Hovav Shacham: Publications

By category:

Reports and Theses

S. Inguva, E. Rescorla, H. Shacham, and D. Wallach. Source Code Review of the Hart InterCivic Voting System. Part of California Secretary of State Debra Bowen’s “Top-to-Bottom” Review of the voting machines used in California, 2007. (Details)

H. Shacham. New Paradigms in Signature Schemes. Ph.D. thesis, Stanford University, 2005. (Details; official PDF; hyperref PDF)

Journal Papers

S. Hill, Z. Zhou, L. Saul, and H. Shacham. “On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction.” Proc. Privacy Enhancing Technologies 2016(4):403–17, Oct. 2016. Presented at PETS 2016. (Details; PDF)

H. Shacham and B. Waters. “Compact Proofs of Retrievability.” J. Cryptology 26(3):442–83, Jul. 2013. (Details; PDF)

S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. “Sequential Aggregate Signatures and Multisignatures without Random Oracles.” J. Cryptology 26(2):340–73, Apr. 2013. (Details; PDF)

A. Sarwate, S. Checkoway and H. Shacham. “Risk-limiting Audits for Nonplurality Elections.” Statistics, Politics, and Policy, 3(3):29–64, Jan. 2013. (Details; PDF)

R. Roemer, E. Buchanan, H. Shacham, and S. Savage. “Return-Oriented Programming: Systems, Languages, and Applications.” ACM Trans. Info. & Sys. Security 15(1):2, Mar. 2012. (Details; PDF)

H. Shacham, D. Boneh, and E. Rescorla. “Client-Side Caching for TLS.” ACM Trans. Info. & Sys. Security 7(4):553–75, Nov. 2004. (Details; PDF)

D. Boneh, B. Lynn, and H. Shacham. “Short Signatures from the Weil Pairing.” J. Cryptology 17(4):297–319, Sep. 2004. (Details; PDF)

Conference Papers

D. Kohlbrenner and H. Shacham, “On the Effectiveness of Mitigations Against Floating-Point Timing Channels.” In E. Kirda and T. Ristenpart, eds., Proceedings of USENIX Security 2017. USENIX, Aug. 2017.

W. Lian, H. Shacham, and S. Savage, “A Call to ARMs: Understanding the Costs and Benefits of JIT Spraying Mitigations.” In A. Juels, ed., Proceedings of NDSS 2017. Internet Society, Feb. 2017.

S. Checkoway, J. Maskiewicz, C. Garman, J. Fried, S. Cohney, M. Green, N. Heninger, R.-P. Weinmann, E. Rescorla, and H. Shacham, “A Systematic Analysis of the Juniper Dual EC Incident.” In C. Kruegel, A. Myers, and S. Halevi, eds., Proceedings of CCS 2016. ACM Press, Oct. 2016. (Details; PDF) Best paper award!

D. Kohlbrenner and H. Shacham. “Trusted Browsers for Uncertain Times.” In T. Holz and S. Savage, eds., Proceedings of USENIX Security 2016, pages 463–80. USENIX, Aug. 2016. (Details)

A. Venkat, S. Shamasunder, D. Tullsen, and H. Shacham. “HIPStR—Heterogeneous-ISA Program State Relocation.” In Y. Zhou, ed., Proceedings of ASPLOS 2016, pages 727–41. ACM Press, Apr. 2016. (Details; PDF)

M. Andrysco, D. Kohlbrenner, K. Mowery, R. Jhala, S. Lerner, and H. Shacham. “On Subnormal Floating Point and Abnormal Timing.” In L. Bauer and V. Shmatikov, eds., Proceedings of IEEE Security and Privacy (“Oakland”) 2015. IEEE Computer Society, May 2015. (Details; PDF)

W. Lian, H. Shacham, and S. Savage. “Too LeJIT to Quit: Extending JIT Spraying to ARM.” In E. Kirda, ed., Proceedings of NDSS 2015. Internet Society, Feb. 2015. (Details; PDF)

S. Checkoway, M. Fredrikson, R. Niederhagen, A. Everspaugh, M. Green, T. Lange, T. Ristenpart, D.J. Bernstein, J. Maskiewicz, and H. Shacham. “On the Practical Exploitability of Dual EC in TLS Implementations.” In K. Fu, ed., Proceedings of USENIX Security 2014. USENIX, Aug. 2014.

K. Mowery, E. Wustrow, T. Wypych, C. Singleton, C. Comfort, E. Rescorla, S. Checkoway, J.A. Halderman, and H. Shacham. “Security Analysis of a Full-Body Scanner.” In K. Fu, ed., Proceedings of USENIX Security 2014. USENIX, Aug. 2014.

J. Maskiewicz, B. Ellis, J. Mouradian, and H. Shacham. “Mouse Trap: Exploiting Firmware Updates in USB Peripherals.” In S. Bratus and F. Lindner, eds., Proceedings of WOOT 2014. USENIX, Aug. 2014. (Details; PDF)

T. Calderon, S. Meiklejohn, H. Shacham, and B. Waters. “Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions.” In J. Benaloh, ed., Proceedings of CT-RSA 2014, vol. 8366 of LNCS, pages 349–66. Springer-Verlag, Feb. 2014. (Details; PDF)

W. Lian, E. Rescorla, H. Shacham, and S. Savage. “Measuring the Practical Impact of DNSSEC Deployment.” In S. King, ed., Proceedings of USENIX Security 2013. USENIX, Aug. 2013. (Details; PDF)

K. Mowery, M. Wei, D. Kohlbrenner, H. Shacham, and S. Swanson. “Welcome to the Entropics: Boot-Time Entropy in Embedded Devices.” In W. Lee, A. Perrig, and M. Backes, eds., Proceedings of IEEE Security and Privacy (“Oakland”) 2013, pages 589–603. IEEE Computer Society, May 2013. (Details; PDF)

S. Checkoway and H. Shacham. “Iago Attacks: Why the System Call API is a Bad Untrusted RPC Interface.” In R. Bodik, ed., Proceedings of ASPLOS 2013, pages 253–64. ACM Press, Mar. 2013. (Details; PDF)

K. Benson, H. Shacham, and B. Waters. “The k-BDH Assumption Family: Bilinear Map Cryptography from Progressively Weaker Assumptions.” In E. Dawson, ed., Proceedings of CT-RSA 2013, vol. 7779 of LNCS, pages 310–25. Springer-Verlag, Feb. 2013. (Details; PDF)

K. Mowery, S. Keelveedhi, and H. Shacham. “Are AES x86 Cache Timing Attacks Still Feasible?” (Short Paper). In S. Capkun and S. Kamara, eds., Proceedings of CCSW 2012. ACM Press, Oct. 2012. (Details; PDF)

K. Mowery and H. Shacham. “Pixel Perfect: Fingerprinting Canvas in HTML5.” In M. Fredrikson, ed., Proceedings of W2SP 2012. IEEE Computer Society, May 2012. (Details; PDF)

K. Benson, R. Dowsley, and H. Shacham. “Do You Know Where Your Cloud Files Are?” In T. Ristenpart and C. Cachin, eds., Proceedings of CCSW 2011. ACM Press, Oct. 2011. (Details; PDF)

B. Vattikonda, S. Das, and H. Shacham. “Eliminating Fine Grained Timers in Xen” (Short Paper). In T. Ristenpart and C. Cachin, eds., Proceedings of CCSW 2011. ACM Press, Oct. 2011. (Details; PDF)

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. “Comprehensive Experimental Analyses of Automotive Attack Surfaces.” In D. Wagner, ed., Proceedings of USENIX Security 2011. USENIX, Aug. 2011. (Details)

S. Meiklejohn, K. Mowery, S. Checkoway, and H. Shacham. “The Phantom Tollbooth: Privacy-Preserving Electronic Toll Collection in the Presence of Driver Collusion.” In D. Wagner, ed., Proceedings of USENIX Security 2011. USENIX, Aug. 2011. (Details; PDF)

K. Mowery, D. Bogenreif, S. Yilek, and H. Shacham. “Fingerprinting Information in JavaScript Implementations.” In H. Wang, ed., Proceedings of W2SP 2011. IEEE Computer Society, May 2011. (Details; PDF)

D. Jang, A. Venkataraman, G.M. Sawka, and H. Shacham. “Analyzing the Crossdomain Policies of Flash Applications.” In H. Wang, ed., Proceedings of W2SP 2011. IEEE Computer Society, May 2011. (Details; PDF)

T. Ristenpart, H. Shacham, and T. Shrimpton, “Careful with Composition: Limitations of the Indifferentiability Framework.” In K. Paterson, ed., Proceedings of Eurocrypt 2011, vol. 6632 of LNCS, pages 487–506. Springer-Verlag, May 2011. (Details; PDF)

S. Meiklejohn, H. Shacham, and D.M. Freeman. “Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures.” In M. Abe, ed., Proceedings of Asiacrypt 2010, vol. 6477 of LNCS, pages 519–38. Springer-Verlag, Dec. 2010. (Details; PDF)

D. Jang, R. Jhala, S. Lerner, and H. Shacham. “An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications.” In A. Keromytis and V. Shmatikov, eds., Proceedings of CCS 2010, pages 270–83. ACM Press, Oct. 2010. (Details; PDF)

S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. “Return-Oriented Programming without Returns.” In A. Keromytis and V. Shmatikov, eds., Proceedings of CCS 2010, pages 559–72. ACM Press, Oct. 2010. (Details; PDF)

S. Checkoway, A. Sarwate, and H. Shacham. “Single-Ballot Risk-Limiting Audits Using Convex Optimization.” In D. Jones, J.-J. Quisquater, and E. Rescorla, eds., Proceedings of EVT/WOTE 2010. USENIX/ACCURATE/IAVoSS, Aug. 2010. (Details; PDF)

K. Wang, E. Rescorla, H. Shacham, and S. Belongie. “OpenScan: A Fully Transparent Optical Scan Voting System.” In D. Jones, J.-J. Quisquater, and E. Rescorla, eds., Proceedings of EVT/WOTE 2010. USENIX/ACCURATE/IAVoSS, Aug. 2010. (Details; PDF)

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. “Experimental Security Analysis of a Modern Automobile.” In D. Evans and G. Vigna, eds., Proceedings of IEEE Security and Privacy (“Oakland”) 2010, pages 447–62. IEEE Computer Society, May 2010. (Details)

S. Checkoway, E. Rescorla, and H. Shacham. “Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer.” In M. Bailey, ed., Proceedings of LEET 2010. USENIX, Apr. 2010. (Details; PDF)

M. Bellare, Z. Brakerski, M. Naor, T. Ristenpart, G. Segev, H. Shacham, and S. Yilek. “Hedged Public-Key Encryption: How to Protect Against Bad Randomness.” In M. Matsui, ed., Proceedings of Asiacrypt 2009, vol. 5912 of LNCS, pages 232–49. Springer-Verlag, Dec. 2009. (Details; PDF)

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. “Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds.” In S. Jha and A. Keromytis, eds., Proceedings of CCS 2009, pages 199–212. ACM Press, Nov. 2009. (Details; PDF)

S. Yilek, E. Rescorla, H. Shacham, B. Enright, and S. Savage. “When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability.” In A. Feldmann and L. Mathy, eds., Proceedings of IMC 2009, pages 15–27. ACM Press, Nov. 2009. (Details; PDF)

N. Heninger and H. Shacham. “Reconstructing RSA Private Keys from Random Key Bits.” In S. Halevi, ed., Proceedings of Crypto 2009, vol. 5677 of LNCS, pages 1–17. Springer-Verlag, Aug. 2009. (Details; PDF)

M. Belenkiy, J. Camenisch, M. Chase, M. Kohlweiss, A. Lysyanskaya, and H. Shacham. “Randomizable Proofs and Delegatable Anonymous Credentials.” In S. Halevi, ed., Proceedings of Crypto 2009, vol. 5677 of LNCS, pages 108–25. Springer-Verlag, Aug. 2009. (Details; PDF)

S. Checkoway, A.J. Feldman, B. Kantor, J.A. Halderman, E.W. Felten, and H. Shacham. “Can DREs Provide Long-Lasting Security? The Case of Return-Oriented Programming and the AVC Advantage.” In D. Jefferson, J.L. Hall, and T. Moran, eds., Proceedings of EVT/WOTE 2009. USENIX/ACCURATE/IAVoSS, Aug. 2009. (Details; PDF)

H. Shacham and B. Waters. “Compact Proofs of Retrievability.” In J. Pieprzyk, ed., Proceedings of Asiacrypt 2008, vol. 5350 of LNCS, pages 90–107. Springer-Verlag, Dec. 2008. Extended abstract of [SW13] journal paper above. (Details)

E. Buchanan, R. Roemer, H. Shacham, and S. Savage. “When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC.” In P. Syverson and S. Jha, eds., Proceedings of CCS 2008, pages 27–38. ACM Press, Oct. 2008. Superseded by [RBSS12] journal paper above. (Details; PDF)

J.A. Halderman, E. Rescorla, H. Shacham, and D. Wagner. “You Go to Elections with the Voting System You Have: Stop-Gap Mitigations for Deployed Voting Systems.” In D. Dill and T. Kohno, eds., Proceedings of EVT 2008. USENIX/ACCURATE, July 2008. (Details; PDF)

H. Shacham. “The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86).” In S. De Capitani Di Vimercati and P. Syverson, eds., Proceedings of CCS 2007, pages 552–561. ACM Press, Oct. 2007. Superseded by [RBSS12] journal paper above. (Details; PDF)

H. Shacham and B. Waters. “Efficient Ring Signatures Without Random Oracles.” In T. Okamoto and X. Wang, eds., Proceedings of PKC 2007, vol. 4450 of LNCS, pages 166–80. Springer-Verlag, Apr. 2007. (Details; PDF)

X. Boyen, H. Shacham, E. Shen, and B. Waters. “Forward-Secure Signatures with Untrusted Update.” In R. Wright, ed., Proceedings of CCS 2006, pages 191–200. ACM Press, Oct. 2006. (Details; PDF)

S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. “Sequential Aggregate Signatures and Multisignatures without Random Oracles.” In S. Vaudenay, ed., Proceedings of Eurocrypt 2006, vol. 4004 of LNCS, pages 465–85. Springer-Verlag, May 2006. Extended abstract of [LOSSW13] journal paper above. (Details)

D. Boneh and H. Shacham. “Group Signatures with Verifier-Local Revocation.” In B. Pfitzmann and Peng Liu, eds., Proceedings of CCS 2004, pages 168–77. ACM Press, Oct. 2004. (Details; PDF)

H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. “On the Effectiveness of Address-Space Randomization.” In B. Pfitzmann and Peng Liu, eds., Proceedings of CCS 2004, pages 298–307. ACM Press, Oct. 2004. (Details; PDF)

D. Boneh, X. Boyen, and H. Shacham. “Short Group Signatures.” In M. Franklin, ed., Proceedings of Crypto 2004, vol. 3152 of LNCS, pages 41–55. Springer-Verlag, Aug. 2004. (Details; PDF)

A. Lysyanskaya, S. Micali, L. Reyzin, and H. Shacham. “Sequential Aggregate Signatures from Trapdoor Permutations.” In C. Cachin and J. Camenisch, eds., Proceedings of Eurocrypt 2004, vol. 3027 of LNCS, pages 74–90. Springer-Verlag, May 2004. (Details; PDF)

D. Boneh, C. Gentry, B. Lynn, and H. Shacham. “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps.” In E. Biham, ed., Proceedings of Eurocrypt 2003, vol. 2656 of LNCS, pages 416–32. Springer-Verlag, May 2003. (Details; PDF)

E.-J. Goh, H. Shacham, N. Modadugu, D. Boneh. “SiRiUS: Securing Remote Untrusted Storage.” In M. Tripunitara, ed., Proceedings of NDSS 2003, pages 131–45. Internet Society, Feb. 2003. (Details; PDF)

H. Shacham and D. Boneh. “Fast-Track Session Establishment for TLS.” In M. Tripunitara, ed., Proceedings of NDSS 2002, pages 195–202. Internet Society, Feb. 2002. Extended abstract of [SBR04] journal paper above, with E. Rescorla. (Details)

D. Boneh, B. Lynn, and H. Shacham. “Short Signatures from the Weil Pairing.”. In C. Boyd, ed., Proceedings of Asiacrypt 2001, vol. 2248 of LNCS, pages 514–32. Springer-Verlag, Dec. 2001. Extended abstract of [BLS04] journal paper above. (Details)

H. Shacham and D. Boneh. “Improving SSL Handshake Performance via Batching.” In D. Naccache, ed., Proceedings of CT-RSA 2001, vol. 2020 of LNCS, pages 28–43. Springer-Verlag, Apr. 2001. (Details; PDF)

Manuscripts

W. Lian, H. Shacham, and S. Savage. “An Investigation of the FreeBSD r278907 RNG Bugfix.” Manuscript, Oct. 2016. (Details; PDF)

S. Meiklejohn and H. Shacham. “New Trapdoor Projection Maps for Composite-Order Bilinear Groups.” Cryptology ePrint Archive, report 2013/657, Oct. 2013. (Details; PDF)

B. Adida, C. Anderson, A.I. Anton, M. Blaze, R. Dingledine, E.W. Felten, M.D. Green, J.A. Halderman, D.R. Jefferson, C. Jennings, S. Landau, N. Mitter, P.G. Neumann, E. Rescorla, F.B. Schneider, B. Schneier, H. Shacham, M. Sherr, D. Wagner, and P. Zimmermann. “CALEA II: Risks of Wiretap Modifications to Endpoints.” May 2013. Report, coordinated by the Center for Democracy & Technology. (PDF)

G. Wang, H. Liu, S. Becerra, K. Wang, S. Belongie, H. Shacham, and S. Savage. “Verilogo: Proactive Phishing Detection via Logo Recognition.” Aug. 2011. UCSD Technical Report CS2011-0969. (Details; PDF)

S. Checkoway and H. Shacham. “Escape from Return-Oriented Programming: Return-Oriented Programming without Returns (on the x86).” Feb. 2010. UCSD Technical Report CS2010-0954. (Details; PDF)

H. Shacham. “The BBG HIBE Has Limited Delegation.” Cryptology ePrint Archive, report 2007/201, May 2007. (Details; PDF)

H. Shacham. “A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants.” Cryptology ePrint Archive, report 2007/074, Feb. 2007. (Details; PDF)

Survey Papers

S. Checkoway, H. Shacham, and E. Rescorla. “Don’t take LaTeX Files from Strangers” (survey). USENIX ;login:, vol. 35, no. 4 (2010), pages 17–22. (Details; PDF)

D. Boneh, C. Gentry, B. Lynn, and H. Shacham. “A Survey of Two Signature Aggregation Techniques” (survey). RSA CryptoBytes, vol. 6, no. 2 (2003), pages 1–9. (Details; PDF)

D. Boneh and H. Shacham. “Fast Variants of RSA” (survey). RSA CryptoBytes, vol. 5, no. 1 (2002), pages 1–9. (Details; PDF)

Talks

“Security Analysis of a Full-Body X-Ray Scanner.” Presented with E. Wustrow; joint work with K. Mowery, T. Wypych, C. Singleton, C. Comfort, E. Rescorla, S. Checkoway, and J.A. Halderman. Given at the 31st Chaos Communication Congress (31C3). Dec. 2014. (Details)

“Return-Oriented Programming: Exploitation without Code Injection.” Joint work with E. Buchanan, R. Roemer, and S. Savage. Given at Black Hat USA 2008 Briefings. Aug. 2008. (Details; PDF slides)

Edited Volumes

H. Shacham and B. Waters, eds., Proceedings of Pairing 2009, vol. 5671 of LNCS, Springer-Verlag, Aug. 2009.


Navigation: Hovav Shacham // Publications