This is the website for the University of Oxford Security Reading Group. Here you will find contact information for how to join the mailing list, meeting information, and a list of the papers we have read and discussed historically.

Further Information

We typically meet on Fridays at 3pm, in Robert Hooke Building (RHB), Room 114. Access is from the Computer Science entrance just off Parks Road, next to the Museum of Natural History. To be added to the mailing list, please email Martin Dehnel-Wild. Upcoming meetings are normally listed after the weekly email has gone out on the Cyber Security Calendar.

Archive of Papers

Please see the following list for papers we have read in recent weeks, in reverse chronological order. Please note:

  • Links will be to open-access PDFs/pre-prints where possible, but unfortunately these are not always available. I have tried to include multiple links to both open-access and paywall (e.g. ACM, Springer Link, IEEE) for each in case of dead links, and for ease of citation.
  • The initial date is the date of the reading group, not the publication of the paper.
  • New papers will be added when I remember. Email me if I forget. :-)
  • Where the publication venue says ‘Discussion’, this was a discussion-group meeting (included for completeness), rather than a reading group.

2018:

  • 16th March, Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI by Kim et al. (CCS’17). ACM. PDF.

  • 9th March, On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN by Bhargavan and Leurent (CCS’16). ACM. PDF.

  • 23rd February, Blue versus Red: Towards a model of distributed security attacks by Fultz and Grossklags, (FC’09). PDF.

  • 16th February, Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage, by Garman, Green et al. (USENIX 2016). PDF.

  • 2nd February, Meltdown, by Lipp et al. PDF.

  • 26th January, Kleptography: Using Cryptography Against Cryptography, by Young and Yung (EUROCRYPT 1997). PDF. Springer.

  • 19th January, CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management, by Tang et al. (USENIX 2017). USENIX.

  • 12th January, Some thoughts on security after ten years of qmail 1.0, by Daniel J. Bernstein (CSAW’07). PDF.

2017:

  • 8th December, Does the Internet Need a Hegemon?, by Rovner and Moore. (Journal of Global Security Studies 2017) OUP.

  • 1st December, Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting, by Tajalizadehkhoob et al. (CCS’17). PDF.

  • 24th November, Towards Linux Kernel Memory Safety, by Reshetova, Paverd, Liljestrand, and Asokan (ArXiV pre-print). PDF.

  • 17th November, Pretzel: email encryption and provider-supplied functions are compatible, by Gupta et al. (SICOMM’17). PDF. Morning Paper.

  • 10th November, Minimizing Embedding Impact in Steganography using Trellis-Coded Quantization, by Filler et al. (Media Forensics and Security). PDF.

  • 27th October, Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS, by Dorey et al., (IACR ePrint). PDF.

  • 20th October, How to Share a Secret, by Adi Shamir, (Communications of the ACM, 1979, Volume 22, Number 11). PDF. ACM.

  • 13th October, Sex, Lies, and Cyber-Crime Surveys, by Florencio and Herley (Economics of information security and privacy III, 2012). PDF.

  • 26th May, Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP, by Schürmann et al (PETS’17). PDF.

  • 19th May 2017, On The Security of Password Manager Database Formats, by Gasti and Rasmussen (ESORICS’12). PDF.

  • 12th May 2017, DRE-ip: A Verifiable E-Voting Scheme without Tallying Authorities, by Shahandashti and Fao (ESORICS’16). PDF.

  • 5th May 2017, Systematic Fuzzing and Testing of TLS Libraries, by Juraj Somorovsky (CCS’16). PDF.

  • 7th April 2017, Reactive and Proactive Standardisation of TLS, by Kenneth G. Paterson and Thyla van der Merwe (SSR’16). Springer.

  • 31st March 2017, Calibrating Noise to Sensitivity in Private Data Analysis, by Dwork, McSherry et al. (TOC’2006). PDF. Springer.

  • 24th March 2017, ASLR on the Line: Practical Cache Attacks on the MMU by Gras, Razavi et al. (NDSS’17). PDF.

  • 17th March 2017, Detecting Intentional Packet Drops on the Internet via TCP/IP Side Channels by Ensafi et al. (PAM’14). arXiv.

  • 10th March 2017, Optimal Distributed Password Verification by Camenisch et al. (CCS’15). PDF.

  • 3rd March 2017, FPGA side-channel receivers by Sun et al. (FPGA ‘11). ACM.

  • 17th Feb 2017, Chaffinch: Confidentiality in the Face of Legal Threats by Clayton and Danezis, (Information Hiding 2002). PDF. Springer Link.

  • 10th Feb 2017, SCONE: Secure Linux Containers with Intel SGX by Arnautov et al. (OSDI ‘16). PDF. Usenix.

  • 3rd Feb 2017, Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition by Sharif et al. (CCS’16). PDF. ACM.

  • 27th Jan 2017, The Square Root Law of Steganographic Capacity for Markov Covers by Andrew Ker et al. (SPIE Electronic Imaging 2009). PDF. SPIE DL.

  • 20th January 2017, A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3) by Hugo Krawczyk. (CCS’16). PDF. ACM.

2016:

  • 25th November 2016, SIBRA: Scalable Internet Bandwidth Reservation Architecture by Basescu et al. (NDSS’16). PDF. arXiv.

  • 18th November 2016, Novel session initiation protocol-based distributed denial-of-service attacks and effective defense strategies by Tas et al. ScienceDirect.

  • 11th November 2016, HORNET: High-speed Onion Routing at the Network Layer by Chen et al. PDF. ACM.

  • 4th November 2016, A Surfeit of SSH Cipher Suites by Albrecht et al. PDF. ACM.

  • 21st October 2016, Measuring small subgroup attacks against Diffie-Hellman by Valenta et al. PDF.

  • 14th October 2016, Measurement and Analysis of Private Key Sharing in the HTTPS Ecosystem by Cangialosi et al. (CCS 2016). PDF.

  • 24th June 2016, Automated reasoning for equivalences in the applied pi calculus with barriers by Blanchet and Smyth (CSF 2016). PDF.

  • 17th June 2016, A2: Analog Malicious Hardware by Yang, Hicks, Dong, Austin, and Sylvester (IEEE S&P 2016). PDF. IEEE.

  • 3rd June 2016, Combining Differential Privacy and Secure Multiparty Computation by Pettai and Laud (IACR ePrint, ACSAC 2015). PDF.

  • 6th May 2016, Du-Vote: Remote Electronic Voting with Untrusted Computers by Grewal, Ryan, Chen, and Clarkson (CSF 2015). PDF. IEEE.

  • 29th April 2016, A Systematic Analysis of the Juniper Dual EC Incident by Checkoway et al. (IACR ePrint). PDF.

  • 18th March 2016, Do You Believe in Tinker Bell? The Social Externalities of Trust by Khaled Baqer and Ross Anderson (Security Protocols XXIII). PDF. Springer Link.

  • 11th March 2016, Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems by Shaik et al. (NDSS 2016). InternetSociety.

  • 4th March 2016, Client-based authentication technology: user-centric authentication using secure containers by Cahill et al. (CCS 2011). ACM.

  • 26th February 2016, Attacking and Fixing PKCS#11 Security Tokens by Bortolozzo et al. (CCS 2010). PDF. ACM.

  • 19th February 2016, Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors by Kune et al. (Oakland 2013). PDF. IEEE.

  • 5th February 2016, Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs by Genkin et al. (Journal of Cryptographic Engineering, 2015). PDF. Springer Link.

  • 29th January 2016, Another Look at Security Definitions by Koblitz and Menezes, (Advances in Mathematics of Communications, 2013). PDF. Website.

  • 22nd January 2016, Dismantling MIFARE Classic by Flavio Garcia et al. (ESORICS 2008). PDF. Springer Link.

  • 15th January 2016, The Moral Character of Cryptographic Work by Philip Rogaway, (Position Paper, 2015). PDF.

2015:

  • 11th December 2015, Experimental Analysis of Attacks on Next Generation Air Traffic Communication by Schäfer, et al. (ANCS 2013). PDF. Springer Link.

  • 27th November 2015, VCR: App-Agnostic Recovery of Photographic Evidence from Android Device Memory Images by Saltaformaggio, et al. (ACM CCS, 2015). PDF. ACM.

  • 20th November 2015, Security Considerations for IEEE 802.15.4 Networks by Naveen Sastry and David Wagner (WiSE’04: Philadelphia, 2004). PDF. ACM.

  • 13th November 2015, Optimal Information Security Investment with Penetration Testing by Rainer Böhme and Márk Félegyházi (Decision and Game Theory, 2010). PDF. Springer Link.

  • 6th November 2015, Multi-user Schnorr security, revisited by Daniel J. Bernstein, (IACR ePrint, 2015/996). PDF.

  • 30th October 2015, A Riddle Wrapped in an Enigma by Koblitz and Menezes (IACR ePrint, 2015/1018). PDF.

  • 23rd October 2015, Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis by Jelle van den Hooff, David Lazar, et al. (SOSP’15). PDF. ACM.

  • 16th October 2015, Cryptographic Assumptions: A Position Paper by S. Goldwasser and Y.T. Kalai, (Cryptology ePrint 2015/907, Theory of Cryptography). PDF. Springer Link.

  • 14th August 2015, Keys Under Doormats: Mandating Government Insecurity by Requiring Government Access to All Data and Communications by Abelson, Anderson, et al. (MIT-CSAIL-TR-2015-026, 2015). PDF. Oxf. J. CySec.

  • 17th July 2015, Shielding Applications from an Untrusted Cloud with Haven by Baumann, et al. (OSDI’14). PDF. ACM.

  • 3rd July 2015, Direct Anonymous Attestation by Brickell, Camenisch, and Chen (ACM CCS’04). PDF. ACM.

  • 19th June 2015, Design and Implementation of the idemix Anonymous Credential System by Jan Camenisch and Els Van Herreweghen (CCS’02). PDF. ACM.

  • 18th June 2015, Privacy-preserving targeted mobile advertising by Yang Liu (Discussion, Oxford DPhil, 2015).

  • 11th June 2015, Wireless Attacks on Air Traffic Communication: How Realistic is the Threat? by Martin Strohmeier, (Discussion, Oxford DPhil, 2015?).

  • 5th June 2015, Tracking Human Mobility using WiFi signals by Sapiezynski, et al. (PLOS One, arXiv 1505.06311, 2015). PDF. HTML.

  • 29th May 2015, Unique in the Shopping Mall: On the Reidentifiability of Credit Card Metadata by Yves-Alexandre de Montjoye et al., (Science 347(6221), pp. 536-539, 2015). PDF. Science.

  • 28th May 2015, Towards a Model of Information Healthcare by Ivan Fléchais (Discussion, Oxford 2015). PDF.

  • 22nd May 2015, The independent and almost simultaneous discovery of public key cryptography by Cocks, Williamson, Rivest, Shamir & Adelman. Discussion surrounding the following various papers, linked together neatly by this main Wired article. Cocks’ 1973 memo on Non-secret encryption. The original RSA paper. Original DH paper.

  • 15th May 2015, The History of Subliminal Channels by Gustavus Simmons (IEEE J. Select. Areas in Comm., 1998). PDF. IEEE.

  • 1st May 2015, Security of Symmetric Encryption against Mass Surveillance by Bellare, Paterson, Rogaway. (IACR ePrint, 2014). PDF. Springer Link.

  • 17th April 2015, The Chubby lock service for loosely-coupled distributed systems by Mike Burrows (OSDI’06). HTML. ACM.

  • 10th April 2015, Surreptitiously Weakening Cryptographic Systems by Schneier, et al. (IACR ePrint, 2015). PDF. Alternate.

  • 27th March 2015, Anbang’s and Dr Martin’s new paper on a Software Defined Cloud Root-of-Trust Framework (NeuronVisor).

  • 27th February 2015, PowerSpy: Location Tracking using Mobile Device Power Analysis by Yan Michalevsky, et al., (USENIX Security 15, arXiv 1502.03182v1.pdf, 2015). PDF.

  • 13th February 2015, The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes by Bonneau, et al., IEEE Open Access, and Pico: No more passwords! by Frank Stajano (Security Protocols XIX, 2011). PDF. Springer Link.

  • 30th January 2015 Citizen Electronic Identities using TPM 2.0 by Nyman, et al. (TrustED’14, Scottsdale, Arizona, 3–7 November 2014). PDF. ACM.

2014:

  • 12th December 2014, New Directions in Cryptography by Diffie and Hellman, (IEEE Transactions on Information Theory, vol.22, no.6, pp.644,654, Nov 1976). PDF. ACM.

  • 5th December 2014, A Critical Evaluation of Website Fingerprinting Attacks by Juarez et al. (CCS 14). PDF. ACM.

  • 28th November 2014, Large Scale Test of Sensor Fingerprint Camera Identification by Goljan, Fridrich, and Filler. (IS&T/SPIE Electronic Imaging, 2009). PDF. SPIE.

  • 14th Novemeber 2014, Interoperable Remote Attestation for VPN Environments by Bente et al. (Trusted Systems 2010). Springer Link.

  • 7th November 2014, Harvesting high value foreign currency transactions from EMV contactless credit cards without the PIN by Martin Emms et al. (CCS 14). PDF. BBC. Gizmodo. Wired.

  • 31st October 2014, Here Come The ⊕ Ninjas by Duong and Rizzo (Unpublished whitepaper, 2011). PDF. Alternate.

  • 24th October 2014, Rosemary: A Robust, Secure, and High-performance Network Operating System by Seungwon Shin et al. (CCS 2014). PDF. ACM.

  • 17th October 2014, Deniable Liaisons by Abhinav Narain, Nick Feamster and Alex C. Snoeren (CCS 2014). PDF. ACM.

Many thanks are due to Joe Loughry for keeping such immaculate records, and to Andrew Paverd for having run the reading group so successfully before me.