CSAW'19 Applied Research Winners & Finalists

Europe | Israel | IndiaMENA | US-Canada

CSAW Europe Winning & Finalist Papers 

* 1st Place *
1 Trillion Dollar Refund – How To Spoof PDF Signatures

Vladislav Mladenov, Christian Mainka, Karsten Meyer zu Selhausen, Martin Grothe and Joerg Schwenk  (Hackmanit GmbH & Ruhr-University Bochum)

* 2nd Place *
RIDL: Rogue In-Flight Data Load

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos and Cristiano Giuffrida (Vrije Universiteit Amsterdam) 

* 3rd Place *
Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem

Stefano Calzavara, Riccardo Focardi, Matus Nemec, Alvise Rabitti and Marco Squarcina (Ca’ Foscari University of Venice) 

Europe Finalist Papers 

(in random order)

Implementing RLWE-based Schemes Using an RSA Co-Processor

Martin Albrecht, Christian Hanser, Andrea Hoeller, Thomas Pöppelmann, Fernando Virdia and Andreas Wallner (Royal Holloway, University of London)

Stack Overflow Considered Helpful! Deep Learning Security Nudges Towards Stronger Cryptography

Felix Fischer, Huang Xiao, Ching-Yu Kao, Yannick Stachelscheid, Benjamin Johnson, Danial Raza, Paul Fawkesley, Nat Buckley, Konstantin Böttinger, Paul Muntean and Jens Grossklags (Technical University of Munich, Fraunhofer)

M&M: Masks and Macs against Physical Attacks

Lauren De Meyer, Victor Arribas, Svetla Nikova, Ventzislav Nikov and Vincent Rijmen (Katholieke Universiteit Leuven & NXP)

Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability

Giulio Malavolta, Pedro Moreno-Sanchez, Clara Schneidewind, Aniket Kate and Matteo Maffei (Vienna University of Technology)

SensorID: Sensor Calibration Fingerprinting for Smartphones

Jiexin Zhang, Alastair Beresford and Ian Sheret (University of Cambridge)

Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks

Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida and Herbert Bos (Vrije Universiteit Amsterdam)

Cognitive Triaging of Phishing Attacks

Amber van der Heijden and Luca Allodi (Eindhoven University of Technology)

CSAW India Winning & Finalist Papers
* 1st Place *
First Steps toward CNN based Source Classification of Document Images Shared over Messaging App accessible here

Sharad Joshi(IIT Gandhinagar), Suraj Saxena (IIT Gandhinagar) and Nitin Khanna (IIT Gandhinagar)

Presented by: Sharad Joshi

* 2nd Place *
How Secure are Deep Learning Algorithms from Side-Channel based Reverse Engineering?  accessible here

Manaar Alam (IIT Kharagpur) and Debdeep Mukhopadhyay (IIT Kharagpur)

Presented by: Manaar Alam

* 3rd Place * 
An Algorithmic Approach to Formally Verify an ECC Library accessible here

Keerthi K. (IIT Madras), Chester Rebeiro (IIT Madras), and Aritra Hazra (IIT Kharagpur)

Presented by: Keerthi K.

Building PUF based Authentication and Key Exchange Protocol for IoT without Explicit CRPs in Verifier Database accessible here

Urbi Chatterjee (IIT Kharagpur), Vidya Govindan (IIT Kharagpur), Rajat Sadhukhan (IIT Kharagpur), Debdeep Mukhopadhyay (IIT Kharagpur), Rajat Subhra Chakraborty (IIT Kharagpur), Debashis Mahata (Wipro Technogies), and Mukesh M Prabhu (Wipro Technogies)

Presented by: Urbi Chatterjee

Source Printer Classification using Printer Specific Local Texture Descriptor accessible here

Sharad Joshi (IIT Gandhinagar) and Nitin Khanna (IIT Gandhinagar)

Presented by: Sharad Joshi

CSAW Israel Winning Papers
* 1st Place *
From IP ID to Device ID and KASLR Bypass

Amit Klein and Benny Pinkas

Presented by: Amit Klein

* 2nd Place *
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations

Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom

Presented by: Eyal Ronen

* 3rd Place *
Drones' Cryptanalysis - Smashing Cryptography with a Flicker

Ben Nassi, Raz Ben-Netanel, Adi Shamir and Yuval Elovici

Presented by: Ben Nassi 

CSAW MENA Winning Papers 
* 1st Place *
ScanSAT: Unlocking Obfuscated Scan Chains accessible here

Lilas Alrahis (Khalifa University), Muhammad Yasin (New York University Abu Dhabi), Hani Saleh (Khalifa University), Baker Mohammad (Khalifa University), Mahmoud Al-Qutayri (Khalifa University) and Ozgur Sinanoglu(New York University Abu Dhabi)

Presented by: Lilas Alrahis

* 2nd Place *
Quantity vs. Quality: Evaluating User Interest Profiles Using Ad Preference Managers accessible here

Muhammad Ahmad Bashir(Northeastern University), Umar Farooq (LUMS (Pakistan)), Maryam Shahid(LUMS (Pakistan)), Muhammad Fareed Zaffar(LUMS (Pakistan)), and Christo Wilson (Northeastern University)

Presented by: Umar Farooq

* 3rd Place * 
Process-Aware Cyberattacks for Thermal Desalination Plants accessible here

Prashant Rajput (New York University Abu Dhabi), Pankaj Rajput (New York University Abu Dhabi), Marios Sazos (New York University Abu Dhabi), Michail Maniatakos (New York University Abu Dhabi)

Presented by: Prashant Rajput

CSAW US-Canada Finalist Papers
* 1st Place *
True2F: Backdoor-resistant authentication tokens accessible here

Emma Dauterman (Stanford University & Google), Henry Corrigan-Gibbs (Stanford University), David Mazieres (Stanford University), Dan Boneh (Stanford University), and Dominic Rizzo (Google)

Presented by: Emma Dauterman

* 2nd Place *
Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems accessible here

Hadi Abdullah, Washington Garcia, Christian Peeters, Patrick Traynor, Kevin R. B. Butler, and Joseph N. Wilson (all University of Florida)

Presented by: Hadi Abdullah 

* 3rd Place *
Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems accessible here

Nan Zhang (Indiana University Bloomington), Xianghang Mi (Indiana University Bloomington), Xuan Feng (Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS), Xiaofeng Wang (Indiana University Bloomington), Yuan Tian (University of Virginia), and Feng Qian (University of Minnesota)

Presented by: Xianghang Mi

Finalist Papers

(in random order) 

NEUZZ: Efficient Fuzzing with Neural Program Smoothing accessible here 

Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Ray Bashakhi and Suman Jana (all Columbia University) 

Presented by: Dongdong She

ProFuzzer: On-the-fly Input Type Probing for Better Zero-day Vulnerability Discovery accessible here

Wei You (Purdue University), Xueqiang Wang (Indiana University Bloomington), Shiqing Ma (Purdue University), Jianjun Huang (Renmin University of China), Xiangyu Zhang (Purdue University), XiaoFeng Wang (Indiana University Bloomington), and Bin Liang (Renmin University of China)

Presented by: Shiqing Ma

DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning accessible here 

Milad Nasr, Alireza Bahramali and Amir Houmansadr (all University of Massachusetts - Amherst)

Presented by: Milad Nasr 

The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends
accessible here 

Omar Alrawi (Georgia Institute of Technology), Chaoshun Zuo (The Ohio State University), Ruian Duan (Georgia Institute of Technology), Ranjita Pai Kasturi (Georgia Institute of Technology), Zhiqiang Lin (The Ohio State University), and Brendan Saltaformaggio (Georgia Institute of Technology)

Presented by: Omar Alrawi

PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary accessible here

Dokyung Song (University of California, Irvine), Felicitas Hetzelt (TU Berlin), Dipanjan Das (University of California, Santa Barbara), Chad Spensky (University of California, Santa Barbara), Yeoul Na (University of California, Irvine), Stijn Volckaert (Katholieke Universiteit Leuven), Giovanni Vigna (University of California, Santa Barbara), Christopher Kruegel, Jean-Pierre Seifert (TU Berlin), and Michael Franz (University of California, Irvine)

Presented by: Dokyung Song

VRASED: A Verified Hardware/Software Co-Design for Remote Attestation accessible here

Ivan De Oliveira Nunes (University of California, Irvine), Karim Eldefrawy (SRI International), Norrathep Rattanavipanon (University of California, Irvine), Michael Steiner (Intel), and Gene Tsudik (University of California, Irvine)

Presented by: Ivan De Oliveira Nunes

Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing accessible here 

Jiyong Yu, Lucas Hsiung, Mohamed El Hajj and Christopher Fletcher (all University of Illinois at Urbana-Champaign) 

Presented by: Jiyong Yu