Security Lab at the Allen School’s Industry Affiliates Research Day

The Security and Privacy Lab hosted two sessions of research talks at the Allen School’s Industry Affiliates Research Day today. Presentations included:

  • Kiron Lebeck on “Securing Augmented Reality Output”
  • Peter Ney on “Computer Security, Privacy, and DNA Sequencing. Compromising Computers with Synthetic DNA, Privacy Leaks, and More”
  • Camille Cobb on “Privacy in Online Dating”
  • Eric Zeng on “End User Security & Privacy Concerns with Smart Homes”
  • Ivan Evtimov on “Robust Physical-World Attacks on Deep Learning Models”
  • Lucy Simko on “Recognizing and Imitating Programmer Style”
  • Alex Takakuwa on “Moving to New Devices in the FIDO Ecosystem”
  • Peter Ney on “SeaGlass: Enabling City-Wide IMSI-Catcher Detection”

Thanks to all the speakers for the great talks and to all the attendees for joining us!

Rewriting History: Manipulating the Archived Web from the Present

Web archives such as the Internet Archive’s Wayback Machine are used for a variety of important uses today, including citations and evidence in journalism, scientific articles, and legal proceedings. In a new paper, Security Lab PhD alumna Ada Lerner (now an assistant professor at Wellesley College) and Lab co-directors Yoshi Kohno, and Franzi Roesner show how a malicious actor might be able to manipulate what users see when they view archived pages. The image on the right shows a proof-of-concept example in which a 2011 snapshot of a website has been temporarily modified to show 2017 content.

For more details about how these attacks work and how to defend against them, see the Rewriting History project website or read the full conference paper. Dr. Lerner will be presenting this work this week at the ACM Conference on Computer and Communications Security (CCS) 2017.

We disclosed our results to the Wayback Machine before publication, and we are extremely grateful to Mark Graham and his team at the Internet Archive for their prompt and thoughtful responses in taking action to mitigate these attacks! They have already implemented Content-Security Policy headers, which instruct client browsers not to load content from outside the Archive, blocking many vulnerabilities to one of our attacks. Additionally, they launched a new feature, described in this blog post, which shows users of the Archive the relationship of the timestamps of subresources to the snapshot currently being viewed. This information can help expert users better interpret archival snapshots and catch “anachronistic” requests which may result in benign or malicious modifications to the view of a page.

With this paper, we are also releasing Tracking Excavator, a tool for measuring web tracking in the Archive. Tracking Excavator is described in more detail in our paper from USENIX Security 2016.

Kimberly Ruth Awarded WRF Fellowship

Congratulations to Kimberly Ruth on receiving a Washington Research Foundation Fellowship! These fellowships “recognize and support undergraduates who achieve a high level of accomplishment in research, particularly in areas relevant to the development of new technologies.” Since her freshman year, Kimberly has been an undergraduate researcher in the UW CSE Security and Privacy Lab, co-advised by Professors Tadayoshi Kohno and Franziska Roesner. Her current research focus is on the security and privacy implications of emerging augmented reality (AR) technologies. Read the full award citation here — congratulations Kimberly!

Security Lab researchers uncover how online advertising can be used to track individuals

(Cross-posted from Allen School News.)

Map of tracked individual's morning commute route

This map, representing an individual’s morning commute, shows the locations where the research team was able to track the person’s movements through location-based ads.

Online ads may not only be trying to sell you something; they may be selling you out. That’s according to a team of researchers in the Allen School’s Security and Privacy Research Lab, who recently discovered how easy it is for someone with less than honorable intentions to turn online ads into a surveillance tool. They found that, for as little as $1,000, a person or organization could conceivably purchase ads that will enable them to track someone’s location and app use via their mobile phone — gaining access to potentially sensitive personal information about that individual’s dating preferences, health, religious and political affiliation, and more. The team hopes that by sharing its findings publicly, it will raise awareness among online advertisers, mobile service providers, and customers about a potential new cybersecurity threat.

This threat stems from how the existing online advertising ecosystem enables ad purchasers to precisely target consumers based on their geographic location, interests, and browsing history for marketing purposes. The problem, as researchers explained in a UW News release, is that the same infrastructure can be exploited by people and organizations other than advertisers to precisely target individuals in ways that could compromise their privacy and security. According to former Allen School Ph.D. student Paul Vines, lead author on the project, it would be easy for anyone from a foreign agent to a jealous spouse to sign up with an online advertising service and track another individual.

“If you want to make the point that advertising networks should be more concerned with privacy, the boogeyman you usually pull out is that big corporations know so much about you. But people don’t really care about that,” Vines explained in a Wired article about the project. “[T]he potential person using this information isn’t some large corporation motivated by profits and constrained by potential lawsuits. It can be a person with relatively small amounts of money and very different motives.”

As the team discovered, online advertising can deliver fairly detailed information about a person’s behavior. For example, the researchers were able to determine an individual user’s location within a distance of 8 meters based on where their ads were being served. By establishing a grid of hyperlocal ads, the team was able to discern an individual’s daily routine based on where ads were served to the user’s device at various points along the way.

The team refers to this method of information gathering as ADINT, or “advertising intelligence,” reminiscent of well-known intelligence collection tactics such as SIGINT (signals intelligence) and HUMINT (human intelligence). To test the capabilities of ADINT, Vines and his coauthors — Allen School professors Franziska Roesner and Tadayoshi Kohno — purchased a series of ads through a demand-side provider, or DSP, which is an entity that facilitates the purchase and delivery of targeted advertising. They set up their ads to target a mix of 10 actual users and 10 facsimile users with the help of each device’s unique mobile advertising identifier (MAID), which functions as a sort of “whole device” tracking cookie. The team then repurposed the tools designed to deliver relevant ads for commercial purposes to instead collect information on each user’s whereabouts and behavior.

Tadayoshi Kohno, Franziska Roesner, Paul Vines

The ADINT research team, from left: Tadayoshi Kohno, Franziska Roesner, and Paul Vines Dennis Wise/University of Washington

Movement was not the only thing they could track; it turns out that ad purchasers have the ability to learn a lot about a person by viewing what apps they use, including popular dating and fitness-tracking apps. The team’s experiments also revealed that the individual being tracked does not need to actually click on an ad in order for ADINT to work, because purchasers can see where the ad is being served regardless of whether the target interacts with it.

“To be very honest, I was shocked at how effective this was,” said Kohno, who co-directs the Allen School’s Security and Privacy Research Lab with Roesner. “There’s a fundamental tension that as advertisers become more capable of targeting and tracking people to deliver better ads, there’s also the opportunity for adversaries to begin exploiting that additional precision.”

The team surmises that ADINT attacks could be driven by a variety of motives, from criminal intent, to political ideology, to financial profit. According to Roesner, the ease with which the team was able to deploy targeted ads against individuals calls for heightened awareness and vigilance — not just within the computer security community, but on the part of the policy and regulatory communities, as well.

“We are sharing our discoveries so that advertising networks can try to detect and mitigate these types of attacks,” she explained, “and so that there can be a broad public discussion about how we as a society might try to prevent them.”

The team will present its findings at the Association for Computing Machinery’s Workshop on Privacy in the Electronic Society taking place in Dallas, Texas later this month.

To learn more about ADINT, visit the project website here. Read the UW News release here and the Wired feature here, and check out additional coverage by The Verge, Mashable, and Mic.

Franziska Roesner honored with Emerging Leader Award from UT Austin

(Cross-posted from Allen School News.)

Franziska Roesner holding her Emerging Leader AwardAllen School professor and Ph.D. alumna Franziska Roesner, co-director of the Privacy and Security Research Lab, received the 2017 Emerging Leader Award from the College of Natural Sciences at The University of Texas at Austin. Roesner, who earned her bachelor’s degree in 2008 from UT Austin before her arrival at the Allen School as a graduate student, was inducted into the college’s Hall of Honor at a ceremony last night.

Calling Roesner a “formidable force and leader in the world of computer security and privacy,” the college cited her work to identify the privacy risks to children of internet-connected toys, evaluate and address journalists’ security needs, and safeguard the privacy of web users as evidence of her growing leadership in the field. It also highlighted Roesner’s growing reputation as a leading voice on privacy and security related to emerging technologies such as augmented reality and the Internet of Things.

The Emerging Leader Award was created to recognize graduates of the college “who, in deed or action, reflect and recognize the importance of his or her education at The University.” Nominees are evaluated based on their contributions to their profession, recognition by their peers, and demonstrated ability, integrity, and stature. The winners are individuals in whom the faculty, staff, students, and fellow alumni will “take pride in and be inspired by their recognition.”

We certainly are inspired by the many contributions she has made to the field of computer science and to the Allen School community — and as our friends in Austin note, “Roesner has only just begun to make her mark.” This is turning into a banner year for Roesner, who previously earned a TR35 Award and a NSF CAREER Award.

Read the full citation here.

Congratulations, Franzi!

Securing the Fourth Estate: What the Panama Papers and Confidante reveal about journalists’ needs and practices

(Cross-posted from Allen School News.)

Reporters with laptops sitting around boardroom table

Reporters contributing to the Panama Papers investigation meet in Munich, Germany to receive training on ICIJ’s research tools. Photo credit: Kristof Clerix

When the Panama Papers story first broke in April 2016, its explosive revelations of a vast and hidden network of offshore shell companies and financial scandals-in-waiting tied to politicians, corporations, banking institutions, and organized crime represented a victory for good, old-fashioned investigative journalism — with a high tech twist. In addition to provoking international outrage, toppling governments, and instigating audits and investigations in more than 70 countries, the story caught the eye of researchers like Allen School professor Franziska Roesner, who — working with a team of researchers from the University of Washington’s Security and Privacy Research Lab and collaborators at Columbia University and Clemson University — has made a study of the security practices of journalists and developed new solutions tailored to the needs of the Fourth Estate.

While the users of secure systems can notoriously be the weakest link, what Roesner and colleagues found in examining the successful Panama Papers investigation was that the users — in this case, the more than 300 reporters spread across six continents working under the auspices of the International Consortium of Investigative Journalists — were, in fact, a source of strength.

“Success stories in computer security are rare,” noted Roesner. “But we discovered that the journalists involved in the Panama Papers project seem to have achieved their security goals.”

The researchers set out to determine how hundreds of journalists with varying degrees of technical acumen were able to securely collaborate on the year-long investigation, which involved 11.5 million leaked documents from Panama-based law firm Mossack Fonseca that implicated individuals and entities at the highest reaches of power. They relied on a combination of survey data from 118 journalists who participated in the investigation, and in-depth, semi-structured interviews with those who designed and implemented the security systems that facilitated global collaboration while protecting those doing the collaborating. The team presented its findings in their paper, “When the Weakest Link Is Strong: Secure Collaboration in the Case of the Panama Papers,” as part of the 26th USENIX Security Symposium in Vancouver, Canada last month.

Franziska Roesner

Allen School professor Franziska Roesner has made a study of journalists’ security needs and practices

Roesner and her colleagues were surprised to discover the extent to which ICIJ was able to strictly and consistently enforce security requirements such as PGP and two-factor authentication — even among those for whom such tools and practices were new. One of the main reasons the operation was a success, the researchers found, came down to utility.

“We found that the tools developed for the project were highly useful and usable, which motivated journalists to use the secure communication platforms provided by the ICIJ,” explained Susan McGregor, a professor at Columbia Journalism School and a principal investigator, along with Kelly Caine of Clemson University’s School of Computing, on the study.

They also found that journalists were motivated by more than sheer usefulness: their sense of community, and responsibility to that community, spurred them to not only tolerate but to embrace the strict security requirements put in place.

“The project leaders frequently communicated the importance of security and mutual trust,” Roesner noted. “This cultivated a strong sense of shared responsibility for the security of not only themselves, but of their colleagues — they were all in this together, and that was a powerful factor in the success of the operation, from a security standpoint.”

It also helped that the ICIJ walked their talk: if a journalist did not have access to a cellphone that could serve as a second factor, the organization purchased and configured one for them. They also made PGP a default tool and ensured everyone had a PGP key, thus taking the guesswork out of evaluating and selecting appropriate tools for themselves.

ICIJ’s approach helped it to avoid a number of known pitfalls when it comes to journalists’ security. Earlier work by Roesner and her collaborators that examined the security and privacy needs and constraints of journalists as well as those of the media organizations that employ them revealed the inadequacy of current tools, which often impede the gathering of information. The researchers found that this often led journalists to create ad-hoc workarounds that may compromise their own security and the security of their sources.

Armed with the lessons learned from those previous studies, Roesner teamed up with Allen School Ph.D. students Ada Lerner (now a faculty member at Wellesley College) and Eric Zeng, and undergraduate student Mitali Palekar to develop Confidante, a usable encrypted email client for journalists and others who require secure electronic communication that aims to improve on traditional PGP tools like those used in the Panama Papers investigation.

“We built Confidante to explore how we could combine strong security with ease of use and minimal configuration. One of our goals was for it to feel, as much as possible, like using regular email,” explained Lerner.

Ada Lerner, Mitali Palekar, Eric Zeng, and Confidante logo

Confidante team members, clockwise from top left: Ada Lerner, Mitali Palekar, and Eric Zeng

“Building it allowed us to get really specific with journalists in our user study, since it was a prototype they could try out and react to — and that allowed us to ask them about the ways in which it did and didn’t meet their needs,” she continued. “It let us more concretely understand what kind of system might be able to provide journalists with strong protections, including reducing user errors that might inadvertently compromise their security.”

Confidante is built on top of Gmail to send and receive messages and Keybase for automatic public/private key management. In a study of a working prototype involving journalists and lawyers, the team found that Confidante enabled users to complete an encrypted email task more quickly, and with fewer errors, compared to an existing email encryption tool. Compatibility with mobile was another factor that met with users’ approval.

“Every journalist and lawyer involved in our user study regularly reads and responds to email on the go, so any encrypted email solution developed for this group must work on mobile devices,” noted Zeng. “As a standalone email app built with modern web technologies, Confidante meets this need, whereas integrated PGP tools like browser extensions do not.”

Some participants observed that using Confidante, with its automated key management, was not that different from sending regular email — suggesting that Roesner and her colleagues had hit the mark when it comes to balancing user preferences and strong security.

“Tools fail in part when the technical community has built the wrong thing, so it’s important for us as computer security researchers to understand user needs and constraints,” observed Roesner. “What the Panama Papers study and Confidante illustrate is that there are ways to help journalists to do their jobs securely as well as effectively — and this is important not just for these individuals and their sources, but for society at large.”

Read the USENIX Security paper to learn more about computer security and the Panama Papers. Visit the Confidante website to try out the prototype and view the publicly available source code from the Allen School research team.

Franziska Roesner recognized with TR35 Award

(Cross-posted from Allen School News.)

Franziska RoesnerAllen School professor Franziska Roesner has been recognized with a 2017 TR35 Award, MIT Technology Review’s annual celebration of the world’s 35 top innovators under the age of 35. Roesner is honored in the “Inventors” category, recognizing the visionary individuals who are creating the breakthroughs and building the technologies that will shape the future.

Roesner co-directs the Allen School’s Security and Privacy Research Lab, where she analyzes the security and privacy risks of existing and emerging technologies and develops tools to safeguard end users. She is also a member of the University of Washington’s interdisciplinary Tech Policy Lab.

She is the first computer scientist to analyze the risks associated with augmented reality (AR) technologies in order to support the design of systems that mitigate vulnerabilities in these emerging platforms. These technologies are becoming increasingly popular, not only for entertainment but also for assistive purposes, such as heads-up windshield displays in cars. When Roesner began studying them in 2011, products such as Google Glass had not been announced yet and such technologies were still largely in the realm of science fiction. Roesner’s research covers issues associated with both inputs and outputs, from the potentially sensitive sensor data these platforms collect on users in the course of their interactions, to the impact of visual ad content on the safety of users and bystanders. Her impact in AR and virtual reality (VR) extends beyond the lab: her research has made her a go-to source for other researchers, government regulators, and industry leaders on how to counter the privacy, security, and safety risks in order to realize the full potential of these emerging technologies.

Web privacy and security is another area in which Roesner has produced pioneering research that has had a lasting impact on users. In 2011, when web tracking was a nascent concern, she produced the first comprehensive measurement of third-party tracking on the web. More recently, her team studied the evolution of tracking methods over a 20-year period, from 1996 to 2016 using a novel tool called Tracking Excavator. Roesner previously built a new anti-tracking tool, ShareMeNot, whose code was incorporated into the Electronic Frontier Foundation’s PrivacyBadger browser add-on. PrivacyBadger and other add-ons that incorporated ShareMeNot’s ideas are used by millions of people to safeguard their privacy online.

Another user group that has benefitted from Roesner’s user-centric research is journalists and others who rely on secure communication with sources, clients, and colleagues. After hearing stories like how it took reporter Glenn Greenwald months to establish a secure email connection with source Edward Snowden, she collaborated with experts from the journalism community on a study of the computer security needs of journalists and lawyers. Based on those findings, Roesner spearheaded the development of Confidante, a usable encrypted email client that offers the security of traditional encryption technologies without the friction of traditional key management and verification.

“Ideally, we’d like to design and build security and privacy tools that actually work for end users. But to do that, we need to engage with those users, to understand what they need, and not build technology in isolation,” Roesner told UW News.

“As our technologies progress and become even more integral to our lives, the push to consider privacy and security issues will only increase,” she said.

Before joining the UW faculty in 2014, Roesner earned her Ph.D. and Master’s degree from the Allen School working with professor Tadayoshi Kohno, and bachelor’s degrees in computer science and liberal arts from the University of Texas at Austin.

Since 1999, MIT Technology Review has published its annual list of “Innovators Under 35” recognizing exceptional early-career scientists and technologists whose research has the potential to change the world. Past TR35 honorees include Allen School faculty members Shyam Gollakota and Kurtis Heimerl (2014), Jeffrey Heer and Shwetak Patel (2009), and Tadayoshi Kohno (2007), and alumni Kuang Cheng (2014), Noah Snavely (2011), Scott Saponas (2010), Jeffrey Bigham and Adrien Treuille (2009), and Karen Liu and Tapan Parikh (2007).

View Roesner’s TR35 profile here and the full list of 2017 TR35 recipients here.

Congratulations, Franzi!

1 2 3 4 20