MC2 Researchers Present Six Papers at ACM Conference on Information Security
Published November 10, 2021
Researchers affiliated with the Maryland Cybersecurity Center (MC2) are presenting six papers on hot-topic areas like key management for cryptocurrencies, post-quantum cryptography and fuzzy message detection at the upcoming Association for Computing Machinery Conference on Computer and Communications Security (ACM CCS).
The annual conference, which brings together information security researchers, practitioners, developers and users from around the world, will be held virtually this year from November 15–19.
“The work we’re presenting at this year’s conference demonstrates research, scholarship and innovation from a diverse group of MC2 researchers—faculty, postdocs and students—and reflects our strengths in addressing challenging and emerging security threats,” says Michelle Mazurek, an associate professor of computer science and director of MC2.
One example of innovative cryptocurrency research is “The Exact Security of BIP32 Wallets,” co-authored by researchers from the Technical Institute of Darmstadt in Germany and Julian Loss, who recently completed a postdoctoral research position at MC2 and began a tenure-track position at Germany’s Helmholtz Center for Information Security.
In the paper, the researchers closely examine how security is managed in what is commonly referred to as a cryptocurrency “wallet,” a method for storing keys that is a highly attractive target for hackers.
The BIP32 wallet, which became a standard in 2012 and is still widely used today, has never been comprehensively analyzed for its security properties, according to the paper’s authors. By moving to an alternative key derivation method, they developed new wallet protocols that offer an extra 20 bits of security at no additional cost.
Another paper investigates the problem of developing fuzzy message detection schemes to support the privacy-preserving retrieval of messages from store-and-forward delivery systems.
In “Fuzzy Message Detection,” the authors explain that privacy-preserving protocols often employ a primitive, which is a low-level algorithm to build cryptographic protocols for a security system that allows a sender to “flag” a message to a recipient’s public key. Using this method, only the recipient, who possesses the corresponding secret key, can detect that the message is intended for their use.
A limitation of the existing techniques is that recipients cannot easily outsource the detection of messages to a remote server without revealing to the server the exact set of matching messages. With fuzzy message detection, however, the user gives a server a decryption key to test which messages in a list are theirs.
“Existing approaches require you to fully trust a server or download all messages. We found a middle ground,” says co-author Ian Miers, an assistant professor of computer science with an appointment in the University of Maryland Institute for Advanced Computer Studies (UMIACS).
The other MC2-affiliated papers being presented are:
• “Compressed Oblivious Encoding for Homomorphically Encrypted Search,” co-authored by associate professor Dana Dachman-Soled who has a dual appointment in the Department of Electrical and Computer Engineering and UMIACS
• “Labeled PSI from Homomorphic Encryption with Reduced Computation and Communication,” co-authored by Michael Rosenberg, a computer science doctoral student advised by Katz
• “EasyPQC: Verifying Post-Quantum Cryptography,” co-authored by Katz; Xiaodi Wu, an assistant professor of computer science with an appointment in UMIACS; Xiong (Leo) Fan, a former postdoc who is now a cryptography researcher at Algorand; and Shih-Han Hung, a recent Ph.D. graduate who is now a postdoctoral researcher at The University of Texas at Austin
—Story by Melissa Brachfeld
The Maryland Cybersecurity Center (MC2) is jointly supported by the A. James Clark School of Engineering and the College of Computer, Mathematical, and Natural Sciences. It is one of six major centers in the University of Maryland Institute for Advanced Computer Studies.