You're Invited to the CS Seminar Series! Join us this Friday, November 10th.

On Friday (November 10), the Computer Science Department hosts another event of the Fall CS Seminar Series. This event featured a talk by Dr. David Mohaisen (University of Central Florida) and Dr. Daniel Moreira (Loyola University Chicago).

•  Measurement-Guided Understanding of Blockchain Security: Attacks and Defenses 
  Talk By: Dr. David Mohaisen (University of Central Florida)
  
•  Provenance Analysis: Telling the Story of Composite Images 
  Talk By: Dr. Daniel Moreira (Loyola University Chicago)

Speakers and Talks:   

Measurement-Guided Understanding of Blockchain Security: Attacks and Defenses  

Talk By: Dr. David Mohaisen (University of Central Florida) 

Abstract: Blockchains promise various security benefits in distributed systems, although their security is loosely understood. For instance, it is theoretically established that the Bitcoin blockchain safety relies on strong network synchrony and a stable network configuration, and violating the safety by a majority attack or eclipsing requires strong adversaries (e.g., 51% hash rate or an ISP controlling millions of IP addresses). These requirements are costly. Thus, notable attacks have yet to be observed in practice.  

In this talk, we will empirically demonstrate that real-world blockchains, such as Bitcoin, do not conform to the ideal specifications of synchrony and stable network configurations. As a result, we show ways to reduce the requirement for violating blockchain safety by presenting two practical attacks, HashSplit and SyncAttack. In HashSplit, we first formulate an ideal functionality framework for the correct communication among the mining nodes that preserves safety. Our model specifies that strong network synchrony can only be guaranteed if the mining nodes form a completely connected topology and receive blocks simultaneously. However, our large-scale measurements suggest that the mining nodes must conform to the ideal model and receive blocks at different times. Using such settings, we instantiate a well-connected adversary to partition the network with only a 26% hash rate.  In the SyncAttack, we unveil that the existing security models have largely ignored the permissionless nature of blockchains characterized by node churn. By exploiting the churn, an adversary can control all connections made among the newly arriving nodes by simply occupying all the incoming connection slots of the existing nodes. Supported by evidence from measurements and root-cause analysis that points to flaws in real-world implementations, we instantiate an adversary that can fork the blockchain with only 120 IP addresses, allowing the adversary to double-spend without any mining powers. We will also discuss defenses for secure blockchains against partitioning.  

Speaker Bio: David Mohaisen is a Professor of Computer Science at the University of Central Florida, where he has been since 2017. Previously, he was an Assistant Professor at SUNY Buffalo (2015-2017) and a Senior Scientist at Verisign Labs (2012-2015), which he joined after earning his Ph.D. in Computer Science from the University of Minnesota in 2012. His research interests are in applied security and privacy, covering networked systems, software systems, IoT and AR/VR, machine learning, and blockchain systems. His research has been published in top conferences and journals alike, with multiple best paper awards. Among other services, he has been an Associate Editor of IEEE TMC, IEEE TCC, IEEE TDSC, and IEEE TPDS.  He is a senior member of ACM (2018) and IEEE (2015), a Distinguished Speaker of the ACM (2021-2023) and Distinguished Visitor of the IEEE Computer Society (2021-2023).  

Provenance Analysis: Telling the Story of Composite Images   

Talk By: Dr. Daniel Moreira (Loyola University Chicago)  

Abstract: Composite images comprise manipulated pictures that are the outcome of combining pieces extracted from two or more other images, usually with the intent to deceive viewers and convey false narratives. Consider an image suspected of being a composite, and a large corpus of images that might have donated pieces to the composite (such as the images on the Internet). Inside media forensics, provenance analysis is the problem of (1) finding, within the available corpus, the images that either directly or transitively share content with the composite (namely, the task of provenance retrieval), as well as of (2) establishing the directed acyclic graph whose nodes individually represent the composite and related images, and whose edges express the derivation and content-donation story (e.g., cropping, blurring, splicing, etc.) between pairs of images, linking seminal to derived elements (namely, the task of provenance graph construction). In this talk, I will present our latest advances in provenance analysis, concluding with the open questions that point out interesting future research opportunities. 

Speaker Bio: Daniel Moreira received a Ph.D. degree in computer science from the University of Campinas, Brazil, in 2016. After working four years as a systems analyst with the Brazilian Federal Data Processing Service (SERPRO), he joined the University of Notre Dame for six years, first as a post-doctoral fellow and later as an assistant research professor. He is currently an assistant professor in the Department of Computer Science at Loyola University Chicago. He is also a member of the IEEE Information Forensics and Security Technical Committee (IFS-TC), 2021-2023 term, IEEE Signal Processing Society Education Center Editorial Board, 2022-2023 term, and associate editor of IEEE Transactions on Information Forensics and Security (T-IFS) and Elsevier Pattern Recognition journals. His research interests include media forensics, machine learning, computer vision, and biometrics.