DC-Area Anonymity, Privacy, and Security Seminar

Fall 2018 Seminar
Wednesday, November 28th, 2018
1:00 p.m. - 4:30 p.m.
Lunch 12 p.m. Whole Foods - Foggy Bottom (2201 I St NW)

Location: Room B1220 (floor B1, one level directly below the lobby)
Science and Engineering Hall (SEH, 800 22nd Street, NW)
George Washington University
Hosts: Poorvi Vora and Arkady Yerukhimovich

1:00 p.m. - 1:25 p.m.
Speaker: Saeed Mahloujifar (University of Virginia)
Title: Barriers in Adversarially Robust Learning [slides]
Abstract: In this talk, I will talk about some recent works demonstrating information theoretic as well as computational barriers against robust learning for natural input distributions. I will first show that "concentration of measure" phenomenon in metric probability spaces make classification tasks (of such instances) vulnerable to adversarial perturbations. I will then show how to make such attacks polynomial time for certain distributions and how to use similar techniques to derive data poisoning attacks. (Based on joint works with Dimitris Diochnos and Mohammad Mahmoody.)

1:25 p.m. - 1:50 p.m.
Speaker: Rob Jansen (U.S. Naval Research Laboratory)
Title: Privacy-Preserving Dynamic Learning of Tor Network Traffic [slides]
Abstract: Experimentation tools facilitate exploration of Tor performance and security research problems and allow researchers to safely and privately conduct Tor experiments without risking harm to real Tor users. However, researchers using these tools configure them to generate network traffic based on simplifying assumptions and outdated measurements and without understanding the efficacy of their configuration choices. In this work, we design a novel technique for dynamically learning Tor network traffic models using hidden Markov modeling and privacy-preserving measurement techniques. We conduct a safe but detailed measurement study of Tor using 17 relays (~2% of Tor bandwidth) over the course of 6 months, measuring general statistics and models that can be used to generate a sequence of streams and packets. We show how our measurement results and traffic models can be used to generate traffic flows in private Tor networks and how our models are more realistic than standard and alternative network traffic generation methods. This is joint work with Matthew Traudt and Nick Hopper and appeared in the 25th ACM Conference on Computer and Communication Security (CCS 2018). Full paper available.

1:50 p.m. - 2:20 p.m.
Coffee Break

2:20 p.m. - 2:45 p.m.
Speaker: Akshaya Mani (Georgetown University)
Title: Understanding Tor Usage with Privacy-Preserving Measurement [slides]
Abstract: The Tor anonymity network is difficult to measure because, if not done carefully, measurements could risk the privacy (and potentially the safety) of the network's users. Recent work has proposed the use of differential privacy and secure aggregation techniques to safely measure Tor, and preliminary proof-of-concept prototype tools have been developed in order to demonstrate the utility of these techniques. In this work, we significantly enhance two such tools — PrivCount and Private Set-Union Cardinality — in order to support the safe exploration of new types of Tor usage behavior that have never before been measured. Using the enhanced tools, we conduct a detailed measurement study of Tor covering three major aspects of Tor usage: how many users connect to Tor and from where do they connect, with which destinations do users most frequently communicate, and how many onion services exist and how are they used. Our findings include that Tor has ~8 million daily users, a factor of four more than previously believed. We also find that ~40% of the sites accessed over Tor have a torproject.org domain name, ~10% of the sites have an amazon.com domain name, and ~80% of the sites have a domain name that is included in the Alexa top 1 million sites list. Finally, we find that ~90% of lookups for onion addresses are invalid, and more than 90% of attempted connections to onion services fail.

2:45 p.m. - 3:10 p.m.
Speaker: Karan Bhagat (Knexus Research)
Title: Differentially Private Social Network Analysis for Crisis Detection and Localization [slides]
Abstract: We present privacy-preserving crisis detection algorithms that are capable of detecting and localizing a crisis in real-time using differentially private cell-phone communication metadata contributed by a subset of people in a social network. We compare the resistance of crisis detection metrics of these algorithms against increasing privacy noise by simulating crisis over a real social network. To support this work, we developed multi-agent social network and communication simulation systems that provide a software ecosystem for synthesizing and visualizing crisis over synthetic or real social networks. We discuss details of the simulation system, and the insights it has provided in evaluating reliability for differentially private decision metrics.

3:10 p.m. - 3:40 p.m.
Coffee Break

3:40 p.m. - 4:05 p.m.
Speaker: Simson Garfinkel (U.S. Census Bureau)
Title: Issues Encountered Deploying Differential Privacy [slides]
Abstract: When differential privacy was created more than a decade ago, the motivating example was statistics published by an official statistics agency. In attempting to transition differential privacy from the academy to practice, the U.S. Census Bureau has encountered many challenges unanticipated by differential privacy's creators. These challenges include obtaining qualified personnel and a suitable computing environment, the difficulty accounting for all uses of the confidential data, the lack of release mechanisms that align with the needs of data users, the expectation on the part of data users that they will have access to micro-data, and the difficulty in setting the value of the privacy-loss parameter (ϵ) and the lack of tools and trained individuals to verify the correctness of differential privacy implementations.

4:05 p.m. - 4:30 p.m.
Speaker: Vaibhav Garg (Comcast Cable)
Title: How I Learned to Stop Worrying and Love IoT Standards
Abstract: The lack of security in IoT has inspired an avalanche of security standards, frameworks, best practices, and other guidance. We investigate the design of sustainable (IoT) standards by considering security as a common-pool resource and insecurity as an issue that must be addressed by the entire (Internet) ecosystem. Sustainability of IoT standards bodies can then be analyzed under Ostrom's framework to identify gaps in standards making processes. We argue that standards like Open Connectivity Foundation may be more sustainable in the long term as they satisfy all of Ostrom's five criterion for institutional design.

Directions: There are two building entrances on 22nd St. close to Eye and H Streets, respectively. See a university map here.

By Car: There is visitor parking in the building at $23 maximum for the day. Parking entrance is on H St, between 22nd and 23rd, on the left if approaching from 23rd. For details, see here.

By Metro: The workshop is 2 blocks from the Foggy Bottom Metro Station, which is on the Blue and Orange Metro lines. The Metro Station has only one exit, on 23rd and Eye (I) Streets.