December 12

Add to Calendar 2024-12-12 12:00:00 2024-12-12 13:00:00 America/New_York GlucOS: Security, correctness, and simplicity for automated insulin delivery Abstract:We present GlucOS, a novel system for trustworthy automated insulin delivery. Fundamentally, this paper is about a system we designed, implemented, and deployed on real humans and the lessons learned from our experiences. GlucOS combines algorithmic security, driver security, and end-to-end verification to protect against malicious ML models, vulnerable pump drivers, and drastic changes in human physiology. We use formal methods to prove correctness of critical components and incorporate humans as part of our defensive strategy. Our evaluation includes both a real-world deployment with seven individuals and results from simulation to show that our techniques generalize. Our results show that GlucOS maintains safety and improves glucose control even under attack conditions. This work demonstrates the potential for secure, personalized, automated healthcare systems. G882 (Hewlett Room)

December 05

Add to Calendar 2024-12-05 12:00:00 2024-12-05 13:00:00 America/New_York Single Pass Client-Preprocessing Private Information Retrieval Abstract:Recently, many works have considered Private Information Retrieval (PIR) with client-preprocessing: In this model a client and a server jointly run a preprocessing phase, after which client queries can run in time sublinear in the size of the database. In addition, such approaches store no additional bits per client at the server, allowing us to scale PIR to a large number of clients. In this work, we propose the first client-preprocessing PIR scheme with ``single pass'' client-preprocessing. In particular, our scheme is concretely optimal with respect to preprocessing, in the sense that it requires exactly one linear pass over the database. This is in stark contrast with existing works, whose preprocessing is proportional to , where is the security parameter (e.g., ). Our approach yields a preprocessing speedup of 45-100x and a query speedup of up to 20x when compared to previous state-of-the-art schemes (e.g., Checklist, USENIX 2021), making preprocessing PIR more attractive for a myriad of use cases that are ``session-based''. In addition to fast preprocessing, our scheme features extremely fast updates (additions and edits)---in constant time. Previously, the best known approach for handling updates in client-preprocessing PIR had time complexity , while also adding a factor to the bandwidth. We implement our update algorithm and show concrete speedups of about 20x in update time when compared to the previous state-of-the-art updatable scheme (e.g., Checklist, USENIX 2021). G882 (Hewlett Room)

November 21

Add to Calendar 2024-11-21 12:00:00 2024-11-21 13:00:00 America/New_York A Formal Treatment of End-to-End Encrypted Cloud Storage Abstract:Users increasingly store their data in the cloud, thereby benefiting from easy access, sharing, and redundancy. To additionally guarantee security of the outsourced data even against a server compromise, some service providers have started to offer end-to-end encrypted (E2EE) cloud storage. With this cryptographic protection, only legitimate owners can read or modify the data. However, recent attacks on the largest E2EE providers have highlighted the lack of solid foundations for this emerging type of service. In this paper, we address this shortcoming by initiating the formal study of E2EE cloud storage. We give a formal syntax to capture the core functionality of a cloud storage system, capturing the real-world complexity of such a system's constituent interactive protocols. We then define game-based security notions for confidentiality and integrity of a cloud storage system against a fully malicious server. We treat both selective and fully adaptive client compromises. Our notions are informed by recent attacks on E2EE cloud storage providers. In particular we show that our syntax is rich enough to capture the core functionality of MEGA and that recent attacks on it arise as violations of our security notions. Finally, we present an E2EE cloud storage system that provides all core functionalities and that is both efficient and provably secure with respect to our selective security notions. Along the way, we discuss challenges on the path towards bringing the security of cloud storage up to par with other end-to-end primitives, such as secure messaging and TLS. D463 (Star)

November 14

Add to Calendar 2024-11-14 12:00:00 2024-11-14 13:00:00 America/New_York Complete Knowledge: Preventing Encumbrance of Cryptographic Secrets Most cryptographic protocols model a player’s knowledge of secrets in a simple way. Informally, the player knows a secret in the sense that she can directly furnish it as a (private) input to a protocol, e.g., to digitally sign a message. The growing availability of Trusted Execution Environments (TEEs) and secure multiparty computation, however, undermines this model of knowledge. Such tools can encumber a secret sk and permit a chosen player to access sk conditionally, without actually knowing sk. By permitting selective access to sk by an adversary, encumbrance of secrets can enable vote-selling in cryptographic voting schemes, illegal sale of credentials for online services, and erosion of deniability in anonymous messaging systems. Unfortunately, existing proof-of-knowledge protocols fail to demonstrate that a secret is unencumbered. We therefore introduce and formalize a new notion called complete knowledge (CK). A proof (or argument) of CK shows that a prover does not just know a secret, but also has fully unencumbered knowledge, i.e., unrestricted ability to use the secret. We introduce two practical CK schemes that use special-purpose hardware, specifically TEEs and off-the-shelf mining ASICs. We prove the security of these schemes and explore their practical deployment with a complete, end-to-end prototype with smart-contract verification that supports both. We show how CK can address encumbrance attacks identified in previous work. Finally, we introduce two new applications enabled by CK that involve proving ownership of blockchain assets. D507

November 07

Add to Calendar 2024-11-07 12:00:00 2024-11-07 13:00:00 America/New_York Compass: Encrypted Semantic Search with High Accuracy We introduce Compass, a semantic search system over encrypted data that offers high accuracy, comparable to state-of-the-art plaintext search algorithms while protecting data, queries and search results from a fully compromised server. Additionally, Compass enables privacy-preserving RAG where both the RAG database and the query are protected. Compass contributes a novel way to traverse the Hierarchical Navigable Small Worlds (HNSW) graph, a top-performing nearest neighbor search index, over Oblivious RAM, a cryptographic primitive with strong security guarantees. Our techniques, Directional Neighbor Filtering, Speculative Greedy Search, and HNSW-tailored Path ORAM ensure that Compass achieves user-perceived latencies of a few seconds and is orders of magnitude faster than baselines for encrypted embeddings search. G882

October 31

Add to Calendar 2024-10-31 12:00:00 2024-10-31 13:00:00 America/New_York Privacy in Web Advertising: Opportunities, Challenges, and a Call to Action Web advertising is at a pivotal moment, with a real opportunity to improve online privacy. However, technical challenges are stalling progress, particularly the difficulty of building high-utility, privacy-preserving advertising APIs. This challenge remains a significant roadblock to getting major entities to commit to disabling current web tracking methods without viable alternatives. Despite these setbacks, there is strong interest from most major browsers in replacing invasive third-party tracking with privacy-conscious APIs that meet both advertisers' needs and user privacy expectations.This is where the privacy research community must step in. We need to tackle real-world challenges and provide solutions that work for both advertisers and users. In this talk, I’ll present our group’s work—developed in collaboration with Meta and Mozilla and as part of our engagement with an industry-led W3C community group—on a privacy architecture that balances robust user privacy with advertiser utility. This architecture has been integrated into Mozilla’s latest privacy-preserving API proposal, which recently passed a W3C consensus call to move toward standardization. Our upcoming SOSP 2024 paper (https://arxiv.org/abs/2405.16719) describes, analyzes, and evaluates this architecture.However, many challenges remain. My message to the privacy and security community is clear: now is the time to engage. If we don’t act, these promising changes may not lead to meaningful privacy improvements, and the responsibility will lie with us as much as with the industry. D463 (Star)

October 24

Add to Calendar 2024-10-24 12:00:00 2024-10-24 13:00:00 America/New_York Building Secure Collaborative Systems via Systems and Cryptography Co-Design AbstractThe recent revolution in advanced data analytics and machine learning have made it possible to extract unprecedented value from user data. However, this comes at the cost of user privacy in many application workflows. In this talk, I will discuss some ideas around building systems that enable privacy-preserving computation via a co-design of systems and cryptography. In the first part of the talk, I will present Bolt (IEEE S&P 2024), a new system for privacy-preserving two-party inference for a large language model like BERT using secure multiparty computation (MPC). With our system, a user can safely outsource prediction to a third party without revealing their sensitive data and or learning about the third party’s proprietary model parameters. In the second part, I will talk about building systems for democratizing cryptography. In Silph (IEEE S&P 2023), we develop a framework that can automatically compile a program written in a high-level language to an optimized, hybrid MPC protocol that mixes multiple MPC primitives securely and efficiently. This makes it possible for any programmer with no expertise in cryptography to create efficient MPC protocols from scratch.BioWenting Zheng is an assistant professor in the Computer Science Department at CMU. Her research interests are in computer systems, security, and applied cryptography. She aims to bridge the gap between theory and practice through a co-design of cryptography and systems. She does so by building practical cryptosystems with provable security guarantees, designing novel cryptographic primitives and protocols, and building systems for democratizing and accelerating cryptography. She is a recipient of NSF CAREER Award, Google Research Scholar Award, Distinguished Paper Award at IEEE Euro S&P, IBM PhD Fellowship, and Berkeley Fellowship. She obtained her Ph.D. in EECS from UC Berkeley. D463 (Star)