Enigma 2021 Conference Program

As cyber-attacks have become increasingly common (e.g., STUXNET, DNC hack, NotPetya), lawyers have struggled to determine how these 21st Century weapons fit into the traditional laws of war. Despite the enormous amount of attention paid to cyber-conflict over the past decade, the legal community is more confused than ever. Put bluntly, we are still very far away from agreeing on whether cyberwar is legal and, if so, under which circumstances. In this talk, I try to answer these questions by situating current debates within the long history of international law. The modern laws of war have changed dramatically from their initial formulations in the seventeenth century. By seeing how the right of war has evolved over the last four hundred years, I show how cyber conflicts fit into this evolution and the conditions under which states may use cyberweapons to disrupt the digital networks of their adversaries.

The Swiss tale with online voting serves as a typical example of the iterative development of highly critical IT systems and the growing involvement of scientist as a necessary step for a government that is willing to learn from past mistakes.

Switzerland has been experimenting with online voting for over 15 years. Several generations of electronic voting systems have been implemented and almost all of them died along the way because of their profound security problems or when the money ran out.

In 2019, Swiss Post published the source code of its online voting system, the last system that was still in the race. Several highly critical findings were discovered in a matter of weeks and the system was stopped right before the national elections.

In 2020, the government rebooted the process and invited two dozen international researchers into an intense dialogue that lasted several months. The resulting report a the base for the renewed regulation that will pave the way forward in 2021.

Hardware is the trust anchor for many systems ranging from IoT devices to datacenter infrastructure, but hardware is a double-edged sword. Hardware can provide security services to protect devices, but hardware features often open up systems to attack. This talk will provide an overview of system-level threats hardware architectures are designed to address along with real-world examples of how hardware features added to increase performance and configurability leave systems vulnerable. Insight into the challenges chip vendors and system designers face when trying to detect and prevent hardware vulnerabilities will be provided along with an overview of methodologies and solutions that provide promise in this space.

We present research on the discovery of the physics of cyberspace, meaning the laws that govern the dynamics of cyberspace. We discover physical properties of cyberspace in aggregate from a probabilistic examination via statistical physics and dynamical systems theory of the underlying computer hardware architectures, operating system designs, code execution, and networking. We encode the inner workings of hardware architectures and operating systems into mathematical models that resemble physical matter such as gasses and fluids, while representing the physics of cyberspace with high fidelity. We then explore statistical physics and dynamical systems theory similarly to how they were used to study gasses and fluids. We develop new physical-matter inspired approaches at the intersection of statistical physics and dynamical systems theory, in a quest for the physics of cyberspace. We guide this research with experimental data that we obtain via instrumentation of hardware emulation and operating system virtualization.

Nuclear safeguards protect nuclear material from being diverted from legitimate activities, like nuclear power applications or nuclear physics research, to more sinister purposes. International regulations dictate the safeguards protocols that must be adhered to, and in general, nations meet these obligations as necessary. However, reluctance on the part of participating nations and their businesses to yield more information than is absolutely necessary stands as an obstacle against bringing the full force of modern data analytics to bear in safeguards applications. Privacy-preserving computation, including secure multiparty computation (MPC), presents a solution. Garbled circuits, a specific class of MPC algorithms, allow multiple parties (in this case an international inspector and a nation-state or nuclear facility) to jointly perform calculations without revealing their respective inputs. Having previously shown that garbled circuits can successfully identify anomalies in time series data, this work pivots to showing that these anomaly detection circuits can distinguish anomalous events in categorically specific nuclear safeguards relevant time series.

Differential Privacy was invented in 2006 to protect the privacy of people who respond to a national census. The U.S. 2020 Census of Population and Housing will mark the first time that differential privacy will be used for its existential purpose. Bringing leading-edge privacy technology from the lab into practice required a significant amount of scientific and technical development, and it presented organizational challenges as well to one of the world’s largest statistical organization. Nevertheless, in three years the Census Bureau assembled a team, developed a reference implementation, transitioned that implementation to Amazon Web Services, redesigned the implementation’s framework, creating a system that made it easy to perform experiments, performed an end-to-end test, used the implementation to re-release data from the 2010 Census, developed new algorithms to address the data quality concerns of stakeholders, and released multiple reference implementations of the code base.

You've heard that privacy is dead or dying, but we challenge that view with data collected from over 90,000 respondents across 25+ countries and 6 continents that we've been gathering annually since 2015. In this talk we'll feature six findings from our results, focused on the state of privacy today, attitudes about privacy in the future, how this varies around the world, and what we in the ENIGMA community can do to continue to globally support a future with privacy.

With the unprecedented COVID-19 pandemic came an unprecedented technology and public health collaboration: Google and Apple joined forces with public health departments to deploy a mechanism for notifying people of their possible exposure to the virus. How was this decision made? What were the tradeoffs? How is it going? If we had to do it all over again, what might we do differently? And most importantly, what does the future of app-based contact tracing look like? Join us for a lively discussion bringing together policy, epidemiology, legal, and public health experts on one of the most important cross-disciplinary collaborations of our time.

0-day exploitation occurs when an attacker abuses a vulnerability that the defenders don't yet know about. This makes it very hard to protect against 0-day exploits and also makes 0-day vulnerabilities highly valuable. So how do we protect against the exploitation of unknown vulnerabilities? It starts with understanding everything we can about 0-day exploits.

Each time a 0-day exploit is detected in-the-wild, it's the failure case for attackers. Therefore as defenders, we should use these "failures" as an opportunity to learn as much as we can about the vulnerabilities targeted, the exploitation methods used, the techniques for discovering the vulnerabilities, and more. As a security and technical community, we can then use this data to prioritize what vulnerability research to undertake, gaps in our detection methods, exploit mitigations that will have the most return on mitigation, and overall, how to make it harder for attackers to exploit 0-days to harm users.

This talk synthesizes what we can learn from the 0-days that were exploited in-the-wild in 2020. For each of these 0-days, Project Zero performed a root cause analysis, which details the vulnerability exploited and the exploit methodology used. From these facts, we then developed ideas for better detections and systemic fixes, hypothesized on what methods the actors used to discover the vulnerability, and performed variant analysis. In this talk, we'll share what we've learned from these exploits used in 2020 and how to apply it in 2021 to make it that much harder.

Society has a software problem. Since Ada Lovelace deployed the first computer program on an early mechanical device in the 1840s, software has spread to every corner of human experience. With that software come security flaws and a long tail of updates from vendors and developers. Unlike a physical system that is little modified once it has left the factory, software is subject to continual revision through updates and patches. Software supply chain security remains an underappreciated domain of national security policymaking. This talk explores 115 software supply chain attacks and vulnerability disclosures from the past decade to sum up where we are and how far we still have to go. Software supply chain attacks are popular, they are impactful, and are used to great effect by states, especially China and Russia. The implications for the technology industry and cybersecurity policymaking community are a crisis in waiting. The solution is not panic nor is it a moonshot, but rather a renewed focus on software supply chain security practices, new investment from public and private sectors, and revisions to public policy that emphasize raising the lowest common denominator of security behavior while countering the most impactful attacks.

This is a tale of a personal experience; but also one that is well-known to people identifying as women that have suffered from intimate gender-based digital violence. It is a personal tale because this research started from a personal experience of usage of digital tools in the hands of an ex-partner to censor, harass, and police behavior. Fueled by this, we launched research on how digital tools are used to enhance intimate gender-based abuse in the Global South.

Frequently, it is often thought that intimate gender-based online abuse is a problem from the Global North, a problem that only certain countries with high access to technology have, or that it is only done with the usage of stalkerware or some kind of malware. But these presumptions limit the experiences that regions from the Global South face, as it underestimates the tales from those regions. In this talk, we provide a deep dive into which methods abusers in the Global South (specifically, in Latin America) use to increase gender-based abuse, by providing clear definitions and experiences of them. We will also explore the societal aspects that support the usage of online tools to enhance abuse, and emphasize the little or no help given from a legal or policy perspective in those regions.

This talk will also highlight the importance of looking at experiences from different places around the world, as the solutions that we give are, oftentimes, only focused on a Global North perspective. In the specific case of intimate gender-based online abuse, the tales and experiences that come from the Global South show us that there is still work to be done to support them (from a technical perspective) and to further understand them.

4G based IMSI catchers such as the Hailstorm are becoming more popular with governments and law enforcement around the world, as well as spies, and even criminals. Until now IMSI catcher detection has focused on 2G IMSI catchers such as the Stingray which are quickly falling out of favor. In this talk, we will demonstrate a brand new software project to detect fake 4G base stations, with open source software and relatively cheap hardware. We will reveal what we have found so far using our methods. And finally, we will present a plan to dramatically limit the capabilities of IMSI catchers (with the long term goal of making them useless once and for all).

When talking about Contact Tracing Mobile apps, most of the discussion centers on the protocol and its properties. While this is indeed central to the security and privacy of the system, once the protocol is integrated in an app, and in a larger ecosystem including server and health services, more privacy mechanisms are needed to ensure that the privacy properties are kept end to end. When performing this integration, however, the privacy engineer has little control over many of the pieces that are key for operation. In this talk, I will describe how this lack of control results in increasing hurdles for privacy and how we overcame these obstacles in the case of contact tracing apps.

The fact that C and C++ are not memory safe, leading to vulnerability classes such as use-after-free and buffer-overflow is not new. However, these languages remain in exceptionally wide use, even for new projects. For several years, Fish in a Barrel has been attempting to quantify how common memory-unsafety induced vulnerabilities are in major projects, and researching what tactics are effective at convincing developers to reconsider C and C++.

This talk presents our results: we show the empirical data which leads us to the conclusion that C and C++ are not tenable for modern secure development, including statistics across a large swath of projects. We also present what we've learned about how developers respond to this fact, in the frame of the Five Stages of Grief.

The past year has been a difficult one. A pandemic has taken millions of lives and disrupted "normal" routines across the globe. In the United States, we have experienced an unprecedented political situation with a sitting President refusing to concede after losing an election. Each of the events has been accompanied by uncertainty and anxiety, as well as massive amounts of false and misleading information. In this talk, I will explore some of the mechanics of online misinformation, explaining why we are particularly vulnerable right now—due in part to the nature of these crises, and in part to the current structure of our information systems. Using examples from both COVID-19 and Election2020, I will explain how we are living through a "perfect storm" for both misinformation and disinformation. And I will describe how disinformation, in particular, can be an existential threat to democratic societies. After laying out the problems, I aim to end on a more hopeful note, with a call to action for researchers and industry professionals to help "chip away" at this critical societal issue.

Every attack has a story. Uncovering these stories is essential to identify the gaps that allowed the attack to occur and the countermeasures to prevent it from happening again. Over time, many security players tried to model these gaps and countermeasures in their threat models, but all these attempts present the same drawback: they generalize everything! However, not every threat is global. The threats I used to find in Brazil were distinct from those reported in the global news and their prevalence significantly differed from what was described in the literature. What was going on? The problem is that the Brazilian scenario presents characteristics that make it unique (e.g, the way Internet banks operate, the way the Internet access is provided and charged), and these factors significantly influence the way that threats are developed and how users are targeted. For instance, even before the Web-based systems, attackers exploited the early computerization of the Brazilian bank system to deploy phishing applications mimicking the Bank’s operations. The movement towards the Web generated a profusion of JAVA-based malware never seen elsewhere, as the Brazilian bank systems were JAVA-based. Recently, with the emergence of mobile devices, prepaid data plans with free Whatsapp access motivated the deployment of banks-powered Whatsapp-based banking transactions. Are we prepared to handle these scenarios or are we overlooking them? Furthermore, these likely-overlooked scenarios might not be limited to Brazil, but these attacks might have already been happening elsewhere. Therefore, I invite you to come with me to take a look at a dataset of more than 40 thousand unique malware samples collected in Brazil over 7 years to understand what we missed by not looking at regionalized threats. This talk is a call to action for more personalized threat models and security evaluations.