### DC-Area Anonymity, Privacy, and Security Seminar

Fall 2015 Seminar
Friday, November 20th, 2015
9:30 a.m. - 1:00 p.m.
Lunch afterward nearby

Location: Social Room, Healey Family Student Center
(in New South Hall, Library Walk & Tondorf Rd)
Georgetown University
Host: Micah Sherr

9:30 a.m. - 9:55 a.m.
Speaker: Simson Garfinkel, NIST
Title: NISTIR 8053: De-identification of personal information [slides] [document]
Abstract: De-identification removes identifying information from a dataset so that individual data cannot be linked with specific individuals. De-identification can reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing information. De-identification thus attempts to balance the contradictory goals of using and sharing personal information while protecting privacy. Several U.S laws, regulations and policies specify that data should be de-identified prior to sharing. In recent years researchers have shown that some de-identified data can sometimes be re-identified. Many different kinds of information can be de-identified, including structured information, free format text, multimedia, and medical imagery. This talk summarizes roughly two decades of de-identification research, discusses current practices, and presents opportunities for future research.

9:55 a.m. - 10:20 a.m.
Speaker: Ellis Fenske, Tulane University
Title: Crowds, asymmetry, and neighbors [slides]
Abstract: In this talk I will discuss my ongoing dissertation research. I consider the Crowds protocol, but instead of analyzing its vulnerability to the traditional attack of compromising nodes in the network, I consider the vulnerability of the system to an adversary that observes network traffic along certain edges. In the traditional attack, the probability of compromise at each step is equal, but with the new approach, the probability depends on the topology of the compromised routes and is generally asymmetric. The approach I use is to view the system as a stochastic process which allows us to analyze the security of each honest participant individually. The Crowds protocol is a first step, and the goal of the research is to develop this type of analysis for application to more sophisticated systems.

10:20 a.m. - 10:50 a.m.
Coffee Break

10:50 a.m. - 11:15 a.m.
Speaker: Frank Cangialosi, University of Maryland, College Park
Title: Ting: Measuring and Exploiting Latencies Between All Tor Nodes [slides]
Abstract: Given Tor's focus on low-latency communication, understanding the latencies between peers in the Tor network could be an extremely powerful tool in understanding and improving Tor's performance and anonymity properties. However, there are no practical techniques for inferring accurate latencies between two arbitrary hosts on the Internet, and Tor clients are not instrumented to collect and report on these measurements. In this talk, I will present Ting, a technique for measuring latencies between arbitrary Tor nodes from a single vantage point. Through a ground-truth validation and experiments on the live Tor network, I will show that Ting is accurate, even with few samples, that its measurements are stable over time, and that it does not require modifications to existing clients. I will also demonstrate that the all-pairs latency datasets that Ting permits can be applied in disparate ways, including faster methods of deanonymizing Tor circuits and efficiently finding long circuits with low end-to-end latency.

11:15 a.m. - 11:40 p.m.
Title: Quantifying and Measuring Diversity in Security Systems [slides]
Abstract: It is well known that hardware and software monocultures are ubiquitous, yet highly fragile in the face of vulnerabilities. For example, the popularity of OpenSSL became apparent when the Heartbleed bug emerged. Not only do we lack highly diverse implementations and platforms, we have yet to agree on a flexible and easily-applicable definition of diversity; in the past the notion of diversity has been used loosely or, at best, qualitatively.

In this paper, we seek to fill this gap by presenting a formal, quantitative formulation of diversity, specifically tailored to applications in computer security. Our diversity quantification is general in that it can be readily applied to a wide variety of systems and it can be tailored to specific application domains. We further present theorems, formally supporting the widespread belief that high diversity is desirable in security systems. Finally, we implement our diversity quantification and apply it to a set of real-world deployed systems.

Our work provides a generic foundation for quantifying diversity in security systems, allowing us to monitor and reason about real-world security systems. Further, our work makes it possible to compare diversity across different domains.

11:40 p.m. - 12:10 p.m.
Coffee Break

12:10 p.m. - 12:35 p.m.
Title: Is Bigger Better? Comparing User Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock
Abstract: Android's graphical authentication mechanism requires users to unlock their devices by "drawing" a pattern that connects a sequence of contact points arranged in a 3x3 grid. Prior studies have shown that human-generated patterns are far less complex than one would desire; large portions can be trivially guessed with sufficient training. Custom modifications to Android, such as CyanogenMod, offer ways to increase the grid size beyond 3x3, and in this paper we ask the question: Does increasing the grid size increase the security of human-generated patterns? To answer this question, we conducted two large studies, one in-lab and one online, collecting 934 total 3x3 patterns and 504 4x4 patterns. Analysis shows that for both 3x3 and 4x4 patterns, there is a high incidence of repeated patterns and symmetric pairs (patterns that derive from others based on a sequence of flips and rotations). Further, many of the 4x4 patterns are similar versions of 3x3 patterns distributed over the larger grid space. Leveraging this information, we developed the most advanced guessing algorithm in this space, and we find that guessing the first 20% ($\tilde{G}_{0.2}$) of patterns for both 3x3 and 4x4 can be done as efficiently as guessing a random 2-digit PIN. Guessing larger portions of 4x4 patterns ($\tilde{G}_{0.5}$), however, requires 2-bits more entropy than guessing the same ratio of 3x3 patterns, but the entropy is still on the order of cracking random 3-digit PINs. These results suggest that while there may be some benefit to expanding the grid size to 4x4, the majority of patterns will remain trivially guessable and insecure against broad guessing attacks.

12:35 p.m. - 1:00 p.m.
Speaker: Tavish Vaidya, Georgetown University
Title: Cocaine Noodles: Exploiting the Gap between Human and Machine Speech Recognition [slides]
Abstract: Hands-free, voice-driven user input is gaining popularity, in part due to the increasing functionalities provided by intelligent digital assistants such as Siri, Cortana, and Google Now, and in part due to the proliferation of small devices that do not support more traditional, keyboard based input. In this paper, we examine the gap in the mechanisms of speech recognition between human and machine. In particular, we ask the question, do the differences in how humans and machines understand spoken speech lead to exploitable vulnerabilities? We find, perhaps surprisingly, that these differences can be easily exploited by an adversary to produce sound which is intelligible as a command to a computer speech recognition system but is not easily understandable by humans. We discuss how a wide range of devices are vulnerable to such manipulation and describe how an attacker might use them to defraud victims or install malware, among other attacks

Transportation
Parking is limited on campus, but the official parking is at the Southwest Garage. It costs $3/hr.,$20/day. There is also 2-hour street parking in the surrounding streets, although you stand a reasonable chance of being ticketed (~\$30) for staying longer.

The best way to reach Georgetown is via public transportation. The nearest Metro stops are Rosslyn (on the Blue and Orange lines) and Dupont Circle (on the Red line). These are 1.1 mile and 1.9 miles from New South Hall, respectively. Georgetown University runs a regular shuttle service from each of these stops to campus: GUTS. In the shuttle map, New South Building is #45, and while some shuttle stops are closer than others, all are within walking distance. Note that "Visitors and persons doing business on campus may also ride free of charge and must show a picture ID at the time of boarding".

Directions
The seminar will be held in the Social Room of the Healey Family Student Center. The Healey Family Student Center (do not confuse it with Healy Hall!) is located in New South residence hall. The building appears as "New South Building, Georgetown University, Washington, DC" on Google Maps. It is located on the SE corner of Library Walk & Tondorf Rd. (do not believe the official 37th & O address, which just gets you to campus). There are two entrances on the north side, and there are outside signs for both that say "Healey Family Student Center". These pictures may help guide you to the building.