Blockchain interoperability and throughput scalability are two crucial problems that limit the wide adoption of blockchain applications. Payment channel networks (PCNs) provide a promising solution to the inherent scalability problem of blockchain technologies, allowing off-chain payments between senders and receivers via multi-hop payment paths. In this work, we present a cross-chain PCN, called XHub, that extends PCNs to support multi-hop paths across multiple blockchains and resolves both interoperability and throughput scalability. XHub achieves service availability, transaction atomicity, and auditability. Users who correctly follow the protocols will succeed in making payments or get profits from doing the services. In addition, trustworthy information about hubs will be managed in a decentralized manner and available to all users. This work is an important step towards the big picture of a decentralized transaction system that connects a wide scope of users in different blockchains.

Test-time adversarial attacks have posed serious challenges to the robustness of machine-learning models, and in many settings the adversarial perturbation needs not be bounded by small ℓp-norms. Motivated by attacks in program analysis and security tasks, we investigate relational adversaries, a broad class of attackers who create adversarial examples in a reflexive-transitive closure of a logical relation. We analyze the conditions for robustness against relational adversaries and investigate different levels of robustness-accuracy trade-off due to various patterns in a relation. Inspired by the insights, we propose normalize-and-predict, a learning framework that leverages input normalization to achieve provable robustness. The framework solves the pain points of adversarial training against relational adversaries and can be combined with adversarial training for the benefits of both approaches. Guided by our theoretical findings, we apply our framework to source code authorship attribution and malware detection. Results of both tasks show our learning framework significantly improves the robustness of models against relational adversaries. In the process, it outperforms adversarial training, the most noteworthy defense mechanism, by a wide margin.

We present novel protocols to compute SQL-like join operations on secret shared database tables with non-unique join keys. Previous approaches to the problem had the restriction that the join keys of both the input tables must be unique or had quadratic overhead. Our work lifts this restriction, allowing one or both of the secret shared input tables to have an unknown and unbounded number of repeating join keys while achieving efficient O(n log n) asymptotic communication/computation and O(log n) rounds of interaction, independent of the multiplicity of the keys. We present two join protocols, \ProtoUni and \ProtoDup. The first, \ProtoUni is optimized for the case where one table has a unique primary key while the second, \ProtoDup is for the more general setting where both tables contain duplicate keys. Both protocols require O(n log n) time and O(log n) rounds to join two tables of size n. Our framework for computing joins requires an efficient sorting protocol and generic secure computation for circuits. We concretely instantiate our protocols in the honest majority three-party setting. Our join protocols are built using an efficient method to compute structured aggregations over a secret shared input vector V in D^n. If the parties have another secret-shared vector of control bits B in {0, 1}^n to partition V into sub-vectors (that semantically relates to the join operations). A structured aggregation computes a secret shared vector $V' in D^n where every sub-vector (V_b,...,V_e) (defined by the control bits) is aggregated as V_i'=V_b + ...+ V_i for i in {b,...,e} according to some user-defined operator +. Critically, the b,e indices that partition the vector are secret. It's trivial to compute aggregations by sequentially processing the input vector and control bits. This would require O(n) rounds and would be very slow due to network latency. We introduce Aggregation Trees as a general technique to compute aggregations in O(\log n) rounds. For our purpose of computing joins, we instantiate + in {copy previous value, add}, but we believe that this technique is quite powerful and can find applications in other useful settings.

We present (accountable-and)-UnTraceable Transactions (UTT), a system for decentralized ecash with accountable privacy. UTT is the first ecash system that obtains three critical properties: (1) it provides decentralized trust by implementing the ledger, bank, auditor, and registration authorities via threshold cryptography and Byzantine Fault Tolerant infrastructure; (2) it balances accountability and privacy by implementing anonymity budgets: users can anonymously send payments, but only up to a limited amount of currency per month. Past this point, transactions can either be made public or subjected to customizable auditing rules; (3) by carefully choosing cryptographic building blocks and co-designing the cryptography and decentralization, UTT is tailored for high throughput and low latency. With a combination of optimized cryptographic building blocks and vertical scaling (optimistic concurrency control), UTT can provide almost 1,000 payments with accountable privacy per second, with latencies of around 100 milliseconds and less. Through horizontal scaling (multiple shards), UTT can scale to tens of thousands of such transactions per second. With 60 shards we measure over 10,000 transactions with accountable privacy per second, with latencies around 500 milliseconds. We formally define and prove the security of UTT using an MPC-style ideal functionality. Along the way, we define a new MPC framework that captures the security of reactive functionalities in a stand-alone setting, thus filling an important gap in the MPC literature. Our new framework is compatible with practical instantiations of cryptographic primitives and provides a trade-off between concrete efficiency and provable security that may be also useful for future work.

“With enough metadata you don’t really need content.” This quote from former NSA general counsel, Stuart Baker, succinctly summarizes the techniques that interested parties worldwide use when confronted with encrypted communications. Though end-to-end encryption hides message contents, it does nothing to protect communications metadata, e.g., sender, receiver, and timing, leaving a significant side channel for adversaries to exploit. The purpose of anonymous communications systems is to go beyond end-to-end encryption by protecting metadata as well as content. This talk will cover the current state of the art solutions as well as the challenges associated with them.

Fraud detection aims at preventing money or property from being obtained through false pretenses. Fraud detection has many applications at Amazon where users and sellers collude to promote specific products. In this talk, we will review how one can formulate fraud detection as an ML task and solve it by using Graph Neural Networks. GNNs have seen a lot of academic interest in recent years and have shown a lot of promise for many real-world applications from fraud and abuse detection to recommendations. Yet, industry-wide adoption of GNN techniques to these problems have been lagging behind. As such, there is a strong need for tools and frameworks that help researchers develop GNNs for large scale graph machine learning problems, and help machine learning practitioners deploy these models for production use cases.

Availability is crucial to the security of distributed systems, but guaranteeing availability is hard, especially when participants in the system may act maliciously. Quorum replication protocols provide both integrity and availability: data and computation is replicated at multiple independent hosts, and a quorum of these hosts must agree on the output of all operations applied to the data. Unfortunately, these protocols have high overhead and can be difficult to calibrate for a specific application's needs. Ideally, developers could use highlevel abstractions for consensus and replication to write faulttolerant code by that is secure by construction. This paper presents Flow-Limited Authorization for Quorum Replication (FLAQR), a core calculus for building distributed applications with heterogeneous quorum replication protocols while enforcing end-to-end information security. Our type system ensures that well-typed FLAQR programs cannot fail (experience an unrecoverable error) in ways that violate their typelevel specifications. We present noninterference theorems that characterize FLAQR's confidentiality, integrity, and availability in the presence of consensus, replication, and failures, as well as a liveness theorem for the class of majority quorum protocols under a bounded number of faults.

We discuss the threat of nation-state malware attacks on critical infrastructure, specifically focusing on the "Industroyer" malware and its impact on the power grid. This malware runs on a compromised Windows-based host and attacks industrial control devices via industrial control protocols. While there have been efforts in analyzing this malware, those efforts focus on the execution of the malware itself, not the effects on the target devices. To reveal the ultimate goal of the malware, we propose a sandbox concept to test and deceive these types of malware, aiding its dynamic analysis. With this sandbox, we create a simulated power grid environment to execute and study the malware sample. We also propose alternative uses for the sandbox, such as countermeasures development and honeypot schemes.

An introduction to Oblivious RAMs (ORAMs) and Oblivious Data Structures (ODSs), followed by some current problems.

Autonomous vehicles must operate in a complex environment with various social norms and expectations. While most of the work on securing autonomous vehicles has focused on safety, we must also monitor for deviations from various societal ``common sense' rules to identify attacks against autonomous systems. This work provides a first approach to encoding and understanding these common-sense driving behaviors by semi-automatically extracting rules from driving manuals. We encode our driving rules in a formal specification and make our rules available online for other researchers.

Cloud FPGAs strike an alluring balance between computational efficiency, energy efficiency, and cost. It is the flexibility of the FPGA architecture that enables these benefits, but that very same flexibility that exposes new security vulnerabilities. We show that a remote attacker can recover “FPGA pentimenti” - long-removed secret data belonging to a prior user of a cloud FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint from bias temperature instability (BTI) effects on the underlying transistors. We demonstrate how this slight degradation can be measured using a time-to-digital (TDC) converter when an adversary programs one into the target cloud FPGA. This technique allows an attacker to ascertain previously safe information on cloud FPGAs, even after it is no longer explicitly present. Notably, it can allow an attacker to (1) extract proprietary details from an encrypted FPGA design image available on the cloud marketplace and (2) recover information from a previous user of a cloud FPGA. We demonstrate the ability to extract design details and recover previous cloud FPGA user information on the cloud platform. Our experiments show that BTI degradation (burn-in) and recovery are measurable and constitute a security threat to commercial cloud FPGAs.