Reading sessions
Put the latest on top
2024-12-13
- CHERI: Hardware-Enabled C/C++ Memory Protection at Scale " from IEEE Security & Privacy, 2024 https://ieeexplore.ieee.org/document/10568212Link opens in a new window
- "Synthetic ID Card Image Generation for Improving Presentation Attack Detection" from TIFS'23Link opens in a new window
2024-11-24
- "An overview of decentralized autonomous organizations on the blockchain" from OpenSym '20: Proceedings of the 16th International Symposium on Open CollaborationLink opens in a new window
- "Biometrics-Based Authenticated Key Exchange With Multi-Factor Fuzzy Extractor" from TIFS'24 https://ieeexplore.ieee.org/document/10695102Link opens in a new window
- "Circumferential Local Ternary Pattern: New and Efficient Feature Descriptors for Anti-Counterfeiting Pattern Identification" from TIFS'22. https://ieeexplore.ieee.org/document/9721025Link opens in a new window
- "Belenios: A simple private and verifiable electronic voting system" from Foundations of Security, Protocols, and Equational Reasoning 2019
2024-11-01
- More Simplicity for Trainers, More Opportunity for Attackers: Black-Box Attacks on Speaker Recognition Systems by Inferring Feature Extractor (usenix'24)
https://www.usenix.org/system/files/usenixsecurity24-ge-attacks.pdfLink opens in a new window - ZeroFake: Zero-Shot Detection of Fake Images Generated and Edited by Text-to-Image Generation Models” from ACM Conference on Computer and Communications Security (CCS'24). https://publications.cispa.de/articles/conference_contribution/ZeroFake_Zero-Shot_Detec[…]_by_Text-to-Image_Generation_Models/27134142?file=49502790Link opens in a new window
- PipeZK: Accelerating Zero-Knowledge Proof with a Pipelined Architecture", 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
https://ieeexplore.ieee.org/document/9499783Link opens in a new window - DAO voting mechanism resistant to whale and collusion problems" from Frontiers in Blockchain '24 https://www.frontiersin.org/journals/blockchain/articles/10.3389/fbloc.2024.1405516/fullLink opens in a new window
- ElectAnon: A Blockchain-based, Anonymous, Robust and Scalable Ranked-choice Voting Protocol (DLT'23)
2024-10-18
- NeutronNova: Folding everything that reduces to zero-check (ePrint 2024) https://eprint.iacr.org/2024/1606Link opens in a new window
- PLUME: An ECDSA Nullifier Scheme for Unique Pseudonymity within Zero Knowledge Proofs (IACR e-Print 2022) https://eprint.iacr.org/2022/1255Link opens in a new window
- Why Do Competitive Markets Converge to First-Price Auctions? (ACM WWW 2020)
https://dl.acm.org/doi/10.1145/3366423.3380142Link opens in a new window
2024-08-22
- A Succinct Range Proof for Polynomial-based Vector Commitment (CCS'24)
- SOAP: A Social Authentication Protocol (USENIX security'24)
- SoK: Attacks on DAOs (Arxiv, 2024)
- Waveform Boundary Detection for Partially Spoofed Audio (ICASSP'23)
- DeVoS: Deniable Yet Verifiable Vote Updating (PETS'24)
2024-08-09
- Non-interactive Zero-Knowledge Arguments for Voting (ACNS'05)
- Analyzing Voting Power in Decentralized Governance: Who controls DAOs? (Journal Blockchain: Research and Applications '24)
- Securing Liveness Detection for Voice Authentication via Pop Noises (TDSC'23)
2024-06-28
- Dual-decoder-based Robust Audio Watermarking Against Desynchronization and Replay Attacks (TIFS'24)
- Bulletproofs++: Next Generation Confidential Transactions via Reciprocal Set Membership Arguments (EUROCRYPT'24)
- Unveiling Vulnerabilities in DAO: A Comprehensive Security Analysis and Protective Framework (Blockchain'23)
- Optimal and Near-Optimal Mechanism Design with Interdependent Values (EC'13)
2024-06-14
- HyperNova: Recursive arguments for customizable constraint systems (CRYPTO'24)
- Lossless Data Hiding in NTRU Cryptosystem by Polynomial Encoding and Modulation (IEEE TIFS'24)
- No Transaction Fees? No Problem! Achieving Fairness in Transaction Fee Mechanism Design (AAMS'24)
- Investigating Voter Perceptions of Printed Physical Audit Trails for Online Voting (IEEE S&P'24)
2024-05-17
- Nova: Recursive Zero-Knowledge Arguments from Folding Schemes (CRYPTO'22)
- Insight into voting in DAOs: conceptual analysis and a proposal for evaluation framework (IEEE Network'24)
- Masked Relation Learning for DeepFake Detection (IEEE TIFS'23)
- Transaction Fee Mechanism Design with Active Block Producers (Arxiv)
- Injection Attacks Against End-to-End Encrypted Applications (IEEE S&P'24)
2024-05-03
- Protostar: Generic Efficient Accumulation/Folding for Special-sound Protocols" (ASIACRYPT'23)
- DeAR: A Deep-learning-based Audio Re-recording Resilient Watermarking (AAAI'23)
- Price Manipulability in First-Price Auctions (WWW'22)
- Faster coercion-resistant e-voting by encrypted sorting (EVOTE-ID'23)
- SAVER: SNARK-compatible Verifiable Encryption (FC'24)
2024-04-05
- Unlocking the lookup singularity with Lasso (EUROCRYPT'24)
- Blockchain Price vs. Quantity Controls (FC'24)
- TI2Net: Temporal Identity Inconsistency Network for Deepfake Detection (WACV'23)
- Thwarting Last-Minute Voter Coercion (IEEE S&P'24)
2024-02-23
- Black-Box Dataset Ownership Verification via Backdoor Watermarking (TIFS'22)
- LegoSNARK: Modular Design and Composition of Succinct Zero-Knowledge Proofs (CCS'19)
- Scan, Shuffle, Rescan: Two-Prover Election Audits With Untrusted Scanners (FC'24)
- Sphinx-in-the-Head: Group Signatures from Symmetric Primitives (ACM TOPS'24)
- One-shot signatures and applications to hybrid quantum/classical authentication (Presentation slides by MD)
2024-01-26
- Domain Generalization via Aggregation and Separation for Audio Deepfake Detection" (TIFS'24)
- Evaluating the Security Posture of Real-World FIDO2 Deployments (CCS'23)
- Demystifying DeFi MEV Activities in Flashbots Bundle (CCS'23)
- Sigma Protocols from Verifiable Secret Sharing and Their Applications (ASIACRYPT'23)
2024-01-12
- ECLIPSE: Enhanced Compiling Method for Pedersen-Committed zkSNARK Engines (PKC'22)
- AntiFake: Using Adversarial Audio to Prevent Unauthorized Speech Synthesis (CCS'23)
- Ou: Automating the Parallelization of Zero-Knowledge Protocols (CCS'23)
- Why I Can’t Authenticate — Understanding the Low Adoption of Authentication Ceremonies with Autoethnography (CHI'23)
2023-08-11
- Estimating Approximate Incentive Compatibility (ACM EC'19)
- Coercion-Resistant Cast-as-Intended Verifiability for Computationally Limited Voters (VOTING'23)
- Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance (Euro S&P'23)
2023-07-28
- Short Paper: Privacy Preserving Decentralized Netting (DeFi'22 workshop from FC'22)
- Private Internet Voting on Untrusted Voting Devices (VOTING'23 workshop from FC'23)
- Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings (USENIX Security'23)
- FIDO2 the Rescue? Platform vs. Roaming Authentication on Smartphones (Chi'23)
2023-07-14
- Decentralized Privacy-Preserving Netting Protocol on Blockchain for Payment Systems [FC'20]
2023-06-30
- Deepfake CAPTCHA: A Method for Preventing Fake Calls [ASIACCS'23]
- Lattice Signature with Efficient Protocols, Application to Anonymous Credentials [CRYPTO'23]
2023-03-24
- How to take over kindle with an e-book [Other venues]
- Puncturable Signature: A Generic Construction and Instantiations [ESORICS'22]
2023-03-10
- Combating Robocalls with Phone Virtual Assistant Mediated Interaction - [USENIX Security'23]
- VoteXX : A Solution to Improper Influence in Voter-Verifiable Elections [E-vote-ID'22]
2023-02-10
- Groove: Flexible Metadata-Private Messaging - [USENIX OSDI'22]
- IoT goes nuclear: creating a Zigbee chain reaction [IEEE S&P'17]
- Device Fingerprinting with Peripheral Timestamps [IEEE S&P'22]
-
Modern EMV and NFC cardholder verification issues The Cryptogram Confusion Attack [Other venues]
- Constructing and Deconstructing Intentional Weaknesses in Symmetric Ciphers [CRYPTO'22]
2023-01-27
2023-01-20
- ESORICS'22
- Reviews on hackMD
2023-01-13
- ESORICS'22
- Reviews on hackMD
- USENIX'23
- Reviews on hackMD
2023-01-6
- ESORICS'22
- Reviews on hackMD
2022-07-29
- ASIACCS'22 (2nd day)
- Cellular Security: Why is it Difficult?
- RecIPE: Revisiting the Evaluation of Memory Error Defenses
- Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3
- DPaSE: Distributed Password-Authenticated Symmetric-Key Encryption, or How to Get Many Keys from One Password
2022-07-15
- ASIACCS'22 (1st day)
2022-05-22
- EuroS&P'22
- WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch
- HyperLogLog: Exponentially Bad in Adversarial Settings
- SIERRA: Ranking Anomalous Activities in Enterprise Networks
- aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA
- SoK: Privacy-Preserving Computing in the Blockchain Era
2022-05-06
- CCS'21 (any day):
- This Sneaky Piggy Went to the Android AD Market.
- Wireless Charging Power Side-Channel Attacks
- With a Little Help from My Friends: Constructing Practical Anonymous Credentials
- United We Stand: Collaborative Detection and Mitigation of Amplification DDoS Attacks at Scale
2022-04-08
- CCS'21 (day 3)
2022-03-25
- CCS'21 (day 2)
2022-03-11
- CCS'21 (day 1)
2022-02-25
- FC'22:
- What Peer Announcements Tell Us About the Size of the Bitcoin P2P Network;
- India's "Aadhaar" Biometric ID: Structure, Security, and Vulnerabilities;
- ABSNFT: Securitization and Repurchase Scheme for Non-Fungible Tokens Based on Game Theoretical Analysis;
- A Centrality Analysis of the Lightning Network;
- Analysis and Probing of Parallel Channels in the Lightning Network
2022-01-28
2022-01-14
2021-12-17
- Cryptocurrency and De-Fi
2021-12-03
- Cryptocurrency and De-Fi
2021-11-19
- Cryptocurrency and De-Fi
2021-08-27
- Security Engineering third edition (Chapter 8: Economics)
2021-08-13
- Security Engineering third edition (Chapter 22: Phones)
2021-07-30
- Security Engineering third edition (Chapter 4: Protocols)
2021-07-16
- Security Engineering third edition (Chapter 2: Who is the opponent)
2021-07-02
- Security Engineering third edition (Chapter 1: What's security engineering)
2021-06-18
- IEEE S&P 2021 (session 9-13)
- 1) A Decentralized and Encrypted National Gun Registry; 2) Epochal Signatures for Deniable Group Chats; 3) The EMV Standard: Break, Fix, Verify; 4) SoK: Security and Privacy in the Age of Commercial Drones; 5) Breaking the Specification: PDF Certification; 6) BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures
2021-05-28
- IEEE S&P 2021 (session 5-8)
- 1) On the Just-In-Time Discovery of Profit-Generating Transactions in DeFi Protocols; 2) Cross-Domain Access Control Encryption -- Arbitrary-policy, Constant-size, Efficient; 3) Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More); 4) SoK: Computer-Aided Cryptography; 5) Lightweight Techniques for Private Heavy Hitters
2021-05-07
- IEEE S&P 2021 (session 1-4)
- Papers read: 1) merkle^2: A Low-Latency Transparency Log System; 2) High-Frequency Trading on Decentralized On-Chain Exchanges; 3) Is Private Learning Possible with Instance Encoding? 4) Using Selective Memoization to DefeatRegular Expression Denial of Service (ReDoS); 5) Doing good by fighting fraud: Ethical anti-fraud systems for mobile payments
2021-04-16
- RWC'20 (YouTube)
- Papers read: 1) Protocols for Checking Compromised Credentials; 2) too much crypto; 3) Challenges and Cryptographic Solutions with Payment-Channel Networks; 4) Are Certificate Thumbprints Unique?; 5) First chosen prefix collision on SHA 1; 6) Dragonblood: Analyzing the DragonflyHandshake of WPA3 and EAP-pwd
2021-03-26
- RWC'20
- Papers read: 1) use direct anonymous attestation for mobile phone authentication; 2) privacy-preserving query of breached passwords; 3) detect money laundering by using MPC; 4) decetralized oracles for TLS; 5) IETF MLS standard; 6) symmetric key based threshold encryption; 7) attacking Moscow Internet voting system.
2021-03-05
- IEEE S&P'20 (session 7-9)
- Highlights: 1) fault injection attack against SGX; 2) automatically verifying Ethereum smart contracts; 3) analyzing the maritime wireless communication; 4) extracting data from cars for privacy analysis; 5) covert channel attacks against FPGA through power supply unit; 6) attack on SDN
2021-02-26
- IEEE S&P'20 (session 4-6)
- Highlights: 1) transparent ZKP (no trusted setup); 2) user study on ballot marking devices; 3) uncovering hidden inputs in apps; 4) stealth partitioning attack; 5) light client for transaction verification on mobile phones; 6) analysis of Style/Swiss e-voting
2021-02-19
- IEEE S&P'20 (session 1-3)
- Highlights: 1) Bluetooth impersonation attacks; 2) de-anonymization attacks against Bluetooth; 3) network cache attacks; 4) auto-detection of bystanders; 5) analysis of 4 and 6-digit PINs for smartphones
2021-02-05
- EuroS&P'20
- Highlights: 1) 2FA based on trust zone; 2) 2-party set operation with DP; 3) detecting malicious DNS behavior; 4) biometric backdoor by manipulating template updates.
2021-01-22
- RWC'21
- Highlights: 1) breaking Bridgefy (private group messaging); 2) abuse of Covid notification to influence US election; 3) attack threshold wallet; 4) automatically patching code for power leakage; 5) analysing Yubico protocol (W3C).
2020-12-11
- CCS'20
- Highlights: detecting malicious extension by analyzing updates; safely truncating MAC by keeping a state in continuous authentication; IoT pairing helped by a smartwatch (proposed an encoding scheme for fuzzy commitment; is it secure?); analyzing phone messages from fake base stations; hardened password storage by using a rate-limiting third party and secret sharing; DNS cache attack based on divide-and-conquer, hence 2 x 2^16 instead of 2^32.
2020-06-19
- CCS'19 (session 10)
- Highlights: dynamic proactive secret sharing; 7-year review of Let's Encrypt; two-party PSI; domain-impersonation in TLS; verifiable secret sharing with share recovery
2020-06-05
- CCS'19 (session 9)
- Highlights: apply adversarial ML to defeat Ad blocker; SPHINCS+ post-quantum signature; Geneva censorship evasion strategy
2020-05-22
- CCS'19 (session 8)
- Highlights: active attacks against zcash and subliminal channels; transforming malicious Javascript into benign undetectable forms; new ZKP (zkay) for smart contracts; graph-based detection of insiders in an enterprise; automated analysis of PHP (Malmax); cache-based DoS attacks
2020-05-15
- CCS'19 (session 7)
- Highlights: attack on BLE "just work" pairing based on fingerprinting UUID; 2/3 honest-majority for malicious adversaries; new ZKP to prevent substitution of public keys in (PKI-based) E2E messaging; applying double-spending-tracing in e-cash to the credential system.
2020-05-01
- CCS'19 (session 6)
- Highlights: the use of hand vibration for authentication (Velody); a method to distinguish spoofed voice generated by speakers; reducing the linear O(n) complexity for verifying the certificate transparency proofs; a "probabilistic" method to test if a password is in a compromised dataset; a protocol to check if a username/password is within a compromised database.
2020-04-24
- CCS'19 (session 5)
- Highlights: the flaw of Linux control group permission; the flaw in AMD software (backward) update; the use of n-shot learning for website fingerprinting (learning more with less data); fingerprinting a computing device based on hardware discrepancies in the CPU (use LibXtract to extract features automatically)
2020-04-17
- CCS'19 (session 4)
- Highlights: a method to reduce collateral (amount on hold in the payment channel); a method (Erlay) to improve broadcast efficiency of bitcoin transactions; combining power adjustment with mining attack; three-party MPC (symmetric key based)
2020-03-13
- CCS'19 (session 3)
- Highlights: post-quantum privacy for blockchain based on lattice; hot/code wallets for bitcoin; formal tools to verify the correctness of Helios code (no error found, so the verifier is right?)
2020-02-28
- CCS'19 (session 2)
- Highlights: side-channel attack to extract ECDSA from TrustZone; info leakage for database search based on the frequency; traceback for E2E encryption based on using the message as the key; compromise router to amplify cryptojacking; feeding noise to prevent adversarial ML; testing PCI DSS compliance (good presentations).
2020-02-21
- CCS'19 (session 1)
2019-10-6
2019-09-13
- IEEE TIFS: Vol 15, No 1, 2020
2019-09-06
- IEEE S&P 2019: accepted papers