Some thoughts on why research on creating synthetic user behavior is tractable even without large data sets.
Read more
Summary:
I am a Principal Cybersecurity Research Engineer at TwoSixLabs with broad interests across the spectrum of security and privacy.
I have previously worked at FAST Labs / BAE Systems, performing research focused on network security and formal methods.
I received my PhD from the University of Washington’s Allen School of Computer Science & Engineering in 2017 where my thesis explored new digital surveillance methods and countermeasures.
Thoughts:
A General Theory of Sidechannel Leakage
Jul 16, 2020
Some thoughts about modeling sidechannels as a 3-step attack and how that framing might help think about realistic defenses.
Read more
Speculative Vignette: Social Occupation
Jul 15, 2020
A little near-future sci-fi vignette centering around military influence operations.
Read more
The GDPR and Sensitive Data Inference
Feb 21, 2018
The GDPR outright bans the processing of several types of sensitive personal data except under special circumstances. What happens if a company reveals data that can be used to _infer_ these sensitive pieces of data? Is that also prohibited?
Read more
Political ADINT
Nov 05, 2017
A Washington Post opinion piece about the Russian political ads made me think about how false-flag social media advertising can complement politically-motivated ADINT operations to provide an easy path to surveillance.
Read more
Domain-Censor Collusion in Decoy Routing
Feb 10, 2017
I was just catching up on some academic reading by looking over CCS 2016 and found this paper, Game of Decoys: Optimal Decoy Routing Through Game Theory. It sparked an idea, that others have probably had, about what seems like an unaddressed possibility in the hypothetical world where Decoy Routing systems actually get implemented: does the censor have leverage to get domains to move to non-decoy routing Autonomous Systems (ASs)?
Read more
Casablanca: The Web of Trusted Updates
Mar 01, 2016
My encrypted messaging app, Signal, has made an update to its Android app and pushed it out. How do I know my phone is receiving the same update as everyone else, or that everyone else is even receiving an update? I could be getting a targeted malicious update that compromises my secure messaging, with Signal having been hacked or forced to sign the update by a governing authority! But it'll be okay, because I have Casablanca.
Read more