In this talk, I will discuss the problem of privacy-preserving statistical analysis. I will start with an introduction to _differential privacy_, a key framework in this area. Then, I will present _pointwise maximal leakage_ (PML), a privacy measure that I developed during my PhD studies. PML quantifies the amount of information leaking about a secret when releasing the outcome of a randomized function calculated on the secret. I will draw connections between PML and differential privacy while also highlighting their differences. Additionally, I will discuss an application where private information is sanitized while guaranteeing privacy in the sense of PML. Finally, I will explore open questions, current, and future research directions.
Ensuring cyber security often poses particular challenges for Small and Medium-sized Enterprises (SMEs), with constraints in terms of time, skills and resources leading to difficulties in understanding the issues and following good practice. The Cyber Security Communities of Support (CyCOS) project has been further investigating the challenges, with data collected from both SMEs and support providers. The project aims to trial a new community-based approach to support, offering a further channel through which to socialise and demystify cyber security for the SME audience, based upon collaboration between organisations in the same region, sector or supply chain. In this session, Prof. Steven Furnell will discuss the issue of cyber security for SMEs, drawing upon key findings from the work to date from both the SME and provider perspectives. He will also outline the plans for the proposed Communities of Support approach.
Encrypted network traffic, including HTTPS-protected MPEG-DASH video streams, can reveal sensitive information through side-channels. Prior research exposed adaptive bitrate streaming patterns as a vulnerability but lacked large-scale validations under strong network assumptions. This talk, based on a recently accepted paper at USENIX Security 2025 (with Romaric Duvignau), presents a protocol-agnostic system that identifies videos from a dataset of 240k videos covering three entire streaming platforms. Using k-d tree search and time series methods, it achieves 99.5% accuracy, even under VPNs or Wi-Fi eavesdropping. To address the privacy risks, we analyze the vulnerability's root causes, propose mitigations, and provide open-source tools and datasets for the community.
Automation apps enable seamless connection of IoT devices and services to provide useful functionality for end-users. These apps are typically executed on cloud-based Trigger-Action Platforms(TAPs) such as IFTTT and Node-RED, supporting both single- and multi-tenant architectures. These architectures raise security and privacy concerns in the face of cloud attackers and malicious app makers, resulting in massive exfiltration of sensitive user data.
To address these concerns, we design TAPShield, an architecture that uses confidential computing and language-level sandboxing to protect users’ sensitive information against untrustworthy TAPs and malicious apps. TAPShield targets JavaScript-driven TAPs built on the Node.js environment and uses trusted execution environments via Intel SGX to protect against cloud attackers. It further uses language-level sandboxes such as vm2 and SandTrap to protect against malicious apps. We implement TAPShield for two popular TAPs, Node-RED and IFTTT, and report on the security, performance, and compatibility trade-offs on a range of real-world apps.
Privacy-preserving blueprints enable users to create escrows using the auditor's public key. An escrow encrypts the evaluation of a function P(t,x), where t is a secret input used to generate the auditor's key and x is the user's private input to escrow generation. Nothing but P(t,x) is revealed even to a fully corrupted auditor. The original definition and construction (Kohlweiss et al., EUROCRYPT'23) only support the evaluation of functions on an input x provided by a single user.
We address this limitation by introducing updatable privacy-preserving blueprint schemes (UPPB), which enhance the original notion with the ability for multiple parties to non-interactively update the private value x in a blueprint. Moreover, a UPPB scheme allows for verifying that a blueprint is the result of a sequence of valid updates while revealing nothing else.
We present uBlu, an efficient instantiation of UPPB for computing a comparison between private user values and a private threshold t set by the auditor, where the current value x is the cumulative sum of private inputs, which enables applications such as privacy-preserving anti-money laundering and location tracking. Additionally, we show the feasibility of the notion generically for all value update functions and (binary) predicates from FHE and NIZKs.
Our main technical contribution is a technique to keep the size of primary blueprint components independent of the number of updates and reasonable for practical applications. This is achieved by elegantly extending an algebraic NIZK by Couteau and Hartmann (CRYPTO'20) with an update function and making it compatible with our additive updates. This result is of independent interest and may find additional applications thanks to the concise size of our proofs.
The last decade has seen a proliferation of code-reuse attacks in the context of web applications. These attacks target vulnerabilities in which attacker-controlled data exploits legitimate code fragments within the application’s codebase to execute a code chain that performs malicious computations, e.g. Remote Code Execution, on the attacker’s behalf. In this talk, we will discuss how principled large-scale static and dynamic code analysis helps in discovering and exploiting vulnerabilities in high-profile server-side applications and their software supply chain, as well as existing defensive mechanisms.
In this seminar I will present the paper that lies the foundation for the phd position I applied to. Key Transparency Log are an emerging technique to provide a secure and transparent way to manage and distribute cryptographic keys in centralised systems such as WhatsApp and iMessage. This paper (by Brorsson et al) presents a new way to prevent split-view attacks in Key Transparency Logs by leveraging light-weight and scalable cryptographic tools.
In a world where cryptographic constructs are stuck in a race against faster algorithms, we propose a cosmic solution: why not root cryptographic provable delays in the speed of light? This paper introduces Sequential Communication Delay (SCD) in the Universal Composability framework, a functionality models communication channels where data is transmitted fashionably late. With our SCD proofs, we proposed the first constructions of a Verifiable Delay Function and a Publicly Verifiable Time-Lock Puzzle that do not rely on computational assumptions Say goodbye to the worries of computational speed-ups and hello to a time-delay rooted in the cosmos!
The advent of privacy laws and principles such as data minimization and informed consent are supposed to protect citizens from over-collection of personal data. Nevertheless, current processes, mainly through filling forms are still based on practices that lead to over-collection. Indeed, any citizen wishing to apply for a benefit (or service) will transmit all their personal data involved in the evaluation of the eligibility criteria. The resulting problem of over-collection affects millions of individuals, with considerable volumes of information collected. If this problem of compliance concerns both public and private organizations (e.g., social services, banks, insurance companies), it is because it faces non-trivial issues, which hinder the implementation of data minimization by developers. In this paper, we propose a new modeling approach that enables data minimization and informed choices for the users, for any decision problem modeled using classical logic, which covers a wide range of practical cases. Our data minimization solution uses game theoretic notions to explain and quantify the privacy payoff for the user. We show how our algorithms can be applied to practical cases study as a new PET for minimal, fully accurate (all due services must be preserved) and informed data collection. If time permits, we will perform a short demonstration of our prototype system.
Computer systems are increasingly relied upon for a wide range of important tasks, but much of the research on reliability has been restricted to the control systems for safety-critical hardware. For other systems, efforts to assess their effectiveness has been more ad-hoc and of questionable validity, even those relied upon to produce legally admissible evidence. From breathalyzers and forensic software to the infamous Post Office Horizon system, computer bugs can make the difference between someone being imprisoned and going free. This talk will discuss some examples of computer evidence failures risking causing miscarriages of justice, and what can be done to mitigate such risks in the future. In particular, it will motivate the idea that computer systems relied upon for computer evidence should be built with rigorous engineering techniques, but that these techniques are distinct from what are needed for safety-critical systems. When combined with appropriate treatment by the legal system, we can help avoid future miscarriages of justice.