Prof. Matt Wright
Oct. 23, 09:00 – 10:00
Title: Deep Fingerprinting and Triplet Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
Matt Wright is the Director of the Center for Cybersecurity at RIT and a Professor of Computing Security. He graduated with his PhD from the Department of Computer Science at the University of Massachusetts in May, 2005. His dissertation work examined attacks and defenses for systems that provide anonymity online. His other interests include adversarial machine learning and understanding the human element of security. He has been the lead investigator on over $5.7 million in funded projects, including an NSF CAREER award, and he has published (exactly!) 100 peer-reviewed papers, including numerous contributions in the most prestigious venues focused on computer security and privacy.
Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight website fingerprinting defenses for Tor have been proposed that substantially degrade existing attacks: WTF-PAD and Walkie-Talkie. In this talk, I will first describe Deep Fingerprinting (DF), a new website fingerprinting attack against Tor that leverages a type of deep learning called Convolutional Neural Networks (CNN) with a sophisticated architecture design. The DF attack attains over 98% accuracy on Tor traffic without defenses, better than all prior attacks, and it was the first attack to be effective against WTF-PAD with over 90% accuracy and Walkie-Talkie with 98% top-2 accuracy. The DF attack does, however, require large amounts of data to be downloaded and refreshed on a regular basis. To enable a flexible approach that does not require as much data, we developed Triplet Fingerprinting (TF), an attack that leverages a variant of transfer learning called triplet-loss learning. The TF attack shows how, with as few as five data samples per website, the adversary could effectively attack Tor. Our findings highlight the need for effective defenses that protect against these new attacks and that could be deployed efficiently in Tor.
Prof. Shigang Chen
Oct. 24, 08:30 – 09:30
Title: Privacy in Data Collection and Sharing
Dr. Shigang Chen is a professor with Department of Computer and Information Science and Engineering at University of Florida. He received his B.S. degree in computer science from University of Science and Technology of China in 1993. He received M.S. and Ph.D. degrees in computer science from University of Illinois at Urbana-Champaign in 1996 and 1999, respectively. After graduation, he had worked with Cisco Systems for three years before joining University of Florida in 2002. His research interests include Internet of things, big data, cybersecurity, RFID technologies, intelligent cyber-transportation systems, etc. He published over 200 peer-reviewed journal/conference papers. He received the NSF CAREER Award and several best paper awards. He holds 13 US patents, and many of them were used in software products. He served as an associate editor for IEEE Transactions on Mobile Computing, IEEE/ACM Transactions on Networking and a number of other journals. He served in various chair positions or as committee members for numerous conferences. He holds the University of Florida Research Foundation Professorship and the University of Florida Term Professorship. He is a Fellow of IEEE and an ACM Distringuished Scientist.
In the era of big data and the Internet of things, the world has been experiencing an unprecedented growth in data availability and ever more sophisticated data analytic applications. However, technological advance in modern data collection and sharing comes with a societal price — in the loss of privacy. In this talk, we address the issue of privacy protection in big data and IoT. We present several promising privacy solutions under application contexts though they are applicable beyond those contexts: (1) For medical data sharing, we discuss multi-staged matrix masking algorithms to provide full privacy protection of medical data for its entire lifecycle in an effort for free global exchange of masked medical data with full statistical utility and provable patient privacy; (2) for cloud-based data storage, we introduce crypto structures and key management schemes that support guaranteed remote deletion of outsourced data; (3) for IoT security, we develop extremely light-weight ciphers and strongly-anonymous security protocols that support applications of smart tags and smart transportation systems to collect sophisticated transportation traffic data without violating drivers’ location privacy.