Put the latest on top
- Highlights: detecting malicious extension by analyzing updates; safely truncating MAC by keeping a state in continuous authentication; IoT pairing helped by a smartwatch (proposed an encoding scheme for fuzzy commitment; is it secure?); analyzing phone messages from fake base stations; hardened password storage by using a rate-limiting third party and secret sharing; DNS cache attack based on divide-and-conquer, hence 2 x 2^16 instead of 2^32.
- CCS'19 (session 10)
- Highlights: dynamic proactive secret sharing; 7-year review of Let's Encrypt; two-party PSI; domain-impersonation in TLS; verifiable secret sharing with share recovery
- CCS'19 (session 9)
- Highlights: apply adversarial ML to defeat Ad blocker; SPHINCS+ post-quantum signature; Geneva censorship evasion strategy
- CCS'19 (session 8)
- CCS'19 (session 7)
- Highlights: attack on BLE "just work" pairing based on fingerprinting UUID; 2/3 honest-majority for malicious adversaries; new ZKP to prevent substitution of public keys in (PKI-based) E2E messaging; applying double-spending-tracing in e-cash to the credential system.
- CCS'19 (session 6)
- Highlights: the use of hand vibration for authentication (Velody); a method to distinguish spoofed voice generated by speakers; reducing the linear O(n) complexity for verifying the certificate transparency proofs; a "probabilistic" method to test if a password is in a compromised dataset; a protocol to check if a username/password is within a compromised database.
- CCS'19 (session 5)
- Highlights: the flaw of Linux control group permission; the flaw in AMD software (backward) update; the use of n-shot learning for website fingerprinting (learning more with less data); fingerprinting a computing device based on hardware discrepancies in the CPU (use LibXtract to extract features automatically)
- CCS'19 (session 4)
- Highlights: a method to reduce collateral (amount on hold in the payment channel); a method (Erlay) to improve broadcast efficiency of bitcoin transactions; combining power adjustment with mining attack; three-party MPC (symmetric key based)
- CCS'19 (session 3)
- Highlights: post-quantum privacy for blockchain based on lattice; hot/code wallets for bitcoin; formal tools to verify the correctness of Helios code (no error found, so the verifier is right?)
- CCS'19 (session 2)
- Highlights: side-channel attack to extract ECDSA from TrustZone; info leakage for database search based on the frequency; traceback for E2E encryption based on using the message as the key; compromise router to amplify cryptojacking; feeding noise to prevent adversarial ML; testing PCI DSS compliance (good presentations).
- CCS'19 (session 1)
- IEEE TIFS: Vol 15, No 1, 2020
- IEEE S&P 2019: accepted papers
Previous reading sessions