Stanford Security Lunch
Winter 2017

Get announcements:

January 04, 2017 No meeting due to Real World Crypto workshop

January 11, 2017 Global Internet Sensing

Speaker:  Matt Kraning (Qadium)

Abstract:  A deep dive into distributed global internet sensing. This talk with cover distributed system design, measuring data accuracy and bias, and next generation deployment topic areas. Applications to global internet security ecosystems and a small number of case studies will be presented.

January 18, 2017 Internet of Things (IOT) Security

Speaker:  Brian Witten (Symantec Labs)

Abstract:  This talk will describe the security mistakes behind some of the headlines of recent IOT security debacles, and also describe current best practices for protecting IOT systems end-to-end, as background for leading edge research in network security and machine learning applicable to IOT security, and walk through a sampling of those research efforts.

January 25, 2017 Deep Learning with Differential Privacy

Speaker:  Ilya Mironov

Abstract:  Machine learning techniques based on neural networks are achieving remarkable results in a wide variety of domains. Often, the training of models requires large, representative datasets, which may be crowdsourced and contain sensitive information. The models should not expose private information in these datasets. Addressing this goal, we develop new algorithmic techniques for learning and a refined analysis of privacy costs within the framework of differential privacy. Our implementation and experiments demonstrate that we can train deep neural networks with non-convex objectives, under a modest privacy budget, and at a manageable cost in software complexity, training efficiency, and model quality.

February 01, 2017 Proofs-of-delay and randomness beacons

Speaker:  Benedikt Bünz

Abstract:  Blockchains generated using a proof- of-work consensus protocol, such as Bitcoin or Ethereum, are promising sources of public random- ness. However, the randomness is subject to manip- ulation by the miners generating the blockchain. A general defense is to apply a delay function, prevent- ing malicious miners from computing the random output until it is too late to manipulate it. Ideally, this delay function can provide a short proof-of- delay that is efficient enough to be verified within a smart contract, enabling the randomness source to be directly by smart contracts. In this paper we describe the challenges of solving this problem given the extremely limited computational capacity available in Ethereum, the most popular general- purpose smart contract framework to date. We introduce a novel multi-round protocol for verifying delay functions using a refereed delegation model.

February 08, 2017 Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge

Speaker:  Florian Tramer

Abstract:  Trusted hardware systems, such as Intel's SGX, aim to provide strong confidentiality and integrity assurances for applications. However, there are serious concerns about the vulnerability of such systems to side-channel attacks. Application confidentiality, in particular, remains an elusive goal due to leakage of data access patterns, timing, and more. In light of these vulnerabilities, we explore use-cases of trusted hardware for which security is not contingent on applications keeping secrets from their environment. To this end, we introduce the abstract notion of a "Sealed-Glass Proofs" (SGP), a primitive that specifically models the capabilities of trusted hardware that can attest to *correct execution* of a piece of code, but whose execution is *transparent*, meaning that an application's secrets and state are visible to other processes on the same host. I will describe one compelling application of SGPs we considered: an implementation of an end-to-end bug bounty (or zero-day solicitation) platform that couples SGPs with smart contracts. Bounty hunters use SGPs (built on top of SGX, for instance) to prove knowledge of a bug or exploit and then proceed to sell their discovery to interested buyers using a cryptocurrency system with sufficiently expressive transactions (e.g., Ethereum or even possibly Bitcoin). Our platform enables a marketplace that achieves fair exchange, protects against unfair bounty withdrawals, and resists denial-of-service attacks by dishonest sellers. This is joint work with Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels and Elaine Shi.

February 15, 2017 Attacking Security Hardware using Side Channel Power Analysis

Speaker:  Kevin Kiningham

Abstract:  Side Channel Power Analysis is a well known class of Side Channel Attacks that use the power consumed by a device to reveal sensitive information such as cryptographic keys. In this talk, I review current power analysis techniques and walk through breaking AES128 on a commercially available TPM. In addition, I examine techniques used by hardware manufacturers to guard against power analysis and evaluate their effectiveness. Work done at Google under supervision of Dominic Rizzo and Marius Schilder

February 22, 2017 T/Key: Time--Based Offline Second Factor Authentication Without Server Secrets

Speaker:  Nathan Manohar

Abstract:  Time-based one-time password (TOTP) systems in use today require storing secrets on both the client and the server. As a result, an attack on the server can expose all second factors for all users in the system. We present T/Key, a time-based one-time password system that requires no secrets on the server. Our work modernizes the old S/Key system and addresses the challenges in making such a system secure and practical. Additionally, we develop a near-optimal algorithm for quickly generating the required elements in a hash chain with little memory on the client. Furthermore, we prove a time-space lower-bound on the effort needed to invert a hash chain. We report on our implementation of T/Key as an Android application. T/Key can be used event of a server-side compromise.

March 01, 2017 Iron: Functional Encryption using Intel SGX

Speaker:  Ben Fisch

Abstract:  Functional encryption (FE) is an extremely powerful cryptographic mechanism that lets an authorized entity compute on encrypted data, and learn the results in the clear. However, all current cryptographic instantiations for general FE are too impractical to be implemented. We build Iron, a practical and usable FE system using Intel’s recent Software Guard Extensions (SGX). We show that Iron can be applied to complex functionalities, and even for simple functions, outperforms the best known cryptographic schemes. We argue security by modeling FE in the context of hardware elements, and prove that Iron satisfies the security model.

March 08, 2017 Prio: Private, Robust, and Scalable Computation of Aggregate Statistics

Speaker:  Henry Corrigan-Gibbs

Abstract:  This talk will present Prio, a privacy-preserving system for the collection of aggregate statistics. Each Prio client holds a private data value (e.g., its current location), and a small set of servers compute statistical functions over the values of all clients (e.g., the most popular location). As long as at least one server is honest, the Prio servers learn nearly nothing about the clients' private data, except what they can infer from the aggregate statistics that the system computes. To protect functionality in the face of faulty or malicious clients, Prio uses secret-shared non-interactive proofs (SNIPs), a new cryptographic technique that yields a hundred-fold performance improvement over conventional zero-knowledge approaches. Prio extends classic private aggregation techniques to enable the collection of large class of useful statistics. For example, Prio can perform a least-squares regression on high-dimensional client-provided data without ever seeing the data in the clear. This is joint work with Dan Boneh. Our paper on Prio is to appear at NSDI 2017.

March 15, 2017 Certificate Transparency (and Privacy)

Speaker:  Saba Eskandarian

Abstract:  Certificate transparency (CT) is an elegant mechanism designed to detect when a certificate authority (CA) has issued a certificate incorrectly. Many CAs now support CT and it is being actively deployed in browsers. However, a number of privacy-related challenges remain. This talk will give an overview of how CT works and briefly discuss some privacy concerns with CT as well as potential solutions.