DC-Area Anonymity, Privacy, and Security Seminar

Fall 2025 Seminar
Thursday, December 4th, 2025
1:00 p.m. – 5 p.m.

Location: Room B1270 (floor B1, one level directly below lobby)
Science and Engineering Hall (SEH, 800 22nd St NW)
George Washington University
Host: Arkady Yerukhimovich

1:00 p.m. – 1:10 p.m.
Opening Remarks
Paul Syverson (U.S. Naval Research Laboratory)

1:10 p.m. – 1:35 p.m.
Speaker: Aaron Johnson (U.S. Naval Research Laboratory)
Title: A Trusted Execution Environment based Metadata-protected Messaging System [paper]
Abstract: Ensuring privacy of online messaging remains a challenge. While the contents or data of online communications are often protected by end-to-end encryption, the metadata of communications are not. In the last four decades we have witnessed a rich literature of designs towards metadata-protecting communications systems (MPCS). While recent MPCS works often target metadata-protected messaging systems, no existing construction simultaneously attains four desirable properties for messaging systems, namely (i) low latency, (ii) high throughput, (iii) horizontal scalability, and (iv) asynchronicity. In this work, we present TEEMS, the first MPCS designed for metadata-protected messaging that simultaneously achieves all four desirable properties. TEEMS is an oblivious mailbox design using Trusted Execution Environments (TEEs). We empirically demonstrate TEEMS' ability to support 2^20 clients engaged in metadata-protected conversations in under 1s with 205 cores, achieving an 18x improvement over prior work for latency and throughput, while supporting significantly better scalability and asynchronicity properties.

1:35 p.m. – 2:00 p.m.
Speaker: Linsheng Liu (George Washington University)
Title: On the Privacy of Sublinear-Communication Jaccard Index Estimation via Min-hash [paper]
Abstract: This talk explores the privacy guarantees of min-hash-based protocols for sublinear-communication Jaccard index estimation - a technique long assumed to "inherently" protect input privacy. We revisit this folklore belief through a formal lens, contrasting the behavior of min-hash sketches under different assumptions about the hash function and noise.

First, we present a lightweight differentially private (DP) min-hash protocol that adds calibrated Laplacian noise to the sketch counts. Then we show that, even without added noise, min-hash outputs can satisfy DP in a centralized "private hash" model where the hash functions remain hidden. However, once the hash functions are public-as in most practical settings-DP no longer holds, and the correct privacy notion becomes distributional differential privacy (DDP). We derive tight conditions under which DDP still holds, connecting privacy to the min-entropy of the underlying data.

Through this perspective, the talk clarifies when min-hash truly provides privacy, where it fails, and how these insights unify DP, DDP, and entropy-based reasoning for sublinear-communication protocols.

2:00 p.m. – 2:25 p.m.
Coffee Break

2:25 p.m. – 2:50 p.m.
Speaker: Seungju Lee (Princeton University)
Title: QUICstep: Evaluating connection migration based QUIC censorship circumvention [paper]
Abstract: Internet censors often rely on information in the first few packets of a connection to censor unwanted traffic. With the rise of the QUIC transport protocol, prior work has suggested the method of using QUIC connection migration to conceal the first few handshake packets using a different network path (e.g., an encrypted proxy channel). However, the use of connection migration for censorship circumvention has not been explored or validated in terms of feasibility or performance. We bridge this gap by providing a rigorous quantitative evaluation of this approach that we name QUICstep. We develop a lightweight, application-agnostic prototype of QUICstep and demonstrate that QUICstep is able to circumvent a real-world QUIC SNI censor. We find that not only does QUICstep outperform a fully encrypted channel in diverse settings, but also that it can significantly reduce traffic load for encrypted channel providers. We also propose using QUICstep as a tool for measuring QUIC connection migration support in the wild and show that support for connection migration is on the rise. While as of now QUIC and connection migration support is limited, we envision that QUICstep can be a useful tool for the future where QUIC is the de facto norm for the Internet.

2:50 p.m. – 3:15 p.m.
Speaker: Phan Nguyen (University of Maryland)
Title: E Pluribus Deanonymization: Fingerprinting Browsing Sessions Instead of Individual Webpages [paper]
Abstract: Webpage fingerprinting attacks on Tor seek to identify the specific webpage visited by a user given only the anonymized traffic to and from that user.

In this talk, I will demonstrate a way to significantly improve the performance of virtually all webpage fingerprinting techniques to work on a large set of candidates. Our insight is that users very rarely ever visit a single webpage, but rather visit multiple, related webpages in succession over the course of a browsing session. Thus, rather than try to fingerprint a single webpage independent of all others, we fingerprint the browsing session itself, using consecutive webpages as contextual clues.

I will introduce a "browsing session fingerprinting" technique that uses as a building block any (individual-)webpage fingerprinting technique. Using a new, large fingerprinting dataset which we collected, I will show that our techniques can achieve a top-1 accuracy that approaches the individual-webpage fingerprinting techniques' top-5 accuracy.

3:14 p.m. – 3:40 p.m.
Coffee Break

3:40 p.m. – 4:05 p.m.
Speaker: Christine Task (Knexus Research)
Title: Five Archetype Problems in PPRL
Abstract: Secure Multiparty Computation is an umbrella term that covers very, very many different problem definitions, privacy constraints and solution approaches. And while this broad span is great for fostering academic research, it's a stumbling block for deployment. Organizations with sensitive (often regulated) data need to know simply and precisely what will be happening to that data before they engage in a potentially risky process of mingling it with data from other organizations.

In ongoing work with the National Institute of Standards and Technology (NIST), and SME collaborators from medical data and privacy-preserving advertising contexts, we propose five standardized archetype problems for Privacy Preserving Record Linkage. Each archetype problem includes a name, specification, non-technical description, and example use case with benchmark data. Note that these specify problems rather than solutions---Any PPRL solution that satisfies the specified requirements and operates correctly over the benchmark use cases, can be conveniently referred to by the problem name and identified for deployment in relevant contexts. These archetype problems aren't meant to cover all of PPRL (much less all of SMC), they're only meant to help streamline five of the most needed deployment use cases. This work is part of a larger effort to assist in the research to deployment pipeline through NIST's PETs Testbed and may be expanded in future iterations.

4:05 p.m. – 4:30 p.m.
Speaker: Miuyin Yong Wong (University of Maryland)
Title: A First Look at the Impacts of LLMs in the Cybersecurity Workforce
Abstract: Large language models (LLMs) have frequently been proposed as useful tools for cybersecurity tasks like malware detection, reverse engineering, and incident response. However, little is known about whether and how LLMs have so far been adopted within enterprise cybersecurity workflows, and how effective or challenging this adoption has been. To fill this gap, we conducted 28 semi-structured interviews with cybersecurity professionals from 26 organizations, with varying experience levels. We find that although LLM use is common and frequent, organizational policies governing this use are often vague, inconsistent, and unclear to individual practitioners. Practitioners identified important challenges related to the fundamental limitations of LLMs-such as unreliable output and context window limits-as well as domain-specific challenges including poor performance on specific cybersecurity tasks and restrictive guardrails that inhibit penetration testing. Other key concerns included data leakage and productivity loss. Further, participants described significant impacts to the traditional collaborative culture and apprenticeship knowledge-transfer model of the broader cybersecurity community. Nonetheless, practitioners believe that the overall benefits of LLM usage outweigh the perceived risks.

4:30 p.m. – 4:35 p.m.
Closing Remarks
Paul Syverson (U.S. Naval Research Laboratory)

4:35 p.m. – 5:00 p.m.
Discussions and Networking

Directions: Note that access to the building (SEH) requires card access. If you have trouble entering during the afternoon of the seminar, please contact Arkady Yerukhimovich, the host, on his cell at (401)-225-1339 or via email at arkady@email.gwu.edu, and he will have someone come let you in. You can also find a university map here.

Transportation
Driving: There is visitor parking in the building at $24 maximum for the day. Parking entrance is on H St, between 22nd and 23rd, on the left if approaching from 23rd. For details, see here.

Metro: The workshop is 2 blocks from the Foggy Bottom-GWU Metro Station, which is on the Blue, Orange, and Silver Metro lines. The Metro Station has only one exit, on 23rd and Eye (I) Streets.