Program

All sessions except for Track A on Thursday are in Keller Hall 3-210. Track A on Thursday is in Keller Hall 3-230. (Venue info)

Monday July 17

8:30 – 16:00 Workshop on Design Issues for a data Anonymization Competition (WODIAC)

8:30 – 15:00 PETS registration Keller Hall

15:30 – 17:30 PETS Welcome Reception – Campus Club, in Coffman Memorial Union (Note: This event is optional and requires separate registration.) PETS Registration check-in will be available for those attending.

Tuesday, July 18

8:00 Registration

8:30 Opening Remarks (Rachel Greenstadt, Damon McCoy) [video]

9:00 App Permissions, Privacy Attitudes, and Social Engineering (Chair: Susan Landau)

• To Permit or Not to Permit, That is the Usability Question: Crowdsourcing Mobile Apps’ Privacy Permission Settings [video]
  Qatrunnada Ismail and Tousif Ahmed (Indiana University Bloomington), Kelly Caine (Clemson University), Apu Kapadia (Indiana University Bloomington), and Michael Reiter (University of North Carolina at Chapel Hill)


• Look Before You Authorize: Using Eye-Tracking To Enforce User Attention Towards Application Permissions [video]
  Yousra Javed and Mohamed Shehab (University of North Carolina Charlotte)


• Why Privacy Is All But Forgotten - An Empirical Study of Privacy & Sharing Attitude [video]
  Kovila P.L. Coopamootoo and Thomas Gross (Newcastle University)


• Cross-cultural Privacy Prediction [video]
  Yao Li (University of California, Irvine), Alfred Kobsa (University of California, Irvine), Bart P. Knijnenburg (Clemson University), and M-H. Carolyn Nguyen (Microsoft Corporation)


• Social Engineering Attacks on Government Opponents: Target Perspectives and Defenses [video]
  William Marczak and Vern Paxson (UC Berkeley)

10:40 Break – Keller Hall Atrium

11:10 PETS Keynote Address — Jonathan Albright

Emotional Targeting, Responsive News Delivery and the Shaping of Social Discourse [video]
This talk will engage with emerging forms of agenda-setting and discourse shaping through tracking infrastructures, socially engineered sentiment surfacing, and content delivery networks. The goal of the presentation and following Q&A are meant to better situate and frame important questions related to the complex relationship between information, politics, and influence campaigns.

Speaker Bio: Jonathan Albright is research director at the Tow Center for Digital Journalism at Columbia University. Formerly an assistant professor in the school of communication at Elon University, Dr. Albright’s work focuses on the thematic analysis of news events, social trends, and information flows. His research into networks of misinformation, propaganda, and automation has been featured across a broad range of international publications including The Guardian, The Washington Post, and Fortune. He can be found on Twitter @d1gi.

12:30 Lunch – Commons Hotel

14:00 Tor (Chair: Kelly Caine)

• A Usability Evaluation of Tor Launcher [video]
  Linda Lee (University of California, Berkeley), David Fifield (University of California, Berkeley), Nathan Malkin (University of California, Berkeley), Ganesh Iyer (University of California, Berkeley), Serge Egelman (University of California, Berkeley and International Computer Science Institute), David Wagner (University of California, Berkeley)


• The Onion Name System: Tor-powered Decentralized DNS for Tor Onion Services [video]
  Jesse Victors (Cigital), Ming Li (University of Arizona, Tucson), and Xinwen Fu (UMass Lowell)


• Waterfilling: Balancing the Tor network with maximum diversity [video]
  Florentin Rochet and Olivier Pereira (Uclouvain Crypto Group)


• PeerFlow: Secure Load Balancing in Tor [video, slides]
  Aaron Johnson (U.S. Naval Research Laboratory), Rob Jansen (U.S. Naval Research Laboratory), Nicholas Hopper (University of Minnesota), Aaron Segal (Yale University), and Paul Syverson (U.S. Naval Research Laboratory)

15:20 Break – Keller Hall Atrium

15:50 – 17:10 Tagging, Wiretapping, and Cryptocurrencies (Chair: Arvind Narayanan)

• TagIt: Tagging Network Flows using Blind Fingerprints [video]
  Fatemeh Rezaei and Amir Houmansadr (UMass Amherst)


• Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP [video, slides]
  Dominik Schürmann, Fabian Kabus, Gregor Hildermeier, Lars Wolf (TU Braunschweig)


• PathShuffle: Credit Mixing and Anonymous Payments for Ripple [video, slides]
  Pedro Moreno-Sanchez (Purdue University), Tim Ruffing (Saarland University), Aniket Kate (Purdue University)


• Hardening Stratum, the Bitcoin Pool Mining Protocol [video]
  Ruben Recabarren, Bogdan Carbunar (Florida International University)

18:00 PETS Banquet (Bar at 18:00, dinner at 19:00) – Humphrey Center

Wednesday July 19

8:00 Registration

9:00 Censorship and Fingerprinting (Chair: George Danezis)

• DeltaShaper: Enabling Unobservable Censorship-resistant TCP Tunneling over Videoconferencing Streams [video, slides]
  Diogo Barradas, Nuno Santos, and Luís Rodrigues (INESC-ID / Instituto Superior Técnico, Universidade de Lisboa)


• Topics of Controversy: An Empirical Analysis of Web Censorship Lists [video]
  Zachary Weinberg, Mahmood Sharif, Janos Szurdi, and Nicolas Christin (CMU)


• Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses [video, slides]
  Giovanni Cherubin (Royal Holloway University of London)


• Website Fingerprinting Defenses at the Application Layer [video, slides]
  Giovanni Cherubin (Royal Holloway, University of London), Jamie Hayes (University College London), and Marc Juarez (KU Leuven)


• Fingerprinting Past the Front Page: Identifying Keywords in Search Engine Queries over Tor [video]
  Se Eun Oh, Shuai Li, and Nicholas Hopper (University of Minnesota)

10:40 Break – Keller Hall Atrium

11:10 Town Hall (Carmela Troncoso, Rachel Greenstadt, Damon McCoy, Claudia Diaz)

12:30 Lunch – Commons Hotel

14:00 Location Privacy (Chair: Yoshi Kohno)

• Location Privacy for Rank-based Geo-Query Systems [video]
  Wisam Eltarjaman, Rinku Dewri, and Ramakrishna Thurimella (University of Denver)


• Efficient utility improvement for location privacy [video]
  Konstantinos Chatzikokolakis (CNRS) and Ehab ElSalamouni and Catuscia Palamidessi (unaffiliated)


• Expectation-Maximization Tensor Factorization for Practical Location Privacy Attacks [video, slides]
  Takao Murakami (National Institute of Advanced Industrial Science and Technology (AIST))


• What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy [video]
  Apostolos Pyrgelis (University College London), Carmela Troncoso (IMDEA Software Institute), and Emiliano De Cristofaro (University College London)

15:20 Break – Keller Hall Atrium

15:50 Identity Management and Data Privacy (Chair: Steven Murdoch)

• Certificate Transparency with Privacy [video, slides]
  Saba Eskandarian (Stanford), Eran Messeri (Google), Joseph Bonneau (Stanford/EFF), and Dan Boneh (Stanford),


• Why Can't Users Choose Their Identity Providers On The Web? [video]
  Kevin Corre (Orange Labs/IRISA), Olivier Barais (IRISA/INRIA), Gerson Sunyé (INRIA), Vincent Frey (Orange Labs), Jean-Michel Crom (Orange Labs)


• Two Is Not Enough: Privacy Assessment of Aggregation Schemes in Smart Metering [video, slides]
  Niklas Buescher, Spyros Boukoros, Stefan Bauregger, and Stefan Katzenbeisser (Technische Universität Darmstadt)


• Unlynx: A Decentralized System for Privacy-Conscious Data Sharing [video, slides]
  David Froelicher, Patricia Egger, João Sá Sousa, Jean Louis Raisaro, Zhicong Huang, Christian Mouchet, Bryan Ford, and Jean-Pierre Hubaux (EPFL)

Thursday, July 20

8:00 Registration

Track A Location: Keller Hall 3-230	Track B Location: Keller Hall 3-210
9:00 Multi-Party Computation (Chair: Kostas Chatzikokolakis) Preprocessing Based Verification of Multiparty Protocols with Honest Majority [video, slides] Peeter Laud (Cybernetica AS), Alisa Pankova (Cybernetica AS / University of Tartu / STACC), and Roman Jagomägis (Cybernetica AS) Private Set Intersection for Unequal Set Sizes with Mobile Applications [video, slides] Agnes Kiss (TU Darmstadt), Jian Liu (Aalto University), Thomas Schneider (TU Darmstadt), N. Asokan (Aalto University), and Benny Pinkas (Bar Ilan University) Privacy-preserving computation with trusted computing via Scramble-then-Compute [video, slides] Hung Dang, Tien Tuan Anh Dinh, Ee-Chien Chang, Beng Chin Ooi (National University of Singapore) Privacy Preserving Distributed Linear Regression on High-Dimensional Data [video] Adria Gascon (University of Edinburgh), Phillipp Schoppmann (Humboldt-Universität zu Berlin), Borja Balle (Lancaster University), Mariana Raykova (Yale University), Jack Doerner (Northeastern University), Samee Zahur (Google), and David Evans (University of Virginia) Toward Practical Secure Stable Matching [video] M. Sadegh Riazi (UC San Diego), Ebrahim M. Songhori (Rice University), Ahmad-Reza Sadeghi (TU Darmstadt), Thomas Schneider (TU Darmstadt), and Farinaz Koushanfar (UC San Diego)	9:00 Anonymous Communications (Chair: Aaron Johnson) Privacy-Preserving Interdomain Routing at Internet Scale [video, slides] Gilad Asharov (Cornell Tech), Daniel Demmler (TU Darmstadt), Michael Schapira (Hebrew University of Jerusalem), Thomas Schneider (TU Darmstadt), Gil Segev (Hebrew University of Jerusalem), Scott Shenker (University of California, Berkley), Michael Zohner (TU Darmstadt) PHI: a Path-Hidden Lightweight Anonymity Protocol at Network Layer [video] Chen Chen (CMU/ETH Zurich) and Adrian Perrig (ETH Zurich) Phonion: Practical Protection of Metadata in Telephony Networks [video] Stephan Heuser (Intel CRI-SC, TU Darmstadt), Bradley Reaves (University of Florida), Praveen Kumar Pendyala (TU Darmstadt), Henry Carter (Villanova University), Alexandra Dmitrienko (ETH Zurich), William Enck (NC State), Negar Kiyavash (University of Illinois), Ahmad-Reza Sadeghi (Intel CRI-SC, TU Darmstadt), and Patrick Traynor (University of Florida) Personalized Pseudonyms for Servers in the Cloud [video, slides] Qiuyu Xiao and Michael Reiter (University of North Carolina at Chapel Hill) and Yinqian Zhang (The Ohio State University) Systematizing Decentralization and Privacy: Lessons from 15 years of research and deployments [video] Carmela Troncoso (IMDEA Software Institute), Marios Isaakidis (University College London), George Danezis (Univeristy College London), and Harry Halpin (INRIA)
10:40 Break – Keller Hall Atrium
11:10 Cryptographic Protocols and Attacks (Chair: Peeter Laud) Generic Adaptively Secure Searchable Phrase Encryption [video] Zachary A. Kissel (Merrimack College) and Jie Wang (UMass Lowell) A Leakage-Abuse Attack Against Multi-User Searchable Encryption [video] Cédric Van Rompay, Refik Molva, Melek Önen (EURECOM) Are you The One to Share? Secret Transfer with Access Structure [video, slides] Yongjun Zhao and Sherman S. M. Chow (Chinese University of Hong Kong) Provably Secure Anonymous-yet-Accountable Crowdsensing with Scalable Sublinear Revocation [slides] Sazzadur Rahaman, Long Cheng, He Li, Danfeng (Daphne) Yao, and Jung-Min (Jerry) Park (Virginia Tech)	11:10 Location Tracking and Mobile Applications (Chair: Aylin Caliskan) Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps [video] Mojtaba Eskandari (University of Trento, Fondazione Bruno Kessler), Maqsood Ahmad (University of Trento), Anderson Santana de Oliveira (SAP), and Bruno Crispo (University of Trento, KU Leuven) On the Privacy and Security of the Ultrasound Ecosystem [video, slides] Vasilios Mavroudis (University College London), Shuang Hao (UC Santa Barbara), Yanick Fratantonio (UC Santa Barbara), Federico Maggi (Politecnico di Milano), Giovanni Vigna (UC Santa Barbara), and Christopher Kruegel (UC Santa Barbara) SeaGlass: Enabling City-Wide IMSI-Catcher Detection [video] Peter Ney, Ian Smith, Gabriel Cadamuro, Tadayoshi Kohno (University of Washington) PrivateRide: A Privacy-Enhanced Ride-Hailing Service [video, slides] Anh Pham (EPFL), Italo Dacosta (EPFL), Bastien Jacot-Guillarmod (EPFL), Kévin Huguenin (LAAS-CNRS), Taha Hajar (EPFL), Florian Tramer (EPFL), Virgil Gligor (CMU), and Jean-Pierre Hubaux (EPFL)
12:30 Lunch – Commons Hotel
14:00 Crypto and Secure Storage (Chair: Prateek Mittal) Externally Verifiable Oblivious RAM [video] Joshua Gancher (Cornell University), Adam Groce (Reed College), and Alex Ledger (Reed College) ErasuCrypto: A Light-weight Secure Data Deletion Scheme for Solid State SSDs [Video] Chen Liu, Hoda Aghaei Khouzani, and Chengmo Yang (University of Delaware) DataLair: Efficient Block Storage with Plausible Deniability against Multi-Snapshot Adversaries [video] Anrin Chakraborti, Chen Chen, Radu Sion (Stony Brook University) Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU [video] Zhe Zhou (CUHK), Wenrui Diao (CUHK), Xiangyu Liu (CUHK), Zhou Li (ACM Member), Kehuan Zhang (CUHK), and Rui Liu (CUHK)	14:00 Web Privacy and Device Tracking (Chair: Rob Jansen) Towards Seamless Tracking-Free Web: Improved Detection of Trackers via One-class Learning [video] Muhammad Ikram (Data61, CSIRO and UNSW), Hassan Jameel Asghar (Data61, CSIRO), Mohamed Ali Kaafar (Data61, CSIRO), Anirban Mahanti (Data61, CSIRO), and Balachander Krishanmurthy (AT&T Labs–Research) Detecting Anti Ad-blockers in the Wild [video] Muhammad Haris Mughees (UIUC), Zhiyun Qian (UC Riverside), Zubair Shafiq (The University of Iowa) Cross-Device Tracking: Measurement and Disclosures [video] Justin Brookman, Phoebe Rouge, Aaron Alva, and Tina Yeung (Federal Trade Commission) A Study of MAC Address Randomization in Mobile Devices and When it Fails [video] Jeremy Martin (USNA, MITRE) and Travis Mayberry, Collin Donahue, Lucas Foppe, Lamont Brown, Chadwick Riggins, Erik C Rye, and Dane Brown (USNA)
15:50 – 17:20 Rump Session 17:20 – 17:45 Award Ceremony and Closing Remarks (Claudia Diaz) 18:00 – 20:00 Caspar Bowden PET Award Reception – Humphrey Center

Friday, July 21 — HotPETs

8:00 Registration

09:15 Opening Remarks [video]

09:30 Anonymous Communication (Chair: Marc Juarez)

• A Wide-Area Testbed for Tor [video]
  Roger Dingledine, David Goulet, Prateek Mittal, Nick Feamster, Rob Jansen, Matthew Wright


• Oft Target: Tor adversary models that don't miss the mark [video, slides]
  Aaron D. Jaggard, Paul Syverson


• Safety in Numbers: Anonymization Makes Keyservers Trustworthy [video]
  Lachlan J. Gunn, Andrew Allison, Derek Abbott

10:45 Break – Keller Hall Atrium

11:15 HotPETs Keynote — Josh Aas (Chair: Carmela Troncoso)

How We'll Encrypt the Web [video]
It's critical that we create a more secure and privacy-respecting Web by moving all websites to HTTPS. I'll talk about a practical technical plan for getting there as quickly as possible, including the role that Let's Encrypt has to play, how Let's Encrypt works, and challenges we've faced. I hope to leave people feeling optimistic about moving the Web to HTTPS, and with a better sense of what they can do to help.

Speaker Bio
Josh Aas is a co-founder and the Executive Director of Internet Security Research Group (ISRG), the non-profit organization behind the Let's Encrypt certificate authority. Before ISRG and Let's Encrypt, Josh spent more than a decade as an engineer and strategist with Mozilla.

12:30 Lunch – Commons Hotel

14:00 Privacy Policy (Chair: Kelly Caine)

• The Right of Access as a tool for Privacy Governance [video]
  Hadi Asghari, Rene L.P. Mahieu, Prateek Mittal, Rachel Greenstadt


• Battery Status Not Included: Assessing Privacy in Web Standards [video]
  Lukasz Olejnik, Steven Englehardt, Arvind Narayanan

14:50 Break – Keller Hall Atrium

15:10 Privacy Protection (Chair: Aylin Caliskan)

• Using BGP to Acquire Bogus TLS Certificates [video]
  Henry Birge-Lee, Yixin Sun, Annie Edmundson, Jennifer Rexford, Prateek Mittal


• IRMA: practical, decentralized and privacy-friendly identity management using smartphones [video]
  Gergely Alpar, Fabian van den Broek, Brinda Hampiholi, Bart Jacobs, Wouter Lueks, Sietse Ringers

16:00 Ice Cream Break – Keller Hall Atrium

16:20 New Avenues in Privacy (Chair: David Fifield)

• I2P: Open Research Questions about I2P [video]
  Jack Grigg


• Privacy in the Amazon Alexa Skills Ecosystem [video]
  Abdulaziz Alhadlaq, Jun Tang, Marwan Almaymoni, Aleksandra Korolova

17:10 Closing Remarks and Best Talk Award

Saturday, July 22 — PETS Hike – Minnehaha Falls

The hike departs from the university campus at 10am on Saturday July 22nd.  We will follow trails along the Mississippi River to Minnehaha Falls Regional Park, approximately 5 miles / 8 km.  Lunch (and other refreshments) can be purchased at the park, and attendees can return to campus via Light Rail in the evening.