Category: Privacy & Security
-
Be wary of one-time pads and other crypto unicorns
Yesterday, a new messaging app called Zendo got some very favorable coverage from Tech Crunch. At the core of their sales pitch is the fact that they use one-time pads for encryption. With a few strong assumptions, namely that the pads are truly random and are only used once, it’s true that this scheme is “unbreakable”…
-
Security flaw in New South Wales puts thousands of online votes at risk
Update April 26: The technical paper is now available Update Mar. 23 1:30 PM AEDT: Our response to the NSWEC’s response New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators…
-
What should we do about re-identification? A precautionary approach to big data privacy
Computer science research on re-identification has repeatedly demonstrated that sensitive information can be inferred even from de-identified data in a wide variety of domains. This has posed a vexing problem for practitioners and policy makers. If the absence of “personally identifying information” cannot be relied on for privacy protection, what are the alternatives? Joanna Huey,…
-
On compromising app developers to go after their users
In a recent article by Scahill and Begley, we learned that the CIA is interested in targeting Apple products. I largely agree with the quote from Steve Bellovin, that “spies gonna spy”, so of course they’re interested in targeting the platform that rides in the pockets of many of their intelligence collection targets. What could…
-
Threshold signatures for Bitcoin wallets are finally here
Today we are pleased to release our paper presenting a new ECDSA threshold signature scheme that is particularly well-suited for securing Bitcoin wallets. We teamed up with cryptographer Rosario Gennaro to build this scheme. Threshold signatures can be thought of as “stealth multi-signatures.”
-
FREAK Attack: The Chickens of ‘90s Crypto Restriction Come Home to Roost
Today researchers disclosed a new security flaw in TLS/SSL, the protocol used to secure web connections. The flaw is significant in itself, but it is also a good example of what can go wrong when government asks to build weaknesses into security systems. Back in the early 1990s, it was illegal to export most products…
-
A clear line between offense and defense
The New York Times, in an editorial today entitled “Arms Control for a Cyberage“, writes, The problem is that unlike conventional weapons, with cyberweapons “there’s no clear line between offense and defense,” as President Obama noted this month in an interview with Re/code, a technology news publication. Defense in cyberwarfare consists of pre-emptively locating the…
-
We can de-anonymize programmers from coding style. What are the implications?
In a recent post, I talked about our paper showing how to identify anonymous programmers from their coding styles. We used a combination of lexical features (e.g., variable name choices), layout features (e.g., spacing), and syntactic features (i.e., grammatical structure of source code) to represent programmers’ coding styles. The previous post focused on the overall…
-
Lenovo Pays For Careless Product Decisions
The discovery last week that Lenovo laptops had been shipping with preinstalled adware that left users wide open to security exploitation triggered a lot of righteous anger in the tech community. David Auerbach at Slate wrote that Lenovo had “betrayed its customers and sold out their security”. Whenever a big company does something so monumentally…
-
Nine awesome Bitcoin projects at Princeton
As promised, here are the final project presentations from the Bitcoin and cryptocurrency technologies class I taught at Princeton. I encouraged students to build something real, rather than toy class projects, and they delivered. I hope you’ll find these presentations interesting and educational, and that you build on the work presented here (I’ve linked to the projects…