Security and Cryptography

Welcome to the web page for security and cryptography research in the Department of Computer Science and Engineering at the University of California at San Diego. Our group conducts research in areas spanning from theory to practice: we work on the theoretical foundations of cryptography; the development and analysis of cryptographic protocols and algorithms; and on applied cryptography, systems security, and network security. In line with our broad security-related research interests, we are affiliated and actively collaborate with the Theory Group, Programming Systems and the Systems and Networking Group here at UCSD.

People  |   News  |   Publications  |   Sponsors
Faculty
Mihir Bellare
Earlence Fernandes
Alex Gantman
Nadia Heninger
Deepak Kumar
Qipeng Liu
Daniele Micciancio
Imani Munyaka
Stefan Savage
Aaron Schulman
Alex C. Snoeren
Deian Stefan
Geoffrey M. Voelker
Affiliated Faculty
kc claffy
Kamalika Chaudhuri
Christian Dameff
Ranjit Jhala
Ryan Kastner
Sorin Lerner
Nadia Polikarpova
Steven Swanson
Dean Tullsen
Yiying Zhang
Yuanyuan Zhou
Scientists, Postdocs and Research Staff
Cindy Moore
Gabrielle De Micheli
Doreen Riepel
PhD Students
Arshia Arya
Alex Bellon
Paul Chung
Miro Haller
Katherine Izhikevich
Evan Johnson
Seoyoung Kweon
Andrey Labunets
Enze Alex Liu
Elisa Luo
Luoxi Meng
Nishit Pandya
Rishabh Ranjan
Sumanth Rao
Keegan Ryan
Mark Schultz
Laura Shea
Ye Shu
Michael Smith
Adam Suhl
George Sullivan
David Thien
Alisha Ukani
Haodi Zou
MS Students
Alexis Morales Flores
Recent Alumni

Nishant Bhaskar (Ph.D. 2023) MQ Prime
Hannah Davis (Ph.D. 2023) Seagate
Ariana Mirian (Ph.D. 2023) Censys
Audrey Randall (Ph.D. 2023) Google
Daniel Moghimi (postdoc 2020-2022) UT Austin
Shravan Narayan (Ph.D. 2022) UT Austin
Sam Crow (Ph.D. 2022) Meta
Bingyu Shen (Ph.D. 2022) Meta
John Renner (Ph.D. 2022) Cubist
Gautam Akiwate (Ph.D. 2022) Stanford postdoc
Jessica Sorrell (Ph.D. 2022) UPenn postdoc
Craig Disselkoen (Ph.D. 2022) → Amazon

Leo Cao (M.S. 2024) University of Wisconsin Ph.D. program

Annie Dai (B.S. 2023) University of Maryland Ph.D. program
Kaiwen He (B.S. 2023) MIT Ph.D. program
Isabel Suizo (B.S. 2022) GoogleCMU Ph.D. program

Grant Ho (postdoc 2021-2023) University of Chicago
Alex Marder (postdoc 2019-2020, Res. Scientist 2020-2023)Johns Hopkins University

[All Alumni]
Recent News

October 17— Another press burst for Earlence Fernandes and collaborators, this time for work showing how malicious prompts can be used to exfiltrate user information. Read the Wired story or visit the paper website to learn more.

Earlence Fernandes August 14— Wide coverage this week of MakeShift, the WOOT paper by Earlence Fernandes and his co-authors that demonstrates remote wireless takeover of Shimano bicycle shifters. This includes a feature by Andy Greenberg at Wired and an TV interview of Earlence at KBPS. Congrats Earlence!

August 6— Another congrats is in order for Nadia Heninger and faculty alumn Hovav Shacham whose 2009 CRYPTO paper "Reconstructing RSA Private Keys from Random Key Bits" has won this year's IACR Test-of-Time award. This is the paper that showed how to recover RSA private keys using a modest random subset of its bits. International Association for Cryptologic Research

Nadia Heninger July 9— Congrats to Nadia Heninger, students Miro Haller and Adam Suhl and their collaborators for their discovery of the Blast-RADIUS vulnerability in the RADIUS authentication, authorization and accounting (AAA) protocol. The associated paper will appear at USENIX Security and involves a chosen-prefix MD5 attack allowing attackers to synthesize Access-Accept messages without any knowledge of the underlying secret key. RADIUS is widely deployed in network equipment in ISPs, enterprises and in a variety of industrial settings and there has been significant work behind the scenes to provide fixed and/or mitigated updates to many thousands of systems before this work was made public. An amazing bit of work all around!

Stefan Savage January 31— Congrats to Stefan Savage, Taylor Berg-Kirkpatrick (and Geoff Voelker, the application form only allowed two names) and their students for receiving one of the first Google "Trust and Safety" Research Awards for their work focused on using Large Language Models in scam honeypots. And we hear they wrote the proposal without any help from AI! Taylor Berg-Kirkpatick

December 9— As the year draws to a close, we'd like to reflect and recognize all the success this year: six best paper awards (almost a quarter of our papers won awards this year), four completed dissertations, a new faculty member (welcome Deepak!), an NSF Career award and a $9.5M ARPA-H grant -- not too bad for a year. Congrats everyone!
[All News]
Recent Publications

Understanding the Efficacy of Security Training in Practice, Grant Ho, Ariana Mirian, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the IEEE Symposium on Security and Privacy, May 2025.

On the Semidirect Discrete Logarithm Problem in Finite Groups, Christopher Battarbee, Giacomo Borin, Ryann Cartor, Nadia Heninger, David Jao, Laura Maddison, Edoardo Persichetti, Angela Robinson, Daniel Smith-Tone, and Rainer Steinwandt, Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.

The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs, Mihir Bellare, Rishabh Ranjan, Doreen Riepel, and Ali Aldakheel, Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.

Count Corruptions, Not Users: Improved Tightness for Signatures, Encryption and Authenticated Key Exchange, Mihir Bellare, Doreen Riepel, Stefano Tessaro, and Yizhao Zhang, Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.

Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption, Mihir Bellare and Anna Lysyanskaya, IACR Journal of Cryptology 37(4), December 2024.

Succinctly-Committing Authenticated Encryption, Mihir Bellare and Biet Tung Hoang, Proceedings of Crypto 2024, Santa Barbara, CA, August 2024.

Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates, Enze Liu, George Kappos, Eric Mugnier, Luca Invernizzi, Stefan Savage, David Tao, Kurt Thomas, Geoffrey M. Voelker, and Sarah Meiklejohn, Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.

RADIUS/UDP Considered Harmful, Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl, Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.

Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem, Gabrielle Beck, Harry Eldridge, Matthew Green, Nadia Heninger, and Abhishek Jain, Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.

Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, Katherine Izhikevich, Geoffrey M. Voelker, Stefan Savage, and Liz Izhikevich, Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.

Experimental Security Analysis of Sensitive Data Access by Browser Extensions, Rishabh Khandelwal, Asmit Nayak, Earlence Fernandes, and Kassem Fawaz, Proceedings of the Web Conference (WWW), Singapore, May 2024.

Unfiltered: Measuring Cloud-based Email Filtering Bypasses, Sumanth Rao, Enze Liu, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Web Conference (WWW), Singapore, May 2024.

The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior, Asuman Senol, Alisha Ukani, Dylan Cutler, and Igor Bilogrevic, Proceedings of the Web Conference (WWW), Singapore, May 2024.

PressProtect: Helping Journalists Navigate Social Media in the Face of Online Harassment, Catherine Han, Anne Li, Deepak Kumar, and Zakir Durumeric, Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing, October 2024.

Watch Your Language: Investigating Content Moderation with Large Language Models, Deepak Kumar, Yousef Anees AbuHashem, and Zakir Durumeric, Proceedings of the international AAAI conference on Web and social media, june 2024.

Specious sites: Tracking the spread and sway of spurious news stories at scale, Hans WA Hanley, Deepak Kumar, and Zakir Durumeric, Proceedings of the IEEE Symposium on Security and Privacy, May 2024.

Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Alexender Redding, Han Zhao, Aaron Schulman, and Dinesh Bharadia, Proceedings of the IEEE Symposium on Security and Privacy, May 2024.

On the Possibility of a Backdoor in the Micali-Schnorr Generator, Hannah Davis, Matthew D. Green, Nadia Heninger, Keegan Ryan, and Adam Suhl, Proceedings of PKC 2024, May 2024.

Survey: Recovering cryptographic keys from partial information, by example., Gabrielle De Micheli and Nadia Heninger, IACR Communications in Cryptology 1(1), April 2024.

Network Topology Facilitates Internet Traffic Control in Autocracies, Eda Keremoğlu, Nils B. Weidmann, Alexander Gamero-Garrido, Esteban Carisimo, Alberto Dainotti, and Alex C. Snoeren, pnasnex 3(3), March 2024.

Architecting Trigger-Action Platforms for Security, Performance and Functionality, Deepak Siron Jegan, Michael Swift, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

On Precisely Detecting Censorship Circumvention in Real-World Networks, Ryan Wails, George Arnold Sullivan, Micah Sherr, and Rob Jansen, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning, Ashish Hooda, Andrey Labunets, Tadayoshi Kohno, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Scalable Metadata-Hiding for Privacy Preserving IoT Systems, Yunang Chen, David Heath, Rahul Chatterjee, and Earlence Fernandes, Proceedings on Privacy Enhanding Technologies Symposium, Bristol, UK, July 2024.

MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles, Maryam Motallebighomi, Earlence Fernandes, and Aanjhan Ranganathan, Proceedings of the USENIX WOOT Conference on Offensive Technologies (WOOT), Philadelphia, PA, August 2024.

Stateful Least Privilege Authorization for the Cloud, Leo Cao, Luoxi Meng, Deian Stefan, and Earlence Fernandes, Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.

An Empirical Analysis of Enterprise-Wide Mandatory Password Updates, Ariana Mirian, Grant Ho, Stefan Savage, and Geoffrey M. Voelker, Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, Christian Dameff, Jeffrey Tully, Theodore C. Chan, Edward M. Castillo, Stefan Savage, Patricia Maysent, Thomas M. Hemmen, Brian J. Clay, and Christopher A. Longhurst, JAMA Network Open 6(5):e2312270-e2312270, 2023.

TagAlong: Free, Wide-Area Data-Muling and Services, Alex Bellon, Alex Yen, and Pat Pannuto, Proceedings of International Workshop on Mobile Computing Systems and Applications (HotMobile), Newport Beach, CA, 2023.

[All Publications]
Affiliations
Center for Networked Systems (CNS)         Cooperative Association for Internet Data Analysis (CAIDA)       San Diego Super Computer Center (SDSC)        California Institute for Telecommunications and Information Technology (Cal-IT2) CalIT(2)
Sponsors