MC2 Researchers Present Four Papers at Privacy Symposium

Published July 21, 2025

Faculty and students in the Maryland Cybersecurity Center (MC2) presented four papers at the 2025 Privacy Enhancing Technologies Symposium (PETS), held from July 14–19 in Washington, D.C.

The annual symposium is considered the premier venue for novel applied and theoretical research into the design, analysis, experimentation or fielding of privacy-enhancing technologies

In their accepted papers, the MC2 researchers explored anonymous broadcast communication, third-party repair for smart home devices, differential privacy models, and privacy threats in secondhand Wi-Fi hardware.

“These papers demonstrate the depth and diversity of privacy research happening at MC2,” says Michelle Mazurek, an associate professor of computer science and director of the center. “Our faculty and students are tackling critical problems that affect real-world users, from secure communication, to emerging risks in the connected home.”

MC2 faculty also played a prominent role in the conference program. Dave Levin, an associate professor of computer science, delivered a keynote address titled “Future Challenges of Internet Censorship and How to Meet Them.”

Mazurek adds that MC2 sponsored almost 20 UMD students to attend the conference, giving them the opportunity to learn directly from leading privacy researchers from around the world.

The four papers are:

“ZIPNet: Low-bandwidth anonymous broadcast from (dis)Trusted Execution Environments,” co-authored by Maurice Shih and Ian Miers, explores how to make Anonymous Broadcast Channels (ABCs) more scalable and efficient. The MC2 researchers propose ZipNet, a new ABC system that reduces server costs, enables cheap cover traffic, and scales to hundreds of servers by offloading message aggregation to an untrusted infrastructure.

“Help Me Help You: Privacy Considerations for Third Party IoT Device Repair,”co-authored by Nathan Reitinger, examines whether people are willing to use a “HandyTech”—a technician for smart home device repair—despite privacy risks. Employing a national survey, Reitinger and his co-authors found that urgency, transparency and limited access increased willingness, while general privacy concerns reduced it.

“Models Matter: Setting Accurate Privacy Expectations for Local and Central Differential Privacy,”co-authored by Gabriel Kaptchuk, looks at how to help people better understand differential privacy. He and his co-authors designed and tested new ways of explaining the two main models—local and central—and offered practical guidance for communicating privacy technologies more clearly.

“Buy it Now, Track Me Later: Attacking User Privacy via Wi-Fi AP Online Auctions,”co-authored by Dave Levin, Erik Rye, and Steven Su, uncovered a new privacy risk linked to Wi-Fi devices sold on secondhand marketplaces. The researchers show how layer-two network identifiers—such as MAC addresses used to identify devices on local networks—can be extracted from product photos on eBay and matched to real-world locations. This reveals where devices were used before and after resale, highlighting the need for stronger protections of these identifiers.

According to Levin, the papers presented at PETS by his MC2 colleagues highlight the group’s collaborative approach to privacy research, drawing on a wide range of techniques and perspectives. He noted that Kaptchuk’s paper explored users’ expectations around differential privacy; Miers introduced new cryptographic protocols for anonymous communication; Reitinger’s work examined privacy concerns related to third-party smart-home device repairs; and Su—an undergraduate—uncovered privacy risks in eBay and Facebook Marketplace.

“I’m especially proud of [Su’s] hard work,” says Levin. “From attacks and defenses to user studies and cryptographic proofs, our group brings it all to the table.”

—Story by Melissa Brachfeld, UMIACS communications group