Tag: Security
-
A Brief History of Multi-Perspective Issuance Corroboration
“Multi-Perspective Issuance Corroboration” (or “MPIC”) is currently under discussion as an industry-wide standard by the CA/Browser Forum Server Certificate Working Group, and possibly by other Forum Working Groups in the future (i.e., the S/MIME Working Group). This is a promising idea that aims to mitigate the risk of equally-specific Border Gateway Protocol (BGP) attacks by…
-
Security Analysis of the Dominion ImageCast X
Today, the Federal District Court for the Northern District of Georgia permitted the public release of Security Analysis of Georgia’s ImageCast X Ballot Marking Devices, a 96-page report that describes numerous security problems affecting Dominion voting equipment used in Georgia and other states.
-
The anomaly of cheap complexity
Why are our computer systems so complex and so insecure? For years I’ve been trying to explain my understanding of this question. Here’s one explanation–which happens to be in the context of voting computers, but it’s a general phenomenon about all our computers: There are many layers between the application software that implements an electoral…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks (2)
By Chong Xiang and Prateek Mittal In our previous post, we discussed adversarial patch attacks and presented our first defense algorithm PatchGuard. The PatchGuard framework (small receptive field + secure aggregation) has become the most popular defense strategy over the past year, subsuming a long list of defense instances (Clipped BagNet, De-randomized Smoothing, BagCert, Randomized…
-
Toward Trustworthy Machine Learning: An Example in Defending against Adversarial Patch Attacks
By Chong Xiang and Prateek Mittal Thanks to the stunning advancement of Machine Learning (ML) technologies, ML models are increasingly being used in critical societal contexts — such as in the courtroom, where judges look to ML models to determine whether a defendant is a flight risk, and in autonomous driving, where driverless vehicles are…
-
Most top websites are not following best practices in their password policies
By Kevin Lee, Sten Sjöberg, and Arvind Narayanan Compromised passwords have consistently been the number one cause of data breaches by far, yet passwords remain the most common means of authentication on the web. To help, the information security research community has established best practices for helping users create stronger passwords. These include: Block weak…
-
A Multi-pronged Strategy for Securing Internet Routing
By Henry Birge-Lee, Nick Feamster, Mihir Kshirsagar, Prateek Mittal, Jennifer Rexford The Federal Communications Commission (FCC) is conducting an inquiry into how it can help protect against security vulnerabilities in the internet routing infrastructure. A number of large communication companies have weighed in on the approach the FCC should take. CITP’s Tech Policy Clinic convened…
-
CITP Case Study on Regulating Facial Recognition Technology in Canada
Canada, like many jurisdictions in the United States, is grappling with the growing usage of facial recognition technology in the private and public sectors. This technology is being deployed at a rapid pace in airports, retail stores, social media platforms, and by law enforcement – with little oversight from the government. To help address this…