Abstracts
From research to commercialization in NYC
Peter Bell (HackNY)
You've got a great idea, but how do you go from an interesting
concept to a successful business? In this talk we'll look at how to
think about creating a new business and some of the resources
available in New York for building a successful technology business.
Bait and Snitch: Using Deception to Defend Computer Systems
Jon Vorris (Columbia University)
No matter how well protected computer systems are, the presence of human induced
factors such as programming bugs, configuration errors, and insider activity
leaves them potentially vulnerable to attack. This presentation discusses how
deception based techniques can be applied to secure computational resources
despite these issues. The overall idea behind this approach is to seed a system
with "decoy" data that appears authentic but is in fact spurious. This content
serves as a behavioral sensor that can be monitored in order to detect malicious
activity. Security solutions based on decoy material are particularly appealing
because they can detect attacks that are beyond the scope of traditional
security measures. Further, they can be used both proactively and as a last line
of defense when all other measures have been exhausted. This talk will present
recent work on improving and expanding the functionality of decoys.
Candidate Multilinear Maps from Ideal Lattices
Shai Halevi (IBM)
Abstract: We describe plausible lattice-based constructions with
properties that approximate the sought-after multilinear maps in
hard-discrete-logarithm groups, and show an example application of such
multilinear maps that can be realized using our approximation. The
security of our constructions relies on seemingly hard problems in
ideal lattices, which can be viewed as extensions of the assumed
hardness of the NTRU function.
Adaptive Defenses for Commodity Software through Virtual Application Partitioning
Georgios Portokalidis (Stevens Institute of Technology)
Applications can be logically separated to parts that face different types of
threats, or suffer dissimilar exposure to a particular threat because of
external events or innate properties of the software. Based on this observation,
we propose the virtual partitioning of applications that will allow the
selective and targeted application of those protection mechanisms that are most
needed on each partition, or manage an application's attack surface by
protecting the most exposed partition. We demonstrate the value of our scheme by
introducing a methodology to automatically partition software, based on the
intrinsic property of user authentication. Our approach is able to automatically
determine the point where users authenticate, without access to source code.
At runtime, we employ a monitor that utilizes the
identified authentication points, as well as events like accessing specific
files, to partition execution and adapt defenses by switching between
protection mechanisms of varied intensity, such as dynamic taint analysis and
instruction-set randomization. We evaluate our approach using seven well-known
network applications, including the MySQL database server. Our results indicate
that our methodology can accurately discover authentication points.
Remote Data Integrity Checking with Server-side Repair
Bo Chen (NJIT)
Remote Data integrity Checking (RDC) allows clients to efficiently check
the integrity of data stored at untrusted servers. This allows data owners
to assess the risk of outsourcing data in the untrusted third parity,
making RDC a valuable tool for data auditing. Distributed storage systems
store data redundantly at multiple servers which are geographically spread
throughout the world. This basic approach would be sufficient in handling
server failure due to natural faults, because when one server fails, data
from healthy servers can be used to restore the desired redundancy level.
However, in a setting where servers are untrusted and can behave
maliciously, data redundancy must be used in tandem with RDC to ensure that
the redundancy level of the storage systems is maintained over time.
All previous RDC schemes for distributed systems impose a heavy burden on
the data owner (client) during data maintenance: To repair data at a faulty
server, the data owner needs to first download a large amount of data,
re-generate the data to be stored at a new server, and then upload this
data at a new healthy server. We propose RDC-SR, a novel RDC scheme for
replication-based distributed storage systems. RDC-SR enables Server-side
Repair (thus taking advantage of the premium connections available between
a CSP's data centers) and places a minimal load on the data owner who only
has to act as a repair coordinator. Our prototype for RDC-SR built on
Amazon AWS validates the practicality of this new approach.
Differentially Private Modeling of Human Mobility at Metropolitan Scales
Rebecca Wright (Rutgers University)
Models of human mobility have wide applicability in fields such as
infrastructure and resource planning, analysis of infectious disease
dynamics, and ecology. The abundance of spatio-temporal data from
cellular telephone networks affords opportunities to construct such
models, but there are privacy concerns about the release and wider use
of such models. In response to such privacy concerns, our work seeks
to to adapt the WHERE approach for modeling human mobility in
metropolitan areas [Isaacman et al., MobiSys 2012] to be
differentially private. Differential privacy [Dwork et al., TCC 2006]
is a notion of privacy that, through a mathematical requirement on the
results of interactions with data, captures the intuition that a
database provides privacy if an individual?s risk of being identified
is almost the same whether or not they are in the database. This is a
strong notion of privacy that makes no assumptions about the power or
background knowledge of a potential adversary.
Starting with Call Detail Records (CDRs) from a cellular telephone
network that have gone through a straightforward anonymization
procedure, WHERE produces synthetic CDRs for a synthetic population.
WHERE has been experimentally validated against billions of location
samples for hundreds of thousands of cell phones in the New York and
Los Angeles metropolitan areas. This talk will describe our work in
progress to ensure that the resulting synthetic CDRs are provably
private by modifying WHERE to be differentially private. The aim is to
enable the creation and possible release of synthetic CDRs that
capture the mobility patterns of real metropolitan populations while
preserving individual privacy.
Profiling High-School Students: How Online Privacy Laws Can Actually Increase Minors' Risk
Keith Ross (NYU-Poly)
Lawmakers, children's advocacy groups and modern society at large recognize
the importance of protecting the Internet privacy of minors (under 18 years
of age). Online Social Networks, in particular, take precautions to prevent
third parties from using their services to discover and profile minors.
These precautions include banning young children from joining, not listing
minors when searching for users by high school or city, and displaying only
minimal information in registered minors' public profiles, no matter how
they configure their privacy settings.
In this paper we show how an attacker, with modest measurement and
computational resources, and employing data mining heuristics, can
circumvent these precautions to discover and profile most of the high school
students in a targeted geographical area (e.g., a medium-sized city). In
particular, using Facebook and for a given target high school, we construct
an attack that finds most of the students in the school, and for each
discovered student infers a profile that includes significantly more
information than is available in a registered minor's public profile. An
attacker could use such profiles for many nefarious purposes, including
selling the profiles to data brokers, large-scale automated spear-phishing
attacks on minors, as well as physical safety attacks such as stalking,
kidnapping and arranging meetings for sexual abuse.
Ironically, the Children's Online Privacy Protection Act (COPPA), a law
designed to protect the privacy of children, indirectly facilitates the
attack. In order to bypass restrictions put in place due to the COPPA law,
some children lie about their ages when registering, which not only
increases the exposure for themselves but also for their non-lying friends.
Our analysis strongly suggests there would be significantly less potential
for privacy leakage to third parties in a world without the COPPA law.
How to verifiably and privately outsource computation
Nishanth Chandran (AT&T Security Research Center)
Cloud computation enables users with computationally weak devices to outsource
their computation to a server (aka the cloud). The recent widespread use of
cloud computation services provided by several companies has led cryptographers
to focus on the security aspects of outsourcing computation. In particular,
there have been a number of proposals for verifiable computation that allow a
weak client to obtain the correct outcome of a computation, without revealing
anything about the client's inputs to the server. However, all proposed
solutions are highly inefficient in practice, due to their reliance on fully
homomorphic encryption. We show how to overcome the drawbacks of these schemes
by working in a model where the client outsources his computation to multiple
servers.
Broadcast Steganography
Nelly Fazio (CCNY, CUNY)
We initiate the study of broadcast steganography (BS), an extension of
steganography to the multi-recipient setting. BS enables a sender to communicate
covertly with a dynamically designated set of receivers, so that the recipients
recover the original content, while unauthorized users and outsiders remain
_unaware_ of the covert communication. One of our main technical contributions
is the introduction of a new variant of anonymous broadcast steganography that
we term _anonymous identity-based encryption with pseudorandom ciphertexts_
(oABE$). Our oABE$ construction achieves sublinear ciphertext size and is secure
in the standard model. Besides being of interest in its own right, oABE$ enables
an efficient construction of BS secure in the standard model against adaptive
adversaries that also features sublinear ciphertexts.