Security and Privacy Research Lab

Recently, Miro Enev traveled to CCS 2011 to present his work with Sidhant Gupta on uncovering the depth of information leakage available on the modern powerline. The paper suggests that it is possible to tell what someone is watching on a TV by collecting a short period of unintentionally generated electromagnetic interference (EMI) from any wall socket in a home (not just the socket connected to the TV). This research was based on in-lab and in-home experiments with 8 TVs ranging in size, technology, and manufacturer, and a dataset of 20 movies plus over-the-air broadcasts. Miro and Sidhant also demonstrated the ability to train a neural network to predict the EMI of a television without need for physical access to the device. Full details in the paper. UW faculty members Shwetak Patel and Tadayoshi Kohno were also involved.

Earlier this year UW CSE security researcher Franzi Roesner released ShareMeNot — a Firefox plugin designed to help users avoid unwanted tracking by third party social media buttons on the Web while still allowing the user to use those buttons when they wish. ShareMeNot handles the Facebook Like button, the Google +1 button, and others.

Last night Franzi presented a poster of her work at the annual UW CSE Industrial Affiliates meeting. The Madrona Venture Group was extremely impressed by Franzi’s work and awarded her the Madrona Prize Runner Up Award. Congratulations Franzi!

UW CSE’s Karl Koscher is headed to Taiwan to give the opening talk at the 6th Workshop on Embedded Systems Security (WESS 2011) along with UCSD PhD student (and UW undergraduate alumnus) Steve Checkoway. Karl and Steve will be presenting their recent research results on automotive computer security, co-authored with UW’s Alexei Czeskis, Franziska Roesner, Shwetak Patel, and Yoshi Kohno and UCSD’s Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. You can read about their research at http://www.autosec.org/faq.html.

Members of the UW Security and Privacy Lab surprised Yoshi with his new, most favorite shirt ever! Thank you Alexei, Franzi, Karl, Miro, and Tammy!

The paper titled deSEO: Combating Search-Result Poisoning was published last week at Usenix Security 2011. It describes how malware and viruses are spread through the poisoning of popular search keywords, and develops tools to help search engines fight the problem.

The paper was authored by John P. John and Arvind Krishnamurthy from UW, in collaboration with researchers at MSR, Silicon Valley.

The UW Security and Privacy Lab is now on Twitter. Follow us at https://twitter.com/#!/uw_cse_seclab.

The UW-UCSD collaborative project on automotive security has just published their second paper entitled “Comprehensive Experimental Analyses of Automotive Attack Surfaces” at Usenix Security 2011. The results in this paper were previously presented before a National Academy of Sciences committee on automotive safety (3.13.2011).

On the UW side, this effort was led by Karl Koscher, Alexei Czeskis, and Franziska Roesner (along with faculty member Yoshi Kohno). On the UCSD side, this effort was led by Stephen Checkoway, Damon McCoy, Brian Kantor, and Danny Anderson (along with faculty members Hovav Shacham and Stefan Savage).

A video of the Usenix Security talk is online here.

In order to look their best at Defcon and Usenix Security, members of the UW CSE Security and Privacy Research Lab equipped themselves with t-shirts displaying the text of the waiver they were required to sign before testing their “analyzed automobile” on the runway at Blaine Airport.

We can confirm that no damage was done by the car at Blaine Airport. We are not so sure about the impact of these t-shirts at Defcon and Usenix Security.

Cory Doctorow at BoingBoing is reporting on Franzi Roesner’s latest project, ShareMeNot. Cory writes: “[ShareMeNot is] a Firefox Add-On that defangs social media buttons like the Facebook ‘Like’ button (and others) so that they don’t transmit any information about your browsing habits to these services until (and unless) you click on them. That means that merely visiting a page with a Like or a Tweet or a +1 button (like this one) doesn’t generate a data-trail for the companies that operate those services, but you still get the benefit of the buttons, that is, if you click them, they still work. Smart.” Also involved are UW CSE faculty members Yoshi Kohno and David Wetherall.

Each year, UW Computer Science and Engineering and Microsoft Research host a Summer Research Institute in Computer Science, bringing together dozens of the world’s top researchers for several days to discuss an important emerging topic.

This year’s UW-MSR Summer Research Institute is taking place July 24-27 at Suncadia Resort, located in the Cascades, ninety minutes southeast of Seattle. The topic is “Security and Privacy for a Consumer, Cloud World.” The goal is to identify new directions for consumer and cloud computing, discuss the challenges for protecting security and privacy in a consumer and cloud computing world, and explore directions for mitigating those challenges. The Institute brings together researchers and practitioners from diverse but relevant areas such as computer security, cryptography, mobile systems, cloud computing, systems and networking, and HCI. The organizers are Yoshi Kohno (UW CSE), David Molnar (MSR), and Helen Wang (MSR).

This is the fifteenth UW-MSR Summer Research Institute. Learn more about this year’s UW-MSR Summer Research Institute here.