New Research on Privacy and Security Risks of Remote Learning Software
This post and the paper is jointly authored by Shaanan Cohney, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider, and Madelyn Sanfilippo. It emerged from a case...
View ArticlePhone number recycling creates serious security and privacy risks to millions...
By Kevin Lee and Arvind Narayanan 35 million phone numbers are disconnected every year in the U.S., according to the Federal Communications Commission. Most of these numbers are not disconnected...
View ArticleMost top websites are not following best practices in their password policies
By Kevin Lee, Sten Sjöberg, and Arvind Narayanan Compromised passwords have consistently been the number one cause of data breaches by far, yet passwords remain the most common means of authentication...
View ArticleToward Trustworthy Machine Learning: An Example in Defending against...
By Chong Xiang and Prateek Mittal Thanks to the stunning advancement of Machine Learning (ML) technologies, ML models are increasingly being used in critical societal contexts — such as in the...
View ArticleToward Trustworthy Machine Learning: An Example in Defending against...
By Chong Xiang and Prateek Mittal In our previous post, we discussed adversarial patch attacks and presented our first defense algorithm PatchGuard. The PatchGuard framework (small receptive field +...
View ArticleThe anomaly of cheap complexity
Why are our computer systems so complex and so insecure? For years I’ve been trying to explain my understanding of this question. Here’s one explanation–which happens to be in the context of voting...
View ArticleCross-Layer Security: A Holistic View of Internet Security
By Henry Birge-Lee, Liang Wang, Grace Cimaszewski, Jennifer Rexford and Prateek Mittal On February 3, 2022, attackers launched a highly effective attack against the Korean cryptocurrency exchange...
View ArticleSecurity Analysis of the Dominion ImageCast X
Today, the Federal District Court for the Northern District of Georgia permitted the public release of Security Analysis of Georgia’s ImageCast X Ballot Marking Devices, a 96-page report that describes...
View ArticleSecuring the Web PKI
CITP is releasing a report today based on a two day in-person workshop on the security of the Web Public Key Infrastructure (Web PKI) we held last year. The workshop convened a multistakeholder...
View ArticleAnnouncing the Open Multi-Perspective Issuance Corroboration Project
By Henry Birge-Lee, Grace Cimaszewski, Liang Wang, Cyrill Krähenbühl, Kerstin Fagerstrom, and Prateek Mittal Today we are announcing the development of a new open source project by our research group...
View Article