Welcome to the web page for security and cryptography research in the Department of Computer Science and Engineering at the University of California at San Diego. Our group conducts research in areas spanning from theory to practice: we work on the theoretical foundations of cryptography; the development and analysis of cryptographic protocols and algorithms; and on applied cryptography, systems security, and network security. In line with our broad security-related research interests, we are affiliated and actively collaborate with the Theory Group, Programming Systems and the Systems and Networking Group here at UCSD.
| People | News | Publications | Sponsors |
|
kc claffy Kamalika Chaudhuri Christian Dameff Ranjit Jhala |
Ryan Kastner Sorin Lerner Nadia Polikarpova Steven Swanson |
Dean Tullsen Yiying Zhang Yuanyuan Zhou |
|
Cindy Moore |
Gabrielle De Micheli |
Doreen Riepel |
|
Alexis Morales Flores |
|
Keegan Ryan (Ph.D. 2025)
|
Leo Cao (M.S. 2024)
→ University of Wisconsin Ph.D. program
Annie Dai (B.S. 2023)
→ University of Maryland Ph.D. program
Grant Ho (postdoc 2021-2023)
→ University of Chicago |
|
June 09— Congrats to Keegan Ryan, award-winning storyteller, for defending his dissertation, "Practical Lattice-based Algorithms for Cryptanalysis"! |
| June 04— Congrats to Evan Johnson for defending his dissertation, "Verifiably Secure Software Sandboxing"! Evan came to us from Illinois, refined his inner chill over six years here in SoCal, and is now off to try the other coast as an Asst Professor at NYU. Congrats and good luck Evan! |
| March 17— Welcome home to Hovav Shacham who, after seven years in the Lone Star state, has returned to become part of the UCSD constallation again. Hovav rejoins us officially in July and we're all super happy to have him back! |
|
|
November 4— CSE alumni Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirilll Levchenko and Damon McCoy, along with Geoff Voelker and Stefan Savage received the ACM IMC Test of Time award today for their 2013 paper A Fistful of Bitcoins: Characterizing Payments Among Men with No Names which is credited with helping to establish the technique of cryptocurrency tracing (the core part of this story is told in Andy Greenberg's book, "Tracers in the Dark", as well as a summary article he wrote in Wired this year). Congrats to Sarah and all her collaborators! |
| October 17— Another press burst for Earlence Fernandes and collaborators, this time for work showing how malicious prompts can be used to exfiltrate user information. Read the Wired story or visit the paper website to learn more. |
| October 9— Congratulations to Keegan Ryan, George Sullivan, Nadia Heninger, and Kaiwen He for winning the 2024 CSAW Applied Research Award for "Most Notable Paper: Technical Impact" for their CCS 2023 paper, Passive SSH Key Compromise via Lattices. |
|
|
August 14— Wide coverage this week of MakeShift, the WOOT paper by Earlence Fernandes and his co-authors that demonstrates remote wireless takeover of Shimano bicycle shifters. This includes a feature by Andy Greenberg at Wired and an TV interview of Earlence at KBPS. Congrats Earlence! |
| August 6— Another congrats is in order for Nadia Heninger and faculty alumn Hovav Shacham whose 2009 CRYPTO paper "Reconstructing RSA Private Keys from Random Key Bits" has won this year's IACR Test-of-Time award. This is the paper that showed how to recover RSA private keys using a modest random subset of its bits. |
|
|
July 9— Congrats to Nadia Heninger, students Miro Haller and Adam Suhl and their collaborators for their discovery of the Blast-RADIUS vulnerability in the RADIUS authentication, authorization and accounting (AAA) protocol. The associated paper will appear at USENIX Security and involves a chosen-prefix MD5 attack allowing attackers to synthesize Access-Accept messages without any knowledge of the underlying secret key. RADIUS is widely deployed in network equipment in ISPs, enterprises and in a variety of industrial settings and there has been significant work behind the scenes to provide fixed and/or mitigated updates to many thousands of systems before this work was made public. An amazing bit of work all around! |
Somesite I Used To Crawl: Awareness, Agency and Efficacy in Protecting Content Creators From AI Crawlers, , Proceedings of the ACM Internet Measurement Conference (IMC), Madison, Wisconsin, October 2025.
Characterizing the MrDeepFakes Sexual Deepfake Marketplace, , Proceedings of the USENIX Security Symposium, Seattle, WA, August 2025.
Understanding the Efficacy of Phishing Training in Practice, , Proceedings of the IEEE Symposium on Security and Privacy, May 2025.
An Empirical Analysis on the Use and Reporting of National Security Letters, , Proceedings of ACM Sympoisum on Computer Science and Law (CSLAW), Munich, Germany, March 2025.
Characterizing the Networks Sending Enterprise Phishing Emails, , Proceedings of the Passive and Active Measurement Conference (PAM), Virtual, March 2025.
On the Semidirect Discrete Logarithm Problem in Finite Groups, , Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.
The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs, , Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.
Count Corruptions, Not Users: Improved Tightness for Signatures, Encryption and Authenticated Key Exchange, , Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.
Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption, , IACR Journal of Cryptology 37(4), December 2024.
Succinctly-Committing Authenticated Encryption, , Proceedings of Crypto 2024, Santa Barbara, CA, August 2024.
Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates, , Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.
RADIUS/UDP Considered Harmful, , Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.
Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem, , Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.
Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, , Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.
Experimental Security Analysis of Sensitive Data Access by Browser Extensions, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
Unfiltered: Measuring Cloud-based Email Filtering Bypasses, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior, , Proceedings of the Web Conference (WWW), Singapore, May 2024.
PressProtect: Helping Journalists Navigate Social Media in the Face of Online Harassment, , Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing, October 2024.
Specious sites: Tracking the spread and sway of spurious news stories at scale, , Proceedings of the IEEE Symposium on Security and Privacy, May 2024.
Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, , Proceedings of the IEEE Symposium on Security and Privacy, May 2024.
On the Possibility of a Backdoor in the Micali-Schnorr Generator, , Proceedings of PKC 2024, May 2024.
Survey: Recovering cryptographic keys from partial information, by example., , IACR Communications in Cryptology 1(1), April 2024.
Scalable Metadata-Hiding for Privacy Preserving IoT Systems, , Proceedings on Privacy Enhanding Technologies Symposium, Bristol, UK, July 2024.
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles, , Proceedings of the USENIX WOOT Conference on Offensive Technologies (WOOT), Philadelphia, PA, August 2024.
Stateful Least Privilege Authorization for the Cloud, , Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.
 CalIT(2) |
|
|
|