Security and Cryptography

Welcome to the web page for security and cryptography research in the Department of Computer Science and Engineering at the University of California at San Diego. Our group conducts research in areas spanning from theory to practice: we work on the theoretical foundations of cryptography; the development and analysis of cryptographic protocols and algorithms; and on applied cryptography, systems security, and network security. In line with our broad security-related research interests, we are affiliated and actively collaborate with the Theory Group, Programming Systems and the Systems and Networking Group here at UCSD.

People  |   News  |   Publications  |   Sponsors
Faculty
Mihir Bellare
Earlence Fernandes
Alex Gantman
Nadia Heninger
Russell Impagliazzo
 Deepak Kumar
Daniele Micciancio
Imani Munyaka
Stefan Savage
 Aaron Schulman
Alex C. Snoeren
Deian Stefan
Geoffrey M. Voelker
Affiliated Faculty
kc claffy
Kamalika Chaudhuri
Christian Dameff
Ranjit Jhala
 Ryan Kastner
Sorin Lerner
Nadia Polikarpova
Steven Swanson
 Dean Tullsen
Yiying Zhang
Yuanyuan Zhou
Scientists, Postdocs and Research Staff
Cindy Moore
 Gabrielle De Micheli
 Doreen Riepel
PhD Students
Arshia Arya
Alex Bellon
Andrey Bozhko
Paul Chung
Miro Haller
Katherine Izhikevich
Evan Johnson
Seoyoung Kweon
Andrey Labunets
 Enze Alex Liu
Elisa Luo
Luoxi Meng
Nishit Pandya
Rishabh Ranjan
Sumanth Rao
Keegan Ryan
Mark Schultz
 Laura Shea
Ye Shu
Michael Smith
Adam Suhl
George Sullivan
David Thien
Alisha Ukani
Haodi Zou
MS Students
Alexis Morales Flores
Recent Alumni

Nishant Bhaskar (Ph.D. 2023) MQ Prime
Hannah Davis (Ph.D. 2023) Seagate
Ariana Mirian (Ph.D. 2023) Censys
Audrey Randall (Ph.D. 2023) Google
Daniel Moghimi (postdoc 2020-2022) UT Austin
Shravan Narayan (Ph.D. 2022) UT Austin
Sam Crow (Ph.D. 2022) Meta
Bingyu Shen (Ph.D. 2022) Meta
John Renner (Ph.D. 2022) Cubist
Gautam Akiwate (Ph.D. 2022) Stanford postdoc
Jessica Sorrell (Ph.D. 2022) UPenn postdoc
Craig Disselkoen (Ph.D. 2022) → Amazon

 Leo Cao (M.S. 2024) University of Wisconsin Ph.D. program

Annie Dai (B.S. 2023) University of Maryland Ph.D. program
Kaiwen He (B.S. 2023) MIT Ph.D. program
Isabel Suizo (B.S. 2022) GoogleCMU Ph.D. program

Grant Ho (postdoc 2021-2023) University of Chicago
Alex Marder (postdoc 2019-2020, Res. Scientist 2020-2023)Johns Hopkins University
[All Alumni]
Recent News

International Association for Cryptologic Research August 6— Another congrats is in order for Nadia Heninger and faculty alumn Hovav Shacham whose 2009 CRYPTO paper "Reconstructing RSA Private Keys from Random Key Bits" has won this year's IACR Test-of-Time award. This is the paper that showed how to recover RSA private keys using a modest random subset of its bits.

July 9— Congrats to Nadia Heninger, students Miro Haller and Adam Suhl and their collaborators for their discovery of the Blast-RADIUS vulnerability in the RADIUS authentication, authorization and accounting (AAA) protocol. The associated paper will appear at USENIX Security and involves a chosen-prefix MD5 attack allowing attackers to synthesize Access-Accept messages without any knowledge of the underlying secret key. RADIUS is widely deployed in network equipment in ISPs, enterprises and in a variety of industrial settings and there has been significant work behind the scenes to provide fixed and/or mitigated updates to many thousands of systems before this work was made public. An amazing bit of work all around! Nadia Heninger

Stefan Savage January 31— Congrats to Stefan Savage, Taylor Berg-Kirkpatrick (and Geoff Voelker, the application form only allowed two names) and their students for receiving one of the first Google "Trust and Safety" Research Awards for their work focused on using Large Language Models in scam honeypots. And we hear they wrote the proposal without any help from AI! Taylor Berg-Kirkpatick

December 9— As the year draws to a close, we'd like to reflect and recognize all the success this year: six best paper awards (almost a quarter of our papers won awards this year), four completed dissertations, a new faculty member (welcome Deepak!), an NSF Career award and a $9.5M ARPA-H grant -- not too bad for a year. Congrats everyone!

Christian Dameff and Jeff Tully October 2— The Advanced Research Projects Agency for Health (ARPA-H) has announced a $9.5 dollar award to UC San Diego to develop new ways to mitigate ransomware attacks on hospitals. This effort, led by Christian Dameff and Jeff Tully, is joint between UCSD Health and the UCSD School of Engineering (notably our own Aaron Schulman, Geoff Voelker, and Stefan Savage) and is just the latest to come out of a long standing collaboration in this space. Congrats everyone!
[All News]
Recent Publications

Understanding the Efficacy of Security Training in Practice, Grant Ho, Ariana Mirian, Elisa Luo, Khang Tong, Euyhyun Lee, Lin Liu, Christopher A. Longhurst, Christian Dameff, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the IEEE Symposium on Security and Privacy, May 2025.

Give and Take: An End-To-End Investigation of Giveaway Scam Conversion Rates, Enze Liu, George Kappos, Eric Mugnier, Luca Invernizzi, Stefan Savage, David Tao, Kurt Thomas, Geoffrey M. Voelker, and Sarah Meiklejohn, Proceedings of the ACM Internet Measurement Conference (IMC), Madrid, Spain, November 2024.

Using Honeybuckets to Characterize Cloud Storage Scanning in the Wild, Katherine Izhikevich, Geoffrey M. Voelker, Stefan Savage, and Liz Izhikevich, Proceedings of the IEEE European Symposium on Security and Privacy, Vienna, Austria, July 2024.

Experimental Security Analysis of Sensitive Data Access by Browser Extensions, Rishabh Khandelwal, Asmit Nayak, Earlence Fernandes, and Kassem Fawaz, Proceedings of the Web Conference (WWW), Singapore, May 2024.

Unfiltered: Measuring Cloud-based Email Filtering Bypasses, Sumanth Rao, Enze Liu, Grant Ho, Geoffrey M. Voelker, and Stefan Savage, Proceedings of the Web Conference (WWW), Singapore, May 2024.

The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior, Asuman Senol, Alisha Ukani, Dylan Cutler, and Igor Bilogrevic, Proceedings of the Web Conference (WWW), Singapore, May 2024.

Practical Obfuscation of BLE Physical-Layer Fingerprints on Mobile Devices, Hadi Givehchian, Nishant Bhaskar, Alexender Redding, Han Zhao, Aaron Schulman, and Dinesh Bharadia, Proceedings of the IEEE Symposium on Security and Privacy, May 2024.

Network Topology Facilitates Internet Traffic Control in Autocracies, Eda Keremoğlu, Nils B. Weidmann, Alexander Gamero-Garrido, Esteban Carisimo, Alberto Dainotti, and Alex C. Snoeren, pnasnex 3(3), March 2024.

Architecting Trigger-Action Platforms for Security, Performance and Functionality, Deepak Siron Jegan, Michael Swift, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

On Precisely Detecting Censorship Circumvention in Real-World Networks, Ryan Wails, George Arnold Sullivan, Micah Sherr, and Rob Jansen, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

Experimental Analyses of the Physical Surveillance Risks in Client-Side Content Scanning, Ashish Hooda, Andrey Labunets, Tadayoshi Kohno, and Earlence Fernandes, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2024.

An Empirical Analysis of Enterprise-Wide Mandatory Password Updates, Ariana Mirian, Grant Ho, Stefan Savage, and Geoffrey M. Voelker, Proceedings of Annual Computer Security Applications Conference (ACSAC), Austin, TX, December 2023.

IRRegularities in the Internet Routing Registry, Ben Du, Katherine Izhikevich, Sumanth Rao, Cecilia Testart, Gautam Akiwate, Alex C. Snoeren, and kc Claffy, Proceedings of the ACM Internet Measurement Conference (IMC), Montreal, Canada, October 2023.

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US, Christian Dameff, Jeffrey Tully, Theodore C. Chan, Edward M. Castillo, Stefan Savage, Patricia Maysent, Thomas M. Hemmen, Brian J. Clay, and Christopher A. Longhurst, JAMA Network Open 6(5):e2312270-e2312270, 2023.

TagAlong: Free, Wide-Area Data-Muling and Services, Alex Bellon, Alex Yen, and Pat Pannuto, Proceedings of International Workshop on Mobile Computing Systems and Applications (HotMobile), Newport Beach, CA, 2023.

[All Publications]
Affiliations
Center for Networked Systems (CNS)         Cooperative Association for Internet Data Analysis (CAIDA)       San Diego Super Computer Center (SDSC)        California Institute for Telecommunications and Information Technology (Cal-IT2) CalIT(2)
Sponsors