Network and Distributed Systems Security Reading Group
This is a reading group which meets at 10:00 every Wednesday during term in SW00 and discusses papers relevant to network and distributed system security.
Participants should sign up to the mailing list. The paper(s) to be read will be announced by the preceeding Friday so that people know what is being read sufficiently in advance that they can read it.
Paper Queue
This is the list of papers in our to read queue in the order we intend to read them
Read papers
A * indicates that the paper was selected as a 'best paper of the term'.
- 2017-10-11 Large-Scale Analysis & Detection of Authentication Cross-Site Request Forgeries by Avinash Sudhodanan, Roberto Carbone, Luca Compagna, Nicolas Dolgin, Alessandro Armando, and Umberto Morelli
- 2017-10-18 How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles by Moritz Contag, Guo Li, Andre Pawlowski, Felix Domke, Kirill Levchenko, Thorsten Holz, and Stefan Savage
- 2017-10-25 The Loopix Anonymity System by Ania Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis
- 2017-11-01 Fast Private Set Intersection from Homomorphic Encryption by Chen Hao, Kim Laine, and Peter Rindal
- 2017-11-08 Exploring ADINT: Using Ad Targeting for Surveillance on a Budget—or—How Alice Can Buy Ads to Track Bob by Vines Paul, Franziska Roesner, and Tadayoshi Kohno
- 2017-11-15 How Unique Is Your .onion? An Analysis of Fingerprintability of Tor Onion Services by Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, and Claudia Diaz
- 2017-11-22 SOK: Consensus in the Age of Blockchains by Shehar Bano, Alberto Sonnino, Mustafa Al-Bassam, Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn, and George Danezis
- 2017-11-29 Certificate Transparency with Privacy by Saba Eskandarian, Eran Messeri, Joseph Bonneau, and Dan Boneh
- 2018-01-17 Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials by Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov et al.
- 2018-01-24 DolphinAttack: Inaudible Voice Commands by Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu
- 2018-01-31 Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments by Carmela Troncoso, Marios Isaakidis, George Danezis, and Harry Halpin
- 2018-02-07 A Large-Scale Empirical Study of Security Patches by Frank Li, and Vern Paxson
- 2018-02-14 A Systematic Analysis of the Juniper Dual EC Incident by Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla, and Hovav Shacham
- 2018-02-21 T/Key: Second-Factor Authentication From Secure Hash Chains by Dmitry Kogan, Nathan Manohar, and Dan Boneh
- 2018-02-28 Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI by Doowon Kim, Bum Jun Kwon, and Tudor Dumitraş
- 2018-03-07 Rewriting History: Changing the Archived Web from the Present by Ada Lerner, Tadayoshi Kohno, and Franziska Roesner.
- 2018-03-14 Hearing Your Voice is Not Enough: An Articulatory Gesture Based Liveness Detection for Voice Authentication by Linghan Zhang, Sheng Tan, and Jie Yang
- 2018-04-25 The Wolf of Name Street: Hijacking Domains Through Their Nameservers by Thomas Vissers, Timothy Barron, Tom Van Goethem, Wouter Joosen, and Nick Nikiforakis
- 2018-05-02 The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas
- 2018-05-09 Automated Crowdturfing Attacks and Defenses in Online Review Systems by Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Haitao Zheng, and Ben Y. Zhao
- 2018-05-16 Another Flip in the Wall of Rowhammer Defenses by Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, and Yuval Yarom
- 2018-05-23 Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels by Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk
- 2018-10-17 Benchmarking Crimes: An Emerging Threat in Systems Security by Erik van der Kouwe, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, and Gernot Heiser
- 2018-10-24 Privacy Risks with Facebook's PII-based Targeting: Auditing a Data Broker’s Advertising Interface by Giridhari Venkatadri, Athanasios Andreou, Yabing Liu, Alan Mislove, Krishna P. Gummadi, Patrick Loiseau, and Oana Goga
- * 2018-10-31 Clock Around the Clock: Time-Based Device Fingerprinting by Iskander Sanchez-Rola, Igor Santos, and Davide Balzarotti
- 2018-11-07 O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web by Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and Jason Polakis
- 2018-11-14 FPGA-Based Remote Power Side-Channel Attacks by Mark Zhao, and G. Edward Suh
- 2018-11-21 Routing Around Congestion: Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing by Jared M. Smith, and Max Schuchard
- 2018-11-28 Fear the Reaper: Characterization and Fast Detection of Card Skimmers by Nolen Scaife, Christian Peeters, and Patrick Traynor
- 2019-01-23 Tap'n Ghost: A Compilation of Novel Attack Techniques against Smartphone Touchscreens by Seita Maruyama, Satohiro Wakabayashi, and Tatsuya Mori
- 2019-01-30 Does Certificate Transparency Break the Web? Measuring Adoption and Error Rate by Emily Stark, Ryan Sleevi, Rijad Muminović, Devon O'Brien, Eran Messeri, Adrienne Porter Felt, Brendan McMillion, and Parisa Tabriz
- 2019-02-13 An Internet-wide view of ICS devices by Ariana Mirian, Zane Ma, David Adrian, Matthew Tischer, Thasphon Chuenchujit, Tim Yardley, Robin Berthier et al.
- 2019-02-20 Intel MPX Explained: An Empirical Study of Intel MPX and Software-based Bounds Checking Approaches by Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer
- 2019-02-27 SANCTUARY: ARMing TrustZone with User-space Enclaves by Ferdinand Brasser, David Gens, Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf
- 2019-03-06 Mobile Sensor Data Anonymization by Mohammad Malekzadeh, Richard G. Clegg, Andrea Cavallaro, and Hamed Haddadi
- 2019-05-01 TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V by Samuel Weiser, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, and Ahmad-Reza Sadeghi
- 2019-05-08 On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees by Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican, and Kevin Milner
- 2019-05-15 Rethinking Access Control and Authentication for the Home Internet of Things (IoT) by Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Dürmuth, Earlence Fernandes, and Blase Ur
- 2019-05-22 Local-first software: You own your data, in spite of the cloud by Martin Kleppmann, Adam Wiggins, Peter van Hardenberg, and Mark McGranaghan. Under submission at Onward! 2019. [html]
- 2019-05-29 Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels by Daniel Genkin, Mihir Pattani, Roei Schuster, and Eran Tromer
- 2019-06-05 SIPHON: Towards Scalable High-Interaction Physical Honeypots by Guarnizo, Juan David, Amit Tambe, Suman Sankar Bhunia, Martín Ochoa, Nils Ole Tippenhauer, Asaf Shabtai, and Yuval Elovici
- 2019-06-12 Blind Certificate Authorities by Wang, Liang, Gilad Asharov, Rafael Pass, Thomas Ristenpart, and Abhi Shelat. IEEE S&P 2019.
- 2019-10-09 Information Exposure for Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach by Jingjing Ren, Daniel J. Dubois, David Choffnes, Anna Maria Mandalari, Roman Kolcun and Hamed Haddadi. IMC 2019.
- 2019-10-16 Skip, Skip, Skip, Accept!!!: A Study on the Usability of Smartphone Manufacturer Provided Default Features and User Privacy by Kopo M. Ramokapane, Anthony C. Mazeli, and Awais Rashid. PoPETs 2019.
- 2019-10-23 Sex, Drugs, and Bitcoin: How Much Illegal Activity Is Financed through Cryptocurrencies? by Sean Foley, Jonathan R Karlsen, Tālis J Putniņš. The Review of Financial Studies.
- 2019-10-30 Challenges in the Decentralised Web: The Mastodon Case by Aravindh Raman, Sagar Joglekar, Emiliano De Cristofaro, Nishanth Sastry, and Gareth Tyson. arXiv preprint.
- 2019-11-06 Practical DIFC Enforcement on Android by Adwait Nadkarni, Benjamin Andow, William Enck, and Somesh Jha. USENIX Security 2016.
- 2019-11-20 Five Years of the Right to be Forgotten by Theo Bertram, Elie Bursztein, Stephanie Caro, et al. CCS 2019.
- 2019-11-27 HotStuff: BFT Consensus with Linearity and Responsiveness by Maofan Yin, Dahlia Malkhi, Michael K. Reiter, Guy Golan Gueta, and Ittai Abraham. PODC 2019.
- 2019-12-04 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System by Joel Reardon, Álvaro Feal, Primal Wijesekera, Amit Elazari Bar On, Narseo Vallina-Rodriguez, and Serge Egelman. USENIX Security 2019.
- 2020-01-22 The Ecosystem is Moving by Moxie Marlinspike. 36c3.
- 2020-01-29 An Empirical Study of Wireless Carrier Authentication for SIM Swaps by Kevin Lee, Ben Kaiser, Jonathan Mayer, and Arvind Narayanan
- 2020-02-05 Actions Speak Louder than Words: Entity-Sensitive Privacy Policy and Data Flow Analysis with PoliCheck by Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. USENIX Security 2020.
- 2020-02-12 Bicycle Attacks Considered Harmful: Quantifying the Damage of Widespread Password Length Leakage by Benjamin Harsha, Robert Morton, Jeremiah Blocki, John Springer, and Melissa Dark. arXiv preprint.
- 2020-05-13 FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic by Thijs van Ede, Riccardo Bortolameotti, Andrea Continella et al. NDSS 2020.
- 2020-05-20 Ask the Experts: What Should Be on an IoT Privacy and Security Label? by Pardis Emami-Naeini, Yuvraj Agarwal, Lorrie Faith Cranor et al. IEEE S&P 2020.
- 2020-05-27 Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework by Celestin Matte, Nataliia Bielova, and Cristiana Santos. IEEE S&P 2020.
- 2020-06-03 A Security Analysis of the Facebook Ad Library by Laura Edelson, Tobias Lauinger, and Damon McCoy. IEEE S&P 2020.
- 2020-06-10 The Price is (Not) Right: Comparing Privacy in Free and Paid Apps by Catherine Han, Irwin Reyes, Álvaro Feal, et al. PETS 2020.
- 2020-06-17 Is FIDO2 the Kingslayer of User Authentication? A Comparative Usability Study of FIDO2 Passwordless Authentication by Sanam Ghorbani Lyastani, Michael Schilling, Michaela Neumayr, Michael Backes, and Sven Bugiel. IEEE S&P 2020.
- 2020-07-22 DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists by Kasr Eadalatnejad, Wouter Lueks, Julien Pierre Martin, Soline Ledésert, Anne L'Hôte, Bruno Thomas, Laurent Girod, and Carmela Troncoso. IEEE S&P 2020.