Search for: All records

Creators/Authors contains: "Ristenpart, Thomas"

« Prev Next »

Total Resources

32

Resource Type
Conference Paper

29

Conference Proceeding

0

Dataset

0

Journal Article

3

Workshop Report

0

Availability
Full Text / Resource Available

30

Citation Only

2

Save Results
Excel (limit 2000)
CSV (limit 5000)
XML (limit 5000)

Have feedback or suggestions for a way to improve these results?
!

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Araña: Discovering and Characterizing Password Guessing Attacks in Practice

Islam, Mahzharul ; Bohuk, Marina Sanusi ; Chung, Paul ; Ristenpart, Thomas ; Chatterjee, Rahul ( October 2023 , SEC '23: Proceedings of the 32nd USENIX Conference on Security Symposium)

Remote password guessing attacks remain one of the largest sources of account compromise. Understanding and characterizing attacker strategies is critical to improving security but doing so has been challenging thus far due to the sensitivity of login services and the lack of ground truth labels for benign and malicious login requests. We perform an in-depth measurement study of guessing attacks targeting two large universities. Using a rich dataset of more than 34 million login requests to the two universities as well as thousands of compromise reports, we were able to develop a new analysis pipeline to identify 29 attack clusters—many of which involved compromises not previously known to security engineers. Our analysis provides the richest investigation to date of password guessing attacks as seen from login services. We believe our tooling will be useful in future efforts to develop real-time detection of attack campaigns, and our characterization of attack campaigns can help more broadly guide mitigation design.
more » « less
Free, publicly-accessible full text available October 26, 2024
The Digital-Safety Risks of Financial Technologies for Survivors of Intimate Partner Violence

Bellini, Rosanna ; Lee, Kevin ; Brown, Megan ; Shaffer, Jeremy ; Bhalerao, Rasika ; Ristenpart, Thomas ( August 2023 , 32nd USENIX Security Symposium)

Free, publicly-accessible full text available August 9, 2024
Context Discovery and Commitment Attacks: How to Break CCM, EAX, SIV, and More

Menda, Sanketh ; Len, Julia ; Grubbs, Paul ; Ristenpart, Thomas ( January 2023 , Advances in Cryptology - Eurocrypt)

Full Text Available
Care Infrastructures for Digital Security in Intimate Partner Violence

https://doi.org/10.1145/3491102.3502038

Tseng, Emily ; Sabet, Mehrnaz ; Bellini, Rosanna ; Sodhi, Harkiran Kaur ; Ristenpart, Thomas ; Dell, Nicola ( April 2022 , Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems)

Full Text Available
Orca: Blocklisting in Sender-Anonymous Messaging

Tyagi, Nirvan ; Len, Julia ; Miers, Ian ; Ristenpart, Thomas ( January 2022 , USENIX Security)

Full Text Available
Increasing Adversarial Uncertainty to Scale Private Similarity Testing

Hua, Yiqing ; Namavari, Armin ; Cheng, Kaishuo ; Naaman, Mor ; Ristenpart, Thomas ( January 2022 , USENIX Security)

Full Text Available
Trauma-Informed Computing: Towards Safer Technology Experiences for All

https://doi.org/10.1145/3491102.3517475

Chen, Janet X. ; McDonald, Allison ; Zou, Yixin ; Tseng, Emily ; Roundy, Kevin A ; Tamersoy, Acar ; Schaub, Florian ; Ristenpart, Thomas ; Dell, Nicola ( April 2022 , Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems)

Full Text Available
Characterizing Alternative Monetization Strategies on YouTube

Hua, Yiqing ; Ribeiro, Manoel H. ; Ristenpart, Thomas ; West, Robert ; Naaman, Mor ( January 2022 , Computer supported cooperative work CSCW)

Full Text Available
A Fast and Simple Partially Oblivious PRF, with Applications

https://doi.org/10.1007/978-3-031-07085-3_23

Tyagi, Nirvan ; Celi, Sofı́a ; Ristenpart, Thomas ; Sullivan, Nick ; Tessaro, Stefano ; Wood, Christopher A. ( January 2022 , IACR Eurocrypt 2022)

Full Text Available
Searching Encrypted Data with Size-Locked Indexes

Xu, Min ; Namavari, Armin ; Cash, David ; Ristenpart, Thomas ( August 2021 , USENIX Security Symposium)
null (Ed.)
We investigate a simple but overlooked folklore approach for searching encrypted documents held at an untrusted service: Just stash an index (with unstructured encryption) at the service and download it for updating and searching. This approach is simple to deploy, enables rich search support beyond unsorted keyword lookup, requires no persistent client state, and (intuitively at least) provides excellent security compared with approaches like dynamic searchable symmetric encryption (DSSE). This work first shows that implementing this construct securely is more subtle than it appears, and that naive implementations with commodity indexes are insecure due to the leakage of the byte-length of the encoded index. We then develop a set of techniques for encoding indexes, called size-locking, that eliminates this leakage. Our key idea is to fix the size of indexes to depend only on features that are safe to leak. We further develop techniques for securely partitioning indexes into smaller pieces that are downloaded, trading leakage for large increases in performance in a measured way. We implement our systems and evaluate that they provide search quality matching plaintext systems, support for stateless clients, and resistance to damaging injection attacks.
more » « less
Full Text Available

« Prev Next »