UCSD CSE -- Security and Cryptography

Faculty

Mihir Bellare
Earlence Fernandes
Alex Gantman
Nadia Heninger
Deepak Kumar

Qipeng Liu
Daniele Micciancio
Imani Munyaka
Stefan Savage
Aaron Schulman

Hovav Shacham
Alex C. Snoeren
Deian Stefan
Geoffrey M. Voelker

Affiliated Faculty

kc claffy
Kamalika Chaudhuri
Christian Dameff
Ranjit Jhala

Ryan Kastner
Sorin Lerner
Nadia Polikarpova
Steven Swanson

Dean Tullsen
Yiying Zhang
Yuanyuan Zhou

Scientists, Postdocs and Research Staff

Cindy Moore

PhD Students

Arshia Arya
Alex Bellon
Paul Chung
Miro Haller
Zihan Hao
Katherine Izhikevich
Seoyoung Kweon
Andrey Labunets

Enze Alex Liu
Elisa Luo
Luoxi Meng
Nishit Pandya
Rishabh Ranjan
Sumanth Rao
Laura Shea

Ye Shu
Michael Smith
Adam Suhl
George Sullivan
David Thien
Alisha Ukani
Haodi Zou

MS Students

Alexis Morales Flores

Recent Alumni

Keegan Ryan (Ph.D. 2025)
Evan Johnson (Ph.D. 2025) → NYU
Mark Schultz (Ph.D. 2024) → Fabric Cryptography
Nishant Bhaskar (Ph.D. 2023) → MQ Prime
Hannah Davis (Ph.D. 2023) → Seagate
Ariana Mirian (Ph.D. 2023) → Censys
Audrey Randall (Ph.D. 2023) → Google
Daniel Moghimi (postdoc 2020-2022) → Google
Shravan Narayan (Ph.D. 2022) → UT Austin
Sam Crow (Ph.D. 2022) → Meta
Bingyu Shen (Ph.D. 2022) → Meta
John Renner (Ph.D. 2022) → Cubist
Gautam Akiwate (Ph.D. 2022) → Stanford postdoc
Jessica Sorrell (Ph.D. 2022) → UPenn (postdoc) → JHU
Craig Disselkoen (Ph.D. 2022) → Amazon

Leo Cao (M.S. 2024) → University of Wisconsin Ph.D. program

Annie Dai (B.S. 2023) → University of Maryland Ph.D. program
Kaiwen He (B.S. 2023) → MIT Ph.D. program
Isabel Suizo (B.S. 2022) → Google → CMU Ph.D. program

Doreen Riepel (postdoc 2023-2024) → CISPA
Grant Ho (postdoc 2021-2023) → University of Chicago
Gabrielle De Micheli (postdoc 2021-2023) <\span> → LG
Alex Marder (postdoc 2019-2020, Res. Scientist 2020-2023) → Johns Hopkins University

[All Alumni]

Recent News

June 09— Congrats to Keegan Ryan, award-winning storyteller, for defending his dissertation, "Practical Lattice-based Algorithms for Cryptanalysis"!

June 04— Congrats to Evan Johnson for defending his dissertation, "Verifiably Secure Software Sandboxing"! Evan came to us from Illinois, refined his inner chill over six years here in SoCal, and is now off to try the other coast as an Asst Professor at NYU. Congrats and good luck Evan!

March 17— Welcome home to Hovav Shacham who, after seven years in the Lone Star state, has returned to become part of the UCSD constallation again. Hovav rejoins us officially in July and we're all super happy to have him back!

November 4— CSE alumni Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirilll Levchenko and Damon McCoy, along with Geoff Voelker and Stefan Savage received the ACM IMC Test of Time award today for their 2013 paper A Fistful of Bitcoins: Characterizing Payments Among Men with No Names which is credited with helping to establish the technique of cryptocurrency tracing (the core part of this story is told in Andy Greenberg's book, "Tracers in the Dark", as well as a summary article he wrote in Wired this year). Congrats to Sarah and all her collaborators!

October 17— Another press burst for Earlence Fernandes and collaborators, this time for work showing how malicious prompts can be used to exfiltrate user information. Read the Wired story or visit the paper website to learn more.

October 9— Congratulations to Keegan Ryan, George Sullivan, Nadia Heninger, and Kaiwen He for winning the 2024 CSAW Applied Research Award for "Most Notable Paper: Technical Impact" for their CCS 2023 paper, Passive SSH Key Compromise via Lattices.

August 14— Wide coverage this week of MakeShift, the WOOT paper by Earlence Fernandes and his co-authors that demonstrates remote wireless takeover of Shimano bicycle shifters. This includes a feature by Andy Greenberg at Wired and an TV interview of Earlence at KBPS. Congrats Earlence!

August 6— Another congrats is in order for Nadia Heninger and faculty alumn Hovav Shacham whose 2009 CRYPTO paper "Reconstructing RSA Private Keys from Random Key Bits" has won this year's IACR Test-of-Time award. This is the paper that showed how to recover RSA private keys using a modest random subset of its bits.

International Association for Cryptologic Research

July 9— Congrats to Nadia Heninger, students Miro Haller and Adam Suhl and their collaborators for their discovery of the Blast-RADIUS vulnerability in the RADIUS authentication, authorization and accounting (AAA) protocol. The associated paper will appear at USENIX Security and involves a chosen-prefix MD5 attack allowing attackers to synthesize Access-Accept messages without any knowledge of the underlying secret key. RADIUS is widely deployed in network equipment in ISPs, enterprises and in a variety of industrial settings and there has been significant work behind the scenes to provide fixed and/or mitigated updates to many thousands of systems before this work was made public. An amazing bit of work all around!

[All News]

Recent Publications

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers, Alisha Ukani, Hamed Haddadi, Alex C. Snoeren, and Peter Snyder, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Taipei, Taiwan, October 2025.

Somesite I Used To Crawl: Awareness, Agency and Efficacy in Protecting Content Creators From AI Crawlers, Enze Liu, Elisa Luo, Shawn Shan, Geoffrey M. Voelker, Ben Y. Zhao, and Stefan Savage, Proceedings of the ACM Internet Measurement Conference (IMC), Madison, Wisconsin, October 2025.

No Key, No Problem: Vulnerabilities in Master Lock Smart Locks, Chengsong Diao, Danielle Dang, Sierra Lira, Angela Tsai, Miro Haller, and Nadia Heninger, Proceedings of the USENIX WOOT Conference on Offensive Technologies (WOOT), Seattle, WA, August 2025.

Characterizing the MrDeepFakes Sexual Deepfake Marketplace, Catherine Han, Anne Li, Deepak Kumar, and Zakir Durumeric, Proceedings of the USENIX Security Symposium, Seattle, WA, August 2025.

From Scarcity to Opportunity: Examining Abuse of the IPv4 Leasing Market, Bernhard Degen, Ben Du, Ricky K. P. Mok, Raffaele Sommese, Mattijs Jonker, Roland van Rijswijk-Deij, and kc claffy., Proceedings of the 6th Network Traffic Measurement and Analysis Conference (TMA), June 2025.

Understanding the Efficacy of Phishing Training in Practice, Grant Ho, Ariana Mirian, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the IEEE Symposium on Security and Privacy, May 2025.

Intermundium-DL: Assessing the Resilience of Current Schemes to Discrete-Log-Computation Attacks on Public Parameters, Mihir Bellare, Doreen Riepel, and Laura Shea, Proceedings of PKC 2025, May 2025.

Public-Algorithm Substitution Attacks: Subverting Hashing and Verification, Mihir Bellare, Doreen Riepel, and Laura Shea, Proceedings of PKC 2025, May 2025.

An Empirical Analysis on the Use and Reporting of National Security Letters, Alex Bellon, Miro Haller, Andrey Labunets, Enze Liu, and Stefan Savage, Proceedings of ACM Sympoisum on Computer Science and Law (CSLAW), Munich, Germany, March 2025.

Characterizing the Networks Sending Enterprise Phishing Emails, Elisa Luo, Liane Young, Grant Ho, M. H. Afifi, Marco Schweighauser, Ethan Katz-Bassett, and Asaf Cidon, Proceedings of the Passive and Active Measurement Conference (PAM), Virtual, March 2025.

On the Semidirect Discrete Logarithm Problem in Finite Groups, Christopher Battarbee, Giacomo Borin, Ryann Cartor, Nadia Heninger, David Jao, Laura Maddison, Edoardo Persichetti, Angela Robinson, Daniel Smith-Tone, and Rainer Steinwandt, Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.

The Concrete Security of Two-Party Computation: Simple Definitions, and Tight Proofs for PSI and OPRFs, Mihir Bellare, Rishabh Ranjan, Doreen Riepel, and Ali Aldakheel, Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.

Count Corruptions, Not Users: Improved Tightness for Signatures, Encryption and Authenticated Key Exchange, Mihir Bellare, Doreen Riepel, Stefano Tessaro, and Yizhao Zhang, Proceedings of Asiacrypt 2024, Kolkata, India, December 2024.

Symmetric and Dual PRFs from Standard Assumptions: A Generic Validation of a Prevailing Assumption, Mihir Bellare and Anna Lysyanskaya, IACR Journal of Cryptology 37(4), December 2024.

Succinctly-Committing Authenticated Encryption, Mihir Bellare and Biet Tung Hoang, Proceedings of Crypto 2024, Santa Barbara, CA, August 2024.

Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates, Enze Liu, George Kappos, Eric Mugnier, Luca Invernizzi, Stefan Savage, David Tao, Kurt Thomas, Geoffrey M. Voelker, and Sarah Meiklejohn, Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.

Sublet Your Subnet: Inferring IP Leasing in the Wild, Ben Du, Romain Fontugne, Cecilia Testart, Alex C. Snoeren, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.

RADIUS/UDP Considered Harmful, Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl, Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.

Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem, Gabrielle Beck, Harry Eldridge, Matthew Green, Nadia Heninger, and Abhishek Jain, Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.

PressProtect: Helping Journalists Navigate Social Media in the Face of Online Harassment, Catherine Han, Anne Li, Deepak Kumar, and Zakir Durumeric, Proceedings of the ACM Conference on Computer Supported Cooperative Work and Social Computing, October 2024.

MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles, Maryam Motallebighomi, Earlence Fernandes, and Aanjhan Ranganathan, Proceedings of the USENIX WOOT Conference on Offensive Technologies (WOOT), Philadelphia, PA, August 2024.

Stateful Least Privilege Authorization for the Cloud, Leo Cao, Luoxi Meng, Deian Stefan, and Earlence Fernandes, Proceedings of the USENIX Security Symposium, Philadelphia, PA, August 2024.

[All Publications]