Security and Cryptography

Welcome to the web page for security and cryptography research in the Department of Computer Science and Engineering at the University of California at San Diego. Our group conducts research in areas spanning from theory to practice: we work on the theoretical foundations of cryptography; the development and analysis of cryptographic protocols and algorithms; and on applied cryptography, systems security, and network security. In line with our broad security-related research interests, we are affiliated and actively collaborate with the Theory Group, Programming Systems and the Systems and Networking Group here at UCSD.

People  |   News  |   Publications  |   Sponsors
Faculty
Mihir Bellare
Earlence Fernandes
Nadia Heninger
Russell Impagliazzo
 Deepak Kumar
Daniele Micciancio
Imani Munyaka
Stefan Savage
 Aaron Schulman
Alex C. Snoeren
Deian Stefan
Geoffrey M. Voelker
Affiliated Faculty
kc claffy
Kamalika Chaudhuri
Christian Dameff
Ranjit Jhala
 Ryan Kastner
Sorin Lerner
Nadia Polikarpova
Steven Swanson
 Dean Tullsen
Yiying Zhang
Yuanyuan Zhou
Scientists, Postdocs and Research Staff
Cindy Moore
 Gabrielle De Micheli
 Doreen Riepel
PhD Students
Alex Bellon
Andrey Bozhko
Miro Haller
Evan Johnson
Andrey Labunets
Enze Alex Liu
Elisa Luo
 Luoxi Meng
Nishit Pandya
Rishabh Ranjan
Sumanth Rao
Keegan Ryan
Mark Schultz
Laura Shea
 Michael Smith
Adam Suhl
George Sullivan
David Thien
Alisha Ukani
MS Students
Alexis Morales Flores
 Katherine Izhikevich
 Jay Jhaveri
Recent Alumni

Nishant Bhaskar (Ph.D. 2023) MQ Prime
Hannah Davis (Ph.D. 2023) Seagate
Grant Ho (postdoc 2021-2023) University of Chicago
Alex Marder (postdoc 2019-2020, Res. Scientist 2020-2023)Johns Hopkins University
Ariana Mirian (Ph.D. 2023) Censys
Audrey Randall (Ph.D. 2023) Google
Daniel Moghimi (postdoc 2020-2022) UT Austin
Shravan Narayan (Ph.D. 2022) UT Austin
Sam Crow (Ph.D. 2022) Meta
Bingyu Shen (Ph.D. 2022) Meta
John Renner (Ph.D. 2022) Cubist
Gautam Akiwate (Ph.D. 2022) Stanford postdoc
Jessica Sorrell (Ph.D. 2022) UPenn postdoc
Craig Disselkoen (Ph.D. 2022) → Amazon

 Annie Dai (B.S. 2023) University of Maryland Ph.D. program
Kaiwen He (B.S. 2023) MIT Ph.D. program
Isabel Suizo (B.S. 2022) GoogleCMU Ph.D. program
[All Alumni]
Recent News

Aaron Schulman August 29— Congrats to our own Aaron Schulman for his recent NSF CAREER grant and for his promotion to tenured associate professor. Congrats!

August 22— Congrats (again) to Keegan Ryan and Nadia Heninger for their Best Paper award at the 2023 Crypto for Fast Practical Lattice Reduction through Iterated Compression!!

July 24— Congratulations to Nishant Bhaskar for defending his dissertation, "An Empirical Approach to Securing Wireless Access Links in Urban Areas". Nishant's unique research had him driving across Souther California and brought him in touch with both industry and government (special thanks to the folks from USSS who attended the defense). He'll next be doing crazy wireless things at MQ Prime. Congrats Nishant! Nishant Bhaskar

Euro Security and Privacy award for July 4— Congratulations to Enze "Alex" Liu (and co-authors) for winning the Best Paper award at the 2023 IEEE Symposium on Security and Privacy (Euro S&P) for their work on insecurities in e-mail forwarding frameworks and implimentations. UCSD put out a nice summary of the work here.

June 5— Welcome to Deepak Kumar who will join us as an Assisstant Professor starting in July 2024! Deepak got his Ph.D. at the University of Illinois, has been hunkering down as a Postdoc at Stanford during the pandemic, and is doing fascinating work around online abuse and safety. We are all looking forward to working with him next year! Deepak Kumar

Grant Ho May 26— Congratulations to Grant Ho for his appointment as Assistant Professor in Computer Science at the University of Chicago. Grant was part of the inaugural class of the CSE Fellows postdoctoral program and was a joy to work with these last few years. Congrats and best of luck!

May 18— Congratulations to Audrey Randall who defended her dissertation today, "Names to Conjure With: Measuring and Combating Online Adversaries by Studying Their Use of Naming System". As one of many firsts during her time with us, Audrey premiered as post-defense music video reflecting on her time at UCSD. Audrey will bring her talents to Google and we wish her the best. Congrats! Audrey Randall

May 22— And finally Congrats to Hosein Yavarzadeh (and co-authors) for the third IEEE S&P Distinguished Paper Award of the season for their work on Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution!

Evan Johnson at Oakland May 22— Congrats to Evan Johnson (and co-authors) for winning the IEEE S&P Distinguished Paper Award for WaVe: a verificable secure WebAssembly sandboxing runtime further shrinking the trusted computing base for Wasm! Evan Johnson at Oakland2

May 22— Congrats to Miro Haller (and co-authors) for their paper, MEGA: Malleable Encrypto Goes Awry which received the IEEE S&P Distinguished Paper Award!

May 8— Keegan Ryan and Nadia Heninger receive the best paper award at the International Conference on Practice and Theory in Public Key Cryptoigraphy (PKC) for The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications. Congrats!

Ariana Mirian April 21— Congratulations to Ariana Mirian who gave a spirited defense of her dissertation, "Prioritizing Security Practices via Large-Scale Measurement of User Behavior". This was quite an event, filling room 1242 and with well-wishers from four different universities and a gaggle of companies online for the festivities. Ariana will be joining Censys in the Fall and we are looking forward to seeing what she does next. Congrats!

April 11— Congratulations to Katherine Izhikevich for receiving the 2023 Stephen L. Squires SWSIS Scholarship administered by Applied Computer Security Associates (ACSA) and the CRA. Congrats! Katherine Izhikevich

Stefan Savage February 7— Congratulations to Stefan Savage for his election to the National Academy of Engineering!

December 1— Congratulations to Audrey Randall (and her co-authors) for winning the Best Student Paper award at the 2022 APWG eCrime Symposium for her work examining the issues around malware use of blockchain naming systems. Audrey Randall

October 31— Congrats to Daniele Micciancio whose paper "Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions from Worst-Case Complexity Assumptions" has won the 2022 FOCS Test of Time Award!
[All News]
Recent Publications

Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Alexender Redding, Han Zhao, Aaron Schulman, and Dinesh Bharadia, Proceedings of the IEEE Symposium on Security and Privacy, May 2024.

Architecting Trigger-Action Platforms for Security, Performance and Functionality, Deepak Siron Jegan, Michael Swift, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Please Act Now: an Empirical Analysis of Enterprise-Wide Mandatory Password Updates, Ariana Mirian, Grant Ho, Stefan Savage, and Geoffrey M. Voelker, Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.

Fast Practical Lattice Reduction through Iterated Compression, Keegan Ryan and Nadia Heninger, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023. (Best paper award).

When Messages are Keys: Is HMAC a Dual-PRF?, Matilda Backendal, Mihir Bellare, Felix Gunther, and Matteo Scarlata, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Reductions from Module Lattices to Free Module Lattices, and Application to Dequantizing Module-LLL, Gabrielle De Micheli, Daniele Micciancio, Alice Pellet-Mary, and Nam Tran, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Error Correction and Ciphertext Quantization in Lattice Cryptography, Daniele Micciancio and Mark Schultz, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Access Denied: Assessing Physical Risks to Internet Access Networks, Alexander Marder, Zesen Zhang, Ricky Mok, Ramakrishna Padmanabhan, Bradley Huffaker, Matthew Luckie, Alberto Dainotti, kc claffy, Alex C. Snoeren, and Aaron Schulman, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

Improving Logging to Reduce Permission Over-Granting Mistakes, Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

HECO: Fully Homomorphic Encryption Compiler, Alexander Viand, Patrick Jattke, Miro Haller, and Anwar Hithnawi, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

MultiView: Finding Blind Spotsin Access-Deny Issues, Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

Understanding the Viability of Gmail’s Origin Indicator for Identifying the Sender, Enze Liu, Lu Sun, Alex Bellon, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Imani N. S. Munyaka, Proceedings of the Sympsoium on Useable Privacy and Security, Anaheim, CA, August 2023.

In the Line of Fire: Risks of DPI-triggered Data Collection, Ariana Mirian, Alisha Ukani, Ian Foster, Gautam Akiwate, Taner Halicioglu, Cindy Moore, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Marina del Rey, CA, August 2023.

No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps, Enze Liu, Sumanth Rao, Sam Havron, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Damon McCoy, Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy, Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the IEEE European Symposium on Security and Privacy, Delft, The Netherlands, July 2023. (Best paper award).

WaVe: a Verifiably Secure WebAssembly Sandboxing Runtime, Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, and Fraser Brown, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution, Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, and Dean Tullsen, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

MEGA: Malleable Encryption Goes Awry, Matilda Backendal, Miro Haller, and Kenneth G. Paterson, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications, Keegan Ryan and Nadia Heninger, Proceedings of PKC 2023, May 2023. (Best Paper Award).

Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA, Mihir Bellare, Hanna Davis, and Zijing Dai, Proceedings of PKC 2023, May 2023.

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, Christian Dameff, Jeffrey Tully, Theodore C. Chan, Edward M. Castillo, Stefan Savage, Patricia Maysent, Thomas M. Hemmen, Brian J. Clay, and Christopher A. Longhurst, JAMA Network Open 6(5):e2312270-e2312270, 2023.

Efficient FHEW Bootstrapping with Small Evaluation Keys, and Applications to Threshold Homomorphic Encryption, Yongwoo Lee, Daniele Micciancio, Andrey Kim, Rakyong Choi, Maxim Deryabin, Jieun Eom, and Donghoon Yoo, Proceedings of Eurocrypt 2023, Lyon, France, April 2023.

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks, Mihir Bellare and Laura Shea, The Cryptographers' Track at the RSA Conference 2023, San Francisco, April 2023.

Turn on, Tune in, Listen up: Maximizing Side-Channel Recovery in Time-to-Digital Converters, Colin Drewes, Olivia Weng, Keegan Ryan, Bill Hunter, Christopher McCarty, Ryan Kastner, and Dustin Richmond, Proceedings of the International Symposiuym on Field-Programable Gate Arrays, MOnterey, CA, February 2023.

TagAlong: Free, Wide-Area Data-Muling and Services, Alex Bellon, Alex Yen, and Pat Pannuto, Proceedings of International Workshop on Mobile Computing Systems and Applications (HotMobile), Newport Beach, CA, 2023.

Going Beyond the Limits of SFI: Flexible Hardware-Assisted In-Process Isolation with HFI, Shravan Naryan, Tal Garfinkel, Mohammadkazem Taram, Joey Rudek, Daniel Moghimi, Evan Johnson, Chris Fallin, Anjo Vahldiek-Oberwagner, Michael LeMay, Ravi Sahita, Dean Tullsen, and Deian Stefan, Proceedings of the 28th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Vancouver, Canada, March 2023. (Distinguished Paper Award).

MSWasm: Soundly Enforcing Memory-Safe Execution of Unsafe Code, Alexandra E. Michael, Anitha Gollamudi, Jay Bosamiya, Evan Johnson, Aidan Denlinger, Craig Disselkoen, Conrad Watt, Bryan Parno, Marco Patrignani, Marco Vassena, and Deian Stefan, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, Boston, MA, January 2023.

Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern x86, Shravan Narayan, Tal Garfinkel, Evan Johnson, David Thien, Joey Rudek, Michael LeMay, Anjo Vahldiek-Oberwagner, Dean Tullsen, and Deian Stefan, Proceedings of the Workshop on Programming Languages and Analyusis for Security (PLAS), 2022.

The Challenges of Blockchain-based Naming Systems for Malware Defenders, Audrey Randall, Wes Hardaker, Aaron Schulman, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the APWG Symposium on Electronic Crime Research (eCrime), November 2022. (Best Student Paper).

Retroactive Identification of Targeted DNS Infrastructure Hijacking, Gautam Akiwate, Raffaele Sommese, Mattijs Jonker, Zakir Durumeric, kc Claffy, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Where .ru? Assessing the Impact of Conflict on Russian Domain Infrastructure, Mattijs Jonker, Gautam Akiwate, Antonia Affinito, kc Claffy, Alessio Botta, Geoffrey M. Voelker, Rolan van Rijswijk-Deij, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Measuring UID Smuggling in the Wild, Audrey Randall, Peter Snyder, Alisha Ukani, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage, and Aaron Schulman, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Stop, DROP, and ROA: Effectiveness of Defenses through the lens of DROP, Leo Oliver, Gautam Akiwate, Matthew Luckie, Ben Du, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

Mind Your MANRS: Measuring the MANRS Ecosystem, Ben Du, Cecilia Testart, Romain Fontugne, Gautam Akiwate, Alex C. Snoeren, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Nice, France, October 2022.

EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security, Samira Ajorpaz, Daniel Moghimi, Jamison Collins, Nael Abu-Ghazaleh, Gilles Pokam, and Dean Tullsen, Proceedings of the Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Chicago, IL, October 2022.

[All Publications]
Affiliations
Center for Networked Systems (CNS)         Cooperative Association for Internet Data Analysis (CAIDA)       San Diego Super Computer Center (SDSC)        California Institute for Telecommunications and Information Technology (Cal-IT2) CalIT(2)
Sponsors