Stanford Security Lunch
Fall 2018

Get announcements: Mail Ical

September 26, 2018 The Security Impact of HTTPS Interception

Speaker:  Zakir Durumeric

Abstract:  As HTTPS deployment grows, middlebox and antivirus products are increasingly intercepting TLS connections to retain visibility into network traffic. In this work, we present a comprehensive study on the prevalence and impact of HTTPS interception. First, we show that web servers can detect interception by identifying a mismatch between the HTTP User-Agent header and TLS client behavior. We characterize the TLS handshakes of major browsers and popular interception products, which we use to build a set of heuristics to detect interception and identify the responsible product. We deploy these heuristics at three large network providers: (1) Mozilla Firefox update servers, (2) a set of popular e-commerce sites, and (3) the Cloudflare content distribution network. We find more than an order of magnitude more interception than previously estimated and with dramatic impact on connection security. To understand why security suffers, we investigate popular middle boxes and client-side security software, finding that nearly all reduce connection security and many introduce severe vulnerabilities. Drawing on our measurements, we conclude with a discussion on recent proposals to safely monitor HTTPS and recommendations for the security community.

October 03, 2018 Signatures with Flexible Public Key: Introducing Equivalence Classes for Public Keys

Speaker:  Lucjan Hanzlik

Abstract:  We introduce a new cryptographic primitive called signatures with flexible public key (SFPK). We divide the key space into equivalence classes induced by a relation R. A signer can efficiently change his or her key pair to a different representatives of the same class, but without a trapdoor it is hard to distinguish if two public keys are related. Our primitive is motivated by structure-preserving signatures on equivalence classes (SPS-EQ), where the partitioning is done on the message space. Therefore, both definitions are complementary and their combination has various applications. We first show how to efficiently construct static group signatures and self-blindable certificates by combining the two primitives. When properly instantiated, the result is a group signature scheme that has a shorter signature size than the current state-of-the-art scheme by Libert, Peters, and Yung from Crypto’15, but is secure in the same setting. In its own right, our primitive has stand-alone applications in the cryptocurrency domain, where it can be seen as a straightforward formalization of so-called stealth addresses. Finally, it can be used to build the first efficient ring signature scheme in the plain model without trusted setup, where signature size depends only sub-linearly on the number of ring members. Thus, we solve an open problem stated by Malavolta and Schroder at ASIACRYPT'2017.

October 10, 2018 Silent Splitter: Privacy-Preserving Payment Splitting

Speaker:  Saba Eskandarian

Abstract:  Widely used payment-splitting apps allow members of a group to keep track of debts between members by sending charges for expenses paid by one member on behalf of others. While offering a great deal of convenience, these apps gain access to sensitive data on users' financial transactions. In this paper, we present Silent Splitter, a payment-splitting app that hides all transaction data within a group from the service provider while providing integrity against malicious users or even a malicious server. Silent Splitter's core protocol proceeds in a series of rounds in which users either submit real data or cover traffic, and the server blindly updates balances, informs users of charges, and computes integrity checks over user-submitted data. Our protocol requires no cryptographic operations on the server-side, and after a group's initial setup, the only cryptographic tool needed by users is AES. We implement Silent Splitter as an Android app and the accompanying server. We find that, for realistic group sizes, it requires fewer than 50 milliseconds per round of computation on a user's phone, and the server requires fewer than 300 microseconds per round for each group, meaning that our protocol enjoys excellent performance and scalability properties. Joint work with Payman Mohassel and Mihai Christodorescu.

October 17, 2018 Secure Compilation

Speaker:  Marco Patrignani

Abstract:  In this talk i will introduce my main research topic, Secure Compilation, and describe existing as well as ongoing work. Secure compilation aims to preserve security of programs that are compiled to low-level languages, where high-level security abstractions don’t exist. In this talk I will (i) give both existing and emerging formal definitions of a secure compiler, (ii) give examples of formalised secure compilers (iii) discuss techniques for proving a compiler secure. I will conclude the talk with an overview of what is going on and emerging in the nascent field of secure compilation.

October 24, 2018 Batching Techniques for Accumulators with Applications to IOPs and Blockchains

Speaker:  Benedikt Bünz

October 31, 2018 True2F: Backdoor-resistant authentication tokens

Speaker:  Emma Dauterman

Abstract:  We present the design and implementation of True2F, a system for second-factor authentication that provides the benefits of conventional U2F authentication tokens in the face of phishing and software compromise, while also providing strong protection against token faults and backdoors. To do so, we develop new lightweight two-party protocols for generating cryptographic keys and ECDSA signatures, and we implement new privacy defenses to prevent cross-origin token-fingerprinting attacks. To facilitate real-world deployment, our system is backwards-compatible with today’s U2F-enabled web services and runs on commodity hardware tokens after a firmware modification. A True2F-protected authentication takes just 57ms to complete on the token, compared with 23ms for unprotected U2F.

November 07, 2018 Ad-versarial: Defeating Perceptual Ad-Blocking

Speaker:  Florian Tramer

Abstract:  Ad-blocking is awesome. So is machine learning. Perceptual ad-blocking combines both, by detecting online ads visually in the same way a human user would. This idea has recently drawn the attention of Adblock Plus, who built a prototype neural network for detecting Facebook ads. Unfortunately, perceptual ad-blockers operate in essentially the worst-possible threat model for visual classifiers. We reveal a panoply of attacks that enable web publishers and ad networks to evade or detect ad-blocking, and at times even allow end-users to abuse the ad-blocker's high privilege level to bypass web security boundaries. We evaluate a concrete set of attacks on a perceptual ad-blocker’s internal ad-classifier, by instantiating adversarial examples for visual systems in a real web-security context. Our attacks create perturbed ads, ad-disclosures, and native web content that misleads perceptual ad-blocking with 100% success rates. In particular, we demonstrate how a malicious user can upload adversarial content (e.g., a perturbed image in a Facebook post) that fools the ad-blocker into removing other users’ non-ad content.

November 14, 2018 How the Chinese Government Fabricates Social Media Posts for Strategic Distraction, Not Engaged Argument

Speaker:  Jennifer Pan

Abstract:  The Chinese government has long been suspected of hiring as many as 2 million people to surreptitiously insert huge numbers of pseudonymous and other deceptive writings into the stream of real social media posts, as if they were the genuine opinions of ordinary people. Many academics, and most journalists and activists, claim that these so-called 50c party posts vociferously argue for the government’s side in political and policy debates. As we show, this is also true of most posts openly accused on social media of being 50c. Yet almost no systematic empirical evidence exists for this claim or, more importantly, for the Chinese regime’s strategic objective in pursuing this activity. In the first large-scale empirical analysis of this operation, we show how to identify the secretive authors of these posts, the posts written by them, and their content. In contrast to prior claims, we show that the Chinese regime’s strategy is to avoid arguing with skeptics of the party and the government, and to not even discuss controversial issues. We show that the goal of this massive secretive operation is instead to distract the public and change the subject.

November 21, 2018 Thanksgiving

November 28, 2018 Smart and Connected

Speaker:  Fares Alraie (CISO of Matel)


December 05, 2018 “I was told to buy a software or lose my computer. I ignored it”: A study of ransomware

Speaker:  Camelia Simoiu

Abstract:  Ransomware has received considerable news coverage in recent years, in part due to of several cases against high-profile corporate targets. Little is known, however, about the prevalence and characteristics of these attacks on the general population. Using a detailed survey of a representative sample of 1,180 American adults, we estimate that 2%–3% of respondents were affected over a 1-year period between 2016 and 2017. The average payment amount demanded was $530 and only a small fraction of affected users (about 4% of those affected) reported paying. Perhaps surprisingly, cryptocurrencies were typically only one of several payment options, suggesting that they are not a primary driver of ransomware attacks. Nevertheless, given the high payment amounts, our results suggest that American users may be paying on the order of $100 million per year to attackers. We conclude our analysis by developing two risk-assessment models, one based on self-reported security habits and a second based on detailed, individual-level web browsing patterns.

Joint Work With:  Christopher Gates, Joseph Bonneau, Sharad Goel

December 12, 2018 TBA