Link to the paper: https://www.henrycg.com/files/academic/papers/sosp17atom.pdf

Summary

In this paper Kwon et al studies an anonymous message system called Atom which protects against traffic-analysis attacks. The novel development of this form of messaging system is that its capacity scales near-linearly with the number of servers on the network compared to prior methods scaled at a much slower rate. Atom brings together a lot of theory that has been published in prior papers and then puts into practice this theory with a number of work arounds specifically work arounds for the multiparty computation protocols which have been inefficient to deploy on a large scale. The result of atom is that at the time of publication the system is 23x faster than prior systems with similar privacy guarantees.

What I liked:

1. I like the fact that they not only showed the set up behind how something works and not just the theory, but the authors of the study further extrapolated some applications of the technology in a real world setting

2. I like that they were able to figure out a way around multiparty computation protocols (MPCs) which are generally too inefficient to use.

3. They used 1024 amazon servers to run their program and actually test the performance of it prior to publishing this paper - though this probably wouldn't be a real life scenario it’s an extra plus

4. The systems fail safe kicks in with only 2 honest users in a pool full of adversaries which is very good because it prevents a majority of dishonest users from taking over if there are still honest users

5. Two forms of tamper resistance? Both the NIZK proofs and the novel trap message based encryption. The trap message means that if there is a malicious server that edits a message it is a 50% chance that it’s a trap message.

 What I didn’t like:

1. The very start of the atom protocol dictates that volunteer servers are organized into small groups. How are these small groups created? Can they be done in a decentralized manner?

2. There are very strict setting in which atom is effective for anonymity that are spelled out in the report -- they are essentially betting that there is an honest server in each of the server groups which might be reasonable when there are thousands of servers but what if there are only a handful early on.

3. The study used the exact same servers from the exact same place - which doesn't replicate how a network would work if they are all scattered across the world with different bandwidths different server types etc

4. The system is extremely vulnerable when there is a small amount of users - which kinda begs the question why be an early adopter of the technology if it puts you more at risk?

5. A small problem the paper notes is intersection attacks - but on a strong healthy network this should not be a problem - it does how ever kind of build the argument against being an early adopter of this protocol.

Points for further discussion:

1. Why is latency a major problem here? IE is the constraint the number of servers or the latency between the links? The system atom uses can transit 1 million tweets in 30 minutes

2. The study points to an internal example where they rented out amazon servers but how will the system deploy in the real world when each user has different motives in the network?

3. Why should someone be an early adopter of this technology?

4. If we were to stagger different servers with different capabilities would this cut the idle time the paper was referring to by a significant amount? Would we even be able to predict this because the server groups are constantly changing?

5. Is there a way to make an atom network private - so that it is only available to a certain subset of users who all want to stay anonymous? 

New Ideas:

1. In bitcoin early adopters are incentivized to join the network by having the opportunity to cheaply mine new currency when it is easy to - how can Atom convince early adopters to come on board?

2. Is there a way to have a bunch of cheap servers bombard the network in the hope that the servers are put in a group with less than 2 honest users?

3. Can this architecture be used in other decentralized networks to preserve anonymity

4. Explore configuring the trap message so if a message is altered it is a 90% chance or a 99% chance that it is a trap message? Would this lower the amount of messages that could be transmitted on the network?

5. Explore on making the process computationally expensive to scale in order to prevent one person from getting hundreds of cheap servers to attack the network.

Link to the paper: http://cacr.uwaterloo.ca/techreports/2015/cacr2015-02.pdf

Summary:

As kind of a precursor I was really interested in the topic so on top of reading the paper I actually looked up the presentation the team gave at the symposium: SoK: Secure Messaging.

This paper goes through a lot of the personal communication systems out in the world today and tries to dig in to whether or not they deliver on the privacy solutions that a lot of consumers have heard hyped up in a post Snowden world. The point of this paper was to go through and create a rubric of what a good secure private messaging system should have and really look at private messaging systems from a broad standpoint - a little too broad I think for one paper. They specifically look at issues such as security, usability, and ease of adoption through 3 different "orthogonal" lenses: trust establishment, conversation security, and transport privacy.

What I liked:

1. The really good part about this paper is that it doesn't talk about privacy in an abstract way like a lot of other academic papers do - but instead takes a hands on approach which is different from others in the field.

2. The paper hammers in the fact that everyone builds different privacy tools but no one really digs into whether or not these privacy tools really work

3. The data visualization of the different methods and tools in the report.

4. I also liked the fact that the Electronic Frontier Foundation played a role in this paper - I personally consider them to be the gold standard in privacy

5. The Paper considers a wide variety of threat models from 3 different types of adversaries ie local adversaries, global adversaries, and service providers

What I didn’t like:

1. The author of the paper in the video acknowledges how secure messaging features like deniability and transcript consistency still have a lot of work needed before they can be deployed in a group chat setting - Multiparty OTR still lacking - so the paper is trying to evaluate some technology that hasn't really been created yet

2. The paper never really considers how implementation is handled ie if you have a lot of great theoretical methods for keeping secure how do you evaluate the privacy system for failures in implementation

3. I'm not sure how this paper is much more difficult than the EFF secure messaging scorecard, the only major difference that I can see is the addition of end to end encryption in the evaluation system

4. The paper isn't really focused and extremely broad. I would have preferred they stuck to one of the 3 issues they pointed out in the beginning of their paper and really dug into how that can be improved and evaluated all the different schemes from that aspect. I feel like they cover a lot but don't go into enough depth on some of the really interest aspects.

5. I don't think that block chains should necessarily be in the purview of this paper. Public distributed ledgers are the opposite of a private messaging system.

 Points for further discussion:

1. Is it better to have a secure messaging system tailored to a specific use case or a 1 size fit all method standardization?

2. Can this paper be used as a framework for how to evaluate future privacy projects

3. Why hasn't there been a standardization of terms in the cybersecurity world when it comes to secure messaging - the paper keeps needing to define terms about the different features a protocol offers

4. Something that came up in the symposium QandA was the demand for people using End to End encryption. The study cites that a high amount of Americans would like more privacy but how many would trade convenience for that privacy?

5. Why has their not been a prior review of "out in the wild" approaches? 

New Ideas:

1. "ScatterShot" encryption for messaging applications? Essentially each packet of information is randomly sent to servers at a set rate - anyone can intercept these packets. But to read them you need to have a specific private key that has been predetermined by a different scheme. The rate continues until you run out of new messages to relay - at which point we just keep looping through past messages.

2. Study usability in privacy among different populations ie general public vs journalists vs dissidents vs whistleblowers - how complex is too complicated

3. Can hashes of the messages which are published out in the open be used to create transcript finality? IE everytime some message is sent and opened the encrypted message is hashed and published --> then upon decryption we know when it is sent

4. At the end of the symposium presentation the author makes the point that security proofs are not enough and the developers are the ones who make the privacy happen? How can academia which usually focuses on the proofs make more of a focus on developers?

5. Possibly add an early adoption metric - as in how painful or risky is it for the first person to join the network - because of what we learned in atom we saw that as the network gets bigger it usually becomes safer for all users.

Link to the paper: https://isrl.byu.edu/pubs/sp2018.pdf

Summary:

This paper is based on the entire aspect of 2FA authentication specifically the Yubikey which is a usb like piece of hardware which givens an access code when it has its main button pressed. The novelty of this study was the fact that this was the first major study where 2FA was tested among users outside of the enterprise setting. As part of the study the authors had 2 different aspects - the first was the users experience in the initial set up of 2FA. The second was their experience of the Yubikey using it in their personal lives to login into windows 10, google, and facebook. The results of the study should not be taken as one for the entire public as most of the participants of the study were of the younger generation. But the study found the on-boarding process was a little bit too hard for the general user, and some users experienced issues with usability over the course of the study.  

Points to talk about:

1. The study recommends standardizing the on-boarding process for 2FA In order to make it simpler. Which organization, and parties need to create these standards

2. In the process of standardizing on-boarding for 2FA - would this open the consumer up to more attacks if a vulnerability is found in the standard on-boarding process. Would this make the on-boarding process a higher priority for attack by hackers?

3. Why is there a split in current 2FA methods between business and consumers. Businesses use hardware while consumers use SMS more?

4. How does the Yubikey differ from other forms of 2FA? With similar tests, have the results been the same among 2FA methods?

5. How might this study change when the test group is composed of users who already use 2FA? Will they like Yubikey more or is this effect isolated to first time 2FA users?

 What I liked:

1. The fact they had 2 studies one for the actual set up of 2FA and the other for the daily usability gives a more complete picture of the field

2. I liked that they compared the login in times of users with other secure logins ie compared the 2FA with single sign on codes

3. The study went into depth about the very specific issues users ran into when trying to setup their keys on windows and Facebook

4. Why does Google have such a high success rate for 2FA as compared to other platforms? Possibly because they have enterprise companies already using some of their products?

5. Interesting that the consumers found the Yubikey better to use and preferred it over SMS after the set up process

What I didn’t like:

1. There's no indication of what percentage of the user's visit sites with 2FA as an option. Given that we aren't dealing with enterprise level - I think that it might be worthwhile to examine which consumer facing sites offer 2FA

2. The fact the study narrows 2FA only to Facebook, Google and Windows - not as broad as a normal consumer

3. The users they used in this study didn't know anything about 2FA and were only given 5 mins in the study to google any questions they have - I don’t think this would be representative of real life.

4. The average age of the study skewed very young and very male - which isn't really representative of the demographics of most consumers

5. I'm not sure how the study measures SUS (System Usability Scale) accurately in the set up process if the majority of users could not make it through the first 3 steps as the study said. Did they narrow the data set to only the users who were able to set it up correctly?

 New Ideas:

1. The study neglects to answer the background issue of what percentage of the general population is actually interested in 2FA. This is the first study to go outside the enterprise environment, and in the consumer space consumer wants and usability has historically traded off with security.

2. There's no indication of what percentage of the user's visit sites with 2FA as an option. Given that we aren't dealing with enterprise level - I think that it might be worthwhile to examine which consumer facing sites offer 2FA

3. We could look into way's of how to replicate Google's success with setting up 2FA and how to migrate that to other platforms

4. Look into the psychology of security ie I don't see a reason why SMS is less secure and more user intensive that Yubikey but for some reason a good amount of users in the study said they preferred using the physical key.

5.  How might we go about account sharing - possibly 2 different keys that have the same privileges?

Link to the paper: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-becker.pdf

Summary

The study took 100,000 staff and students from a major university and studied the strength of user passwords under a new password scheme. The novelty in the university's scheme was that they would vary the lifetime of the password with its strength. The study through this scheme observed over 200k password resets over the course of 14 months and came up with some interesting insights which didn't exactly line up with what other studies out of CMU had observed. The study found that the stronger passwords were the more likely they were to be reset along with a deficit in password strength among users who forgot their passwords more than once a year.

What I liked:

1. I thought that the following was a very interesting insight "Users who reset their password more than once per year (27% of users) choose passwords with over 10 days fewer lifetime, and while they also respond to the policy, maintain this deficit"

2. The fact that they were using 100,000 enrolled. Users and 200k passwords over 14 months gave the study a really good data set to go off of - they noted they are probably the largest study of this type

3. The study did not alter any of the regular systems of the university. "We were not involved in the design of the policy or the choice of password strength estimator"

4. New users are constantly coming into the system, so it creates different test groups. Students who transitioned over from the old system, and new users - it would be interesting to see how their password strength is different

5. I really liked the fact they looked at different password tiers, ie certain passwords are a lot more valuable to hackers than other passwords.

What I didn’t like:

1. The study acknowledges off the bat that Shannon entropy isn't the best way to measure password strength but uses it as the base of their study

2. The study makes use of 93 anecdotal interviews - which I'm not sure how anecdotal information is

3. Why wasn't an industry standard password cracking estimation method like zxcvbn used as the basis of this study as opposed to Shannon which doesn't necessarily correlate to password cracking strength.

4. The data collected on the study wasn't the user's passwords but instead a single number for the user's password strength. That indicator of strength really doesn't get a lot of scrutiny in the study

5. The study has very different outcomes to a similar study done by CMU - this kind of underscores the fact they had really weak data given that they acknowledge that their method of what they were seeing from the passwords the system was giving them "only weakly correlates to password strength"

 Points to talk about:

1. "The new policy took over 100 days to gain traction, but after that, average entropy rose steadily" - why did it take so long to gain traction? What could be done to shorten that amount of time?

2. The study casts doubts on some debunked myths on when it is time to change passwords. It begs the questions what merits a mandated password change - maybe taking into account their could be unknown compromises on the system

3. For password strength estimation why dies zxcvbn error increase as the password bits get longer? Are there any other algorithm's that can determine password strength?

4. The study makes the point that users don't want to go through a wide ranging security check unless something of value ie money or data is stored in that account. But doesn't every account that you have contain data on the user logging in?

5. The average age of the staff member surveyed in this study is 34.6 which strikes me as pretty young. Did they get a good representation of the entire university faculty, or was it skewed toward younger members?

New Ideas:

1. How significant is the tradeoff between security and convenience. Do companies who employ stricter security measures actually end up with fewer customers?

2. The study makes the distinction in password strength between systems with hard and soft system security transitions, how does the transition type effect security outcomes?

3. The study makes distinctions between different types of users in the system. I think it would be interesting to track how strong the passwords are among the different user groups

4. I think the very basis of how we define password strength is flawed. With some using zxcvbn, this study using Shannon, and others using different methods? It begs the question what is the best way to measure password strength going forward. This study says there are more intensive methods but says they were infeasible to be deployed real time when the user is making his or her password.

5. How does the password length correlate with the different user tier who made the password? I think this would be an interesting follow up study.

Summary

Off the bat the paper starts about how there is a lack of standardization about password protocols. Many password protocols are too narrow while other try to go for a generic one size fit all approach. The paper starts with the premise that every proponent of a specific method of authentication has a different grading criteria - shaped by specific environments. In order to standardize the grading criteria the paper suggests 25 different factors, but does not specify a weight to each of these factors. The conclusion toward the end of the paper after digging into some of the most popular security authentication is that there really is no scheme that is truly perfect.

What I liked:

1. Very specific 25 actionable grading points which sets a standard instead of just saying a uniform standard is needed in the industry

2. I like the fact they focused on the human computer interface for security as opposed to making this a very broad study on things like machine to machine authentication

3. The study does note that it would be a bad idea to simply have each point weighted the same - it correctly notes that some features are more to be desired than others

4. The paper goes really in depth into the different sign in methods that are currently offered and does a good job explaining the general benefits- but shies away from ranking

5. The chart on page 11 was a good visualization tool to express the different benefits of a specific technology

 What I didn’t like:

1. The paper starts by pointing out how past grading criteria is too narrowly tailored or too generic - how does the proposal of 25 very actionable grading points not fall into the same issue the authors had with past studies?

2. The way the paper goes about the study I feel is problematic because of the rating system. Quasi vs Full vs 0. I'm sure there is more in depth ways to evaluate each of the 25 points. Maybe a 10 point scale possibly?

3. The study does not take any stance on how to rate systems which I feel is like a cop out. "In our experience, “the journey (the rating exercise) is the reward”: the important technical insights we gained about schemes by discussing whether our ratings were fair and consistent were worth much more to us than the actual scores produced."

4. In the paper's analysis of different authentication systems they come across pretty big factors that are not covered in their 25 point grading scale. "We do note however that it requires identity providers yield some control over trust decisions and possibly weaken their own brand [28], a deployment drawback not currently captured in our criteria."

5. The paper starts going into depth about the drawbacks of each scheme only at the very end - I think that they should make this more of a focus in their paper because it really shapes the reasons why one scheme would be preferred over another in a specific use case

 Points to talk about:

1. What is the current industry consensus on the tug of war battle between security and usability?

2. The paper assumes that the implementers of the protocol use best practices such as salting and hashing "even though we know they often don’t." How much more effective are these 25 data points as compared to  just using salting and hashing correctly

3. Is it even worthwhile to create a generic uniform approach to security - or is the targeted narrow approach to security which is more customizable to be desired

4. The study points to traditional passwords as scoring high in maturity because they are so common? What has the adoption trend looked like for alternative adoption methods?

5. What is the biggest reason that traditional passwords have not been phased out yet?

 New Ideas:

1. Security vs Usability: How could information tied to a person's life be used in passwords? Would it be possible to have multiple passwords in the forms of questions that are distributed in various authentication servers with some serving as honeypots?

2. How does new forms of identification compare to traditional passwords - ie the way you type https://www.creditcards.com/credit-card-news/how-type-move-mouse-help-catch-fraudsters.php

3. Is there a way to merge the best of both worlds from multiple password schemes - kind of addressed toward the end of the paper?

4. Perhaps there should be a weighting rubric dependent on the desired out come and balance of security vs usability vs other factors a practitioner would like to fit in when it comes to security

5. Could there be a standard third party ie a government to login in users using single sign on?

Link to the paper: https://www.cs.purdue.edu/homes/jblocki/papers/SP18EconomicsOfOfflinePasswordCracking.pdf

Summary:

This paper is aimed more toward technology practitioners simulating the aftermath of a data breach of an authentication server. The authors frame the paper in the context of a world where most companies use slow password hashing algorithms like BCRYPT coupled with key stretching methods to make password guessing expensive for attackers. It is important to note the studies assumption that attackers will be only economically rational - so it might not be comprehensive by any means. Moreover the assumptions made by the attacker are the attacked is informed, untargeted, and economically rational. The key take away in this paper is the idea that memory hard functions - whose computation requires large amounts of memory is what the cybersecurity should move to in regards to the gold standard.

 What I liked:

1. The recommendation of using memory hard functions. Their analysis suggests it could be possible to reduce the % of cracked passwords below 22.2% without increasing authentication delays to a full second.

2. Contrasting the results of the current NIST 2017 minimum recommendations and pointing out in their analysis why even orders of magnitudes of this standard may be inadequate.

3. The real novelty in their Zipf's law discoveries is that they applied analysis to the Yahoo pass word breach which is 2x bigger than any other dataset past authors have had the chance to study.

4. Analysis that creates an upper and lower bound for a percentage of passwords cracked by their assumption of a rational adversary.

5. "Password composition policies also introduce a high usability cost [57], [65], [66], [59], and they typically do not increase password strength significantly. In fact, sometimes these policies result in weaker user passwords"

What I didn’t like

1. A lot of this is just a rehash of what Wang and Wang did essentially with a data set that is twice as big.

2. The entire study is hinged on what the value of the information is on the black market - the flaw being it's really hard to price the information as a practitioner before a data breach. Which makes it hard to act on this information

3. The focus of the paper assumes that we are dealing with a rational adversary - but with the rise of nation states conducting cyber attacks I don't think it’s a good idea to focus solely on adversaries where profit is the driving factor. More over the paper specifically states that they treat the value of all passwords equally, I'd pay a lot more for Trump's twitter password compared to some random person.

4. I feel as if this paper should have really focused more on the memory hard functions, because at certain points like 7.1 "Key-Stretching"  the author goes into why MHF is such an attractive choice in security but doesn't really flesh into it

5. Lack of analysis on the black market for passwords in the aftermath of the yahoo attack.

 Points to talk about:

1. Why can’t we move to memory hard functions? Why aren't more developers moving toward it? Naiakshina et al. points out that in a survey of developers none chose memory hard functions

2. What percentage of cyberattacks are happening from rational adversaries who have cost as their major concern, as a opposed to adversaries who don't have cost as a major concern

3. Does the black market actually have a law of diminishing returns?

4. Despite the cost of a honeywords strategy what percentage companies use them to secure their data? What is the difference in cost of a honeywords defense strategy as compared to the cost of an expected data breach?

5. How does a data independent memory hard function work?

New Ideas:

1. Exploration of how memory hard functions would fare for an attacker who was not economically rational

2. Case study how each of the different security measures in separate and in conjunction with each other would change under a rational attacker

3. If the password guidelines we have been given in the past haven't been

4. Explore the effect of password guidelines on Zipf's law. Before when people were allowed to choose their password compared to when they were given guidelines. Was there a significant change?

5. Is there a metric to determine how in demand passwords and private information is to inform technology practitioners when the market determines that it might be economically viable to profit off a cybercrime