Ilkan Esiyok (CISPA Helmholtz Center for Information Security), Pascal Berrang (University of Birmingham & Nimiq), Katriel Cohn-Gordon (Meta), Robert Künnemann (CISPA Helmholtz Center for Information Security)

The Internet is a major distribution platform for web applications, but there are no effective transparency and audit mechanisms in place for the web. Due to the ephemeral nature of web applications, a client visiting a website has no guarantee that the code it receives today is the same as yesterday, or the same as other visitors receive. Despite advances in web security, it is thus challenging to audit web applications before they are rendered in the browser. We propose Accountable JS, a browser extension and opt-in protocol for accountable delivery of active content on a web page. We prototype our protocol, formally model its security properties with the Tamarin Prover, and evaluate its compatibility and performance impact with case studies including WhatsApp Web, AdSense and Nimiq. Accountability is beginning to be deployed at scale, with Meta’s recent announcement of Code Verify available to all 2 billion WhatsApp users, but there has been little formal analysis of such protocols. We formally model Code Verify using the Tamarin Prover and compare its properties to our Accountable JS protocol. We also compare Code Verify’s and Accountable JS extension's performance impacts on WhatsApp Web.

View More Papers

Preventing SIM Box Fraud Using Device Model Fingerprinting

BeomSeok Oh (KAIST), Junho Ahn (KAIST), Sangwook Bae (KAIST), Mincheol Son (KAIST), Yonghwa Lee (KAIST), Min Suk Kang (KAIST), Yongdae Kim (KAIST)

Read More

REDsec: Running Encrypted Discretized Neural Networks in Seconds

Lars Wolfgang Folkerts (University of Delaware), Charles Gouert (University of Delaware), Nektarios Georgios Tsoutsos (University of Delaware)

Read More

Cryptographic Oracle-based Conditional Payments

Varun Madathil (North Carolina State University), Sri Aravinda Krishnan Thyagarajan (NTT Research), Dimitrios Vasilopoulos (IMDEA Software Institute), Lloyd Fournier (None), Giulio Malavolta (Max Planck Institute for Security and Privacy), Pedro Moreno-Sanchez (IMDEA Software Institute)

Read More

Real Threshold ECDSA

Harry W. H. Wong (The Chinese University of Hong Kong), Jack P. K. Ma (The Chinese University of Hong Kong), Hoover H. F. Yin (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)

Read More