Put the latest on top
- Security Engineering third edition (Chapter 8: Economics)
- Security Engineering third edition (Chapter 22: Phones)
- Security Engineering third edition (Chapter 4: Protocols)
- Security Engineering third edition (Chapter 2: Who is the opponent)
- Security Engineering third edition (Chapter 1: What's security engineering)
- IEEE S&P 2021 (session 9-13)
- 1) A Decentralized and Encrypted National Gun Registry; 2) Epochal Signatures for Deniable Group Chats; 3) The EMV Standard: Break, Fix, Verify; 4) SoK: Security and Privacy in the Age of Commercial Drones; 5) Breaking the Specification: PDF Certification; 6) BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures
- IEEE S&P 2021 (session 5-8)
- 1) On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols; 2) Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient; 3) Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More); 4) SoK: Computer-Aided Cryptography; 5) Lightweight Techniques for Private Heavy Hitters
- IEEE S&P 2021 (session 1-4)
- Papers read: 1) merkle^2: A Low-Latency Transparency Log System; 2) High-Frequency Trading on Decentralized On-Chain Exchanges; 3) Is Private Learning Possible with Instance Encoding? 4) Using Selective Memoization to DefeatRegular Expression Denial of Service (ReDoS); 5) Doing good by fighting fraud: Ethical anti-fraud systems for mobile payments
- RWC'20 (YouTube)
- Papers read: 1) Protocols for Checking Compromised Credentials; 2) too much crypto; 3) Challenges and Cryptographic Solutions with Payment-Channel Networks; 4) Are Certificate Thumbprints Unique?; 5) First chosen prefix collision on SHA 1; 6) Dragonblood: Analyzing the DragonflyHandshake of WPA3 and EAP-pwd
- Papers read: 1) use direct anonymous attestation for mobile phone authentication; 2) privacy-preserving query of breached passwords; 3) detect money laundering by using MPC; 4) decetralized oracles for TLS; 5) IETF MLS standard; 6) symmetric key based threshold encryption; 7) attacking Moscow Internet voting system.
- IEEE S&P'20 (session 7-9)
- Highlights: 1) fault injection attack against SGX; 2) automatically verifying Ethereum smart contracts; 3) analyzing the maritime wireless communication; 4) extracting data from cars for privacy analysis; 5) covert channel attacks against FPGA through power supply unit; 6) attack on SDN
- IEEE S&P'20 (session 4-6)
- Highlights: 1) transparent ZKP (no trusted setup); 2) user study on ballot marking devices; 3) uncovering hidden inputs in apps; 4) stealth partitioning attack; 5) light client for transaction verification on mobile phones; 6) analysis of Style/Swiss e-voting
- IEEE S&P'20 (session 1-3)
- Highlights: 1) Bluetooth impersonation attacks; 2) de-anonymization attacks against Bluetooth; 3) network cache attacks; 4) auto-detection of bystanders; 5) analysis of 4 and 6-digit PINs for smartphones
- Highlights: 1) 2FA based on trust zone; 2) 2-party set operation with DP; 3) detecting malicious DNS behavior; 4) biometric backdoor by manipulating template updates.
- Highlights: 1) breaking Bridgefy (private group messaging); 2) abuse of Covid notification to influence US election; 3) attack threshold wallet; 4) automatically patching code for power leakage; 5) analyze Yubico protocol (W3C).
- Highlights: detecting malicious extension by analyzing updates; safely truncating MAC by keeping a state in continuous authentication; IoT pairing helped by a smartwatch (proposed an encoding scheme for fuzzy commitment; is it secure?); analyzing phone messages from fake base stations; hardened password storage by using a rate-limiting third party and secret sharing; DNS cache attack based on divide-and-conquer, hence 2 x 2^16 instead of 2^32.
- CCS'19 (session 10)
- Highlights: dynamic proactive secret sharing; 7-year review of Let's Encrypt; two-party PSI; domain-impersonation in TLS; verifiable secret sharing with share recovery
- CCS'19 (session 9)
- Highlights: apply adversarial ML to defeat Ad blocker; SPHINCS+ post-quantum signature; Geneva censorship evasion strategy
- CCS'19 (session 8)
- CCS'19 (session 7)
- Highlights: attack on BLE "just work" pairing based on fingerprinting UUID; 2/3 honest-majority for malicious adversaries; new ZKP to prevent substitution of public keys in (PKI-based) E2E messaging; applying double-spending-tracing in e-cash to the credential system.
- CCS'19 (session 6)
- Highlights: the use of hand vibration for authentication (Velody); a method to distinguish spoofed voice generated by speakers; reducing the linear O(n) complexity for verifying the certificate transparency proofs; a "probabilistic" method to test if a password is in a compromised dataset; a protocol to check if a username/password is within a compromised database.
- CCS'19 (session 5)
- Highlights: the flaw of Linux control group permission; the flaw in AMD software (backward) update; the use of n-shot learning for website fingerprinting (learning more with less data); fingerprinting a computing device based on hardware discrepancies in the CPU (use LibXtract to extract features automatically)
- CCS'19 (session 4)
- Highlights: a method to reduce collateral (amount on hold in the payment channel); a method (Erlay) to improve broadcast efficiency of bitcoin transactions; combining power adjustment with mining attack; three-party MPC (symmetric key based)
- CCS'19 (session 3)
- Highlights: post-quantum privacy for blockchain based on lattice; hot/code wallets for bitcoin; formal tools to verify the correctness of Helios code (no error found, so the verifier is right?)
- CCS'19 (session 2)
- Highlights: side-channel attack to extract ECDSA from TrustZone; info leakage for database search based on the frequency; traceback for E2E encryption based on using the message as the key; compromise router to amplify cryptojacking; feeding noise to prevent adversarial ML; testing PCI DSS compliance (good presentations).
- CCS'19 (session 1)
- IEEE TIFS: Vol 15, No 1, 2020
- IEEE S&P 2019: accepted papers
Previous reading sessions