The news articles we read online can reveal a lot about us. Privacy aware groups have therefore long pushed for the use of HTTPS (encrypted end-to-end communication). In this paper, we present the design and evaluation of a lightweight framework that can (1) successfully identify individual news articles even when the articles are delivered over encrypted connections, and (2) separate between articles associated with different news websites even when the websites are delivered over the same infrastructure. Our results demonstrate that naive use of HTTPS is not enough to prevent attackers monitoring a user's connections from identifying articles that the user reads on the most popular news website. We also provide insights into what makes some websites more/less resilient to our attack, and we use Twitter data to evaluate the effectiveness of an example attack that in addition incorporates the popularity of individual news articles. We are the first to demonstrate and evaluate the practical effectiveness of this type of attack when applied on modern news websites, and our multi-website-based evaluation provides valuable insights into how websites can best protect themselves against this type of attacks. These insights are important for websites that want to help protect the privacy of their users.

The streaming content that we choose to watch canreveal much about our thoughts, opinions, and interests. Anadversary capable of determining what users watch thereforepresents a significant privacy threat. In this paper, we presentand evaluate the first fingerprinting attack on Twitch that allowsviewers of individual live streams to be identified despite thetraffic being encrypted. The attack targets the traffic patternsassociated with chat messages associated with each stream. Ourresults show that high accuracy can be achieved by eavesdroppingonly for a short time (e.g., 90 seconds) and that the accuracy canbe increased even further by interacting with the stream. We alsotake a closer look at how the accuracy and activity level differbetween different Twitch channels and provide insights into theaccuracy that attackers using different strategies for selectingtarget channels may have. Finally, we study countermeasures toprotect against such attacks and demonstrate that the naive use ofVPN is not enough. We instead present countermeasures alteringpacket timing and sizes. Our large-scale evaluation of differentcountermeasures provides important insights that help both thestreaming providers and users better protect their privacy.

Despite the clear dominance of video streaming traffic on the Internet and the significant ramifications of disclosure of which videos users are streaming, video fingerprinting has received relatively little attention compared to other traffic analysis domains. Existing attacks are tailored to undefended traffic and mostly rely on a few manually crafted features. Meanwhile, potential defenses are ad hoc, often impractical, and typically only mentioned briefly. Drawing from progress made on website fingerprinting, we aim to improve current standards for attacks and defenses for video streaming traffic while highlighting a critical and underexplored issue on today's Internet. We show that directional and timing-based attacks that leverage CNNs are competitive with state-of-the-art video fingerprinting attacks, in many cases with far less training data. We also provide the first extensive study of potential defenses, which considers performance against attacks, overheads, and user QoE; and we present a novel defense design that boasts both broader applicability and greater efficacy than existing proposals.

The threat of video fingerprinting attacks poses significant privacy concerns. These attacks can identify streamed videos with high accuracy despite the use of encryption, leveraging both heuristic-based and deep learning techniques. However, the real-world effectiveness of such attacks remains underexplored, as most research assumes ideal conditions. In this paper, we address the challenges posed by variable network conditions and live-streaming latency, which complicate the attacker's ability to collect useful training data. First, we evaluate several deep learning model architectures against video data under diverse network conditions, including two adaptations of existing website fingerprinting attacks tailored to video that we show boast notable improvements over the base attacks and previous state-of-the-art video fingerprinting attacks. Second, we introduce two augmentation techniques and demonstrate that they substantially enhance attack performance in suboptimal conditions, without knowledge of the victim's live latency. Finally, we analyze the effects of data limitations such as observation time, dataset size, and training time. Overall, our work provides new insights into the impact that several real-world challenges have on attack accuracy, presents new and improved attacks, and details two augmentation techniques that can further boost the performance of the new attacks. Combined, these significant advancements highlight the urgent need for effective defense mechanisms.

The underlying trading mechanisms of electronic securities exchanges have mostly stayed the same over the years with some additions and improvements. However, over the recent decade, high-frequency traders using algorithmic trading have shifted the field using practices that many consider unfair or unethical. In addition, insider trading continues to cause trust issues on certain trading platforms. In this paper, we present PET-Exchange, a privacy-preserving framework for trading securities on an electronic stock exchange. By using homomorphic encryption, PET-Exchange prevents information disclosures and unfair advantages in the trading processes. By matching and trading encrypted orders, we study the performance under various volumes and timing constraints, and compare this to the unencrypted counterparts. Our analysis of PET-Exchange using market trade data shows the privacy and cryptographic tradeoffs, demonstrating it to be suitable for small-scale trading and privacy-preserving auctions. Finally, we discuss the potential impact on transparency, fairness, and opportunities for financial crime in an electronic securities exchange. The insights we provide take us one step closer to a privacy-aware and fair public securities exchange.

Homomorphic encryption (HE) allows computations on encrypted data, leaking neither the input nor the computational output. While the method has historically been infeasible to use in practice, due to recent advancements, HE has started to be applied in real-world applications. Motivated by the possibility of outsourcing heavy computations to the cloud and still maintaining end-to-end security, in this paper, we use HE to design a basic audio conferencing application and demonstrate that our design approach (including some advanced features) is both practical and scalable. First, by homomorphically mixing encrypted audio in an untrusted, honest-but-curious server, we demonstrate the practical use of HE in audio communication. Second, by using multiplication operations, we go beyond the purely additive audio mixing and implement advanced example features capable of handling server-side mute and breakout rooms without the cloud server being able to extract sensitive user-specific metadata. Whereas the encryption and decryption times are shown to be magnitudes slower than generic AES encryption and roughly ten times slower than Signal's AES implementation, our solution approach is scalable and achieves end-to-end encryption while keeping performance well within the bounds of practical use. Third, besides studying the performance aspects, we also objectively evaluate the perceived audio quality, demonstrating that this approach also achieves excellent audio quality. Finally, our comprehensive evaluation and empirical findings provide valuable insights into the tradeoffs between HE schemes, their security configurations, and audio parameters. Combined, our results demonstrate that audio mixing using HE (including advanced features) now can be made both practical and scalable.

The rapid expansion of cloud computing has transformed data storage and processing by providing unprecedented convenience and scalability. However, this progress is shadowed by significant data security challenges, primarily as users must rely on cloud service providers to enforce robust security protocols. Homomorphic encryption (HE) offers a potential solution by allowing computations on encrypted data, thereby maintaining confidentiality without compromising functionality. However, HE can be computationally intensive, raising concerns about its practicality in real-world applications, particularly when dealing with large files. Moreover, constantly re-encrypting an entire file after every modification is inefficient and introduces substantial performance overheads. While traditional delta encoding can be used to optimize bandwidth by transmitting only file modifications, it faces security and privacy concerns as the server must access unencrypted file contents. In this paper, we address these challenges by introducing a novel delta encoding scheme tailored for seamless compatibility with HE, enhancing data confidentiality while maintaining efficiency. Our approach minimizes the overhead of re-encryption and improves performance by encrypting and transmitting only the modified file parts. We evaluate the performance of our scheme across various parameters and test cases, comparing it to a state-of-the-art delta encoding approach. Our findings demonstrate many similarities while highlighting the tradeoffs of our HE-enabling solution. Additionally, we explore the performance impacts of integrating HE with our delta encoding scheme and provide insights into the practical constraints and requirements for real-world deployment in cloud computing environments.

The use of wildcard certificates and multi-domain certificates can impact how sensitive a certificate is to attacks and how many (sub)domains and machines may be impacted if a private key is compromised. Unfortunately, there are no globally agreed-upon best practices for these certificate types and the recommendations have changed many times over the years. In this paper, we present a 10-year longitudinal analysis of the usage of wildcard certificates and multi-domain certificates on the internet. Our analysis captures and highlights substantial differences in the heterogenous wildcard and multi-domain certificate practices. The results also show that there are several ways that CAs and domain owners have chosen to improve their practices, with many appearing to reduce the number of domains (and subdomains) for which each certificate is responsible.

The security and integrity of TLS certificates are essential for ensuring secure transmission over the Internet and protecting millions of people from man-in-the-middle attacks. Certificate Authorities (CAs) play a crucial role in issuing and managing these certificates. This paper presents a longitudinal analysis of certificate chains for popular domains, examining their evolution over time and across different categories. Using publicly available certificate data, primarily from crt.sh, we created a longitudinal dataset of certificate chains for domains from the Tranco top-1M list. After categorizing the certificates based on their type and service category, we analyze a selected set of domains over time and identify the patterns and trends that emerge in their certificate chains. Our analysis reveals several noteworthy trends, including a trend towards shorter certificate chains and fewer paths from domains to root certificates. This implies that the certificate process is becoming more simplified and streamlined. Combined with our observations that there is an increasing use of new CAs and a shift in the types of certificates used that we observe, we expect part of this to be an effect of individual choices made by some popular CAs (e.g., less cross-signings). In general, the observed trends, patterns, and findings capture tradeoffs in overhead, backward compatibility, and security. The quick shifts in some of the observed metrics (e.g., chain lengths) therefore also highlight the importance of continued monitoring and analysis of certificate chains.