Spring 2017

Abstract:

Recent advances in machine learning provide powerful new tools and juicy new targets for data privacy research. I will first show how to use machine learning against systems that partially encrypt data in storage while computing over it. Then, I will turn machine learning against itself, to extract sensitive training data from machine-learning models, including black-box models constructed using Google's and Amazon's "learning-as-a-service" platforms. I will conclude with open research questions at the junction of machine learning and privacy.

Biography:

Vitaly Shmatikov is a Professor of Computer Science at Cornell Tech. Prior to joining Cornell Tech, he worked at the University of Texas at Austin and SRI International. He obtained his Ph.D. in computer science and M.S. in engineering-economic systems from Stanford University.

Shmatikov's research area is security and privacy. He received the PET Award for Outstanding Research in Privacy Enhancing Technologies twice, in 2008 and 2014, and was a runner-up in 2013. His research group won the Best Practical Paper or Best Student Paper Awards at the 2012, 2013, and 2014 IEEE Symposiums on Security and Privacy ("Oakland"), as well as the 2012 NYU-Poly AT&T Best Applied Security Paper Award, NDSS 2013 Best Student Paper Award, and the CCS 2011 Test-of-Time Award. In 2015-16, he served as the program chair of the IEEE Symposium on Security and Privacy ("Oakland").

Abstract:

Additive manufacturing, also known as 3D printing, has been increasingly applied to fabricate highly intellectual-property (IP) sensitive products. However, the related IP protection issues in 3D printers are still largely underexplored. On the other hand, smartphones are equipped with rich onboard sensors and have been applied to pervasive mobile surveillance in many applications. These facts raise one critical question: is it possible that smartphones access the side-channel signals of 3D printer and then hack the IP information? In this talk, we answer this by performing an end-to-end study on exploring smartphone-based side-channel attacks against 3D printers. Specifically, we formulate the problem of the IP side-channel attack in 3D printing. Then, we investigate the possible acoustic and magnetic side-channel attacks using the smartphone built-in sensors. Moreover, we explore a magnetic-enhanced side-channel attack model to accurately deduce the vital directional operations of 3D printer. Experimental results show that by exploiting the side-channel signals collected by smartphones, we can successfully reconstruct the physical prints and their G-code with Mean Tendency Error of 5.87% on regular designs and 9.67% on complex designs, respectively. Our study demonstrates this new and practical smartphone-based side channel attack on compromising IP information during 3D printing.

Biography:

Kui Ren is a professor of Computer Science and Engineering and the director of UbiSeC Lab at State University of New York at Buffalo (UB). He received his PhD degree from Worcester Polytechnic Institute. Kui's current research interest spans Cloud & Outsourcing Security, Wireless & Wearable Systems Security, and Mobile Sensing & Crowdsourcing. His research has been supported by NSF, DoE, AFRL, MSR, and Amazon. He received UB Exceptional Scholar Award for Sustained Achievement in 2016, UB SEAS Senior Researcher of the Year Award in 2015, Sigma Xi/IIT Research Excellence Award in 2012, and NSF CAREER Award in 2011. Kui has published extensively in peer-reviewed journals and conferences and received several Best Paper Awards including IEEE ICNP 2011. According to Google Scholar, his total citation exceeds 16,000, and his h-index is 52. He currently serves as an associate editor for IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Mobile Computing, IEEE Wireless Communications, and IEEE Internet of Things Journal. Kui is a Fellow of IEEE, a Distinguished Lecturer of IEEE, a member of ACM, and a past board member of Internet Privacy Task Force, State of Illinois.

Abstract:

TBA

Biography:

Mr. Scurlock is currently serving as the Chief, Cybersecurity Plans & Coordination (CPC). In this role, he advises Department of Homeland Security (DHS) leadership and facilitates information sharing, policy development, planning synchronization, and coordinated actions across the cybersecurity community (both intra and inter agency). Mr. Scurlock’s group leads and facilitates increased and efficient organizational cooperation between and among the myriad organizations performing their cybersecurity roles to achieve national cybersecurity objectives. His team of Senior Cybersecurity Strategists and Planners leverages DHS intellectual capital to take single and/or multiple agency strategic policy development, planning efforts, and coordinated engagements in order to meld them into collaborative, multiagency on the shelf executable doctrine that exploits the core cybersecurity competencies of all the interagency partners.

Mr. Scurlock formerly served as the Enhance Shared Situational Awareness (ESSA) Lead on behalf of DHS. ESSA was a cross government effort to increase the speed and quality of cyber information sharing among cyber mission partners. The robust collaboration and common understanding created by leveraging the authorities, capabilities, capacity, and accesses of individual cyber partners - coupled with machine-speed information sharing - builds synergy, and both enables and enhances integrated operational action - a series of coordinated activities undertaken by those who have both the capability and authority to take action. ESSA has accelerate progress with emphasis on four focus areas: Creating Knowledge; Facilitating Sharing; Expanding Shared Situational Awareness; and Integrated Planning with an overarching theme of meeting technical and policy challenges of machine-speed information sharing. Whole of government efforts in these focus areas has resulted in machine-speed information sharing programs such as Automated Indicator Sharing (AIS) and Integrated Adaptive Cyber Defense (IACD).

Abstract:

Even most privacy-conscious organizations may benefit from learning from data available to their clients to strengthen security or usability of their offerings. Back in 2014, users of Google Chrome became targets of unwanted software hijacking the browser's settings, such as the startup page or the default search engine. Efforts to estimate the scale of the problem led to development of a privacy-preserving telemetry service, which became the first Internet-scale deployment of differential privacy. We share our experience from 2+ years of operating this service, which is now used for reporting nearly 200 metrics.

Biography:

Ilya Mironov is a Staff Research Scientist in Google working on cryptography and privacy. Before that, he was a member of Microsoft Research Silicon Valley. He has Ph.D. from Stanford in cryptography.