Summer School Talks

A relatively new approach is to build AE schemes on top of so-called deck functions, primitives supporting arbitrary input and output length that are assumed to behave like a random oracle. In the presentation we will also give some intuition of how we built AES and are now building secure deck functions.

In this talk, we will take a look at LWE-based single-server PIR schemes and what limitations they have to overcome in order to be practical: querying for multiple items, querying to databases indexed with anything but indices, trust-assumptions, underlying mathematical security, and complex approxiate problems. We aim to give preliminary results and points on how to overcome these limitations, and why said limitations matter for real-world applications.

This presentation introduces empirical methods used to conduct security and privacy research within this ecosystem. These methods have been designed to carry out studies in areas such as preinstalled software, over-the-air system updates, customization of the permission system, software attribution, and sensitive data leakages. Finally, we will explore the practical challenges associated with conducting measurement studies in this field.

However, despite its potential benefits, FL has shown to be vulnerable to various threats. In this lecture, we will thoroughly evaluate the security and privacy risks associated with FL and then delve deeper into targeted and untargeted poisoning attacks and countermeasures. We will pay special attention to open challenges, that include distinguishing poisoned and benign but unusual models, for instance models trained on datasets with different data distributions, and adaptive attackers, who, once they know the detection method, can add an additional training loss to minimize any changes in the detection metric, and, hence, evade detection. To facilitate further discussions, we will outline open research directions.

Numerous non-direct arguments against such policies have been raised, such as "the bad guys can utilize other encryption system" so all other cryptosystems have to be declared illegal, or that "allowing the government access is an ill-advised policy since it creates a natural weak systems security point, which may attract others (to masquerade as the government)." It has remained a fundamental open issue, though, to show directly that the above mentioned efforts by a government (called here “a dictator” for brevity) which mandate breaking of the basic operational assumption (and disallowing other cryptosystems), is, in fact, a futile exercise. This is a direct technical point which needs to be made and has not been made to date. In this lecture, as a technical demonstration of the futility of the dictator’s demands, I present the notion of “Anamorphic Encryption” which shows that even if the dictator gets the keys and the messages used in the system (before anything is sent) and no other system is allowed, there is a covert way within the context of well established public-key cryptosystems for an entity to immediately (with no latency) send piggybacked secure messages which are, in spite of the stringent dictator conditions, hidden from the dictator itself! We feel that this may be an important direct technical argument against the nature of governments’ attempts to police the use of strong cryptographic systems, and we hope to stimulate further works in this direction.

The Dream Website users would like to be provided with clear information and being able to control their own personal data. Users would like to refuse tracking, which is unnecessary for the website to function properly, and do so in appropriate settings. Moreover, users would like to have access to the data collected by third parties via tracking technologies.

The Reality In this talk we will discuss about the reality of non-compliance practices of several actors, such as websites, consent management platforms (CMPs), third party tracking companies, and providers of intermediate services.

In this lecture, we will overview the state-of-the-art in decentralized, trustless Layer-2 protocols for scalability (e.g., payment channel networks and roll-ups) and interoperability (e.g., atomic swaps and bridges), highlighting recent breakthroughs and open challenges. The overall goal is to provide a comprehensive background on a theoretically fascinating and practically impactful interdisciplinary research field at the intersection between cryptography, game theory, and distributed systems.

Key Transparency (KT) allows much of this verification to be automated. Service providers that support KT regularly publish a commitment to the identity key directory; this commitment must be publicly and consistently visible to all users. Every key request is accompanied by a proof that the key is correct with respect to the committed directory. Finally, the user's device regularly monitors the committed directory to ensure that the user's key is correctly reflected.

In this talk, I will first l introduce KT and briefly discuss its academic literature. Then I will talk about some of the challenges that come up in adopting academic designs to large scale deployments, and how that opens up new research directions. I will conclude this talk with a discussion of active research and open problems in KT.

In our recent work, we explore the feasibility of an attacker employing multiple SMS senders towards a victim to address these limitations and introduce novel features to bolster prediction accuracy. Next, we introduce a comprehensive device-level security testing framework for 5G standalone devices, ensuring robust protection against emerging threats. Specifically, we introduce a novel, open-source framework that automates the security testing process for 5G SA devices. By leveraging enhanced functionalities of 5G SA core and Radio Access Network (RAN) software, our framework offers a streamlined approach to generating, executing, and evaluating test cases, specifically focusing on the Non-Access Stratum layer.

Finally, we take up a specific case study of designing networks for massive Machine-to-Machine (M2M) applications like autonomous vehicles and drone swarms and the challenges that come with it. The concluding part of the talk will point to interesting research opportunities in the space of next-generation cellular network security.

The first such protocol was proposed in 2011 (ODT-PKC'11) and offers information-theoretic security in terms of one-sided size-hiding. Since then, a couple of related results popped up: one that prevents the intersection-learning party from learning more elements than a fixed upper bound, and another -- that lower-bounds that same party's input size. The latter leads into interesting general issue of how to prove element distinctiveness in private set operations. This talk overviews aforementioned results related to size-hiding PSI and outlines some open problems and new directions.

We start with a wild application: A vexing problem in nuclear disarmament agreements is the secure remote monitoring of nuclear warheads in storage. In collaboration with Princeton's School of Public and International Affairs, we have developed an entirely new approach. We realized a systems as a special instance of a virtual-proof-of-reality scheme, based on radio-frequency signals.

In the second part of the talk, we show a radio wave-based approach for realizing tamper detection. Anti-tampering is a much-needed services from application ranging from payment terminals over cloud servers to ATM machine. Yet, there exist only sub-optimum solutions in practice. We show that our anti-tamper radio is capable of detecting minute physical manipulations on the system- level, e.g., insertion of small probing needles into 19” servers.

Apart from constructive applications, wireless sensing can also be used by adversaries for privacy violations such as remote detection of human movements in private spaces. In our last case study, we present IRShield as a countermeasure. The system leverages recent advances on intelligent reflecting surfaces, or IRSs. IRShield is designed as a plug-and-play privacy-preserving extension to existing wireless networks. We demonstrate that IRShield defeats a state-of-the-art human motion detection attack proposed in the literature.

Recent works have explored the complexity of such emergent behaviour demonstrating methods for constructing weird machines - robust and well defined toolchains that build on emergent behaviour to enable arbitrary computation. This talk introduces microarchitectural weird machines, exploring their construction, functionality and impact on software security.

However, the practical implementation of PQC algorithms on software and hardware platforms presents many challenges. One of them is assuring resistance to side-channel attacks. In this talk, we will present several recent side-channel attacks on implementations of CRYSTALS-Kyber key encapsulation mechanism and CRYSTALS-Dilithium digital signature scheme using deep learning-based power analysis.

Bio: Elena Dubrova received the Diploma Engineer degree in Computer Science from Technical University of Sofia, Bulgaria, in 1993, and Ph.D. degree in Computer Science from University of Victoria, B.C., Canada, in 1998. Since 2008 she has been a professor at the School of Electrical Engineering and Computer Science at the Royal Institute of Technology, Stockholm, Sweden. She has over 100 publications and 15 granted patents. Her work has been awarded prestigious prices such as IBM faculty partnership award for outstanding contributions to IBM research and development. She is a world's top 2% scientist according to the Stanford University ranking from 2020. Her research interests include hardware security, lightweight cryptography, logic synthesis, and multiple-valued logic.

In this talk, I will present the implementation of side-channel attacks and some common countermeasures. First, I will outline the scenario of the attack and how one can exploit the leakages. Later, we will explore methods for preventing these attacks by securely implementing the code.