Security and Cryptography

Welcome to the web page for security and cryptography research in the Department of Computer Science and Engineering at the University of California at San Diego. Our group conducts research in areas spanning from theory to practice: we work on the theoretical foundations of cryptography; the development and analysis of cryptographic protocols and algorithms; and on applied cryptography, systems security, and network security. In line with our broad security-related research interests, we are affiliated and actively collaborate with the Theory Group, Programming Systems and the Systems and Networking Group here at UCSD.

People  |   News  |   Publications  |   Sponsors
Faculty
Mihir Bellare
Earlence Fernandes
Nadia Heninger
Russell Impagliazzo
Deepak Kumar
Daniele Micciancio
Imani Munyaka
Stefan Savage
Aaron Schulman
Alex C. Snoeren
Deian Stefan
Geoffrey M. Voelker
Affiliated Faculty
kc claffy
Kamalika Chaudhuri
Christian Dameff
Ranjit Jhala
Ryan Kastner
Sorin Lerner
Nadia Polikarpova
Steven Swanson
Dean Tullsen
Yiying Zhang
Yuanyuan Zhou
Scientists, Postdocs and Research Staff
Cindy Moore
Gabrielle De Micheli
Doreen Riepel
PhD Students
Alex Bellon
Andrey Bozhko
Miro Haller
Evan Johnson
Andrey Labunets
Enze Alex Liu
Elisa Luo
Luoxi Meng
Nishit Pandya
Rishabh Ranjan
Sumanth Rao
Keegan Ryan
Mark Schultz
Laura Shea
Michael Smith
Adam Suhl
George Sullivan
David Thien
Alisha Ukani
MS Students
Alexis Morales Flores
Katherine Izhikevich
Jay Jhaveri
Recent Alumni

Nishant Bhaskar (Ph.D. 2023) MQ Prime
Hannah Davis (Ph.D. 2023) Seagate
Grant Ho (postdoc 2021-2023) University of Chicago
Alex Marder (postdoc 2019-2020, Res. Scientist 2020-2023)Johns Hopkins University
Ariana Mirian (Ph.D. 2023) Censys
Audrey Randall (Ph.D. 2023) Google
Daniel Moghimi (postdoc 2020-2022) UT Austin
Shravan Narayan (Ph.D. 2022) UT Austin
Sam Crow (Ph.D. 2022) Meta
Bingyu Shen (Ph.D. 2022) Meta
John Renner (Ph.D. 2022) Cubist
Gautam Akiwate (Ph.D. 2022) Stanford postdoc
Jessica Sorrell (Ph.D. 2022) UPenn postdoc
Craig Disselkoen (Ph.D. 2022) → Amazon

Annie Dai (B.S. 2023) University of Maryland Ph.D. program
Kaiwen He (B.S. 2023) MIT Ph.D. program
Isabel Suizo (B.S. 2022) GoogleCMU Ph.D. program
[All Alumni]
Recent News

December 9— As the year draws to a close, we'd like to reflect and recognize all the success this year: six best paper awards (almost a quarter of our papers won awards this year), four completed dissertations, a new faculty member (welcome Deepak!), an NSF Career award and a $9.5M ARPA-H grant -- not too bad for a year. Congrats everyone!

Christian Dameff and Jeff Tulley October 2— The Advanced Research Projects Agency for Health (ARPA-H) has announced a $9.5 dollar award to UC San Diego to develop new ways to mitigate ransomware attacks on hospitals. This effort, led by Christian Dameff and Jeff Tulley, is joint between UCSD Health and the UCSD School of Engineering (notably our own Aaron Schulman, Geoff Voelker, and Stefan Savage) and is just the latest to come out of a long standing collaboration in this space. Congrats everyone!

August 29— Congrats to our own Aaron Schulman for his recent NSF CAREER grant and for his promotion to tenured associate professor. Congrats! Aaron Schulman

August 22— Congrats (again) to Keegan Ryan and Nadia Heninger for their Best Paper award at the 2023 Crypto for Fast Practical Lattice Reduction through Iterated Compression!!

Nishant Bhaskar July 24— Congratulations to Nishant Bhaskar for defending his dissertation, "An Empirical Approach to Securing Wireless Access Links in Urban Areas". Nishant's unique research had him driving across Souther California and brought him in touch with both industry and government (special thanks to the folks from USSS who attended the defense). He'll next be doing crazy wireless things at MQ Prime. Congrats Nishant!

July 4— Congratulations to Enze "Alex" Liu (and co-authors) for winning the Best Paper award at the 2023 IEEE Symposium on Security and Privacy (Euro S&P) for their work on insecurities in e-mail forwarding frameworks and implimentations. UCSD put out a nice summary of the work here. Euro Security and Privacy award for

Deepak Kumar June 5— Welcome to Deepak Kumar who will join us as an Assisstant Professor starting in July 2024! Deepak got his Ph.D. at the University of Illinois, has been hunkering down as a Postdoc at Stanford during the pandemic, and is doing fascinating work around online abuse and safety. We are all looking forward to working with him next year!

May 26— Congratulations to Grant Ho for his appointment as Assistant Professor in Computer Science at the University of Chicago. Grant was part of the inaugural class of the CSE Fellows postdoctoral program and was a joy to work with these last few years. Congrats and best of luck! Grant Ho

Audrey Randall May 18— Congratulations to Audrey Randall who defended her dissertation today, "Names to Conjure With: Measuring and Combating Online Adversaries by Studying Their Use of Naming System". As one of many firsts during her time with us, Audrey premiered as post-defense music video reflecting on her time at UCSD. Audrey will bring her talents to Google and we wish her the best. Congrats!

May 22— And finally Congrats to Hosein Yavarzadeh (and co-authors) for the third IEEE S&P Distinguished Paper Award of the season for their work on Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution!

Evan Johnson at Oakland May 22— Congrats to Evan Johnson (and co-authors) for winning the IEEE S&P Distinguished Paper Award for WaVe: a verificable secure WebAssembly sandboxing runtime further shrinking the trusted computing base for Wasm! Evan Johnson at Oakland2

May 22— Congrats to Miro Haller (and co-authors) for their paper, MEGA: Malleable Encrypto Goes Awry which received the IEEE S&P Distinguished Paper Award!

May 8— Keegan Ryan and Nadia Heninger receive the best paper award at the International Conference on Practice and Theory in Public Key Cryptoigraphy (PKC) for The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications. Congrats!

April 21— Congratulations to Ariana Mirian who gave a spirited defense of her dissertation, "Prioritizing Security Practices via Large-Scale Measurement of User Behavior". This was quite an event, filling room 1242 and with well-wishers from four different universities and a gaggle of companies online for the festivities. Ariana will be joining Censys in the Fall and we are looking forward to seeing what she does next. Congrats! Ariana Mirian

Katherine Izhikevich April 11— Congratulations to Katherine Izhikevich for receiving the 2023 Stephen L. Squires SWSIS Scholarship administered by Applied Computer Security Associates (ACSA) and the CRA. Congrats!

February 7— Congratulations to Stefan Savage for his election to the National Academy of Engineering! Stefan Savage
[All News]
Recent Publications

Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, Katherine Izhikevich, Geoffrey M. Voelker, Stefan Savage, and Liz Izhikevich, Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.

Unfiltered: Measuring Cloud-based Email Filtering Bypasses, Sumanth Rao, Enze Liu, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Web Conference (WWW), Singapore, May 2024.

The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior, Asuman Senol, Alisha Ukani, Dylan Cutler, and Igor Bilogrevic, Proceedings of the Web Conference (WWW), Singapore, May 2024.

Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Alexender Redding, Han Zhao, Aaron Schulman, and Dinesh Bharadia, Proceedings of the IEEE Symposium on Security and Privacy, May 2024.

Architecting Trigger-Action Platforms for Security, Performance and Functionality, Deepak Siron Jegan, Michael Swift, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

On Precisely Detecting Censorship Circumvention in Real-World Networks, Ryan Wails, George Arnold Sullivan, Micah Sherr, and Rob Jansen, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning, Ashish Hooda, Andrey Labunets, Tadayoshi Kohno, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Please Act Now: an Empirical Analysis of Enterprise-Wide Mandatory Password Updates, Ariana Mirian, Grant Ho, Stefan Savage, and Geoffrey M. Voelker, Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.

Fast Practical Lattice Reduction through Iterated Compression, Keegan Ryan and Nadia Heninger, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023. (Best paper award).

When Messages are Keys: Is HMAC a Dual-PRF?, Matilda Backendal, Mihir Bellare, Felix Gunther, and Matteo Scarlata, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Reductions from Module Lattices to Free Module Lattices, and Application to Dequantizing Module-LLL, Gabrielle De Micheli, Daniele Micciancio, Alice Pellet-Mary, and Nam Tran, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Error Correction and Ciphertext Quantization in Lattice Cryptography, Daniele Micciancio and Mark Schultz, Proceedings of Crypto 2023, Santa Barbara, CA, August 2023.

Access Denied: Assessing Physical Risks to Internet Access Networks, Alexander Marder, Zesen Zhang, Ricky Mok, Ramakrishna Padmanabhan, Bradley Huffaker, Matthew Luckie, Alberto Dainotti, kc claffy, Alex C. Snoeren, and Aaron Schulman, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

Improving Logging to Reduce Permission Over-Granting Mistakes, Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

HECO: Fully Homomorphic Encryption Compiler, Alexander Viand, Patrick Jattke, Miro Haller, and Anwar Hithnawi, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

MultiView: Finding Blind Spotsin Access-Deny Issues, Bingyu Shen, Tianyi Shan, and Yuanyuan Zhou, Proceedings of the USENIX Security Symposium, Anaheim, CA, August 2023.

Understanding the Viability of Gmail’s Origin Indicator for Identifying the Sender, Enze Liu, Lu Sun, Alex Bellon, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Imani N. S. Munyaka, Proceedings of the Sympsoium on Useable Privacy and Security, Anaheim, CA, August 2023.

In the Line of Fire: Risks of DPI-triggered Data Collection, Ariana Mirian, Alisha Ukani, Ian Foster, Gautam Akiwate, Taner Halicioglu, Cindy Moore, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, Proceedings of Workshop on Cyber Security Experimentation and Test (CSET), Marina del Rey, CA, August 2023.

No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps, Enze Liu, Sumanth Rao, Sam Havron, Grant Ho, Stefan Savage, Geoffrey M. Voelker, and Damon McCoy, Proceedings on Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, July 2023.

Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy, Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the IEEE European Symposium on Security and Privacy, Delft, The Netherlands, July 2023. (Best paper award).

WaVe: a Verifiably Secure WebAssembly Sandboxing Runtime, Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, and Fraser Brown, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution, Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, and Dean Tullsen, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

MEGA: Malleable Encryption Goes Awry, Matilda Backendal, Miro Haller, and Kenneth G. Paterson, Proceedings of the IEEE Symposium on Security and Privacy, May 2023. (Distinguished Paper Award).

The Hidden Number Problem with Small Unknown Multipliers: Cryptanalyzing MEGA in Six Queries and Other Applications, Keegan Ryan and Nadia Heninger, Proceedings of PKC 2023, May 2023. (Best Paper Award).

Hardening Signature Schemes via Derive-then-Derandomize: Stronger Security Proofs for EdDSA, Mihir Bellare, Hanna Davis, and Zijing Dai, Proceedings of PKC 2023, May 2023.

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, Christian Dameff, Jeffrey Tully, Theodore C. Chan, Edward M. Castillo, Stefan Savage, Patricia Maysent, Thomas M. Hemmen, Brian J. Clay, and Christopher A. Longhurst, JAMA Network Open 6(5):e2312270-e2312270, 2023.

Efficient FHEW Bootstrapping with Small Evaluation Keys, and Applications to Threshold Homomorphic Encryption, Yongwoo Lee, Daniele Micciancio, Andrey Kim, Rakyong Choi, Maxim Deryabin, Jieun Eom, and Donghoon Yoo, Proceedings of Eurocrypt 2023, Lyon, France, April 2023.

Flexible Password-Based Encryption: Securing Cloud Storage and Provably Resisting Partitioning-Oracle Attacks, Mihir Bellare and Laura Shea, The Cryptographers' Track at the RSA Conference 2023, San Francisco, April 2023.

TagAlong: Free, Wide-Area Data-Muling and Services, Alex Bellon, Alex Yen, and Pat Pannuto, Proceedings of International Workshop on Mobile Computing Systems and Applications (HotMobile), Newport Beach, CA, 2023.

Going Beyond the Limits of SFI: Flexible Hardware-Assisted In-Process Isolation with HFI, Shravan Naryan, Tal Garfinkel, Mohammadkazem Taram, Joey Rudek, Daniel Moghimi, Evan Johnson, Chris Fallin, Anjo Vahldiek-Oberwagner, Michael LeMay, Ravi Sahita, Dean Tullsen, and Deian Stefan, Proceedings of the 28th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Vancouver, Canada, March 2023. (Distinguished Paper Award).

[All Publications]
Affiliations
Center for Networked Systems (CNS)         Cooperative Association for Internet Data Analysis (CAIDA)       San Diego Super Computer Center (SDSC)        California Institute for Telecommunications and Information Technology (Cal-IT2) CalIT(2)
Sponsors