MC2 Researchers Present Nine Papers at IEEE Symposium on Security and Privacy

Researchers affiliated with the Maryland Cybersecurity Center (MC2) had nine papers accepted to the 44th IEEE Symposium on Security and Privacy (IEEE S&P), including one that received a distinguished paper award.

The annual conference is the premier forum for presenting developments in computer security and electronic privacy, bringing together researchers and practitioners in the field. It is being held this year from May 22–25 in San Francisco.

Two of the nine papers will appear at the Seventh Workshop on Technology and Consumer Protection (ConPro ’23), a co-located workshop that explores computer science topics with an impact on consumers.

Michelle Mazurek, an associate professor of computer science and director of MC2, says the MC2 papers at IEEE S&P this year cover exciting, timely topics—from dangerous data leaks when phones are resold in police auctions, to enabling anonymous credentials that could prove someone is over 18 without revealing their identity, to exploring the experiences of marginalized people in vulnerability analysis careers.

“The research our faculty and students conduct has important real-world implications for improving security and privacy in a wide range of contexts,” she says.

The MC2-affiliated papers presented at IEEE S&P this year are:

“Blue Is the New Black (Market): Privacy Leaks and Re-Victimization from Police-Auctioned Cellphones” explores how cellphones auctioned off by law enforcement agencies—phones that were either seized in criminal investigations or unclaimed from lost-and-found inventories—contain easily accessible private information from the previous owners. MC2-affiliated authors are Richard Roberts (lead author), Julio Poveda and Dave Levin.

“Is Cryptographic Deniability Sufficient? Non-Expert Perceptions of Deniability in Secure Messaging” conducts a survey study to understand how people perceive evidence of deniability related to encrypted messaging protocols, which are deployed on apps such as WhatsApp and Signal. MC2-affiliated authors are Nathan Reitinger (lead author), Nathan Malkin, Omer Akgul, Michelle Mazurek and Ian Miers.

“IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation” presents a privacy attack that permits a remote and unprivileged adversary to physically geolocate many residential IPv6 hosts and networks with street-level precision. The lead author on the paper is Erik C. Rye.

“Vulnerability Discovery for All: Experiences of Marginalization in Vulnerability Discovery” explores the experiences of marginalized people in vulnerability analysis careers. Currently, the workforce is highly homogeneous, dominated by white and Asian men. MC2-affiliated authors are Kelsey R. Fulton (lead author) and Michelle Mazurek.

“zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure” presents a protocol for enabling anonymous credentials that could prove someone is over 18 without revealing their identity. This is important in cases when a user on the web needs to show that they are, for example, not a robot, old enough to access an age restricted video, or eligible to download an eBook from their local public library without being tracked. MC2-affiliated authors are Michael Rosenberg (lead author) and Ian Miers.

“Characterizing Everyday Misuse of Smart Home Devices” investigates “optimistic access control,” policies that allow users to obtain access to devices and data without pre-approval, subject to oversight from other household members. (This paper was recognized with a distinguished paper award at the symposium.) MC2-affiliated authors are Phoebe Moh (lead author), Noel Warford, Nathan Malkin and Michelle Mazurek.

“Optimistic Access Control for the Smart Home” investigates “optimistic access control,” policies that allow users to obtain access to devices and data without pre-approval, subject to oversight from other household members. MC2-affiliated authors are Nathan Malkin (lead author), Alan F. Luo, Julio Poveda and Michelle Mazurek.

“SoK: Considerations in Measuring Compliance with Privacy Regulations” (ConPro ’23) develops a general framework for helping researchers identify and think through some key considerations when conducting research on data privacy regulations, such as the General Data Protection Regulation and the California Consumer Privacy Act. MC2-affiliated authors are Nathan Reitinger (lead author) and Michelle Mazurek.

“This Proposal Was Brought to You by Content Creators’ Mental Models of Security & Privacy Products” (ConPro ’23) discusses the design and preliminary results of a pilot interview study with digital content creators to better understand what factors affect the claims they make in their sponsored advertisements, and to identify possible points of intervention. MC2-affiliated authors are Richard Roberts (lead author), Wentao Guo, Omer Akgul, Michelle Mazurek and Dave Levin.

MC2 is a joint effort between the College of Computer, Mathematical, and Natural Sciences and the A. James Clark School of Engineering. The center receives administrative and technical support from the University of Maryland Institute for Advanced Computer Studies (UMIACS).

—Story by Melissa Brachfeld, UMIACS communications group