Lin-Shung Huang

Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure

Recent trends in public-key infrastructure research explore the tradeoff between decreased trust in Certificate Authorities (CAs), resilience against attacks, communication overhead (bandwidth and latency) for setting up an SSL/TLS connection, and availability with respect to verifiability of public key information. In this paper, we propose AKI as a new public-key validation infrastructure, to reduce the level of trust in CAs. AKI integrates an architecture for key revocation of all entities (e.g., CAs, domains) with an architecture for accountability of all infrastructure parties through checks-and-balances. AKI efficiently handles common certification operations, and gracefully handles catastrophic events such as domain key loss or compromise. We propose AKI to make progress towards a public-key validation infrastructure with key revocation that reduces trust in any single entity.

Analyzing Forged SSL Certificates in the Wild

The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.

Protecting browsers from cross-origin CSS attacks

Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a users existing authenticated session; existing XSS defenses are ineffective. We show how to conduct these attacks with any browser, even if JavaScript is disabled, and propose a client-side defense with little or no impact on the vast majority of web sites. We have implemented and deployed defenses in Firefox, Google Chrome, and Safari. Our defense proposal has also been adopted by Opera.

An Experimental Study of TLS Forward Secrecy Deployments

Many Transport Layer Security (TLS) servers use the ephemeral Diffie-Hellman (DHE) key exchange to support forward secrecy. However, in a survey of 473,802 TLS servers, the authors found that 82.9 percent of the DHE-enabled servers use weak DH parameters, resulting in a false sense of security. They compared the server throughput of various TLS setups, and measured real-world client-side latencies using an advertisement network. Their results indicate that using forward secrecy is no harder, and can even be faster using elliptic curve cryptography (ECC), than no forward secrecy.

A rate-distortion optimization model for SVC inter-layer encoding and bitstream extraction

The Scalable Video Coding (SVC) standard enables viewing devices to adapt their video reception using bitstream extraction. Since SVC offers spatial, temporal, and quality combined scalability, extracting proper bitstreams for different viewing devices can be a non-trivial task, and naive choices usually produce poor playback quality. In this paper, we propose a two-prong approach to achieve rate-distortion (R-D) optimal extraction of SVC bitstreams. For SVC encoding, we developed a set of adaptation rules for setting the quantization parameters and the inter-layer dependencies among the SVC coding layers. A well-adapted SVC bitstream thus produced manifests good R-D trade-offs when its scalable layers are extracted along extraction paths consisting of successive refinement steps. For extracting R-D optimized bitstreams for different viewing devices, we formalized the notion of optimal and near-optimal extraction paths and devised computationally efficient strategies to search for the extraction paths. Experiment results demonstrated that our R-D optimized adaptation schemes and extraction strategies offer significant improvement in playback picture quality among heterogeneous viewing devices. Particularly, our adaptation rules promise R-D convexity along optimal extraction paths and permit the use of steepest-descent strategy to discover the optimal/near-optimal paths. This simple search strategy performs only half of the computation necessary for an exhaustive search.

All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API

HTML5 changes many aspects in the browser world by introducing numerous new concepts, in particular, the new HTML5 screen sharing API impacts the security implications of browsers tremendously. One of the core assumptions on which browser security is built is that there is no cross-origin feedback loop from the client to the server. However, the screen sharing API allows creating a cross-origin feedback loop. Consequently, websites will potentially be able to see all visible content from the users screen, irrespective of its origin. This cross-origin feedback loop, when combined with human vision limitations, can introduce new vulnerabilities. An attacker can capture sensitive information from victims screen using the new API without the consensus of the victim. We investigate the security implications of the screen sharing API and discuss how existing defenses against traditional web attacks fail during screen sharing. We show that several attacks are possible with the help of the screen sharing API: cross-site request forgery, history sniffing, and information stealing. We discuss how popular websites such as Amazon and Wells Fargo can be attacked using this API and demonstrate the consequences of the attacks such as economic losses, compromised account and information disclosure. The objective of this paper is to present the attacks using the screen sharing API, analyze the fundamental cause and motivate potential defenses to design a more secure screen sharing API.

Trickle: Resilient Real-Time Video Multicasting for Dynamic Peers with Limited or Asymmetric Network Connectivity

Some of the most challenging scenarios for peer-to-peer multimedia applications arise when the applications require real-time interactions among their users. In those cases, the expectation of sub-second responses prohibits the use of popular P2P IPTV software because those programs invariably use large video buffers to amortize the propagation delays of individual frames and thus cause notable and dispersed viewing latencies among their users. The performance of these programs degrade even further if the users are connected to home networks that offer narrow uplink channels or through wireless links that experience frequent throughput fluctuations. In order to overcome these shortcomings, we develop Trickle, a peer-to-peer real-time media streaming system that can transport H.264 video streams with low link stresses (less than 250Kb/s) and stable sub-second frame delays through the use of erasure correction codes along with the clever construction of multiple multicast trees and the recruitment of many peer helpers. This paper presents the first fruits of our work including the principles and mechanisms of Trickle, its simulated performance based on H.264 video traces and its merit comparisons against SplitStream, the first application layer multicasting protocol for video streaming, and CoolStreaming, a news-making P2P IPTV program that works like BitTorrent

Darwin: a ground truth agnostic CAPTCHA generator using evolutionary algorithm

We designed and implemented Darwin, the first CAPTCHA generator using evolutionary algorithm. We evaluated the effectiveness of our proposed CAPTCHAs with MTurk users (non-attackers) and Antigate workers (attackers). Due to our ground-truth agnostic fitness function, we are able to discover a new category of CAPTCHAs in which attackers answer correctly but non-attackers answer incorrectly.

TouchAble: a camera-based multitouch system

Touchscreens enable users to interact directly and intuitively with computers by simply touching the display area without requiring any intermediate devices. There are various touchscreen technologies that generally utilize resistive or capacitive panels. Typical touchscreens are constrained by the fixed size and high cost panels. Many research efforts have been made towards achieving multitouch functionality using vision-based systems. However, existing approaches have limitations such as relying on pre-defined gestures [5], requiring users to wear a glove with a custom pattern [4], or using infrared light pens [2].