doesn't work since lock screen knowledge factors are very low entropy (as little as 10 bits). A simple brute-force exploration of the input space would not only quickly crack the encryption, but would also reveal the user's lock screen knowledge factor to the attacker. To prevent such brute-force attacks, we make use of specialized secure hardware on the Cloud server-side that only allows for a small number of failed attempts to recover the backup before permanently disabling it. In this talk, I'll give a simplified overview of the protocol as well as discuss some of the unique challenges involved in implementing the new feature with custom secure hardware in Google's data centers.

January 23, 2019 No speaker this week

January 30, 2019 No meeting due to Stanford Blockchain Conference

February 06, 2019 Questioning the Implementation of the Linux Kernel Randomization in Cloud Computing Systems

Speaker:  Hector Marco

Abstract:  Cloud computing technology allows to reduce the cost of performing tasks in a flexible, scalable and reliable way. An important technique employed in Cloud systems to reduce the memory footprint across virtual machines is the memory deduplication mechanism. In this talk I will present the challenges that the Linux Kernel Address Space Layout Randomization (KASLR) introduces to the memory deduplication. I will go through KASLR implementation details to identify the reasons why the memory deduplication fails to merge randomized kernels. Experiments show that only 2.5% of the code can be merged when the KASLR is enabled, a huge difference compared to the 100% when the KASLR is disabled. This introduces a challenge in systems where memory is a scarce resource and security is a must, for example in Clear Linux distributions. I will conclude the talk discussing KASLR implementation alternatives compatible with the memory deduplication and the new challenges they are introducing.

February 13, 2019 Cyber Risk Management: AI Generated Signals of Threats and Collaborative Decisions

Speaker:  Isaac Faber

Abstract:  This research presents a warning systems model in which early-stage cyber threat signals are generated using machine learning and artificial intelligence techniques. Cybersecurity is most often, in practice, reactive. The current security paradigm, which is based on the manual forensics of machine-generated data by humans, begins after an event has taken place and can be significantly improved. Moving towards a more proactive posture, system defenders can keep pace with better methods of detection and response. However, this remains difficult due to the dynamic nature of threats and the volume of data generated by security devices. Cyber-threats operate on a set of discrete, observable steps called a 'kill chain.' Using machine learning techniques, data produced from early kill chain steps can be used to automate many traditionally manual defensive responses. However, most AI techniques are sensitive to exploitation and overly burdensome false positive rates. To address this problem this research presents a collaborative decision paradigm with machines making low-impact/high-confidence decisions, and human analysts only mitigate signals elevated with sufficient importance. An early warning system using these techniques has the potential to avoid more severe downstream consequences by disrupting threats at the beginning of the kill chain.

February 20, 2019 FBI Cyber Brief

Speaker:  Darin Smith

Abstract:  A short overview of the FBI's computer security mission and capabilities followed by a case study.

February 27, 2019 Making Sense of Censorship

Speaker:  Roya Ensafi

Abstract:  Interference with users’ online activities is on the rise, through behaviors that range from censorship and surveillance to content injection, traffic throttling, and violations of net neutrality . Reliably investigating interference requires new frameworks for measuring and interpreting network behavior. Understanding these complex phenomena requires longitudinal studies, observation from multiple vantage points, the ability to reverse engineer network traffic, and even application-specific techniques. In this talk, I will describe my efforts to design and build scalable, statistically robust measurement systems that use novel side channels to remotely infer network- and application-layer content filtering at global (Internet-wide) scale. My lab has deployed these systems in Censored Planet, a service that continuously monitors global Internet censorship and publishes semiweekly datasets about the availability of thousands of sensitive websites across more than 180 countries.

March 06, 2019 An Airdrop That Preserves Recipient Privacy

Speaker:  Riad Wahby

Abstract:  A common approach to bootstrapping a new cryptocurrency is an airdrop, an arrangement in which existing users give away currency to entice new users to join. Airdrops rely on existing cryptographic identities (say, public keys from another cryptocurrency). But they offer recipients no privacy---so observers learn, for example, whether or not recipients have claimed their funds. In this work, we address this flaw by defining a private airdrop and describing concrete schemes for ECDSA and RSA. Our private airdrop for RSA builds upon a new zero-knowledge argument of knowledge of the factorization of a committed integer in generic groups of unknown order, which may be of independent interest. We also design a private genesis airdrop to address the problem of bootstrapping a new cryptocurrency via private airdrops to millions of users. Finally, we implement and evaluate. Our fastest implementation takes 30--170 ms to generate and 2--6 ms to verify an RSA private airdrop signature in an RSA group of unknown order; signatures are 1.7--3.2kiB depending on security parameter.

March 13, 2019 How to Encrypt the Internet

Speaker:  Nick Sullivan

Abstract:  This talk is about the rapid deployment of encryption technology on the Internet over the last five or so years. I’m going to explore some of the technical challenges and inside stories that helped shape what happened.

March 20, 2019 Robustly Safe Compilation

Speaker:  Marco Patrignani

Abstract:  Secure compilers generate compiled code that withstands many target-level attacks such as alteration of control flow, data leaks or memory corruption. Many existing secure compilers are proven to be fully abstract, meaning that they reflect and preserve observational equivalence. Fully abstract compilation is strong and useful but, in certain cases, comes at the cost of requiring expensive runtime constructs in compiled code. As an alternative to fully abstract compilation, this talk explores a different criterion for secure compilation called robustly safe compilation or RSC. Briefly, this criterion means that the compiled code preserves relevant safety properties of the source program against all adversarial contexts interacting with the compiled program. We show that RSC can be proved more easily than fully abstract compilation and also often results in more efficient code.