• Publications
  • Influence
Crowds: anonymity for Web transactions
TLDR
The design, implementation, security, performance, and scalability of the Crowds system for protecting users' anonymity on the world-wide-web are described and degrees of anonymity as an important tool for describing and proving anonymity properties are introduced.
False data injection attacks against state estimation in electric power grids
TLDR
This article presents and analyzes a new class of attacks, called false data injection attacks, against state estimation in electric power grids, under the assumption that the attacker can access the current power system configuration information and manipulate the measurements of meters at physically protected locations such as substations.
False data injection attacks against state estimation in electric power grids
TLDR
A new class of attacks, called false data injection attacks, against state estimation in electric power grids are presented, showing that an attacker can exploit the configuration of a power system to launch such attacks to successfully introduce arbitrary errors into certain state variables while bypassing existing techniques for bad measurement detection.
Stealing Machine Learning Models via Prediction APIs
TLDR
Simple, efficient attacks are shown that extract target ML models with near-perfect fidelity for popular model classes including logistic regression, neural networks, and decision trees against the online services of BigML and Amazon Machine Learning.
The Design and Analysis of Graphical Passwords
TLDR
This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
Byzantine quorum systems
TLDR
This paper considers the arbitrary (Byzantine) failure of data repositories and presents the first study of quorum system requirements and constructions that ensure data availability and consistency despite these failures, and demonstrates quorum systems over n servers with a load of O(\frac{1}{\sqrt{n}})$, thus meeting the lower bound on load for benignly fault-tolerant quorum Systems.
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition
TLDR
A novel class of attacks is defined: attacks that are physically realizable and inconspicuous, and allow an attacker to evade recognition or impersonate another individual, and a systematic method to automatically generate such attacks is developed through printing a pair of eyeglass frames.
Flicker: an execution infrastructure for tcb minimization
We present Flicker, an infrastructure for executing security-sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful,
HotStuff: BFT Consensus with Linearity and Responsiveness
TLDR
HotStuff is the first partially synchronous BFT replication protocol exhibiting these combined properties, and its simplicity enables it to be further pipelined and simplified into a practical, concise protocol for building large-scale replication services.
Cross-VM side channels and their use to extract private keys
TLDR
This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victims using the most recent version of the libgcrypt cryptographic library.
...
1
2
3
4
5
...