Stanford Security Lunch
Winter 2015

Get announcements:

January 07, 2015 No meeting due to Real World Crypto workshop

January 14, 2015 Organizational Meeting / More Fun with Android WebView

Note!:  We are having an organizational meeting and a talk this week. Join us to sign up for a talk slot and to hear Patrick's talk.

Speaker:  Patrick Mutchler

Abstract:  Many mobile applications embed a fully functional browser as a view element called a WebView. This allows for simplified app design and powerful interaction between app code and web code. However, existing web security principles don't address the new ways that these apps can expose themselves to attack. I've been analyzing the Google Play app marketplace for problems with WebView applications for more than a year now and have found hundreds of thousands of apps that are vulnerable to attack. In this talk I'll be going over a scattershot of new ideas I've been working on recently related to both old and new WebView vulnerabilities.

January 21, 2015 Using Frankencerts for Automated Adversarial Testing of SSL/TLS Certificate Validation

Speaker:  Suman Jana

Abstract:  We design, implement, and apply the first methodology for large-scale testing of certificate validation logic in SSL/TLS implementations. Our first ingredient is "frankencerts," synthetic certificates that are randomly mutated from parts of real certificates and thus include unusual combinations of extensions and constraints. Our second ingredient is differential testing: if one SSL/TLS implementation accepts a certificate while another rejects the same certificate, we use the discrepancy as an oracle for finding flaws in individual implementations.

Differential testing with frankencerts uncovered 208 discrepancies between popular SSL/TLS implementations such as OpenSSL, NSS, CyaSSL, GnuTLS, PolarSSL, MatrixSSL, etc. Many of them are caused by serious security vulnerabilities.

Joint work with:  Chad Brubaker, Baishakhi Ray, Sarfraz Khurshid, and Vitaly Shmatikov

Work published at:  IEEE Security and Privacy 2014

January 28, 2015 When Self-Help Helps: User Adoption of Privacy Technologies

Speaker:  Aleecia McDonald (Stanford CIS)

Abstract:  There are steps users could, yet often do not, take to enhance their online privacy. Why is that? We examine five popular hypotheses in light of "natural experiments" that have occurred, including the Snowden documents. We find different patterns of adoption of privacy technologies, and explore possible conditions under which people are more likely to take action.

February 04, 2015 Building Anonymous Messaging Systems that 'Hide the Metadata'

Speaker:  Henry Corrigan-Gibbs

Abstract:  Encryption can protect the contents of a message being sent over an open network. In many situations, though, hiding the contents of a communication is not enough: parties to a conversation want to conceal the fact that they ever communicated. In this talk, I will explain how anonymity-preserving messaging systems can help 'hide the metadata' pertaining to a conversation and I will survey the state of the art in anonymous messaging protocols.

A limitation of existing protocols is that they exhibit computation and communication costs that scale linearly with the number of users (i.e., the anonymity set size) or they require expensive zero-knowledge proofs. In recent work, we have designed Riposte, a new system for anonymous messaging that applies private-information-retrieval and secure multi-party computation techniques to circumvent these limitations.

An implementation and experimental evaluation of Riposte demonstrates that, for latency-tolerant applications, the system can provide near-ideal anonymity for groups of millions of users—two orders of magnitude more than current systems support. I will conclude the talk with a discussion of open problems and directions for future work.

Joint work with:  Dan Boneh and David Mazières

February 11, 2015 Are Security and Low Energy Incompatible?

Speaker:  Amit Levy

Abstract:  Bluetooth Low Energy (BLE) is emerging as a ubiquitous wireless link layer. Specifically, we are beginning to see it's use in security sensitive applications like wireless door locks, personal health trackers and medical devices. I'll present an overview of the BLE interaction model, the underlying security capabilities and discuss how we might hope to get better security given the current protocol.

February 18, 2015 Relational (probabilistic) Hashing

Speaker:  Avradip Mandal (Fujitsu Labs)

Abstract:  Traditional cryptographic hash functions allow one to easily check whether the original plain-texts are equal or not, given a pair of hash values. Probabilistic hash functions extend this concept where given a probabilistic hash of a value and the value itself, one can efficiently check whether the hash corresponds to the given value. However, given distinct probabilistic hashes of the same value it is not possible to check whether they correspond to the same value. In this work we introduce a new cryptographic primitive called relational hash using which, given a pair of (relational) hash values, one can determine whether the original plain-texts were related or not. We formalize various natural security notions for the relational hash primitive - one-wayness, twin one-wayness, unforgeability and oracle simulatibility.

We develop a relational hash scheme for discovering linear relations among bit-vectors (elements of $FF_2^n$) and $FF_p$-vectors. Using the linear relational hash schemes we develop relational hashes for detecting proximity in terms of hamming distance. The proximity relational hashing schemes can be adapted to a privacy preserving biometric identification scheme, as well as a privacy preserving one-time biometric authentication scheme.

February 25, 2015 Enforcing Kernel Module Security with Programming Languages

Speaker:  Sergio Benitez

Abstract:  Two-thirds of Linux vulnerabilities are found within kernel modules. Of these vulnerabilities, 75% are due to memory misuses such as buffer overflows, null pointer dereferences, and uninitialized data, which universally lead to exploits involving memory corruption, information disclosure, and denial of service.

These issues are largely inherited from the C programming language where unsafe constructs are commonplace. By using a language with stricter semantics and hardened primitives, these problems can be mitigated or avoided entirely. Further, other common issues, such as driver misconfiguration, can also be mitigated using the same primitives. We're actively developing an operating system for embedded devices that explores the use of such semantics and primitives, namely type safety, memory safety, and pointer aliasing guarantees as found in the Rust programming language, to enforce security for kernel modules.

March 04, 2015 PowerSpy: Location Tracking using Mobile Device Power Analysis

Speaker:  Yan Michalevsky

Abstract:  Modern mobile platforms like Android enable applications to read aggregate power usage on the phone. This information is considered harmless and reading it requires no user permission or notification. We show that by simply reading the phone's aggregate power consumption over a period of a few minutes an application can learn information about the user's location. Aggregate phone power consumption data is extremely noisy due to the multitude of components and applications that simultaneously consume power. Nevertheless, by using machine learning algorithms we are able to successfully infer the phone’s location. We discuss several ways in which this privacy leak can be remedied.

March 11, 2015 Floating-Point Arithmetic as an Attack Vector

Speaker:  Ilya Mironov

Abstract:  The first part of the talk will be highlights of my CCS'12 paper that described a novel type of vulnerability present in many implementations of differentially private mechanisms. In particular, all four publicly available general purpose systems for differentially private computations were susceptible to this attack. The vulnerability is due to subtleties of floating-point implementations of the privacy-preserving Laplacian mechanism. Unlike its mathematical abstraction, the textbook sampling procedure results in a porous distribution over double-precision numbers that allows one to breach differential privacy with just a few queries into the mechanism. In the second half of the talk, I'll present a very strong timing channel of floating-point operations on Intel architecture.

March 17, 2015 No Lunch: Finals Week

March 24, 2015 No Lunch: Spring Break