DC-Area Anonymity, Privacy, and Security Seminar
Spring 2026 SeminarTuesday, May 5th, 2026
1:00 p.m. – 5 p.m.
Location: Room 4105
Brendan Iribe Center (8125 Paint Branch Dr)
University of Maryland, College Park
Host: Michelle Mazurek
1:00 p.m. – 1:05 p.m.
Opening Remarks
Aaron Johnson (U.S. Naval Research Laboratory)
1:05 p.m. – 1:25 p.m.
Speaker: Seungju Lee (Princeton University)
Title: Hello again: Enhancing TLS handshake security in QUIC using multiple paths
Abstract: Although TLS 1.3 improves security against classic attacks such as Man-in-the-Middle, harvest-now-decrypt-later attacks by quantum adversaries remain a nontrivial threat. We propose implementing a multi-path handshake by leveraging QUIC's connection migration capabilities to improve the robustness of today's TLS handshake against tomorrow's quantum adversaries. In this proposal, the client can migrate the connection between networks after the handshake then perform the key update afterwards. Similar prior approaches have required nontrivial changes to the underlying communication and cryptographic protocols. Our proposal is practical to implement with the advent of QUIC, a transport layer protocol whose sessions are not bound to IP address, port tuples. Our security and performance analysis evaluates the probability of path compromise using real-world routing data and measuring HTTP/3 request latencies with this protocol. We demonstrate that our proposal enhances TLS handshake security while being performant and practical: our approach reduces probability of compromise by AS-level adversaries by over 70% for end hosts, adds minimal latency to QUIC connections, and requires minimal changes to existing protocol semantics.
1:25 p.m. – 1:45 p.m.
Speaker: Yixin Sun (University of Virginia)
Title: A Three-year View of Encrypted Client Hello (ECH) Deployment on the Internet
Abstract: Encrypted Client Hello (ECH) is a protocol extension that encrypts the TLS ClientHello message, enhancing privacy for the connections. ECH is recently standardized in RFCs 9848 and 9849 (Mar 2026), and ECH parameters are advertised via DNS SVCB/HTTPS records (standardized in RFC 9460, Nov 2023). Despite the recency, we have observed steady adoptions by servers and clients. In this talk, we will discuss observations from our three-year Internet measurement of DNS HTTPS/ECH data (May 2023–Present) on server-side adoption among Tranco top 1M domains, as well as client-side (i.e., browsers) support for ECH-enabled connections.
1:45 p.m. – 2:05 p.m.
Speaker: Ryan Little (Boston University) [paper]
Title: Ticket to Hide: Practical, Private Proofs of Provenance for TLS
Abstract: When using Transport Layer Security (TLS), web users can connect to a server and trust that they are sending and receiving data with the intended web server. This guarantee, however, is not transferable: there is no immediate way for a client to convince an external party that a transcript or message originated from a particular server. Beginning with the DECO protocol of Zhang et al., there has been a line of work on "TLS oracles"—cryptographic protocols that allow a client to commit to, prove provenance, and disclose arbitrary properties of TLS application data to a verifier party. TLS oracles only require the server to run standard TLS, making them compatible with existing real-world web servers.
In this work we introduce Ticket to Hide, a new TLS oracle protocol for TLS 1.3. We operate in the multi-server setting, previously explored in the DiStefano protocol by Celi et al., in which the client additionally wishes to hide the identity of the server they are communicating with among a set of N publicly known servers. We leverage new features of TLS 1.3 in surprising ways to yield performance and security benefits, resulting in a protocol that is both faster and more private than previous work. Additionally, we are the first TLS oracle protocol to be compatible with post-quantum secure TLS key agreement and certificates. Our implementation, which builds on top of the Garble-then-Prove framework of Xie et al., scales to N=100 servers in less than 3 seconds of end-to-end time in a WAN setting—only 3.5x the latency of a regular TLS 1.3 interaction.
This is joint work with Dan Roche at the U.S. Naval Academy and Mayank Varia at Boston University. A preprint is available.
2:05 p.m. – 2:35 p.m.
Coffee Break
2:35 p.m. – 2:55 p.m.
Speaker: Mirza Kamrul Bashar Shuhan (George Mason University)
Title: Oblivious Signaling
Abstract: An anonymous messaging service has to solve a basic routing problem: a server must deliver an encrypted message to its recipient without learning who the recipient is. Broadcasting all ciphertexts would hide the destination, but it forces every recipient to constantly scan for new messages. Oblivious Message Retrieval (OMR; CRYPTO '22) tackles this by using an untrusted server and fully homomorphic encryption (FHE) to scan on a recipient's behalf without learning which messages match. Despite follow-up optimizations, retrieval still requires substantial homomorphic work on the server in order to keep recipients up to date with incoming traffic.
We introduce Oblivious Signaling, which shifts this cost from reading to sending. The server maintains a small encrypted inbox for each recipient. When a sender submits a message, the server applies the same homomorphic update to every inbox: the intended inbox absorbs the message, and the rest remain unchanged at the plaintext level. The update is uniform and can be parallelized across inboxes. Recipients retrieve by fetching and decrypting their inbox, so checking for new messages is independent of the total system volume.
We formalize receiver privacy against an untrusted server, even when it colludes with other users, give a concrete construction based on fully homomorphic encryption, and analyze the resulting "digital postage" trade-off: delivery is expensive, but checking is cheap. Our prototype identifies practical regimes in which this cost-model shift is preferable to scan-based retrieval, even with highly optimized OMR implementations. This cost model is well-suited to settings where recipients check frequently, and messages arrive sporadically, and it naturally discourages high-volume spam.
2:55 p.m. – 3:15 p.m.
Speaker: Christian Paquin (Microsoft)
Title: Doxxing-proof authentic digital media: trust the asset, protect the source
Abstract: We can't trust the images and videos we see online anymore. Recent generative AI improvements support the creation and modification of convincing digital media in quasi real time. We live in an era where these fakes are routinely shared online to influence public opinion, even by elected officials themselves!
Fortunately, technologies exist to embed cryptographic signatures and watermarks in these digital assets, proving their origin. The C2PA specification has been adopted by many technology providers (e.g., Microsoft, Google, Adobe, Meta, and OpenAI), camera manufacturers (e.g., Sony, Canon, Leica), and news media organizations (e.g., BBC, CBC/Radio-Canada, AFP). Major deployments have started in 2025 and will accelerate in 2026.
In high-risk contexts (conflict zones, protests, corruption reporting) creators might be reluctant to share certified images and videos for fear of retribution. Is there a way to reconcile the need for authenticated assets and the privacy of their creators? The answer is yes!
In this talk, we'll explore cryptographic options to provide privacy to those who capture and share digital assets, enabling anonymous yet verifiable content. We'll present an open-source prototype that augments the C2PA specification by using blind signatures and zero-knowledge proofs to hide the signer's identity. These technologies offer the best of both worlds: enabling the public, reporters, and whistleblowers to share sensitive authentic digital media with strong privacy protections.
3:15 p.m. – 3:35 p.m.
Speaker: Paul Syverson (U.S. Naval Research Laboratory)
Title: ATmospheric Onions: Decentralizing Trust in Identity
Abstract: Multiple approaches have been implemented for identities associating meaningful identifiers, such as domain names, with self-certifying identifiers. While these offer some advantages from each kind of identifier, the identifier association itself is subject to blocking, hijack, fingerprinting, and other forms of surveillance and manipulation. So too are the resources associated with an identity comprising a meaningful identifier and a self-certifying identifier. I will describe ongoing work on two such approaches to self-certifying meaningful identity (SCMI): associating a registered domain name with an onion address (onion association) and associating an atproto handle with a DID PLC. I will describe both the application of existing means of secure onion association to atproto identities and the combination of both approaches in a single identity. Finally, I will describe grounding identity association and integrity in contextual trust, wherein trusting attestations of identity relies on contextual relevance of an attestor to the identity rather than relying only on structural authority, for example as embodied in the traditional centralized infrastructure.
3:35 p.m. – 4:05 p.m.
Coffee Break
4:05 p.m. – 4:25 p.m.
Speaker: Zhambyl Shaikhanov (University of Maryland) [paper]
Title: Spoofing Eavesdroppers with Audio Misinformation
Abstract: Wireless eavesdropping on phone conversations has become a major security and safety concern, especially with advancements toward 5G and beyond, featuring higher frequencies and higher sensing resolution. As demonstrated recently, attackers can remotely detect even micron-scale acoustic vibrations emanating from a smartphone's earpiece via off-the-shelf millimeter-wave radar for audio information eavesdropping, all without the victim ever noticing. In this work, we present a new architecture, MiSINFO, that not only thwarts such attacks but also enables the victim to counter-attack by spoofing eavesdroppers with audio misinformation. With emerging attacks targeting the physical medium, i.e., acoustic signals, which cannot be protected by digital encryption and are the weakest segment of the communication chain, MiSINFO aims to systematically modify the eavesdroppers' fundamental sensing observations, concealing native signals while encoding alternate synthetic data. We design, implement, and experimentally evaluate MiSINFO, and our results reveal that eavesdroppers detect none of the original words emitted by the speaker, while the injected misinformation is reconstructed with a low average word error rate of 2.29%. This work represents the first such eavesdropping countermeasure that not only prevents attackers from accurately decoding the true signal but also uses a false signal to fool them into believing that they have succeeded. This approach transforms defensive measures from merely reactive to proactively deceptive, giving the defender an advantage and the capability to delude attackers into trusting false information. See more in the paper and the webpage.
4:25 p.m. – 4:45 p.m.
Speaker: Suruchi Walker and Erin Osterman (University of Maryland)
Title: Towards Indistinguishable VoIP-based Protocol Obfuscation
Abstract: Protocol obfuscation seeks to make one (censored) protocol appear to be another. A classic form of protocol obfuscation tunnels data in VoIP voice channels, but this was shown to be highly distinguishable from benign traffic. Modern VoIP applications use constant bit rate (CBR) to better preserve privacy, but we show that even CBR traffic can be distinguishable. Specifically, we show that FreeWave-style modem encoding of data is still easily detectable, and one can even distinguish AI- from human-generated voice based only on packet size analysis.
We apply these observations to create PoTTS (Protocol Obfuscation with Text-To-Speech), an obfuscation technique that takes as input arbitrary byte streams, converts them to English words, then uses common generative AI text-to-speech tools to produce spoken word audio files. We will discuss the steps that PoTTS takes to construct audio that, when transmitted over Discord, is far less distinguishable than prior audio-based obfuscation efforts.
4:45 p.m. – 4:50 p.m.
Closing Remarks
Aaron Johnson (U.S. Naval Research Laboratory)
4:50 p.m. – 5:00 p.m.
Discussions and Networking
Driving: We recommend parking in the lot/garage of "The Varsity" apartments (Baltimore Ave.), which should be both cheaper and a closer walk than using official campus visitor parking. Estimated cost is $2 per hour. Watch the time because they will ticket you quickly if your time expires. Also watch the signs so you park in the visitor and not resident section. There are campus visitor lots available—see this parking page for more information. Metro: The nearest metro station is College Park on the Green line. It is about a 1-mile walk from the station to the Iribe Center, or you can use the UM shuttle, which runs every 10–20 minutes (no fare or UMD ID required). See the schedule for that shuttle (the 104) here. Its closest stop to the Iribe Center is the Glenn L. Martin wind tunnel. Wi-Fi: You can connect via eduroam if you have an eduroam account. Otherwise, you can sign up for a 24-hour pass to the umd-guest wireless network.
