Jefferson's Wheel

Austin DeVinney featured in Radford News

David Evans — Tue, 07 Feb 2012 21:41:01 +0000

Austin DeVinney, who worked with us on GuardRails last summer and presented a poster at USENIX Security Symposium, was featured in Radford's College of Science and Technology newsletter.

Information technology student Austin DeVinney's interest and curiosity has paid off with a summer internship opportunity with cybersecurity expert and Associate Professor of Computer Science at the University of Virginia David Evans.

The full article is here: IT Student Presents Research at Prestigious Conference [PDF].

University of Richmond Talk

David Evans — Tue, 31 Jan 2012 03:47:02 +0000

I gave a talk today at the University of Richmond on secure computation, targeted to a general audience. [Richmond Abstract Page]

Abstract

Two-party secure computation allows two parties to compute a function that depends on inputs from both parties, but reveals nothing except the output of the function. A general solution to this problem have been known since Andrew Yao's pioneering work on garbled circuits in the 1980s, but only recently has it become conceivable to use this approach in real systems. This talk will provide an introduction to secure computation, and describe the work we are doing at UVa to make secure computation efficient and scalable enough to build real applications. The talk assumes no prior background in cryptography, and should be understandable all computing students.

Slides: [PDF] [PPTX]

Computing Cooperatively with People You Don't Trust

For more, see: MightBeEvil.com

Karsten’s GSM Studies

David Evans — Sat, 31 Dec 2011 10:33:06 +0000

The New York Times has a new article about Karsten Nohl’s studies of mobile phone carrier security: Lax Security Exposes Voice Mail to Hacking, Study Says (the title is very misleading, since there is nothing really specific to voice mail here, it is about intercepting actual calls), New York Times, 25 December 2011.

In a study of 31 mobile operators in Europe, Morocco and Thailand, Karsten Nohl, a Berlin hacker and mobile security expert, found that many operators provided poor or weak defenses to protect consumers from illicit surveillance and identity theft.

Mr. Nohl said he was able to hack into mobile conversations and text messages and could impersonate the account identities of cellphone users in 11 countries using an inexpensive, 7-year-old Motorola cellphone and free decryption software available on the Internet. He has tested each mobile operator more than 100 times, he said, and has ranked the quality of their defenses.

…

“This is a major vulnerability in most networks we tested, and the irony is that it costs very little, if nothing, to repair,” Mr. Nohl said. “Often it is just a question of inertia on the part of operators, or they have other priorities, such as building their networks.” …

While the research was limited mostly to Europe, Mr. Nohl, a German citizen who received a doctorate in computer science at the University of Virginia, said the level of security provided by U.S. network operators was on a par with European operators, meaning there was also room for improvement.

In Asia, the Middle East and Latin America, the level of mobile security varies widely and can be much lower. Operators in India and China, Mr. Nohl said, encrypt digital traffic poorly or not at all, either to save on the network’s operating costs or to allow government censors unfettered access to communications.

ICISS Keynote

David Evans — Sat, 31 Dec 2011 09:50:13 +0000

I gave a keynote talk on our secure computation work at the Seventh International Conference on Information Systems Security (ICISS) in Jadavpur University, Kolkata, India. 17 December 2011.

More Photos

Talk Slides: [PPTX] [PDF]

Congratulations to Jiamin and Peter!

David Evans — Wed, 30 Nov 2011 22:41:07 +0000

Jiamin Chen and Peter Chapman have been recognized by the Computing Research Association Outstanding Undergraduate Researchers Award. This is the premier national award for undergraduate researchers in computer science.

Peter was selected as the Runner-Up, and Jiamin Chen was selected as an Honorable Mention.

Congratulations to Jiamin and Peter!

[Added 9 Dec] Here’s the CRA Announcement:

Peter Chapman – Male Runner-Up

Senior at University of Virginia

Peter Chapman is a Senior at the University of Virginia majoring in Computer Science and Cognitive Science.

Computer security and privacy is a critical concern, especially when medical issues are involved. Peter developed a method for automatically searching web applications to find side-channel vulnerabilities in web applications. He applied new statistical tools to better describe these vulnerabilities. In the end, he determined that 88% of queries to Google Health could be recovered by an eavesdropping adversary.

Peter has also worked on secure computation, where parties collaborate on computing a function of two inputs without exposing the inputs to each other. He has proposed novel applications of secure computation in smartphones, and is working on an improved approach to mobile secure computation, relying on the network carrier to provide suitable streams of randomness.

Private Set Intersection

David Evans — Tue, 29 Nov 2011 13:12:46 +0000

Our paper on using generic garbled circuits to perform private set intersection is now available:

Yan Huang, David Evans, and Jonathan Katz. Private Set Intersection: Are Garbled Circuits Better than Custom Protocols?. In 19^th Network and Distributed Security Symposium (NDSS 2012), San Diego, CA. 5-8 February 2012. [PDF, 15 pages]

The paper develops three circuit designs for securely computing the intersection of two sets, where each set is the private input from one protocol participant. We show that for many scenarios, protocols built using only generic garbled circuit secure computation techniques can be competitive with the best custom-designed protocols for private set intersection.

Yan Huang will present the paper at NDSS in San Diego, in February 2012.

Efficient Secure Computation with Garbled Circuits

David Evans — Sat, 19 Nov 2011 20:19:10 +0000

Our paper on Efficient Secure Computation with Garbled Circuits (by Yan Huang, Chih-hao Shen, David Evans, Jonathan Katz, and abhi shelat) is now available (Abstract, Paper [PDF, 21 pages]).

The paper is connected with a keynote talk I will give at the Seventh International Conference on Information Systems Security (ICISS 2011) in Kolkata (previously known as Calcutta), India on 17 December 2011.

Abstract. Secure two-party computation enables applications in which participants compute the output of a function that depends on their private inputs, without revealing those inputs or relying on any trusted third party. In this paper, we show the potential of building privacy-preserving applications using garbled circuits, a generic technique that until recently was believed to be too inefficient to scale to realistic problems. We present a Java-based framework that uses pipelining and circuit-level optimizations to build efficient and scalable privacy-preserving applications. Although the standard garbled circuit protocol assumes a very week, honest-but-curious adversary, techniques are available for converting such protocols to resist stronger adversaries, including fully malicious adversaries. We summarize approaches to producing malicious-resistant secure computations that reduce the costs of transforming a protocol to be secure against stronger adversaries. In addition, we summarize results on ensuring fairness, the property that either both parties receive the result or neither party does. Several open problems remain, but as theory and pragmatism advance, secure computation is approaching the point where it offers practical solutions for a wide variety of important problems.

Steve Huffman Visit

David Evans — Sat, 19 Nov 2011 15:34:06 +0000

Steve Huffman (BSCS 2005), co-founder of Reddit and Hipmunk, visited our lab yesterday. He was here for the Rice Hall Dedication.

SRG with Steve Huffman

Talk on Talks

David Evans — Sat, 12 Nov 2011 14:06:32 +0000

I was invited by the Jefferson-Madison Regional Library to give a talk on talks for their in-service day (November 11). Giving a talk about giving talks is always a somewhat daunting, meta-circular task, but I guess I’ve learned a thing or two about this over the hundreds of talks I’ve given (and apparently what I did for them last year was good enough to get invited to do this).

A summary of the talk is here: Meta Talk: How to Give a Talk So Good You’ll Be Asked to Give Talks About Nothing (including the slides I used as PPTX and PDF).

NYU-Poly AT&T Applied Security Paper Finalist

David Evans — Thu, 27 Oct 2011 20:15:40 +0000

Yan Huang has been selected as a finalist for the NYU-Poly AT&T Best Applied Security Paper Award for the paper, Faster Secure Two-Party Computation Using Garbled Circuits (USENIX Security 2011, co-authored with David Evans, Jonathan Katz, and Lior Malka). The award recognizes the best paper on applied security in any venue between September 1, 2010 and August 31, 2011.

The award will be announced at a ceremony as part of the CSAW Cybersecurity Competition in New York on 11 November.