Back to Events

Seminar Series

February 20

Vault: Fast Bootstrapping for the Algorand Cryptocurrency

Derek Leung
Algorand

Part Of

2:00P
- 3:00P

Location

32-G449
Kiva/Patil
Add to Calendar 2019-02-20 14:00:00 2019-02-20 15:00:00 America/New_York Vault: Fast Bootstrapping for the Algorand Cryptocurrency ABSTRACTDecentralized cryptocurrencies rely on participants to keep track of the state of the system in order to verify new transactions. As the number of users and transactions grows, this requirement becomes a significant burden, requiring users to download, verify, and store a large amount of data to participate.Vault is a new cryptocurrency design based on Algorand that minimizes these storage and bootstrapping costs for participants. Vault’s design is based on Algorand’s proof-of-stake consensus protocol and uses several techniques to achieve its goals. First, Vault decouples the storage of recent transactions from the storage of account balances, which enables Vault to delete old account state. Second, Vault allows sharding state across participants in a way that preserves strong security guarantees. Finally, Vault introduces the notion of stamping certificates, which allow a new client to catch up securely and efficiently in a proof- of-stake system without having to verify every single block.Experiments with a prototype implementation of Vault’s data structures show that Vault’s design reduces the bandwidth cost of joining the network as a full client by 99.7% compared to Bitcoin and 90.5% compared to Ethereum when downloading a ledger containing 500 million transactions. Paper URL: https://people.csail.mit.edu/nickolai/papers/leung-vault.pdfSPEAKER BIODerek Leung is currently a software engineer at Algorand, a cryptocurrency startup. He received a M.S. in EECS from MIT in 2018 and was advised by Professor Nickolai Zeldovich. There he worked on Stadium, a scalable messaging system with strong metadata privacy guarantees. Previously he earned a B.A. in Computer Science and Mathematics from UC Berkeley in 2016. At Berkeley he worked with Professor David Wagner on usable security. 32-G449

December 10

Safe passwords made easy to use

Nikola K. Blanchard
IRIF

Part Of

2:00P
- 3:00P

Location

32-G882
Hewlett Room
Add to Calendar 2018-12-10 14:00:00 2018-12-10 15:00:00 America/New_York Safe passwords made easy to use ABSTRACTHow do we choose and remember our secure access codes? So far biometrics, password managers, and systems like Facebook connect have not been able to guarantee the security we need. Remembering dozens of different passwords becomes a usability nightmare. 25+ years into online experience, each of us have many hard-to-remember or easy-to-guess passwords, with all the risks and frustration they imply.We describe experiments showing how to make easy to remember codes and passwords and the system to make them, called Cue-Pin-Select. It can generate (and regenerate) passwords on the go using only the user's brain for computation. It has the advantage of creating memorable passwords, not requiring any external storage or computing device, and can be executed in less than a minute to create a new password.This talk will summarize recent usable security work done with Ted Selker. It will start with the Cue-Pin-Select algorithm, cover an improvement we found that applies to all passphrase-based security systems, and explain some of the work currently underway to have better tools to study password schemes and human computation.SPEAKER BIONikola K. Blanchard is a doctoral candidate at IRIF under the direction of Ted Selker and Nicolas Schabanel. After studying mathematics at ENS, he's currently pursuing research on usability of security and voting technologies, and he's been working and organizing votes with the random sample voting project for the past two years. His manuscript on the use of randomness in political institutions, "A chance for democracy", is currently being considered by publishers. 32-G882

November 28

Blockchains and Trusted Execution Environments: Towards a New Security Paradigm

Fan Zhang
Cornell University

Part Of

2:00P
- 3:00P

Location

32-G449
32-G449 (Kiva/Patil)
Add to Calendar 2018-11-28 14:00:00 2018-11-28 15:00:00 America/New_York Blockchains and Trusted Execution Environments: Towards a New Security Paradigm ABSTRACT:Through a decades-long endeavor of building secure, robust and performant systems, we’ve developed a rich and deep understanding of centralized computing models. However, with recent advances in the area of blockchain, a new decentralized model gives rise to even stronger security guarantees. Cryptocurrencies and smart contracts are just two examples showcasing the promises of the blockchain model of computation. Concurrently, another fundamentally different approach to achieve stronger security is trusted execution environment (TEE), which has also seen a great advance recently with the debut of Intel SGX, a CPU-based implementation of TEE.However, despite the nice features offered by TEE and blockchain, neither is ideal. The current blockchain systems suffer from serious practical limitations, e.g. poor performance, high energy consumption and lack of confidentiality. On the other hand, TEE is imperfect in its specification and implementation, and in isolation does not offer satisfactory availability guarantees. Motivated by these practical concerns, my research focuses on understanding the principles of a hybrid model that has the best of both worlds. In this talk, I will talk about Town Crier and Ekiden, two systems we built that demonstrate the benefits of synthesizing TEE and blockchains, and the pitfalls arising from harmonizing them.SPEAKER BIO:Fan Zhang is a PhD candidate in the Department of Computer Science at Cornell University. Advised by Prof. Ari Juels, Fan’s research interest is in blockchains, trusted hardware, applied cryptography. Fan is particularly interested in understanding and building hybrid systems that enjoy the best of both blockchains and trusted hardware. Fan is a member of the Initiative for Cryptocurrencies & Contracts (IC3). Before joining Cornell, Fan earned his bachelor's degree in Electronic Engineering from Tsinghua University in 2014. 32-G449

October 17

Comprehensive Design Strategies for Efficient and Secure Memory

Tamara Silbergleit
Duke University

Part Of

2:00P
- 3:00P

Location

32-G882
Hewlett Room
Add to Calendar 2018-10-17 14:00:00 2018-10-17 15:00:00 America/New_York Comprehensive Design Strategies for Efficient and Secure Memory ABSTRACTDistributed systems introduce a new set of security risks. When users compute on remote machines they become vulnerable to physical attacks. To protect against physical attacks, systems use secure memory, which provides confidentiality and integrity protection for data in memory. However, systems that run with secure memory, such as Intel SGX, suffer from significant delay, energy and space overheads. Our goal is to design an efficient approach to secure memory while maintaining the same security guarantees. To reduce delay overheads, we propose PoisonIvy, a safe speculation mechanism that hides the integrity verification latency while maintaining the security guarantees. To reduce energy overheads, we analyze the efficiency of a simple metadata cache and propose MCX, an improved cache design that increases the efficiency of the metadata cache by collaborating with the LLC. To improve the space overheads, we propose a dynamic allocation of secure memory metadata that makes the space overheads proportional to secure memory used. Our work effectively reduces all of these overheads making secure memory more accessible. Compared to a non-speculative secure memory design with a small metadata cache (i.e. Intel SGX), our work reduces delay overhead from 28% down to 8% and energy overhead from 55% down to 17% on average across three benchmark suites.SPEAKER BIOTamara Silbergleit Lehman is a 6th year PhD candidate at Duke university advised by Andrew Hilton and Benjamin Lee. Her research interests lie on the intersection of computer architecture and security. She is also interested in memory systems, simulation methodologies and emerging technologies. Her thesis work focuses on reducing overheads of secure memory. Tamara has a Bachelor's degree from University of Florida in Industrial Engineering and a Masters degree in Computer Engineering from Duke University. Her latest publication on understanding metadata access patterns in secure memory at ISPASS 2018, MAPS, won the best paper award. Her earlier work on developing a safe speculation mechanism for secure memory, PoisonIvy, published in MICRO 2016 got an honorable mention in Micro Top Picks. 32-G882

September 13

Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution

Ofir Weisse
University of Michigan

Part Of

1:30P
- 2:30P

Location

32-G449
32-G449 (Patil/Kiva)
Add to Calendar 2018-09-13 13:30:00 2018-09-13 14:30:00 America/New_York Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution ABSTRACTForeshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.Foreshadow-SGX: At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine’s private attestation key. Making things worse, due to SGX’s privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.Foreshadow Next Generation: While investigating the vulnerability that causes Foreshadow, which Intel refers to as "L1 Terminal Fault", Intel identified two related attacks, which we call Foreshadow-NG. These attacks can potentially be used to read any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System's Kernel, or Hypervisor. Perhaps most devastating, Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. Finally, in some cases, Foreshadow-NG might bypass previous mitigations against speculative execution attacks, including countermeasures to Meltdown and Spectre.https://www.youtube.com/watch?v=ynB1inl4G3c&t=5shttps://www.youtube.com/watch?v=8ZF6kX6z7pMSPEAKER BIOOfir is a Ph.D. candidate at the University of Michigan. His current research focuses on the feasibility of secure execution in the cloud. His recent publications include HotCalls (ISCA 2017) and WALNUT (EuroS&P 2017). Ofir worked for Intel in Haifa as a security researcher in the SGX group. He received his Master's in Computer Engineering from Tel-Aviv University and B.Sc from the Technion. His previous research focused on differential power analysis of cryptographic devices, which was published in CHES and HASP. 32-G449

September 05

One File for the Price of Three: Catching Cheating Servers in Decentralized Storage Networks

Ethan Cecchetti
Cornell University, Initiative for CryptoCurrencies & Contracts (IC3)

Part Of

2:00P
- 3:00P

Location

32-G882
32-G882 (Hewlett Room)
Add to Calendar 2018-09-05 14:00:00 2018-09-05 15:00:00 America/New_York One File for the Price of Three: Catching Cheating Servers in Decentralized Storage Networks ABSTRACTDecentralized Storage Networks (DSNs) aim to store data on spare disk space owned by arbitrary strangers. These unknown computers may be unreliable or untrustworthy, so each file must be stored in redundant fashion. But how do you check that there are actually, say, three copies of the data, not three colluding servers with one copy total? This is particularly challenging when the file must be publicly readable and there is no single author (e.g., a Wikipedia article or the state of the Ethereum blockchain). In this talk I will introduce the first provably secure, practical Public Incompressible Encoding (PIE). PIEs are a core building block needed to verify that potentially-cheating servers are redundantly storing public data. A full copy of this work is available on the IACR ePrint Archive: https://eprint.iacr.org/2018/684.pdfSPEAKER BIOEthan is a fourth year PhD student at Cornell University working with Ari Juels and Andrew Myers and is a member of the Initiative for CryptoCurrencies & Contracts (IC3). His work focuses on designing secure systems and building tools to ease their development. 32-G882

May 16

Bringing Linux back to the BIOS with LinuxBoot

Trammell Hudson
Two Sigma Investments

Part Of

2:00P
- 3:00P

Location

32-G882
Hewlett Room
Add to Calendar 2018-05-16 14:00:00 2018-05-16 15:00:00 America/New_York Bringing Linux back to the BIOS with LinuxBoot ABSTRACTThe LinuxBoot projects bring Linux back to the cloud servers' boot ROMsby replacing nearly all of the vendor firmware with a reproduciblebuilt Linux runtime that acts as a fast, flexible, and measured bootloader. It has been years since any modern servers have supported FreeFirmware options like LinuxBIOS or coreboot, and as a result serverand cloud security has been dependent on unreviewable, closed source,proprietary vendor firmware of questionable quality. With LinuxBootwe are making it possible to take back control of our systems with OpenSource Software from very early in the boot process, helping build amore trustworthy and secure cloud.SPEAKER BIOTrammell Hudson is a security researcher with Two Sigma Investments andhas been focused on firmware security topics for the past few years.Previously he presented at CSAIL on Thunderstrike, the first firmwarevulnerability for MacBooks, and has been collaborating with Google andFacebook, as well as the Mass Open Cloud project, to build slightlymore secure cloud servers with the LinuxBoot project. 32-G882

May 09

The Discrete-Logarithm Problem with Preprocessing

Henry Corrigan-Gibbs
Dept. of Computer Science, Stanford University

Part Of

4:00P
- 5:00P

Location

32-G882
Hewlett Room
Add to Calendar 2018-05-09 16:00:00 2018-05-09 17:00:00 America/New_York The Discrete-Logarithm Problem with Preprocessing ABSTRACTIn this talk, I will present some recent work on discrete-log algorithmsthat use preprocessing. In our model, an adversary may use a very largeamount of precomputation to produce an "advice" string about a specificgroup (e.g., NIST P-256). In a subsequent online phase, the adversary'stask is to use the preprocessed advice to quickly compute discretelogarithms in the group. Motivated by surprising recent preprocessingattacks on the discrete-log problem, we study the power and limits ofsuch algorithms.In particular, we focus on generic algorithms -- these are algorithmsthat operate in every cyclic group. We show that any genericdiscrete-log algorithm with preprocessing that uses an S-bit advicestring, runs in online time T, and succeeds with probability \epsilon ina group of prime order N must satisfy ST^2 = \tilde{\Omega}(\epsilon N).Our lower bound, which is tight up to logarithmic factors, uses asynthesis of incompressibility techniques and classic methods forgeneric-group lower bounds. We apply our techniques to prove relatedlower bounds for the CDH, DDH, and multiple-discrete-log problems.Finally, we demonstrate two new generic preprocessing attacks: one forthe multiple-discrete-log problem and one for certain decisional-typeproblems in groups. This latter result demonstrates that, for genericalgorithms with preprocessing, distinguishing tuples of the form (g,g^x, g^(x^2)) from random is much easier than the discrete-log problem.This talk is based on joint work with Dmitry Kogan.BIOHenry Corrigan-Gibbs is a PhD candidate at Stanford, advised by Dan Boneh. He builds systems for messaging, data analysis, and web browsing that protect the private data and metadata of their users. For these research efforts, Henry and his co-authors have received the Best Young Researcher Paper Award at Eurocrypt 2018, the 2016 Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies, and the 2015 IEEE Security and Privacy Distinguished Paper Award. 32-G882

Preventing (Network) Time Travel with Chronos

Michael Schapira
Hebrew University of Jerusalem, School of Computer Science and Engineering

Part Of

2:00P
- 3:00P

Location

32-G882 (Hewlett Room)
Add to Calendar 2018-05-09 14:00:00 2018-05-09 15:00:00 America/New_York Preventing (Network) Time Travel with Chronos ABSTRACTThe Network Time Protocol (NTP) synchronizes time across computer systems over the Internet. Unfortunately, NTP is highly vulnerable to “time shifting attacks”, which has severe implications for time-sensitive applications and for security mechanisms. We present Chronos, a new NTP client whose design leverages ideas from distributed computing theory to achieve good synchronization even in the presence of powerful man-in-the-middle attackers. Chronos is backwards compatible with legacy NTP and involves no changes whatsoever to NTP servers. Our results indicate that to shift time at a Chronos client by over 100ms from the universal time (UTC), even powerful man-in-the-middle attackers require over 20 years of effort in expectation.Joint work with Omer Deutsch, Neta Rozen Schiff, and Danny DolevSPEAKER BIOMichael Schapira is an associate professor and the co-leader of the Fraunhofer Cybersecurity Center at the Hebrew University. His research focuses on the design and analysis of (Inter)network architectures and protocols. Prior to joining Hebrew U, he worked at Google NYC's Infrastructure Networking Group and was a postdoctoral researcher at UC Berkeley, Yale University, and Princeton University. He is a recipient of the Microsoft Research Faculty Fellowship, 2 IETF/IRTF Applied Networking Research Prizes, a Google Faculty Research Award, and the ERC Starting Grant. 32-G882 (Hewlett Room)

May 02

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

Ilia Lebedev
MIT

Part Of

2:00P
- 3:00P

Location

32-G882 (Hewlett Room)
Add to Calendar 2018-05-02 14:00:00 2018-05-02 15:00:00 America/New_York Sanctum: Minimal Hardware Extensions for Strong Software Isolation ABSTRACTWith the increasing prevalence of remote computation via cloud services and ubiquitous IoT devices, we must accept the security vulnerabilities inevitably found in these complex systems. Software systems built in practice are far too large for contemporary formal verification, as they must include all privileged software systems in the trusted computing base of any unprivileged workload. The staggering complexity of modern hardware further complicates matters, undermining simple guarantees such as process isolation.TXT, SGX, TrustZone and similar work attempt to employ trusted hardware to construct an isolated software container and exclude some software from the TCB. While well-intentioned, these defy security analysis and present complex or vague threat models, all undermining their potential role as foundations for secure systems.With our work (the Sanctum processor), we advocate for a transparent system with isolated containers. We offer integrity and confidentiality guarantees against a broad and straightforward threat model (a remote adversary capable of subverting arbitrary software on the system). While this work is certainly not the end-all to computer systems security, we propose a compelling threat model to inform future systems, and bootstrap one trusted platform on which secure systems may be built.BIOIlia Lebedev is a PhD candidate at the Computer Science and Artificial Intelligence Lab at MIT. He works in the area of computer systems security, currently focused on bootstrapping trust for remotely attested computation. He deeply values accessible education and has received the 2016 Hazen Award for outstanding teaching. Outside of his academic career, he is a sailing ship captain, a bartender, and a generally questionable individual. 32-G882 (Hewlett Room)

March 14

Privacy Tech in Interesting Times: Having fun with Plausibly Deniable Systems

Radu Sion
Stony Brook University

Part Of

2:15P
- 3:15P

Location

32-D463 (Star Seminar Room) / 32 Vassar Street
32-D463 Star Seminar Room
Add to Calendar 2018-03-14 14:15:00 2018-03-14 15:15:00 America/New_York Privacy Tech in Interesting Times: Having fun with Plausibly Deniable Systems ABSTRACTPrivate or sensitive information is present on our disks, phones,watches and computers. Its protection is essential. Plausibledeniability of stored data allows individuals to deny that their devicecontains a piece of sensitive information. This constitutes a key toolin the fight against oppressive governments and other sophisticatedcensorship tools. And recent developments in democratic, developedcountries seems to have left plausible deniability as the last availabletool in the fight for privacy and personal freedom.In this talk we explore existing traditional plausible deniability andencryption solutions that can handle simple adversaries and then discussemerging new research results that provide defenses against morepowerful multi-snapshot state-level adversaries.We'll also touch upon tamper-proof clouds, the future of computing,and sailing catamarans off the beaches of Stony Brook.SPEAKERRadu Sionhttps://zxr.ioBIORadu Sion is an Associate Professor at Stony Brook University, theDirector of the National Security Institute, and the CEO of PrivateMachines Inc.Radu’s research is in Cyber Security and Large Scale Computing. He haspublished 100+ peer reviewed works in top venues, and has organized 65+conferences. Dr. Sion has received the National Science FoundationCAREER award for his work on cloud computing security.Radu has worked with and received funding from numerous industry andgovernment partners, including the US Air Force, the Office of theSecretary of Defense, the Department of Homeland Security, the US Army,the Intelligence ARPA, the Office of Naval Research, Northrop Grumman,IBM, NOKIA, Motorola, Xerox Parc, Microsoft, SAP, CA Technologies, theNational Science Foundation, and many others.Radu is currently leading Private Machines Inc, a cyber security startupdesigning the next generation secure cloud computing technologies. 32-D463 (Star Seminar Room) / 32 Vassar Street