Publications

Full list of my academic papers.
Bibtex
My academic research papers published over the years.
Filter by

2023

blurry image for loading
blurry image for loading
cryptography
Hybrid Post-Quantum Signatures in Hardware Security Keys
Hybrid Post-Quantum Signatures in Hardware Security Keys
ACNS 2023
We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.

2021

blurry image for loading
blurry image for loading
cybersecurity
"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political...
"Why wouldn't someone think of democracy as a target?": Security practices &...
Usenix Security 2021
In this UX research we identify the key cybersecurity challenges faced by political campaigns as they face increasing threats from well-funded, sophisticated attackers, especially nation-states.
blurry image for loading
blurry image for loading
cybersecurity
Designing Toxic Content Classification for a Diversity of Perspectives
Designing Toxic Content Classification for a Diversity of Perspectives
SOUPS 2021
This large-scale study demonstrates, by surveying 17280 participants, that existing toxicity classifiers fail to generalize to the diverse concerns of Internet users.
blurry image for loading
blurry image for loading
cybersecurity
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
S&P 2021
We propose a comprehensive online hate and harassment taxonomy derived from analyzing over 150 interdisciplinary research papers that cover disparate threats ranging from intimate partner violence to coordinated mobs.

2020

blurry image for loading
blurry image for loading
security
Spotlight: Malware Lead Generation At Scale
Spotlight: Malware Lead Generation At Scale
ACSAC 2020
We present Spotlight, a large-scale malware lead-generation framework that uses deep-learning to clusters malware famillies to isolate potentially-undiscovered ones and prioritizes them for further investigation
blurry image for loading
blurry image for loading
cybersecurity
Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk
Who is targeted by email-based phishing and malware? Measuring factors that differentiate risk
IMC 2020
We analyze over 1.2 billion email-based phishing and malware attacks against Gmail users to understand which factors place a person at heightened risk of being targeted.

2019

blurry image for loading
blurry image for loading
web
Five years of the Right to Be Forgotten
Five years of the Right to Be Forgotten
CCS 2019
We conducted a retrospective measurement study of 3.2 million URLs that were requested for delisting from Google Search over five years.
blurry image for loading
blurry image for loading
security
Protecting accounts from credential stuffing with password breach alerting
Protecting accounts from credential stuffing with password breach alerting
Usenix Security 2019
In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried.
blurry image for loading
blurry image for loading
ai
Rethinking the detection of child sexual abuse imagery on the Internet
Rethinking the detection of child sexual abuse imagery on the Internet
WWW 2019
In order to scale CSAI protections moving forward, we discuss techniques for automating detection and response by using recent advancements in machine learning.
blurry image for loading
blurry image for loading
user experience
They Don't Leave Us Alone Anywhere We Go - Gender and Digital Abuse in South Asia
They Don't Leave Us Alone Anywhere We Go - Gender and Digital Abuse in South Asia
CHI 2019
To better understand the gendered risks and coping practices online in South Asia, we present a qualitative study of the online abuse experiences and coping practices of 199 people who identified as women and 6 NGO staff from India, Pakistan, and Bangladesh, using a feminist analysis.

2018

blurry image for loading
blurry image for loading
security
Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data
Data Breaches: User Comprehension, Expectations, and Concerns with Handling Exposed Data
SOUPS 2018
This paper investigates users sentiment on how companies should respond to data breaches and what are the acceptable usage of leaked data.
blurry image for loading
blurry image for loading
security
Tracking desktop ransomware payments end to end
Tracking desktop ransomware payments end to end
S&P 2018
In this paper, we present a measurement framework that we used to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims, and operators.

2017

blurry image for loading
blurry image for loading
anti-abuse
Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials
Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials
CCS 2017
We present the 1st longitudinal study of the underground ecosystem fueling credential theft based on the 788,000 potential victims of keyloggers; the 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches that we identified in 2017
blurry image for loading
blurry image for loading
security
The first collision for full SHA-1
The first collision for full SHA-1
Crypto 2017
In this paper, we demonstrate that SHA-1 collision attacks have finally become practical by providing the first known instance of a collision.
blurry image for loading
blurry image for loading
network security
Understanding the Mirai Botnet
Understanding the Mirai Botnet
Usenix Security 2017
In this paper, we provide a seven-month retrospective analysis of Mirai’s growth to a peak of 600k infections and a history of its DDoS victims.
blurry image for loading
blurry image for loading
anti-abuse
Pinning Down Abuse on Google Maps
Pinning Down Abuse on Google Maps
WWW 2017
In this paper, we investigate a new form of blackhat search engine optimization that targets local listing services like Google Maps.
blurry image for loading
blurry image for loading
web security
The Security Impact of HTTPS Interception
The Security Impact of HTTPS Interception
NDSS 2017
In this work, we present a comprehensive study on the prevalence and impact of HTTPS interception.

2016

blurry image for loading
blurry image for loading
anti-abuse
Picasso: Lightweight Device Class Fingerprinting for Web Clients
Picasso: Lightweight Device Class Fingerprinting for Web Clients
SPSM 2016
In this work we present Picasso: a lightweight device class fingerprinting protocol that allows a server to verify the software and hardware stack of a mobile or desktop client.
blurry image for loading
blurry image for loading
video game
I am a legend hacking hearthstone using statistical learning methods
I am a legend hacking hearthstone using statistical learning methods
CIG 2016
This paper demonstrates how to apply machine learning to Hearthstone to predict opponent future plays and game outcome.
blurry image for loading
blurry image for loading
anti-abuse
The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges
The Abuse Sharing Economy: Understanding the Limits of Threat Exchanges
RAID 2016
In this work, we investigate the potential benefit of global reputation tracking and the pitfalls therein. We develop our findings from a snapshot of 45 million IP addresses abusing six Google services including Gmail, YouTube, and ReCaptcha between April 7–April 21, 2015.
blurry image for loading
blurry image for loading
anti-abuse
Investigating commercial pay-per-install and the distribution of unwanted software
Investigating commercial pay-per-install and the distribution of unwanted software
Usenix Security 2016
Research on how the  the ecosystem of commercial pay-per-install (PPI) is structured and the role it plays in the proliferation of unwanted software
blurry image for loading
blurry image for loading
anti-abuse
Cloak of visibility: detecting when machines browse a different web
Cloak of visibility: detecting when machines browse a different web
S&P 2016
This paper study the blackhat cloaking techniques used by deceptive websites to hide bad content from search engine crawler and security scanners.
blurry image for loading
blurry image for loading
web security
Remedying web hijacking notification effectiveness and webmaster comprehension
Remedying web hijacking notification effectiveness and webmaster comprehension
WWW 2016
This paper study how effective the Google's notifications sent to webmasters of hacked web sites are based of over 760000 hacking incidents from July 2014 and June 2015.
blurry image for loading
blurry image for loading
security
Users really do plug in usb drives they find
Users really do plug in usb drives they find
S&P 2016
In this research paper we investigate if people do plug random USB drives and found out that 45-98% do. We analyze the factors that affect opening rate and people motivation for plug-in in their computers those insecure drives.

2015

blurry image for loading
blurry image for loading
network security
Neither snow nor rain nor mitm . . . an empirical analysis of email delivery security
Neither snow nor rain nor mitm . . . an empirical analysis of email delivery security
IMC 2015
Multi-year study that measure how email security has evolved from 2013 to 2015. Highlight progress made on deployment of email security technologies and uncover attacks against SMTP happening in the wild.
blurry image for loading
blurry image for loading
anti-abuse
Framing dependencies introduced by underground commoditization
Framing dependencies introduced by underground commoditization
WEIS 2015
In this paper we summarize how the Internet blackmarket is structured and what anti-abuse strategies has been found effective against it.
blurry image for loading
blurry image for loading
anti-abuse
Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google
Secrets, lies, and account recovery: lessons from the use of personal knowledge questions at google
WWW 2015
Research about the security and memorability of secret questions based of their deployment at Google. Best student paper award at WWW'15.
blurry image for loading
blurry image for loading
anti-abuse
Ad injection at scale: assessing deceptive advertisement modifications
Ad injection at scale: assessing deceptive advertisement modifications
S&P 2015
Research study on how malicious and unwanted actors tamper directly with browser sessions for their own profit. Based of measurement done at Google this study also illuminate the scope and negative impact of ads injection.

2014

blurry image for loading
blurry image for loading
anti-abuse
Handcrafted fraud and extortion: manual account hijacking in the wild
Handcrafted fraud and extortion: manual account hijacking in the wild
IMC 2014
Study of how manual account hijacking is performed based of Google data. Research include an analysis of the hijacking workflow and the best defense strategies to defend against such adversaries.
blurry image for loading
blurry image for loading
anti-abuse
Dialing back abuse on phone verified accounts
Dialing back abuse on phone verified accounts
CCS 2014
Longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA) and how to curb this type of abuse based on our experience at Google.
blurry image for loading
blurry image for loading
web security
The end is nigh: generic solving of text-based captchas
The end is nigh: generic solving of text-based captchas
WOOT 2014
Paper about a novel generic approach to solving captchas using a single step that uses machine learning to attack the segmentation and the recognition problems simultaneously. Our tests show that this approac is able solve all the real world captcha schemes evaluated including Yahoo (5.33%) and ReCaptcha (33.34%), without any adjustments to the algorithm or its...
blurry image for loading
blurry image for loading
privacy
Cloak and swagger: understanding data sensitivity through the lens of user anonymity
Cloak and swagger: understanding data sensitivity through the lens of user anonymity
S&P 2014
First  paper on how to use behavioral data to determine content sensitivity, via the clues that users give as to what information they consider private or sensitive through their use of Quora privacy enhancing product features. We show that data sensitivity is a nuanced measure that should be viewed on a continuum rather than as a binary concept, and advance the...
blurry image for loading
blurry image for loading
user experience
Online microsurveys for user experience research
Online microsurveys for user experience research
CHI 2014
Case study about how to use microsurveys to conduct user experience research with a focus Google Consumer Surveys (GCS).
blurry image for loading
blurry image for loading
web security
Easy does it: more usable captchas
Easy does it: more usable captchas
CHI 2014
This paper we describe how we designed a new CAPTCHA schemes for Google that focus on maximizing usability. Our new scheme which is now an integral part of Google sign-up and is served to millions of users, achieved a 95.3% human accuracy, a 6.7% improvement compared to the old one.

2012

blurry image for loading
blurry image for loading
web security
Sessionjuggler secure web login from an untrusted terminal using session hijacking
Sessionjuggler secure web login from an untrusted terminal using session hijacking
WWW 2012
Session Juggler allows to log into any websites on an untrusted terminal on any modern browser by using a simple bookmarklet and a smartphone. The site credentials are never transmited to the untrusted. With Session Juggler users never enter their long term credential on the untrusted terminal. Instead, users log in to a web site using a smartphone app and then...

2011

blurry image for loading
blurry image for loading
web security
Text-based captcha strengths and weaknesses
Text-based captcha strengths and weaknesses
CCS 2011
Research showing how to attack text-based captchas and provide guidelines on how to design secure ones. These insights are based on sucessfull attacks againt 13 of the most popular captchas schemes we show how to
blurry image for loading
blurry image for loading
web security
Reclaiming the blogosphere talkback a secure linkback protocol for weblogs
Reclaiming the blogosphere talkback a secure linkback protocol for weblogs
ESORICS 2011
TalkBack is a new blog Linkback protocol that use a lightweight PKI and a rate limiting system to fight blog SPAM
blurry image for loading
blurry image for loading
web security
Towards secure embedded web interfaces
Towards secure embedded web interfaces
Usenix Security 2011
WebDroid the first framework specifically dedicated to build secure embedded WebApp. This framework is build on the insights we gleaned from the security analysis of 30 embedded devices web interfaces for which we found over than 50 vulnerabilities.
blurry image for loading
blurry image for loading
web security
The failure of noise-based non-continuous audio captchas
The failure of noise-based non-continuous audio captchas
S&P 2011
We show how using a generic approach, based on advanced audio processing and machine learning algorithm, our captcha breaker Decaptcha is able to break all the popular audio CAPTCHA schemes, including Microsoft and Yahoo.
blurry image for loading
blurry image for loading
video game
Openconflict preventing real time map hacks in online games
Openconflict preventing real time map hacks in online games
S&P 2011
We show how to perform memory based attack against real-strategy games using our tool Kartograph to create map-hack. To defend against theses attacks we develop secure protocols for distributing game state among players so that each client only has the data he is allowed to see.

2010

blurry image for loading
blurry image for loading
security
Kamouflage loss-resistant password management
Kamouflage loss-resistant password management
ESORICS 2010
Kamouflage is a new kind of password manager that use plausible decoys to prevent offline attacks when the master password is weak.
blurry image for loading
blurry image for loading
web security
Webseclab security education workbench
Webseclab security education workbench
CEST 2010
Webseclab is a teaching framework designed to teach students web security through various exercises, project and quizzes. Webseclab combines a cloud-base service to aggregate class results and a student lab in form of a virtual machine that contains more than 80 exercises.
blurry image for loading
blurry image for loading
hacking
Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization attacks
Framing attacks on smartphones and dumb routers: social sites tap-jacking and geo-localization...
WOOT 2010
We show that phone features makes Tap-jacking easier. We explain how to exploit router web interface to steal WiFi network WPA key and location. Finally we demonstrate how to exploit the frame scrolling attack to attack Facebook frame busting defense and leak private information from Yahoo mobile webmail.
blurry image for loading
blurry image for loading
hacking
Recovering windows secrets and efs certificates offline
Recovering windows secrets and efs certificates offline
WOOT 2010
Based on our reverse-engineering we show how DPAPI, the Windows API for safe data storage on disk work. Our analysis reveals that it is possible to recover all previous passwords used by any user on a system. We have implemented DPAPI data decryption and previous password extraction in a free and open-source tool called DPAPIck.
blurry image for loading
blurry image for loading
privacy
An analysis of private browsing modes in modern browsers
An analysis of private browsing modes in modern browsers
Usenix Security 2010
We analyze how each of the major browser implements the private browsing mode and show their limitations and describe attacks against them. We also measure on which kind of website people use the private browsing mode.
blurry image for loading
blurry image for loading
web security
The emergence of cross channel scripting
The emergence of cross channel scripting
CACM 2010
We reveal a series of attacks against embedded devices based on a new type of vulnerability that we call cross channel scripting (XCS). XCS is a sophisticated form of cross site scripting (XSS) in which the attack injection and execution are carried out via different protocols.
blurry image for loading
blurry image for loading
web security
Busting frame busting a study of clickjacking vulnerabilities on popular sites
Busting frame busting a study of clickjacking vulnerabilities on popular sites
W2SP 2010
We study frame busting defense for the Alexa Top-500 sites and show that all can be broken. Some attacks are browser-specific, other exploit code mistakes. We conclude with practical recommendations how to implement a secure frame busting defense.
blurry image for loading
blurry image for loading
web security
State of the art automated black-box web application vulnerability testing
State of the art automated black-box web application vulnerability testing
S&P 2010
Black-box web application vulnerability scanners are automated tools that probe web applications for security vulnerabilities. In order to assess the current state of the art, we obtained access to eight leading tools and carried out a study of: (i) the class of vulnerabilities tested by these scanners, (ii) their effectiveness against target vulnerabilities, and...
blurry image for loading
blurry image for loading
web security
How good are humans at solving captchas a large scale evaluation
How good are humans at solving captchas a large scale evaluation
S&P 2010
We perform a mass-scale user study on how people react to the 21 most popular captcha schemes (13 images, 8 audios). This study reveals that even the most popular captchas scheme are often difficult for humans, with audio captchas being particularly problematic.

2009

blurry image for loading
blurry image for loading
network security
Using strategy objectives for network security analysis
Using strategy objectives for network security analysis
Inscrypt 2009
We introduce the notion of strategy objectives that mixes logical constraints and numerical one. Using strategy objectives allows to perform a new range of analysis, such as evaluate what is the least costly defense, that traditional attacks graphs system are unable to perform. Strategy objectives are implemented in NetQi.
blurry image for loading
blurry image for loading
web security
Xcs cross channel scripting and its impact on web applications
Xcs cross channel scripting and its impact on web applications
CCS 2009
We reveal a series of attacks against embedded devices based on a new type of vulnerability that we call cross channel scripting (XCS). XCS is a sophisticated form of cross site scripting (XSS) in which the attack injection and execution are carried out via different protocols.
blurry image for loading
blurry image for loading
web security
Trackback spam abuse and prevention
Trackback spam abuse and prevention
CCSW 2009
We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples from a massive spam campaign over a 1 period. We report our finding including where the spam campaign leads and why blog spammers are different than email spammers.
blurry image for loading
blurry image for loading
web security
Decaptcha breaking 75% of ebay audio captchas
Decaptcha breaking 75% of ebay audio captchas
WOOT 2009
This paper shows how Decaptcha is able to break eBay captchas with 75% accuracy. We show that using a custom breaker (75%) greatly out-perform state of art speech recognition system (1%)

2008

blurry image for loading
blurry image for loading
network security
Netqi a model checker for anticipation game
Netqi a model checker for anticipation game
ATVA 2008
NetQi is a free and open-source model-checker that implements the anticipation game logic framework, a variant of timed game. NetQi was designed to analyze all kind of network evolutions. In particular it is well suited to analyze network attacks and intrusions.
blurry image for loading
blurry image for loading
network security
Extending anticipation games with location penalty and timeline
Extending anticipation games with location penalty and timeline
FAST 2008
We present a three-fold extension to the anticipation-game framework designed to model network cooperation, the cost of attacks based on its duration and the introduction of new vector of attacks over time.
blurry image for loading
blurry image for loading
network security
Probabilistic protocol identification for hard to classify protocol
Probabilistic protocol identification for hard to classify protocol
WISTP 2008
We show that NetAnalyzer is able to detect obfuscated protocols (i.e Bit torrent) by combining a payload analysis with a classifier based on several discriminators, including packet entropy and size. We also detail how netAnalyzer deals with tunneled session and covert channel.

2007

blurry image for loading
blurry image for loading
network security
A logical framework for evaluating network resilience against faults and attacks
A logical framework for evaluating network resilience against faults and attacks
ASIAN 2007
The anticipation-games are a logic-based framework designed to evaluate the resilience of networks against attacks. What set anticipation-games from standard attack graphs is that it allows to model the dynamic nature of the attack and to take into account how the administrator respond to attacks.
blurry image for loading
blurry image for loading
network security
Time has something to tell us about network address translation
Time has something to tell us about network address translation
NordSec 2007
We present a new technique to count the number of host behind a NAT. This technique based on TCP timestamp option, works with Linux and OSX system which make it complementary to the previous one based on IPID that only works against Windows hosts.
--
Get cutting edge research directly in your inbox.