PET Award! (almost)

August 19, 2009

The PET Award for Outstanding Research in Privacy Enhancing Technologies this year went to two really cool papers on differential privacy. Check out the papers by Cynthia Dwork and Frank McSherry and Kunal Talwar (Microsoft Research).

My coauthors and I feel honored to have two of our papers listed as runners-up for the award! BLAC and PEREA address the topic of accountable anonymity, where users can authenticate to services anonymously, and services can blacklist anonymous users without knowing who they are (there are no trusted parties who can identify users either). Services can  blacklist users for whatever reason, and users don’t care because their privacy is not affected, thus striking a balance between anonymity and accountability.


Read-Only Switch for External Hard Drives

July 31, 2008

As a followup to my recent post on backups, let’s say you use an external hard drive to make backups. If you’ve had some malware blow away your data on your local hard drive, you now want to be extremely careful while handling your backup copy. I certainly wouldn’t want to mount my external hard drive with the risk of malware deleting my only available backup (even if I were careful about cleaning up malware from my system). It would be comforting if I could flip a switch and make the external hard drive read-only after I’ve experienced data loss. 

Back in the day, floppy disks had such a feature, and so did Zip disks. I wish this were a standard feature on external hard drives. And no, “mount as read-only” (which is a software solution) does not count.

Off-Site Backups

July 30, 2008

I constantly worry about backing up my (precious) photos. A local backup (such as an external drive or Apple’s Time Capsule) isn’t sufficient because my house could burn down. I just heard of a real example (thanks David Kotz) where a power surge fried both the computer and the external hard drives! So, I’m on a quest for the perfect off-site network backup service.

At the moment I’m using two services: Mozy Backup and Jungle Disk. At the surface, Mozy seems like a perfect solution: $5/month for unlimited storage. Jungle Disk uses Amazon’s Simple Storage Service (S3), which charges pretty reasonable rates for storage and transfer. You can check out Jungle Disk’s website for the rundown. What I’ve concluded for now is that Jungle Disk provides more reliable transfers, but Mozy is perhaps more reliable with storing the data itself.

Transfer Rates

Unfortunately, I’ve been getting unpredictable upload speeds with Mozy, and am now no longer confident that my data is getting backed up in a timely fashion. If I shoot 1GB worth of photos, it could be a long time before it gets backed up on Mozy. Just last night, uploading 40MB took Mozy 1 hour and 18 minutes. This is not a scientific comparison, but Jungle Disk took 8 minutes the previous night, for the same amount of data at approximately the same time. In general, Jungle Disk has been (relatively) blazing fast because uploads to Amazon S3 seem to be limited by my uplink bandwidth. Mozy on the other hand is probably being swamped at their end. All in all, I’m very disappointed with my upload speeds to Mozy.

Network Drive

Mozy backs up your data but doesn’t give you a network-mounted drive. Jungle Disk gives you a mounted drive for both your backups and other data. I’ve found it useful for clearing up space on my laptop without having to use an external drive. But I feel that network drives pose a serious problem:

Reliability with Restores

What worries me the most about Jungle Disk is that it is very easy to lose all your backed-up data. For example, a virus or a Trojan could blow away your local files as well as your backup directory on your mounted Jungle Disk volume. Mozy on the other hand would have their version archive intact even if a virus were to delete all my files. Backing up to mounted volumes is thus quite risky.

Now, it turns out that Jungle Disk doesn’t need to actually mount the volume to backup your data, thus mitigating that risk. Still, nothing prevents a virus or Trojan from deleting all your data the moment you mount the volume. If you’re worried about this threat, don’t use Jungle Disk as a network-mounted drive. I think Jungle Disk should make it difficult to delete the version archive, perhaps by requiring an admin password to change the version archive on a mounted disk. 


So for now, I’m going to stick with both services. Jungle Disk seems to be a better backup solution if you’re worried about fires. Mozy seems to be better if you’re worried about malware.

Digitized Signatures

July 24, 2008

At several grocery stores, I have to sign my credit-card receipt on a “signature capture pad” such as this one. My signature is stored in digital form “affixed” somehow to the receipt. What purpose does that serve? With ink signatures on paper receipts, it is hard to forge or transfer signatures onto bogus receipts. But as for digitized signatures, what prevents the grocery store from “affixing” my digitized signature onto any other arbitrary receipt?

A client could be duped by the store with bogus charges. The store could be duped by a client claiming that he or she never signed that particular receipt.

If the courts assume that these capture pads are trusted devices and that it would take too much trouble to store and paste signatures onto fake receipts, the store wins, and the client is at the mercy of his or her credit card company. On the other hand, I am often amused by how terrible my signature appears on such capture pads. Perhaps clients have an easy out in that case, since the captured signatures look far from authentic.

Phone Phishing

June 12, 2008

I was particularly tickled by the following User Friendly comic today:

I have actually received such a call (purportedly) from Sprint, asking me to verify my social security number. When I told the caller that I had no way of knowing whether he worked for Sprint, he was quite dumbfounded. Perhaps he did work for Sprint, I’m not sure, but companies need to stop making such calls. Otherwise, they just train users to get phished. The same argument applies to emails with links that take you to a page with the ability to login.

Moral: Don’t trust the other end with personal information unless you make the phone call yourself.

Sergey Bratus, a colleague, has a nice discussion on this issue and how it translates to behavior in the online world: see the section on “Making the Call” in his recent article [1].


[1] Bratus, Sergey; Masone, Chris; Smith, Sean W., “Why Do Street-Smart People Do Stupid Things Online?,” Security & Privacy, IEEE , vol.6, no.3, pp.71-74, May-June 2008.

Is your SSL Connection Secure?

June 9, 2008

You type in the URL yourself, being sure to start with ‘https’. After loading the page, you check for the lock icon.  You click on it, just to be certain, and examine the certificate chain. You look for the root certificate in the chain, and observe that the SSL connection is blessed by Verisign (whom you trust to issue certificates judiciously). You pat yourself on the back for being so savvy, and then go about your private business on the “secure” page. 

But how can you be certain that your web browser isn’t a Trojan, simply faking it all? An intermediate router (such as a free wireless access point, or your employer’s gateway) could recognize that you’re downloading Firefox, and promptly send you a Trojan version instead. If that’s the case, your trust in the browser is misplaced, and you have more to worry about than just insecure SSL connections.

Several questions to consider: Did you download your browser over a secure SSL connection? How do you know it was a secure connection? Do you trust your older browser that made that SSL connection? Or alternatively, did you verify the md5/SHA-1 hash of the downloaded binary? How do you know whether the hash you’re comparing it against is authentic? Did you use an “out-of-band” channel to obtain the true hash? Does your operating system have built-in support for secure downloads? Does it verify the download of your browser?

Now, if you’re really paranoid, you have to ask yourself whether you trust the compiler that compiled your browser. See Ken Thompson’s excellent exposition on this topic if you want to turn truly despondent [1].



[1] Ken Thompson, Reflections on Trusting Trust. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.

Account Hijacking

May 15, 2008

Recently, a Nigerian scammer gained access to my mother’s free email account. Perhaps he guessed her password, or easier still, her secret question. Masquerading as my mother (identity theft!), he then tried to get money from people in her address book (see email transcript below). Seems like an effective scam, judging by the number of people who were ready to wire the money to Nigeria! 

In any case, the scammer had completely taken over her account, and all our attempts to regain access were fruitless. Of course, the scammer had already changed the security question, so we were unable to complete the automated procedure to regain access. And what are the admins to do anyway? How does one prove rightful ownership of a hijacked account when the hijacker has gone ahead and changed all the profile information?

Long story short, you might wake up one morning, only to find that you’ve lost access to all your stored messages and online address book. I suspect that many folks don’t make local backups of their email folders because they trust the (free) online services to have reliable storage, and believe that their passwords are safe. But even the smartest of folks can have their passwords phished. A colleague of mine, a security researcher, was tricked into revealing his password by way of a link that was injected into his ongoing instant-messaging chat window! He too lost access to his email account. You can never be too safe. (Update: I too got phished in a moment of weakness. Sigh. Luckily I realized this immediately, and changed my password before I lost all access to my account).

I think we should all give this scenario a moment’s thought. What would you do if one of your online accounts was hijacked? Is there a fail-safe procedure to regain access? Personally, I’d rather stick to my university email account, because my trusty sysadmin can restore access if needed. But what if your online bank account was hijacked? Will your bank refund any money siphoned out of your account? What’s the fine print on their “money back guarantee”?


Here’s a resource by Carnegie Mellon University to get you started:

Here’s an interesting podcast about identity theft in general (The featured guest is Frank Abagnale, for those of you familiar with the film Catch Me If You Can.):

Email transcript

Please i am in a hurry writing this mail, I’m presently in  Nigeria for an Educational program and i have gotten myself stranded here please could you help me with $3,500 and i will return it as soon as i return.Please i wait to hear from you soon as to send you the information on how to send the money through Western Union or Money Gram,Please keep this between us until i return. i will like you to reply in English Because i am sending this mail from a near by city library here and it only shows mail written in English..

I wait to hear from you soon.