PAC-Private Algorithms
Mayuri Sridhar1, Hanshen Xiao2,3, Srinivas Devadas1
1: MIT, 2: Purdue University, 3: NVIDIA Research
Verifiable Secret Sharing Simplified
Sourav Das1, Zhuolun Xiang2, Alin Tomescu2, Alexander Spiegelman2, Benny Pinkas2,3, Ling Ren1
1: University of Illinois at Urbana Champaign, 2: Aptos Labs, 3: Bar-Ilan University
Query Provenance Analysis: Efficient and Robust Defense against Query-based Black-box Attacks
Shaofei Li1, Ziqi Zhang2, Haomin Jia3, Yao Guo1, Xiangqun Chen1, Ding Li1
1: Key Laboratory of High-Confidence Software Technologies (MOE), School of Computer Science, Peking University, 2: University of Illinois Urbana-Champaign, 3: School of Electronics Engineering and Computer Science, Peking University
Understanding the Efficacy of Phishing Training in Practice
Grant Ho1, Ariana Mirian2, Elisa Luo3, Khang Tong3,4, Euyhyun Lee3,4, Lin Liu3,5, Christopher A. Longhurst6, Christian Dameff6, Stefan Savage3, Geoffrey M. Voelker3
1: University of Chicago, 2: Censys, 3: UC San Diego, 4: Altman Clinical and Translational Research Institute, 5: Herbert Wertheim School of Public Health and Human Longevity Science, 6: UC San Diego Health
TreePIR: Efficient Private Retrieval of Merkle Proofs via Tree Colorings with Fast Indexing and Zero Storage Overhead
Quang Cao1, Son Hoang Dau1, Rinaldo Gagiano1, Duy Huynh1, Xun Yi1, Phuc Lu Le2, Quang-Hung Luu3, Emanuele Viterbo4, Yu-Chih Huang5, Jingge Zhu6, Mohammad M. Jalalza7, Chen Feng7
1: RMIT University, 2: University of Science, Vietnam National University, Ho Chi Minh City, 3: Swinburne University of Technology, 4: Monash University, 5: National Chiao Tung University, 6: The University of Melbourne, 7: The University of British Columbia (Okanagan Campus)
BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments
Jesse De Meulemeester1, Luca Wilke2, David Oswald3, Thomas Eisenbarth2, Ingrid Verbauwhede1, Jo Van Bulck4
1: COSIC, KU Leuven, 2: University of Lübeck, 3: University of Birmingham, 4: DistriNet, KU Leuven
SoK: Software Compartmentalization
Hugo Lefeuvre1, Nathan Dautenhahn2, David Chisnall3,4, Pierre Olivier5
1: The University of British Columbia, 2: Serenitix, 3: University of Cambridge, 4: SCI Semiconductor, 5: The University of Manchester
Benchmarking Attacks on Learning with Errors
Emily Wenger1, Eshika Saxena2, Mohamed Malhou2,3, Ellie Thieu4, Kristin Lauter2
1: Duke University, Meta AI, 2: Meta AI, 3: Sorbonne Université, 4: University of Wisconsin - Madison
Invade the Walled Garden: Evaluating GTP Security in Cellular Networks
Yiming Zhang1, Tao Wan2, Yaru Yang1, Haixin Duan1,3, Yichen Wang1, Jianjun Chen1,3, Zixiang Wei1, Xiang Li4
1: Tsinghua University, 2: CableLabs; Carleton University, 3: Zhongguancun Laboratory, 4: Nankai University
Ringtail: Practical Two-Round Threshold Signatures from Learning with Errors
Cecilia Boschini1, Darya Kaviani2, Russell W. F. Lai3, Giulio Malavolta4,5, Akira Takahashi6, Mehdi Tibouchi7
1: ETH Zürich, 2: UC Berkeley, 3: Aalto University, 4: Bocconi University, 5: Max Planck Institute for Security and Privacy, 6: J.P. Morgan AI Research & AlgoCRYPT Center of Excellence, 7: NTT Corporation
CHLOE: Loop Transformation over Fully Homomorphic Encryption via Multi-Level Vectorization and Control-Path Reduction
Song Bian1, Zian Zhao1, Ruiyu Shen1, Zhou Zhang1, Ran Mao1, Dawei Li1, Yizhong Liu1, Masaki Waga2, Kohei Suenaga2, Zhenyu Guan1, Jiafeng Hua3, Yier Jin4, Jianwei Liu1
1: Beihang University, 2: Kyoto University, 3: Huawei Technology, 4: University of Science and Technology of China
Security and Privacy Experiences of First- and Second-Generation Pakistani Immigrants to the US: Perceptions, Practices, Challenges, and Parent-Child Dynamics
Warda Usman1, John Sadik2, Taha3, Ran Elgedawy2, Scott Ruoti2, Daniel Zappala1
1: Brigham Young University, 2: University of Tennessee, Knoxville, 3: Purdue University
Peek-a-Walk: Leaking Secrets via Page Walk Side Channels
Alan Wang1, Boru Chen2, Yingchen Wang3, Christopher W. Fletcher2, Daniel Genkin4, David Kohlbrenner5, Riccardo Paccagnella6
1: University of Illinois at Urbana-Champaign, 2: University of California, Berkeley, 3: University of Texas at Austin, 4: Georgia Institute of Technology, 5: University of Washington, 6: Carnegie Mellon University
Towards Reliable Verification of Unauthorized Data Usage in Personalized Text-to-Image Diffusion Models
Boheng Li1, Yanhao Wei2, Yankai Fu2, Zhenting Wang3, Yiming Li1, Jie Zhang4,5, Run Wang2, Tianwei Zhang1
1: Nanyang Technological University, 2: Wuhan University, 3: Rutgers University, 4: CFAR and IHPC, 5: A*STAR
PQ-Hammer: End-to-end Key Recovery Attacks on Post-Quantum Cryptography Using Rowhammer
Samy Amer1, Yingchen Wang2, Hunter Kippen3, Thinh Dang4, Daniel Genkin1, Andrew Kwong5, Alexander Nelson6, Arkady Yerukhimovich7
1: Georgia Institute of Technology, 2: University of Texas at Austin, 3: Samsung Research America, 4: NIST, 5: University of North Carolina at Chapel Hill, 6: University of Arkansas, 7: George Washington University
BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target
Guangyu Shen1, Siyuan Cheng1, Zhuo Zhang1, Guanhong Tao2, Kaiyuan Zhang1, Hanxi Guo1, Lu Yan1, Xiaolong Jin1, Shengwei An1, Shiqing Ma3, Xiangyu Zhang1
1: Purdue University, 2: University of Utah, 3: University of Massachusetts at Amherst
Towards ML-KEM & ML-DSA on OpenTitan
Amin Abdulrahman1, Hoang Nguyen Hien Pham2, Tobias Stelzer3, Felix Oberhansl3, Andreas Zankl3,4, Jade Philipoom5, Peter Schwabe1,6
1: Max Planck Institute for Security and Privacy (MPI-SP), 2: BULL SAS, Université Grenoble Alpes, 3: Fraunhofer Institute for Applied and Integrated Security (AISEC), Garching, Germany, 4: Technical University of Munich (TUM), Munich, Germany, 5: zeroRISC, Boston, USA, 6: Radboud University
Comet: Accelerating Private Inference for Large Language Model by Predicting Activation Sparsity
Guang Yan1,2,3,4, Yuhui Zhang1,2,3,4, Zimu Guo1,2,3,4, Lutan Zhao1,2,3,4, Xiaojun Chen1,2,3,4, Chen Wang5,6,7, Wenhao Wang1,2,3,4, Dan Meng1,2,3,4, Rui Hou1,2,3,4
1: State Key Laboratory of Cyberspace Security Defense, 2: Institute of Information Engineering, 3: CAS, 4: University of Chinese Academy of Sciences, 5: EIRI, 6: NELBDRC, 7: Tsinghua University
Characterizing the Usability and Usefulness of U.S. Ad Transparency Systems
Kevin Bryson1, Arthur Borem1, Phoebe Moh2, Omer Akgul3, Laura Edelson4, Tobias Lauinger5, Michelle L. Mazurek2, Damon McCoy5, Blase Ur1
1: University of Chicago, 2: University of Maryland, 3: Carnegie Mellon University, 4: Northeastern University, 5: New York University
Lombard-VLD: Voice Liveness Detection based on Human Auditory Feedback
Hongcheng Zhu1,2, Zongkun Sun1, Yanzhen Ren1,3, Kun He1,3, Yongpeng Yan1, Zixuan Wang1, Wuyang Liu1, Yuhong Yang4,5, Weiping Tu4,5
1: School of Cyber Science and Engineering, Wuhan University, 2: State Grid Wuhan Electric Power Supply Company, 3: Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, 4: National Engineering Research Center for Multimedia Software, School of Computer Science, Wuhan University, 5: Hubei Key Laboratory of Multimedia and Network Communication Engineering, Wuhan
Prompt Inversion Attack against Collaborative Inference of Large Language Models
Wenjie Qu1, Yuguang Zhou1, Yongji Wu2, Tingsong Xiao3, Binhang Yuan4, Yiming Li5, Jiaheng Zhang1
1: National University of Singapore, 2: Duke University, 3: University of Florida, 4: Hong Kong University of Science and Technology, 5: Nanyang Technological University
Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye
Bradley Morgan1,2, Gal Horowitz3, Sioli O’Connell1, Stephan van Schaik4, Chitchanok Chuengsatiansup5, Daniel Genkin6, Olaf Maennel1, Paul Montague2, Eyal Ronen3, Yuval Yarom7
1: The University of Adelaide, 2: Defence Science and Technology Group, 3: Tel-Aviv University, 4: University of Michigan, 5: The University of Klagenfurt, 6: Georgia Tech, 7: Ruhr University Bochum
CamLoPA: A Hidden Wireless Camera Localization Framework via Signal Propagation Path Analysis
Xiang Zhang1, Jie Zhang2, Zehua Ma1, Jinyang Huang3, Meng Li3, Huan Yan4, Peng Zhao3, Zijian Zhang5, Bin Liu1, Qing Guo2, Tianwei Zhang6, NengHai Yu1
1: University of Science andTechnology of China, 2: CFAR and IHPC, A*STAR, Singapore, 3: Hefei University of Technology, 4: Guizhou Normal University, 5: Beijing Institute of Technology, 6: Nanyang Technological University
”Sorry for bugging you so much.“ Exploring Developers’ Behavior Towards Privacy-Compliant Implementation
Stefan Albert Horstmann1, Sandy Hong1, David Klein2, Raphael Serafini3, Martin Degeling4, Martin Johns2, Veelasha Moonsamy1, Alena Naiakshina3
1: Ruhr University Bochum, 2: Technische Universität Braunschweig, 3: University of Cologne, 4: Independent
EveGuard: Defeating Vibration-based Side-Channel Eavesdropping with Audio Adversarial Perturbations
Jung-Woo Chang1, Ke Sun2, David Xia3, Xinyu Zhang1, Farinaz Koushanfar1
1: University of California, San Diego, 2: University of California, San Diego, University of Michigan, Ann Arbor, 3: University of Illinois Urbana-Champaign
Investigating Physical Latency Attacks against Camera-based Perception
Raymond Muller1, Ruoyu Song1, Chenyi Wang2, Yuxia Zhan3, Jean-Philippe Monteuuis4, Yanmao Man5, Ming Li2, Ryan Gerdes6, Jonathan Petit4, Z. Berkay Celik1
1: Purdue University, 2: University of Arizona, 3: New York University, 4: Qualcomm Technologies Inc., 5: HERE Technologies, Inc., 6: Virginia Tech
Liquefaction: Privately Liquefying Blockchain Assets
James Austgen1, Mahimna Kelkar1, Andrés Fábrega2, Dani Vilardell1, Sarah Allen3,4, Kushal Babel1,5, Jay Yu6, Ari Juels1
1: Cornell Tech, 2: Cornell University, 3: IC3, 4: Flashbots, 5: Monad Labs, 6: Stanford University
PEFTGuard: Detecting Backdoor Attacks Against Parameter-Efficient Fine-Tuning
Zhen Sun1, Tianshuo Cong2, Yule Liu1, Chenhao Lin3, Xinlei He1, Rongmao Chen4, Xingshuo Han5, Xinyi Huang6
1: The Hong Kong University of Science and Technology (Guangzhou), 2: Tsinghua University, 3: Xi'an Jiaotong University, 4: National University of Defense Technology, 5: Nanyang Technological University, 6: Jinan University
Proving Faster Implementations Faster: Combining Deductive and Circuit-Based Reasoning in EasyCrypt
José Bacelar Almeida1,2, Manuel Barbosa1,3,4, Gilles Barthe5,6, Gustavo Xavier Delerue Marinho Alves3,7, Luís Esquível8, Vincent Hwang5, Tiago Oliveira9, Hugo Pacheco3, Peter Schwabe4, Pierre-Yves Strub7
1: INESC, 2: Universidade do Minho, 3: Universidade do Porto, 4: MPI, 5: MPI-SP, 6: IMDEA Software Institute, 7: PQShield, 8: Independent, 9: SandboxAQ
Codebreaker: Dynamic Extraction Attacks on Code Language Models
Changzhou Han1, Zehang Deng1, Wanlun Ma1, Xiaogang Zhu2, Jason (Minhui) Xue3, Tianqing Zhu4, Sheng Wen1, Yang Xiang1
1: Swinburne University of Technology, 2: The University of Adelaide, 3: CSIRO's Data61, 4: City University of Macau
PFORTIFIER: Mitigating PHP Object Injection through Automatic Patch Generation
Bo Pang1, Yiheng Zhang1, Mingzhe Gao2, Junzhe Zhang3, Ligeng Chen4, Mingxue Zhang5, Gang Liang1
1: Sichuan University, 2: Alibaba Cloud Computing, 3: National University of Singapore, 4: Nanjing University, 5: The State Key Laboratory of Blockchain and Data Security, Zhejiang University
Identifying Incoherent Search Sessions: Search Click Fraud Remediation Under Real-World Constraints
Runze Zhang1, Ranjita Pai Sridhar2, Mingxuan Yao1, Zheng Yang1, David Oygenblik1, Haichuan Xu1, Vacha Dave2, Cormac Herley2, Paul England2, Brendan Saltaformaggio1
1: Georgia Institute of Technology, 2: Microsoft Corporation
Make a Feint to the East While Attacking in the West: Blinding LLM-Based Code Auditors with Flashboom Attacks
Xiao Li1, Yue Li1, Hao Wu1, Yue Zhang2, Kaidi Xu2, Xiuzhen Cheng3, Sheng Zhong1, Fengyuan Xu1
1: National Key Lab for Novel Software Technology, Nanjing University, 2: Drexel University, 3: Shandong University
Post-quantum Cryptographic Analysis of SSH
Benjamin Benčina1,2, Benjamin Dowling3, Varun Maram4, Keita Xagawa5
1: Royal Holloway, 2: University of London, 3: King's College London, 4: SandboxAQ, 5: Technology Innovation Institute
Spoofing Eavesdroppers with Audio Misinformation
Zhambyl Shaikhanov1, Mahmoud Al-Madi2, Hou-Tong Chen3, Chun-Chieh Chang3, Sadhvikas Addamane4, Daniel M. Mittleman5, Edward Knightly2
1: University of Maryland, 2: Rice University, 3: Los Alamos National Laboratory, 4: Sandia National Laboratories, 5: Brown University
CONnecting The EXtra doTS (CONTEXTS): Correlating External Information about Point of Interest for Attack Investigation
Sareh Mohammadi1, Hugo Kermabon-Bobinnec1, Azadeh Tabiban2, Lingyu Wang1, Tomás Navarro Múnera1, Yosr Jarraya3
1: CIISE, Concordia University, 2: Department of Computer Science, University of Manitoba, 3: Ericsson Security Research, Ericsson, Canada
EvilHarmony: Stealthy Adversarial Attacks against Black-box Speech Recognition Systems
Xuejing Yuan1,2, Jiangshan Zhang2, Feng Guo3, Kai Chen2, XiaoFeng Wang4, Shengzhi Zhang5, Yuxuan Chen3, Dun Liu5, Pan Li2, Zihao Wang6, Runnan Zhu7
1: Beijing University of Posts and Telecommunications, 2: State Key Laboralory of Cyberspace Security Defense, Instiute of Information Engineering, CAS, China, 3: School of Cyber Science and Technology, Shandong University, 4: Indiana University Bloomington, USA, 5: Department of Computer Science, Metropolitan College, Boston University, USA, 6: Indiana University Bloomington, 7: School of Cyberspace Security, Beijing University of Posts and Telecommunications
SoK: Watermarking for AI-Generated Content
Xuandong Zhao1, Sam Gunn1, Miranda Christ2, Jaiden Fairoze1, Andres Fabrega3, Nicholas Carlini4, Sanjam Garg1, Sanghyun Hong5, Milad Nasr6, Florian Tramer7, Somesh Jha8, Lei Li9, Yu-Xiang Wang10, Dawn Song1
1: UC Berkeley, 2: Columbia University, 3: Cornell University, 4: Anthropic, 5: Oregon State University, 6: Google DeepMind, 7: ETH Zurich, 8: University of Wisconsin–Madison, 9: Carnegie Mellon University, 10: UC San Diego
Extended Diffie-Hellman Encryption for Secure and Efficient Real-Time Beacon Notifications
Liron David1,2, Omer Berkman1,3, Avinatan Hassidim1,4, David Lazarov1, Yossi Matias1,5, Moti Yung1,6
1: Google, 2: Weizmann Institute of Science, 3: The Academic College of Tel-Aviv Yaffo, 4: Bar-Ilan University, 5: Tel-Aviv University, 6: Columbia University
SAECRED: A State-Aware, Over-the-Air Protocol Testing Approach for Discovering Parsing Bugs in SAE Handshake Implementations of COTS Wi-Fi Access Points
Muhammad Daniyal Pirwani Dar1, Rob Lorch2, Aliakbar Sadeghi1, Vincenzo Sorcigli1, Héloïse Gollier3, Cesare Tinelli2, Mathy Vanhoef3, Omar Chowdhury1
1: Stony Brook University, 2: The University of Iowa, 3: DistriNet, KU Leuven