DC-Area Anonymity, Privacy, and Security Seminar
Summer 2016 SeminarMonday, June 20th, 2016
1:00 p.m. - 4:30 p.m.
Lunch 12PM (Epicurean and Company) Location: St. Mary's Hall, Room 326
(3700 Reservoir Road, N.W.)
Georgetown University
Host: Micah Sherr
1:00 p.m. - 1:25 p.m.
Speaker: Micah Sherr (Georgetown University)
Title: Data-plane Defenses against Routing Attacks on Tor [slides]
Abstract: Tor is susceptible to traffic correlation attacks in which an adversary who observes flows entering and leaving the anonymity network can apply statistical techniques to correlate flows and de-anonymize their endpoints. While an adversary may not be naturally positioned to conduct such attacks, a recent study shows that the Internet's control-plane (i.e., the BGP protocol) can be manipulated to increase an adversary's view of the network, and consequently, improve its ability to perform traffic correlation. This talk explores the effects of control-plane attacks on the security of the Tor network. Using accurate models of the live Tor network, we quantify Tor's susceptibility to these attacks by measuring the fraction of the Tor network that is vulnerable and the advantage to the adversary of performing the attacks. We further propose defense mechanisms that protect Tor users from manipulations at the control-plane. Perhaps surprisingly, we show that by leveraging existing trust anchors in Tor, defenses deployed only in the data-plane are sufficient to detect most control-plane attacks. Our defenses do not assume the active participation of Internet Service Providers, and require only very small changes to Tor. We experimentally evaluate the effectiveness of our defenses, and show that our defenses result in a more than tenfold decrease in the effectiveness of certain control-plane attacks. This talk describes joint work with Henry Tan and Wenchao Zhou.
1:25 p.m. - 1:50 p.m.
Speaker: Adam Aviv (U.S. Naval Academy)
Title: ObliviSync: Practical Oblivious File Backup and Synchronization [slides]
Abstract: Oblivious RAM (ORAM) is a powerful cryptographic protocol which has recently risen in prominence, in part due to its ability to hide a client's access patterns from untrusted cloud storage services. We present an oblivious cloud storage system, ObliviSync, that specifically targets one of the most widely-used personal cloud storage paradigms: synchronization and backup services, popular examples of which are Dropbox, iCloud Drive, and Google Drive. We show that this setting provides a unique opportunity for Oblivious RAM research because full privacy can be achieved with a simpler form of ORAM called write-only ORAM. This allows for dramatically increased efficiency compared to related work - so much so that our solution has only a small constant overhead of approximately 4x compared with non-private file storage. We built and evaluated a full implementation of ObliviSync that supports multiple simultaneous read-only clients and a single concurrent read/write client whose edits automatically and seamlessly propagate to the readers. We show that our system functions under high work loads with realistic file size distributions. Joint work with Seung Geol Choi, Travis Mayberry, and Dan Roche.
Coffee Break
2:20 p.m. - 2:45 p.m. [Canceled]
Speaker: Aylin Caliskan-Islam (Princeton University)
Title: When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
Abstract: The ability to identify authors of computer programs based on their coding style is a direct threat to the privacy and anonymity of programmers. While recent work found that source code can be attributed to authors with high accuracy, attribution of executable binary appears to be much more difficult. Many potentially distinguishing features present in source code, e.g. variable names, are removed in the compilation process, and compiler optimization may alter the structure of a program, further obscuring features that are known to be useful in determining authorship. We examine executable binary authorship attribution from the standpoint of machine learning, using a novel set of features that include ones obtained by decompiling the executable binary to source code. We show that many syntactical features present in source code do in fact survive compilation and can be recovered from decompiled executable binary. This allows us to use a powerful set of techniques from the domain of source code authorship attribution along with stylistic representations embedded in assembly, resulting in high accuracy de-anonymization of large set of programmers.
We demonstrate our evaluation on data from the Google Code Jam, obtaining attribution accuracy of up to 96% with 100 and 83% with 600 candidate programmers. For the first time, we demonstrate that our approach is robust to basic obfuscations, a range of compiler optimization settings, and binaries that have been stripped of their symbol tables. We perform programmer de-anonymization using both obfuscated binaries, and real world code found "in the wild" in single-author GitHub repositories and the recently leaked Nulled.IO hacker forum.
2:45 p.m. - 3:10 p.m.
Speaker: Michelle Mazurek (University of Maryland, College Park)
Title: You Get Where You're Looking For: The Impact of Information Sources on Code Security [slides]
Abstract: Vulnerabilities in Android code - including but not limited to insecure data storage, unprotected inter-component communication, broken TLS implementations, and violations of least privilege - have enabled real-world privacy leaks and motivated research cataloguing their prevalence and impact. Researchers have speculated that appification promotes security problems, as it increasingly allows inexperienced laymen to develop complex and sensitive apps. Anecdotally, Internet resources such as Stack Overflow are blamed for promoting insecure solutions that are naively copy-pasted by inexperienced developers.
In this work, we for the first time systematically analyzed how the use of information resources impacts code security. We first surveyed 295 app developers who have published in the Google Play market concerning how they use resources to solve security-related problems. Based on the survey results, we conducted a lab study with 54 Android developers (students and professionals), in which participants wrote security- and privacy- relevant code under time constraints. The participants were assigned to one of four conditions: free choice of resources, Stack Overflow only, official Android documentation only, or books only. Those participants who were allowed to use only Stack Overflow produced significantly less secure code than those using, the official Android documentation or books, while participants using the official Android documentation produced significantly less functional code than those using Stack Overflow. Taken together, our results confirm that API documentation is secure but hard to use, while informal documentation such as Stack Overflow is more accessible but often leads to insecurity. Given time constraints and economic pressures, we can expect that Android developers will continue to choose those resources that are easiest to use; therefore, our results firmly establish the need for secure-but-usable documentation.
Coffee Break
3:40 p.m. - 4:05 p.m.
Speaker: Eric Mill (18F)
Title: Recent security/privacy initiatives in the US government [slides]
Abstract: The US government is a big diverse place, and there are a number of people and programs trying to do right by privacy and security in the modern age. We'll discuss some ongoing initiatives supporting encryption, bug bounties, "the cloud!", and other things.
4:05 p.m. - 4:30 p.m.
Speaker: Nima Fatemi (The Tor Project)
Title: The Library Freedom Project
Driving: Parking is limited on campus, but the official parking is at the Southwest Garage. It costs $3/hr., $20/day. There is also 2-hour street parking in the surrounding streets, although you stand a reasonable chance of being ticketed (~$30) for staying longer. Metro: The best way to reach Georgetown is via public transportation. The nearest Metro stops are Rosslyn (on the Blue & Orange lines) and Dupont Circle (on the Red line). These are 1.6 miles and 1.9 miles from St. Mary's Hall, respectively. Georgetown University runs a regular shuttle service from each of these stops to campus: GUTS. The campus dropoff is near McDonough Arena, which is a short walk to St. Mary's Hall. Note that "Visitors and persons doing business on campus may also ride free of charge and must show a picture ID at the time of boarding".