Hijacking Bitcoin: routing attacks on cryptocurrencies Apostolaki et al., IEEE Security and Privacy 2017 The Bitcoin network has more than 6,000 nodes, responsible for up to 300,000 daily transactions and 16 million bitcoins valued at roughly $17B. Given the amount of money at stake, Bitcoin is an obvious target for attackers. This paper introduces a … Continue reading Hijacking Bitcoin: routing attacks on cryptocurrencies
Author: adriancolyer
Venture Partner with Accel in London, author of 'The Morning Paper'
SoK: Cryptographically protected database search
SoK: Cryptographically proctected database search Fuller et al., IEEE Security and Privacy 2017 This is a survey paper (Systematization of Knowledge, SoK) reviewing the current state of protected database search (encrypted databases). As such, it packs a lot of information into a relatively small space. As we've seen before, there are a wide-variety of cryptographic … Continue reading SoK: Cryptographically protected database search
Cloak and dagger: from two permissions to complete control of the UI feedback loop
Cloak and dagger: from two permissions to complete control of the UI feedback loop Fratantonio et al., IEEE Security and Privacy 2017 If you're using Android, then 'cloak and dagger' is going to make for scary reading. It's a perfect storm of an almost undetectable attack that can capture passwords, pins, and ultimately obtain all … Continue reading Cloak and dagger: from two permissions to complete control of the UI feedback loop
IoT goes nuclear: creating a ZigBee chain reaction
IoT goes nuclear: creating a ZigBee chain reaction Ronen et al., IEEE Security and Privacy 2017 You probably don't need another reminder about the woeful state of security in IoT, but today's paper choice may well give you further pause for thought about the implications. The opening paragraph sounds like something out of science fiction … Continue reading IoT goes nuclear: creating a ZigBee chain reaction
The password reset MitM attack
The password reset MitM attack Gelernter et al., IEEE Security and Privacy 2017 The Password Reset Man-in-the-Middle (PRMitM) attack is really very simple, but that doesn't mean it's not dangerous. It involves persuading the user to sign-up for an account for some service under the attacker's control (maybe there's an enticing free download for example), … Continue reading The password reset MitM attack
How they did it: an analysis of emissions defeat devices in modern automobiles
How they did it: an analysis of emission defeat devices in modern automobiles Contag et al., IEEE Security and Privacy 2017 We'll be looking at a selection of papers from the IEEE Security and Privacy 2017 conference over the next few days, starting with this wonderful tear down of the defeat devices used by Volkswagen … Continue reading How they did it: an analysis of emissions defeat devices in modern automobiles
Hardware is the new software
Hardware is the new software Baumann, HotOS'17 This is a very readable short paper that sheds an interesting light on what's been happening with the Intel x86 instruction set architecture (ISA) of late. We're seeing a sharp rise in the number and complexity of extensions, with some interesting implications for systems researchers (and for Intel!). … Continue reading Hardware is the new software
Why your encrypted database is not secure
Why your encrypted database is not secure Grubbs et al., HotOS'17 This is the third paper we've looked at so far in The Morning Paper on the topic of encrypted databases. The clear takeaway for me is that practical, provable security guarantees are very hard to deliver! Don't confuse better protection with unbreakable protection, and … Continue reading Why your encrypted database is not secure
Gray failure: the Achilles’ heel of cloud-scale systems
Gray failure: the Achilles' heel of cloud-scale systems Huang et al., HotOS'17 If you're going to fail, fail properly dammit! All this limping along in degraded mode, doing your best to mask problems, turns out to be one of the key causes of major availability breakdowns and performance anomalies in cloud-scale systems. Today's HotOS'17 paper … Continue reading Gray failure: the Achilles’ heel of cloud-scale systems
System programming in Rust: beyond safety
System programming in Rust: beyond safety Balasubramanian et al., HotOS'17 Balasubramanian et al. want us to switch all of our systems programming over to Rust. This paper sets out the case. Despite many advances in programming languages, clean-slate operating systems, hypervisors, key-value stores, web servers, network and storage frameworks are still developed in C, a … Continue reading System programming in Rust: beyond safety
the morning paper 