- Speaker: Yang Zhang
- Title: ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models
- Abstract: Machine learning (ML) has become a core component of many real-world applications
and training data is a key factor that drives current progress.
This huge success has led Internet companies to deploy machine learning as a service (MLaaS).
Recently, the first membership inference attack has shown that
extraction of information on the training set is possible in such MLaaS settings,
which has severe security and privacy implications.
However, the early demonstrations of the feasibility of such attacks have many assumptions on the adversary,
such as using multiple so-called shadow models, knowledge of the target model structure,
and having a dataset from the same distribution as the target model's training data.
In this talk, I will present our newest results on relaxing all these key assumptions,
thereby showing that such attacks are very broadly applicable at low cost and thereby pose a more severe risk than previously thought.
We present the most comprehensive study so far on this emerging and developing threat
using eight diverse datasets which show the viability of the proposed attacks across domains.
In addition, we propose the first effective defense mechanisms against such broader class of membership inference attacks
that maintain a high level of utility of the ML model.
- Speaker: Semen Yurkov
- Title: From Affine Varieties to Cox Rings: Understanding Algebraic Geometry
- Abstract: In this talk we will overview the field of algebraic geometry. We will start from basic definitions and will gradually develop an understanding of more complex notions such as Cox rings.
- Speaker: Achim D. Brucker
- Title: Analyzing Web Browsers and Browser Extensions: An Example in Combining Applied Research and Formal Verification
- Abstract: Often, formal methods (e.g., verification) and applied research (e.g., empirical research, testing) are understood as competing
approaches. In our experience, this is not true: they are complementing each other.
In this talk, I will motivate - using the example of our ongoing research in the security and correctness of web browser and web browser
extensions - that formal and applied research are complementary and that we need to use both together to build correct, safe, and secure systems.
- Speaker: Marius Lombard-Platet
- Title: Finding duplicates in an unbounded stream of data
- Abstract: Duplicate detection is a core feature of several applications, ranging from web caches to backup systems. Even though several results have been obtained on unbounded filters, in practice we are often limited in memory. We develop a new duplicate filter, based on existing litterature, and discuss about its efficiency on various streams. We will also consider its security properties, as well as its resilience to saturation.
- Speaker: Mirko Koscina
- Title: Blockchain Technology: from Permissionless to Permissioned architecture and the security behind the consensus algorithms
- Abstract: Currently, Blockchain is one of the most popular distributed system, and it is being used for several applications, such as: cryptocurrencies, healthcare transactions, DRM, supply chains, among others. Although, the idea to store the records organized in a chain of blocks is the same in the different blockchain technologies, the security level and computing capacity may vary significantly between them.
In this presentation we will introduce the blockchain technology from the permissionless to the permissioned architecture, covering their transactional models, consensus algorithms and main security characteristics.
Finally, we will introduce some examples of permssioned blockchain as suitable platform for e-voting systems and new cryptocurrencies in circular economies.
- Speaker: Alexis Baudin
- Title: A decomposition-based approach for the full control of Boolean networks
- Abstract: We study the problem of computing a minimal subset of nodes of a given asynchronous Boolean network that needs to be fully controlled to drive its dynamics from any of its steady states (or attractors) to any other. Due to the phenomenon of state-space explosion, a simple global approach that performs computations on the entire network may not scale well for large networks. We develop a decomposition-based solution to the minimal full control problem. We apply our solution to both real-life biological networks and randomly generated network, demonstrating promising results.
- Speaker: Jeroen van de Graaf
- Title: A publicly verifiable protocol for random number generation
- Abstract: Chance plays an essential role in many decision procedures such as lotteries, draws etc. As such procedures are moving on-line, several web services offering randomness have appeared over the last few years. NIST's randomness beacon, which publishes a sequence of 64 random bits every minute, unfortunately lacks transparency: the beacon does not eliminate the possibility of an insider attack who knows the outcomes beforehand.
We propose an improvement of NIST's beacon which is publicly verifiable and fully transparent: any outsider who did not witness the bit generation in person but has internet access can convince himself that the beacon acted honestly, provided he can be sure that fresh, independent random bits were contributed to the seed value. Our proposal is based on a novel cryptographic assumption proposed by Lenstra & Wesolowski: the existence of functions that are slow to compute even on the fastest supercomputers.
- Speaker: Yury Zhauniarovich
- Title: Sorting the Garbage: Filtering Out DRDoS Amplification Traffic in ISP Networks
- Abstract: Distributed Reflected Denial of Service (DRDoS) attacks have grown unprecedentedly in the recent years.
The goal of such attacks is to drain victim's bandwidth causing the network service disruption.
Attackers abuse genuine services running some application protocols built over UDP to generate amplified traffic targeting victim networks,
what makes the detection trickier at the victim end.
Internet Service Providers (ISPs) may host hundreds or even thousands of such servers that could become amplifier nodes in DRDoS attacks.
If abused, these can collectively cause large volumes of garbage amplification traffic flowing out of the ISP network.
This wasteful bandwidth consumption costs ISPs money and loss of Quality of Service for their customers.
In this talk, we propose a honeypot-based method to detect DRDoS amplification requests at ISPs in near real-time.
Our detection approach helps to block garbage traffic generated by internal amplifiers and prevents them from being abused.
We developed a prototype of our system as a Software-Defined Network application.
We tested our implementation using real DRDoS data collected from a honeypot deployed in the Internet.
Our evaluation confirms the practicality of our approach and outlines the advantages that could bring the deployment of our system in an ISP network.
- Speaker: Geoffroy Couteau
- Title: Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge
- Abstract: We propose a framework for constructing efficient designated-verifier non-interactive zero-knowledge proofs (DVNIZK) for a wide class of algebraic languages over abelian groups, under standard assumptions. The proofs obtained via our framework are proofs of knowledge, enjoy statistical, and unbounded soundness (the soundness holds even when the prover receives arbitrary feedbacks on previous proofs). Previously, no efficient DVNIZK system satisfying any of those three properties was known. Our framework allows proving arbitrary relations between cryptographic primitives such as Pedersen commitments, ElGamal encryptions, or Paillier encryptions, in an efficient way. For the latter, we further exhibit the first non-interactive zero-knowledge proof system in the standard model that is more efficient than proofs obtained via the Fiat-Shamir transform, with still-meaningful security guarantees and under standard assumptions. Our framework has numerous applications, in particular for the design of efficient privacy-preserving non-interactive authentication.
- Speaker: Mina Sheikhalishahi
- Title: Privacy-preserving collaborative data analysis
- Abstract: Facing the new challenges brought by a continuous evolving Information Technologies (IT) market,
large companies and small-to-medium enterprises found in Information Sharing a valid instrument to improve their key performance indexes.
Sharing data with partners, authorities for data collection and even competitors, may help in inferring additional intelligence through collaborative information analysis.
Such an intelligence could be exploited to improve revenues, prevent loss coming from brand-new potential cyber-threats, or analysis of medical data.
Independently from the final goal, unfortunately information sharing brings issues and drawbacks, which must be addressed.
These issues are mainly related to the information privacy.
Hence, an information analysis framework must also include a set of mechanisms to ensure confidentiality and privacy of shared information.
To address this issue, in this talk, it is assumed that data is distributed between two (or more) parties.
For mutual benefits, the data holders are interested in collaborative data analysis on the whole of their data,
but for privacy concerns they are not willing to share their original data sets.
Different scenarios of the problem are considered and addressed as the following:
1) when data is distributed either horizontally or vertically;
2) when data is planed to be exploited for constructing a clustering algorithm or a classifier ;
3) when different privacy mechanisms, e.g. data anonymization, or secure multi-party computation, are exploited.
In all these scenarios, it is planed to balance the data utility loss and privacy gain.
- Speaker: David Naccache
- Title: Compressed Simulated Annealing: New Algorithms for Optimal Surveillance Camera Placement in Urban Environments
- Abstract: Consider an urban environment that needs to be optimally covered by surveillance cameras. Optimality can be can defined either as the best achievable ratio between space coverage and the number of cameras or as the number of cameras necessary to cover 100%. In both cases, the solution of the problem is a complex optimization problem requiring exhaustive search. The difficulty stems from the fact that, while the problem is sectorwise continuous, at specific points one camera takes over the role of another and a discontinuity appears. This talk describes new algorithms allowing to accelerate simulated annealing algorithms and reach in reasonable time reasonably good results. Intuitively, the idea consists in reducing the problem's "resolution", solving the reduced problem using simulated annealing and then "magnifying" the result in order to find a solution to the noncompressed problem. The talk will present the theory as well as coding simulation results.
- Speaker: Cheng-Te Li
- Title: Tackling the Achilles Heel of Online Streaming Services:
Towards Better Music Recommendation Systemsby User Identification
- Abstract: Nowadays users in online streaming services can consume items, such as movies in Netƒix and music in Spotify and KKBOX. While users tend to pursue unlimited, diverse, and high-quality streaming content, service providers earn the pro€t by charging fees. However, the prices may be too expensive for users to a‚ord. Hence, lots of users may share accounts, instead of individually purchasing premium accounts. To this end, the recommenders embedded in streaming services cannot deliver satisfying recommendation, and user experience is cut down and the pro€t is reduced. In this talk, I will present how to detect shared accounts, identify which users use the same account, and predict the current user of a new session issued by an account. A session-based heterogeneous graph embedding technique is developed to achieve these goals and boost the performance of music recommendationsystems.
- Speaker: Razvan Rosie
- Title: Key-Robustness for Cryptographic Primitives
- Abstract: Robustness is a notion often tacitly assumed while working with encrypted
data. Roughly speaking, it states that a ciphertext cannot be decrypted
under different keys. Initially formalized in a public-key context, it has
been further extended to key-encapsulation mechanisms.
In this talk, we begin by studying the security of symmetric primitives
under the incorrect usage of keys. We formalize simple, yet strong
definitions of key robustness for authenticated-encryption,
message-authentication codes and PRFs. We show standard notions (such as
AE or PRF security) guarantee a basic level of key-robustness under
honestly generated keys, but fail to imply key-robustness under
adversarially generated (or known) keys. We show robust encryption and
MACs compose well through generic composition, and identify robust PRFs as
the main primitive used in building robust schemes. Standard hash
functions are expected to satisfy key-robustness and PRF security, and
hence suffice for practical instantiations. We however provide further
theoretical justifications (in the standard model) by constructing robust
PRFs from (left-and-right) collision-resistant PRGs.
Next, we motivate the importance of establishing similar guarantees for
digital and functional signatures (a signature should not verify under
multiple keys), as well as for functional encryption schemes under
adversarially generated keys. We describe scenarios that can result in
attacks against existing constructions if robustness fails. We show that
there exist simple, generic transformations that convert a scheme into a
functionally equivalent but robust one, preserving in particular the
original scheme’s guarantees.
- Speaker: Richard Clayton
- Title: Booters, Beagles, Blogs, Blackmail and other Badness
- Abstract: This talks presents a number of relatively small pieces of research into cybercrime - not all of which has yet made into published academic papers. For most of the badness I will be showing you live websites and
explaining how and why they exist - and what we currently know about
the criminals that operate them. Much of the underlying data can be made
available from the Cambridge Cybercrime Centre should you wish to extend
this research yourself.
- Speaker: Iraklis Symeonidis
- Title: Analysis and design of privacy-enhancing systems: the case of Facebook and car sharing
- Abstract: The advancement of communication technologies such as the Internet, mobile communications, wireless networks and online platforms has eased the exchange of information between individuals: it has enabled collection of large amounts of personal data to an ever-increasing rate. In this talk we focus on two use cases: the interdependent privacy on Facebook and the privacy issues of car sharing systems. First, I will present a comprehensive analysis and countermeasures of the interdependent privacy problem on Facebook; providers of third-party applications on Facebook exploit the interdependency between users and their friends. Second, I will present the privacy issues on car sharing systems; owing to the massive amounts of personal information, rich information about individuals' everyday lives and habits can be extracted, enabling profiling. Finally, I will present a fully-fledged privacy-enhancing protocol (sketch) for car access provision as a solution design.
- Speaker: David Mestel
- Title: Quantifying information flow in interactive systems
- Abstract: Given a system with which two agents interact, how much information can each obtain about the actions of the other? This is relevant to many situations: for instance, a single processor may host threads belonging to both trusted and untrusted users, especially in `the cloud', and unauthorised communication between threads via cache timing channels was also crucial to the notorious Meltdown and Spectre attacks. It turns out that if the shared system is deterministic then this reduces to a natural combinatorial problem, namely computing the maximum sizes of antichains in certain partially ordered sets. For the case where the shared system is modelled by a finite automaton, solution of this problem yields a nice dichotomy theorem between logarithmic and linear information flow, together with an algorithm for determining which case holds for a particular protocol specification.
- Speaker: Karola Marky
- Title: Investigation of Human Factors in End-to-End Verifiable E-Voting Schemes
- Abstract: E-voting delivers benefits in terms of efficiency and accessibility and is already used in a number of countries.
End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes as well as the election outcome.
Voters are actively involved in end-to-end verifiable e-voting schemes, therefore these schemes have to be tailored according to the voters' needs.
This talk gives an overview on the investigation of human factors in end-to-end verifiable e-voting schemes and resulting challenges.
- Speaker: Boris Skoric
- Title: Quantum security with optical PUFs
- Abstract: The combination of optical PUFs and quantum optics makes it possible to build protocols whose security relies on physical assumptions, e.g. the assumption that it is difficult to losslessly emulate a PUF's behaviour.
QSA (Quantum Secure Authentication) is an example of such a protocol.
Unfortunately, QSA requires a two-way quantum channel.
This talk discusses a new protocol, PUF-Enabled Asymmetric Communication (PEAC), which needs only a one-way channel.
- Speaker: Lara Schmid
- Title: How to model (e-voting) protocols in Tamarin
- Abstract: The Tamarin prover is a tool for the symbolic modeling and analysis of security protocols. It takes as input a protocol model, a specification of the adversary, and a specification of the protocol's desired properties. Tamarin can then be used to automatically check if the protocol fulfills the properties, given that arbitrarily many instances of the protocol's roles are run in parallel with the adversary.
In addition to trace properties, Tamarin can express observational equivalence properties. Such properties express that an adversary cannot distinguish two systems and are especially useful for modeling privacy.
In this talk, we present an introduction to the Tamarin tool and
explain how a protocol specified in traditional Alice&Bob notation can be translated to the Tamarin protocol model. Furthermore, we explain on the example of a simplified e-voting protocol how properties such as privacy and receipt-freeness can be modeled with Tamarin's built in observational equivalence theory.
- Speaker: Tiziano Bianchi
- Title: User Authentication via PRNU-Based Physical Unclonable Functions
- Abstract: Multifactor user authentication systems enhance security by augmenting passwords with the verification of additional pieces of information such as the possession of a particular device. In this work we present an innovative user authentication scheme that verifies the possession of the user's smartphone by uniquely identifying its camera sensor. High-frequency components of the photo-response nonuniformity of the optical sensor are extracted from raw images and used as a weak physical unclonable function. A novel scheme for efficient transmission and server-side verification is also designed based on adaptive random projections and on an innovative fuzzy extractor using polar codes. The security of the system is thoroughly analyzed under different attack scenarios both theoretically and experimentally.
Back to SRM presentations.
For questions and comments contact