DC-Area Anonymity, Privacy, and Security Seminar

Summer 2018 Seminar
Monday, June 25th, 2018
1:00 p.m. - 4:30 p.m.

Location: Healey Family Student Center, Social Room
Georgetown University
Host: Micah Sherr

1:00 p.m. - 1:25 p.m.
Speaker: Stephen Herwig (University of Maryland, College Park)
Title: SecureCDN: Providing End-to-End Security in Content Delivery Networks [slides]
Abstract: Content Delivery Networks (CDNs) serve a large and increasing portion of today's web content. Beyond caching, CDNs provide their customers with a variety of services, from load balancing, to content compression and transcoding, to web application firewalls. As web traffic shifts from HTTP to HTTPS, CDNs continue to provide such services by also assuming control of their customers' private keys, thereby breaking a fundamental security principle: private keys must only be known by their owner.

We present the design and implementation of SecureCDN, a reverse caching proxy that uses Intel SGX to preserve the confidentiality of the content provider's private TLS key while stored on the edge server. SecureCDN runs the NGINX webserver in an Intel SGX enclave, while also enabling key CDN services, such as firewalling, local and remote caching, and scriptable configuration. In order to ensure the integrity and, optionally, confidentiality, of any cached content, we also develop a filesystem to extend the enclave's security guarantees to untrusted storage. In its strongest configuration, SecureCDN reduces the knowledge of the edge server to that of a traditional on-path HTTPS adversary. We evaluate the performance of SecureCDN with a series of micro- and macro-benchmarks

1:25 p.m. - 1:50 p.m.
Speaker: Anrin Chakraborti (SUNY Stonybrook)
Title: Efficient Range ORAM Construction with Locality [slides]
Abstract: Oblivious RAM protocols (ORAMs) allow a client to access data from an untrusted storage device without revealing to that device any information about their access pattern. Typically this is accomplished through shuffling the data into random positions such that the storage device is not sure where individual blocks are located, resulting in an access pattern on the device which is highly randomized. However, storage devices are usually optimized for sequential accesses, meaning that ORAMs can often induce a substantial overhead (in addition to their increased bandwidth) due to large numbers of disk seeks. This talk discusses "range ORAMs", specifically suited for accessing ranges of sequential logical blocks while minimizing disk seeks, and describes an efficient range ORAM construction with better asymptotic efficiency than prior work.

1:50 p.m. - 2:20 p.m.
Coffee Break

2:20 p.m. - 2:45 p.m.
Speaker: Tavish Vaidya (Georgetown University)
Title: An Empirical Study of the Internet's Open Proxies
Abstract: Public open proxies are often used to access otherwise inaccessible information (e.g., due to censorship or locality restrictions) or as a means to access information without exposing the requestor's IP address (i.e., sender anonymity). While it is well known that more robust techniques (e.g., Tor) offer stronger privacy protections and that open proxies should be used with extreme caution, there is surprisingly little existing work that empirically evaluates the correctness and safety of open proxies.

To better understand the behavior of free and open proxies, we conducted a series of experiments in which we validated the responses of the Internet's open proxies. Our examination of roughly 3800 open proxy servers found instances in which proxies manipulated HTML content, injected ad-serving JavaScript, injected scripts that mine cryptocurrencies (cryptojacking), performed TLS man-in-the-middle attacks, and modified HTTP headers. We also found that approximately 0.1% of the proxies returned modified Windows executables, flash files, and jar files, which were labeled malicious by VirusTotal.

2:45 p.m. - 3:10 p.m.
Speaker: Michelle Mazurek (University of Maryland, College Park)
Title: The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level
Abstract: Digital security professionals use threat modeling to assess and improve the security posture of an organization or product. However, no threat-modeling techniques have been systematically evaluated in a real-world, enterprise environment. In this case study, we introduce formalized threat modeling to New York City Cyber Command: the primary digital defense organization for the most populous city in the United States. We find that threat modeling improved self-efficacy; 20 of 25 participants regularly incorporated it within their daily duties 30 days after training, without further prompting. After 120 days, implemented participant-designed threat mitigation strategies provided tangible security benefits for NYC, including blocking 541 unique intrusion attempts, preventing the hijacking of five privileged user accounts, and addressing three public-facing server vulnerabilities. Overall, these results suggest that the introduction of threat modeling can provide valuable benefits in an enterprise setting.

3:10 p.m. - 3:40 p.m.
Coffee Break

3:40 p.m. - 4:05 p.m.
Speaker: Ryan Wails (U.S. Naval Research Laboratory)
Title: Tunable Transparency: Secure Computation in the Tor Network [slides]
Abstract: Tor is a widely popular tool for online privacy. Despite its focus on privacy, Tor benefits from some transparency about the operation of its network. Measurements of Tor help direct its developers, inform its users, and guide policymakers. Existing approaches to making these measurements, including Tor's current techniques, are limited in the types of measurements that can be made.

We present a system that uses secure multiparty computation (MPC) protocols to give Tor full power to tune its transparency, that is, to compute any function of its relays' observations while keeping the observations themselves private. Our system scales to Tor's thousands of relays, provides security depending only on Tor's core trust assumption that a large fraction of its bandwidth is honest, and efficiently makes use of Tor's network and computational resources. We demonstrate how to use our system to compute two broadly-applicable statistics: the median of relay inputs and the cardinality of set-union across relays. We implement our protocols and experimentally test their performance in networks like Tor using the Shadow simulator. Our experiments show that, for a network of Tor's current size, a median can be computed in 25 minutes, given 11 hours of preprocessing, and that set-union cardinality can be computed in 13 seconds, given 7 hours of preprocessing.

4:05 p.m. - 4:30 p.m.
Speaker: Kevin Bock (University of Maryland, College Park)
Title: 23andMe and the Great Firewall of China: Evolving Censorship Evasion Strategies [slides]
Abstract: For years, a cat-and-mouse game has ensued between researchers and censoring regimes, leading to increasingly sophisticated Internet-scale censorship techniques and methods to evade them. In this work, we propose a drastic departure from the previous evade-detect cycle by developing techniques to automate censorship evasion. We develop a genetic algorithm that evolves censorship evasion strategies by training against a suite of known censorship techniques. Building up from only basic packet manipulation actions (dropping, tampering, reordering packets and changing header fields), we show that our genetic algorithm can develop multiple effective evasion strategies. I will present preliminary results that show that our genetic algorithm derives novel censorship evasion strategies, independently re-derives many strategies from prior work, and can recover and adapt to changing firewall rules. Our ongoing and future work involves testing and evolving against the Great Firewall of China.

Directions: The seminar will be held in the Social Room of the Healey Family Student Center. Note that the Social Room is in the southeast corner of the building. See the floor plan for exact location.

Driving: Parking is limited on campus, but the official parking is at the Southwest Garage. It costs $5/hr., $22/day. There is also 2-hour street parking in the surrounding streets, although you stand a reasonable chance of being ticketed (~$30) for staying longer.

Metro: The best way to reach Georgetown is via public transportation. The nearest Metro stops are Rosslyn (on the Blue, Orange, and Silver lines) and Dupont Circle (on the Red line). These are 1.1 miles and 1.9 miles from the Healey Family Student Center, respectively. Georgetown University runs a regular shuttle service from each of these stops to campus: GUTS. The campus dropoff is near McDonough Arena, which is a short walk to the Healey Family Student Center. The shuttle is free, and riders should be prepared to show identification (university affiliation apparently not required). Several buses can also be used to get to campus, see details here.