In my course on Privacy Enhancing Technologies, students rated how interesting they found a paper. Here are the top 5, with quotes from the students:

https://twitter.com/nikitab/status/991799657771749376

The failure of users to follow security advice has often been noted. They chose weak passwords, ignore security warnings, and are oblivious to certificates. It is often suggested that users are hopelessly lazy and unmotivated on security questions. We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. As with many activities, online crime generates direct losses and externalities. The advice offers to shield them from the direct costs of attacks, but burdens them with the indirect costs, or externalities. Since the direct costs are generally small relative to the indirect ones, they reject this bargain. We examine three areas of user education: password rules, phishing site identification, and SSL certificates. In each we find that the advice is complex and growing, but the benefit is largely speculative or moot. In the cases where we can estimate benefit, it emerges that the burden of following the security advice is actually greater than the direct losses caused by the attack.

• https://www.microsoft.com/en-us/research/publication/so-long-and-no-thanks-for-the-externalities-the-rational-rejection-of-security-advice-by-users/
• https://www.nspw.org/2009/proceedings/2009/nspw2009-herley.pdf

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent specific known exploits based on Spectre through software patches.

https://spectreattack.com/spectre.pdf

https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43438.pdf

GW

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This applies both to personal computers as well as cloud infrastructure. Luckily, there are software patches against Meltdown.

https://meltdownattack.com/meltdown.pdf

—Properly benchmarking a system is a difficult and intricate task. Unfortunately, even a seemingly innocuous bench-marking mistake can compromise the guarantees provided by a given systems security defense and also put its reproducibility and comparability at risk. This threat is particularly insidious as it is generally not a result of malice and can easily go undetected by both authors and reviewers. Moreover, as modern defenses often trade off security for performance in an attempt to find an ideal design point in the performance-security space, the damage caused by benchmarking mistakes is increasingly worrisome. To analyze the magnitude of the phenomenon, we identify a set of 22 " benchmarking crimes " that threaten the validity of systems security evaluations and perform a survey of 50 defense papers published in top venues. To ensure the validity of our results, we perform the complete survey twice, with two independent readers. We find only a very small number of disagreements between readers, showing that our assessment of benchmarking crimes is highly reproducible. We show that benchmarking crimes are widespread even in papers published at tier-1 venues. We find that tier-1 papers commit an average of five benchmarking crimes and we find only a single paper in our sample that committed no benchmarking crimes. Moreover, we find that the scale of the problem is constant over time, suggesting that the community is not yet addressing it despite the problem being now more relevant than ever. This threatens the scientific process, which relies on reproducibility and comparability to ensure that published research advances the state of the art. We hope to raise awareness of these issues and provide recommendations to improve benchmarking quality and safeguard the scientific process in our community.

https://arxiv.org/pdf/1801.02381.pdf

was man so auf einer USENIX Workshop on Offensive Technologies conf findet:

https://www.usenix.org/conference/woot18/presentation/engelbertz

How to play ANY mental game
or
A Completeness Theorem for Protocols with Honest Majority

https://dl.acm.org/citation.cfm?id=28420

Authors

• O. Goldreich --> Dept. of Computer Sc. Technion Haifa, Israel
• S. Micali --> Lab. for Computer Sc. MIT Cambridge, MA
• A. Wigderson --> Inst. of Math. and CS, Hebrew University, Jerusalem, Israel

Abstract

We present a polynomial-time algorithm that, given as input the description of a game with incomplete information and any number of players, produces a protocol for playing the game that leaks no partial information, provided the majority of the players is honest.

Our algorithm automatically solves all the multi-party protocol problems addressed in complexity-based cryptography during the last 10 years. It actually is a completeness theorem for the class of distributed protocols with honest majority. Such completeness theorem is optimal in the sense that, if the majority of the players is not honest, some protocol problems have no efficient solution.

Published

STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Pages 218-229

It covers typical flaws of cryptographic protocols while not going into the nitty-gritty details.

RL

Secure Indexes

• Author: Eu-Jin Goh ([email protected])
• Links: https://ia.cr/2003/216 / https://crypto.stanford.edu/~eujin/papers/secureindex/
• Abstract: [1]
• PDF: [0]

KW

[0] https://eprint.iacr.org/2003/216.pdf
[1]
A secure index is a data structure that allows a querier with a ``trapdoor''
for a word x to test in O(1) time only if the index contains x; The index
reveals no information about its contents without valid trapdoors, and
trapdoors can only be generated with a secret key. Secure indexes are
a natural extension of the problem of constructing data structures with
privacy guarantees such as those provided by oblivious and history
independent data structures. In this paper, we formally define a secure
index and formulate a security model for indexes known as semantic
security against adaptive chosen keyword attack (IND-CKA). We also
develop an efficient IND-CKA secure index construction called Z-IDX
using pseudo-random functions and Bloom filters, and show how to use
Z-IDX to implement searches on encrypted data. This search scheme is
the most efficient encrypted data search scheme currently known; It
provides O(1) search time per document, and handles compressed data,
variable length words, and boolean and certain regular expression queries.
The techniques developed in this paper can also be used to build encrypted
searchable audit logs, private database query schemes, accumulated
hashing schemes, and secure set membership tests.

RL, SM, GW

• ISO Guide: https://www.iso.org/publication/PUB100335.html
• (old) Guide: https://web.archive.org/web/20100119211257/http://www.amazon.com/gp/richpub/syltguides/fullview/1OL709EFLT7Y0
• (funny) Recommendations: https://www.robweir.com/blog/2006/12/how-to-write-standard-if-you-must.html

by Omkant Pandey (UCLA), Rafael Pass (Cornell), and Vinod Vaikuntanathan (MIT)
at Crypto 2008

Keywords

• Cryptographic Assumptions
• Non-malleable Commitment
• Non-malleable Zero-knowledge

Abstract

We introduce new and general complexity theoretic hard-
ness assumptions. These assumptions abstract out concrete properties of
a random oracle and are significantly stronger than traditional crypto-
graphic hardness assumptions; however, assuming their validity we can
resolve a number of long-standing open problems in cryptography.

Headlines

1. Introduction
   a. Adaptive Hardness Assumptions
   b. Our Results
2. New Assumptions and Definitions
   a. Adaptive One-Way Functions
   b. Adaptive Pseudorandom Generator
   c. Adaptively Secure Commitment Schemes
3. Non-malleable Commitment Schemes
4. Four-round Non-malleable Zero-knowledge
   a. An Adaptively Secure WI Proof of Knowledge
   b. The Non-malleable Zero-Knowledge Argument System
5. CCA-2 Secure Encryption Scheme

Links

• IACR: https://www.iacr.org/cryptodb/data/paper.php?pubkey=23887
  • DOI
• Springer: https://rd.springer.com/content/pdf/10.1007%2F978-3-540-85174-5_4.pdf
• Cornell University: https://www.cs.cornell.edu/~rafael/papers/adaptiveowf.pdf

by Ken Thompson

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

http://vxer.org/lib/pdf/Reflections%20on%20Trusting%20Trust.pdf