Alexei Czeskis

HOME RESEARCH TEACHING PERSONAL RANDOM

Research Interests

Right now, my primary research interests are surrounding authentication in a variety of contexts: from resource constrained embedded devices (for example in RFIDs or automotive systems) to online transactions involving powerful desktop computers, and, of course, mobile devices. Besides the technical nature of systems, I am also interested how they interact with users -- where they break down, where they impede on privacy (or support it), and how user facing security systems can be improved.

Service

ACM CCS 2014 Program Committee, PETS 2013 Program Committee.

Publications

2016

• Security Keys: Practical Cryptographic Second Factors for the Modern Web
  Juan Lang, Alexei Czeskis, Dirk Balfanz and Marius Schilder
  Twentieth International Conference on Financial Cryptography and Data Security
  

2013

• DeadDrop/Strongbox Security Assessment
  A. Czeskis, D. Mah, O. Sandoval, I. Smith, K. Koscher, J. Appelbaum, T. Kohno, B. Schneier
  UW Computer Science and Engineering Technical Report #13-08-02. August 8, 2013
  { The New Yorker's reply, Freedom of the Press, Washington Post, Time Business and Money }
• Lightweight Server Support for Browser-Based CSRF Protection
  A. Czeskis, A. Moshchuk, T. Kohno, H. Wang
  In the Proceedings of the 23^rd International World-Wide Web Conference (WWW 2013). May 13-17, 2013
  

2012

• Strengthening User Authentication through Opportunistic Cryptographic Identity Assertions
  A. Czeskis, M. Dietz, T. Kohno, D. Wallach, and D. Balfanz
  In the Proceedings of the 19^th ACM Conference on Computer and Communications Security (CCS). October 16-18, 2012
  
• Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web
  M. Dietz, A. Czeskis, D. Wallach, and D. Balfanz
  In the Proceedings of the 21^st USENIX Security Symposium. August 8–10, 2012
  
• Protected Login
  A. Czeskis, D. Balfanz
  In the Proceedings of the Workshop on Usable Security (at the Financial Cryptography and Data Security Conference), March 2, 2012
  
• High Stakes: Designing a Privacy Preserving Registry
  A. Czeskis, J. Appelbaum
  In the Proceedings of the Workshop on Usable Security (at the Financial Cryptography and Data Security Conference), March 2, 2012
  

2011

• Comprehensive Experimental Analyses of Automotive Attack Surfaces [Presentation Video]
  S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno
  National Academy of Sciences Committee on Electronic Vehicle Controls and Unintended Acceleration, March 3—4, 2011
  In the Proceedings of the 20th USENIX Security Symposium, August 8-12, 2011.
  { NY Times, Slashdot, Technology Review }
• Origin Cookies: Session Integrity for Web Applications
  A. Bortz, A. Barth, A. Czeskis
  Web 2.0 Security and Privacy 2011 (W2SP 2011)

2010

• Parenting from the Pocket: Value Tensions and Technical Directions for Secure and Private Parent-Teen Mobile Safety
  A. Czeskis, I. Dermendjieva, H. Yapit, A. Borning, B. Friedman, B. Gill and T. Kohno
  Symposium On Usable Privacy and Security (SOUPS), July 14-16, 2010
  (CPDP Multidisciplinary Privacy Award Winner)
• Experimental Security Analysis of a Modern Automobile [Link To Project Page]
  K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage
  In the Proceedings of 31st IEEE Symposium on Security and Privacy (Oakland 2010)
  { NY Times, BBC, Slashdot }

2009

• The International Criminal Tribunal for Rwanda Information Heritage Project (aka Voices of the Rwanda Tribunal): Integrity Verification Architecture
  A. Czeskis, K. Koscher, M. Andrews, N. Grey, B. Friedman, T. Kohno
  UW Computer Science and Engineering Technical Report #09-01-02. February 14, 2009

2008

• Privacy Policies Compliance Across Digital Identity Management Systems
  A. C. Squicciarini, A. Czeskis, A. Bhargav-Spantzel
  SIGSPATIAL ACM GIS 2008 International Workshop of Security and Privacy in GIS and LBS, Irvine, CA. Nov. 4, 2008
• RFIDs and Secret Handshakes: Defending Against Ghost-and-Leech Attacks and Unauthorized Reads with Context-Aware Communications
  A. Czeskis, K. Koscher, J.R. Smith, and T. Kohno
  15th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA. October 27-31, 2008
  { Technology Review }
• Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications
  A. Czeskis, D.J. St. Hilaire, K. Koscher, S.D. Gribble, T. Kohno, and B. Schneier
  3rd USENIX Workshop on Hot Topics in Security (HotSec '08), July 29, 2008
  { Slashdot, PC World, Dark Reading }

2007 and before

• Auth-SL - A System for the Specification and Enforcement of Quality-based Authentication Policies
  A. C. Squicciarini, A. Bhargav-Spantzel, E. Bertino, and A. Czeskis
  9th International Conference on Information and Communications Security (ICICS 07), Zhengzhou, China, December 12-15, 2007
• Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management
  A. C. Squicciarini, A. Bhargav-Spantzel, A. Czeskis, and E. Bertino
  6th International Workshop on Privacy Enhancing Technologies (PET '06), Cambridge, UK, June 28-30, 2006
• The Parkfield/Landers Reference Earthquake Digital Library
  B. Aagaard, G. Beroza, A. Czeskis, J. Murray, and A. Venkataraman
  2005 Southern California Earthquake Center Annual Meeting, Palm Springs, CA, Sep. 11-14, 2005

In a class all by itself

• Hacking in the Name of Science. [Abstract]
  T. Kohno, J. Callas, A. Czeskis, D. Halperin, K. Koscher, and M. Piatek
  DEFCON 16, Las Vegas, NV, Aug. 8-10, 2008

■