Stanford Security Lunch
Spring 2016

Get announcements:

April 06, 2016 Remote Execution As a Service - Defending the platform against Bad Actors

Speaker:  Matthew Conway and Yang Yang (Heroku)

Abstract:  Heroku is a cloud platform that helps developers deploy, monitor and scale their web apps. We have been using Linux containers to run million of customer applications since 2010. In this talk, we will share how we run containers securely by leveraging features of the Linux kernel and good security practices. We'll also discuss some of the types of abuse the Heroku Security team encounter on the platform, as well as the tools they use to detect and respond to that abuse

April 13, 2016 Backpack to Work: Towards Practical Mixin Linking

Speaker:  Edward Z. Yang

Abstract:  The universal organizing principle for large software systems in programming languages today is the package, the unit by which reusable code may be versioned and distributed. However, most package systems provide only a weak form of modularity, where packages depend directly on other packages. A stronger form of modularity would support separate modular development, where a package may be typechecked against an interface of its dependency.

Backpack is a recent proposal for bringing modularity to Haskell's package system in the form of mixins. Unfortunately, this proposal was intimately tied to the Haskell language in particular. This is problematic for two reasons: first, it means the system is Haskell-specific (and not generalizable to other languages); second, it is not possible to implement, due to the traditional separation between the compiler and the package manager. In this talk, I want to describe Backpack'16: an evolution of the Backpack mixin package system which handles programs in two phases: first, a mixin linking step which "wires" up components, and second, a typechecking phase. The mixin linking phase is completely independent of Haskell and, in principle, can be implemented for any language.

April 20, 2016 Target Fragmentation in Android Apps

Speaker:  Patrick Mutchler

Abstract:  Android apps declare a target version of the Android run-time platform. When run on devices with more recent Android versions, apps are executed in a compatibility mode that attempts to mimic the behavior of the older target version. This design has serious security consequences. Apps that target outdated Android versions disable important security changes to the Android platform. We call the problem of apps targeting outdated Android versions the Target Fragmentation Problem.

We analyze a dataset of 1,232,696 free Android apps collected between May, 2012 and December, 2015 and show that the target fragmentation problem is a serious concern across the entire app ecosystem and has not changed considerably in several years. In total, 93% of current apps target out-of-date platform versions and have a mean outdatedness of 686 days; 79% of apps are already out-of-date on the day they are uploaded to the app store. Finally, we examine seven security related changes to the Android platform that are disabled in apps that target outdated platform versions and show that target fragmentation hamstrings attempts to improve the security of Android apps.

April 27, 2016 Incentive Compatibility of Bitcoin Mining Pool Reward Functions

Speaker:  Okke Schrijvers

Abstract:  In this presentation we introduce a game-theoretic model for reward functions within a single Bitcoin mining pool. Our model consists only of an unordered history of reported shares and gives participating miners the strategy choices of either reporting or delaying when they discover a share or full solution. We defined a precise condition for incentive compatibility to ensure miners strategy choices optimize the welfare of the pool as a whole. With this definition we show that proportional mining rewards are not incentive compatible in this model. We introduce and analyze a novel reward function which is incentive compatible in this model. Finally we show that the popular reward function pay-per-lastN-shares is also incentive compatible in a more general model.

May 04, 2016 MASHaBLE: Mobile Applications of Secret Handshakes over Bluetooth LE

Speaker:  Yan Michalevsky

Abstract:  We present new applications for cryptographic secret hand- shakes between mobile devices on top of Bluetooth Low- Energy (LE). Secret handshakes enable mutual authentication, with the property that the parties learn nothing about each other unless they have been both issued credentials by a group administrator. This property provides strong privacy guarantees that enable interesting applications. One of them is proximity-based messaging for private communities.We introduce MASHaBLE, a mobile application that enables participants to send messages to nearby users if and only if they belong to the same secret community. We use direct peer-to-peer communication over Bluetooth LE, rather than relying on a central server. We discuss the specifics of implementing secret handshakes over Bluetooth LE and present our prototype implementation.

May 11, 2016 Verifiable ASICs: trustworthy chips with untrusted components

Speaker:  Riad Wahby

Abstract:  A manufacturer of custom hardware (an ASIC) can undermine the intended execution of that hardware. High-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform.

We explore an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. Notably, in the present setting, the prover and verifier together must impose less overhead than the baseline alternative of running the given computation directly on the trusted platform. We respond to this challenge by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT interactive proof protocol; instantiating Zebra required a blend of new observations about CMT, careful hardware design, and attention to architectural challenges. We measure and evaluate Zebra; for a class of real computations, it indeed poses less overhead than executing directly on the trusted platform.

Joint work with:  Max Howald, Siddharth Garg, abhi shelat, Michael Walfish

May 18, 2016 Practical, Quantum-Secure Key Exchange for TLS from LWE

Speaker:  Valeria Nikolaenko

Abstract:  Lattice-based cryptography offers the most attractive primitives believed to be resistant to quantum computers. Recently, following increasing interests by both private companies and government agencies in building practical quantum computers, Bos, Costello, Naehrig, and Stebila (IEEE S&P 2015) showed a practical post-quantum key exchange protocol based on hard problems on ideal lattices. In this paper, we develop and evaluate a secure and practical key exchange protocol based on hard problems on generic lattices (Learning With Errors). We initiate this study noting that the hardness of lattice problems on regular and ideal lattices merits further cryptanalysis and recently there have been significant strides in attacking some weak problem instances over ideal lattices as well as improved attacks on lattices.

We demonstrate the feasibility of LWE-based key exchange for internet deployment; in the process of which we introduce techniques to optimize communication bandwidth in lattice protocols that may be of independent interest. Our microbenchmark evaluations of our schemes are promising—requiring about 2.4x compute and about 2x bandwidth overhead to move from ideal to generic lattices and we mention practical research directions going forward.

Joint work with:  Joppe Bos, Craig Costello, Leo Ducas, Ilya Mironov, Michael Naehrig, Ananth Raghunathan, and Douglas Stebila

May 25, 2016 No Lunch -- Oakland S&P

June 01, 2016 Optimal Protocols for Anonymous Broadcast

Speaker:  Henry Corrigan-Gibbs

Abstract:  Protocols for anonymous broadcast messaging have applications to whistleblowing, privacy-preserving data collection, anonymous online forums, and private surveys. Chaum's classic Dining Cryptographers' protocol allows a single member of a group to anonymously broadcast a sensitive message to the other group members.

In this work, we study a natural generalization of Chaum's protocol to the setting in which every player in the group wants to broadcast a message to every other player. Existing protocols for solving this problem, which we term the "Boisterous Cryptographers Problem," either require many rounds of interaction or require each player to send a number of bits that is quadratic in the group size. In contrast, we present protocols that are non-interactive—each player broadcasts only a single message—and that require each player to send a number of bits that is linear (instead of quadratic) in the group size. Further, we prove that our protocols are optimal in terms of their communication complexity. Unlike Chaum's DC-net, which operates on bits, our protocols require working over larger fields and we prove that this increase in field size is actually necessary. Finally, we use experiments and simulations to compare the speed of our protocols to each other and to demonstrate that they outperform mix-nets and DC-nets in the setting of anonymous group broadcast.

Joint work with:  Dan Boneh

June 08, 2016 Infosec @ Stanford: Our Quest to be the Best

Speaker:  Michael Duff (Stanford ISO)

Abstract:  Gain insight into the University's infosec program from our Chief Information Security Officer. This will be an interactive discussion about our successes, failures, challenges, opportunities, and vision.