Stanford Security Lunch
Spring 2020

Get announcements:

April 15, 2020 Get-together

April 22, 2020 Cancelled

April 29, 2020 Information-theoretic recipient-anonymous routing

Speaker:  Kuang Xu (GSB)

Abstract:  We formulate a model of private routing where an agent aims to conceal the true intended recipient of a package against an adversary who may observe the entire trajectory the package traverses. The objective of the agent is to minimize the probability that the true recipient can be correctly inferred by the adversary (capturing privacy), subject to a constraint on the expected total length of the route (capturing delay / congestion). Our main results demonstrate that with a carefully chosen routing strategy, the optimal privacy level is inversely proportional to the delay, and that this characterization depends on the network topology only through its diameter.

Joint work with:  John N. Tsitsiklis (MIT) and Mine Su Erturk (Stanford)

May 06, 2020 Adaptive Attacks on Adversarial Example Defenses

Speaker:  Florian Tramèr

Abstract:  Adaptive attacks have (rightfully) become the de facto standard for evaluating defenses to adversarial examples. We find, however, that typical adaptive evaluations are incomplete. We demonstrate that thirteen defenses recently published at ICLR, ICML and NeurIPS can be circumvented despite attempting to perform evaluations using adaptive attacks. Through illustrative case studies, this talk will reveal common shortcomings of existing evaluations and demonstrate how to devise stronger attacks. We hope that these guidelines can help promote more thorough and principled evaluations in the future, and encourage additional re-evaluations of proposed defenses by the community.

Joint work with:  Nicholas Carlini, Wieland Brendel, and Aleksander Mądry

Paper:  arXiv:2002.08347

May 13, 2020 Introduction to Cyber Insurance

Speaker:  Asaf Lifshitz (Sayata Labs)

Abstract:  This talk is intended as an introduction to the world of cyber insurance, geared towards security researchers. We will discuss the basics of cyber insurance and cyber-risk management, the reasons why security researchers should care about this growing field, and what are its main challenges (technical and other).

May 20, 2020 Fast and simple constant-time hashing to elliptic curves

Speaker:  Riad Wahby

Abstract:  While there is a substantial body of work on the problem of hashing to elliptic curves, much of this work does not apply to curve families of practical interest, including Barreto-Naehrig and Barreto-Lynn-Scott pairing-friendly curves, and Koblitz curves. Moreover the work that does apply has the unfortunate property that fast implementations are complex, while simple implementations are slow. In this talk, I will give a general overview of the problem of hashing to elliptic curves and then show how our work addresses issues applying prior work to elliptic curves of practical interest, and yields a constant-time hash function to esentially any elliptic curve. Our approach is simple to implement, yet performs within 9% of the fastest, non--constant-time alternatives, which reqiure much more complex implementations. Our work is currently being standardized by the IETF. If time allows, I will briefly discuss the process of standardizing cryptographic primitives with the IETF.

Joint work with:  Dan Boneh

Paper:  eprint 2019/403

May 27, 2020 Crowdsourced bug detection in production: GWP-ASan and beyond

Speaker:  Kostya Serebryany (Google)

Abstract:  Despite continuous efforts in testing and fuzzing, bugs creep into production code. While we absolutely need to improve our testing and fuzzing, we also need another layer of testing: bug detection in production. Production use of "sanitized" or "debug" builds, that simplify bug detection, is typically prohibitively expensive. GWP-ASan implements a sampling-based approach to bug detection in production. Specifically, GWP-ASan finds heap-use-after-free and heap-buffer-overflow bugs in C/C++ production binaries, with a very low probability per execution, but also with a very low overhead. We beat the low probability of bug detection with a large scale of deployment. In this talk we will explain how GWP-ASan works, what it can find, and how to deploy it. We will also speculate about future uses of the same approach for other bug classes, and other programming languages. An interesting research topic in this space is whether GWP-ASan-like tools can be seen as security mitigations. Yes, they don't protect every execution and an attack is likely to succeed, but how will the attackers change their behaviour if their attacks become discoverable with 0.1% probability per instance?

June 03, 2020 SafetyPin: Encrypted Backups with Human-Memorable Secrets

Speaker:  Emma Dauterman (UC Berkeley)

Abstract:  We present the design and implementation of SafetyPin, a system for encrypted mobile-device backups. Like existing cloud-based mobile-backup systems, including those of Apple and Google, SafetyPin requires users to remember only a short PIN and defends against brute-force PIN-guessing attacks using hardware security protections. Unlike today’s systems, SafetyPin uses threshold-encryption techniques to split trust over a cluster of hardware security modules (HSMs). In this way, SafetyPin protects backed-up user data even against an attacker that can adaptively compromise many of the system’s constituent HSMs. Decentralizing trust while respecting the resource limits of today’s HSMs requires a new synthesis of systems-design principles and cryptographic tools. We evaluate SafetyPin on a cluster of 100 low-cost HSMs and show that a SafetyPin-protected recovery takes 0.82 seconds. We estimate that supporting a billion recoveries a year would cost $182.3K using these low-cost HSMs or $14.8M using high-end HSMs.

June 10, 2020 Cancelled

June 17, 2020 Fast Privacy-Preserving Punch Cards

Speaker:  Saba Eskandarian

Abstract:  Loyalty programs in the form of punch cards that can be redeemed for benefits have long been a ubiquitous element of the consumer landscape. However, their increasingly popular digital equivalents, while providing more convenience and better bookkeeping, pose a considerable risk to consumer privacy. This paper introduces a privacy-preserving punch card protocol that allows firms to digitize their loyalty programs without forcing customers to submit to corporate surveillance. We also present a number of extensions that allow our scheme to provide other privacy-preserving customer loyalty features. Compared to the best prior work, we achieve a 14x reduction in the computation and a 25x reduction in communication required to perform a "hole punch," a 62x reduction in the communication required to redeem a punch card, and a 394x reduction in the computation time required to redeem a card. Much of our performance improvement can be attributed to removing the reliance on pairings present in prior work, which has only addressed this problem in the context of more general loyalty systems. By tailoring our scheme to punch cards and related loyalty systems, we demonstrate that we can reduce communication and computation costs by orders of magnitude.