I’m an Assistant Professor at Georgia Tech, in both the department of Computer Science and Cybersecurity & Privacy, and a Senior Research Scientist at Google.
My research focuses on systems security and applied cryptography, particularly in areas relevant to public policy. Topics that interest me include surveillance, network security, deniability, platform oblivious content moderation, misinformation, and elections security. Check out my publications page, or the course I teach to learn more.
Please apply to Georgia Tech’s Computer Science PhD program and list me as an advisor! I assure you, I will see any candidate that applies and lists my name. Please do not send me email, as I cannot reply that way.
If you are a current Georgia Tech student, or have interest in joining as a postdoc, please fill out this form!
Outside of my academic work, I’ve written for Lawfare, and contributed to the EFF’s Brief to the Supreme Court on the need to reform the Computer Fraud and Abuse Act. I enjoy finding bugs in my spare time, and am a contributor to Google’s Linux kernel fuzzer Syzkaller.
I have joined Georgia Tech full time as a new Assistant Professor!
Sep 16, 2020
Our work on deniability in email “Keyforge: Mitigating Email Breaches with Forward-Forgeable Signatures” was accepted to Usenix Security ‘21 (Blogpost, Paper)
Sep 15, 2020
Our security analysis of OmniBallot was accepted to Usenix Security ‘21 (Blogpost, Paper)
I coauthored an EFF-led amicus brief to the U.S. Supreme Court in the Van Buren case describing the need to limit the Computer Fraud and Abuse Act (Press Release, Brief)
Democracy Live’s OmniBallot platform is a web-based system for blank ballot delivery, ballot marking, and online voting. Three states—Delaware, West Virginia, and New Jersey—recently announced that they would allow certain voters to cast votes online using OmniBallot, but, despite the well established risks of Internet voting, the system has never before undergone a public, independent security review.
We reverse engineered the client-side portion of OmniBallot, as used in Delaware, in order to detail the system’s operation and analyze its security. We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare. In addition, Democracy Live, which had no privacy policy prior to our work, receives sensitive personally identifiable information—including the voter’s identity, ballot selections, and browser fingerprint—that could be used to target political ads or disinformation campaigns. Even when OmniBallot is used to mark ballots that will be printed and returned in the mail, the software sends the voter’s identity and ballot choices to Democracy Live, an unnecessary risk that jeopardizes the secret ballot.
We recommend changes to make the platform safer for ballot delivery and marking. However, we conclude that using OmniBallot for electronic ballot return represents a severe risk to election security and could allow attackers to alter election results without detection. In response to our findings, Delaware and New Jersey have halted use of OmniBallot, but it remains available in other jurisdictions, as do similar online voting methods that are likely to face the same serious risks.
USENIX
KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures
Michael A. Specter, Sunoo Park, and Matthew Green
In 30th USENIX Security Symposium (USENIX Security 21) , 2021
Email breaches are commonplace, and they expose a wealth of personal, business, and political data whose release may have devastating consequences. Such damage is compounded by email’s strong attributability: today, any attacker who gains access to your email can easily prove to others that the stolen messages are authentic, a property arising from a necessary anti-spam/anti-spoofing protocol called DKIM. This greatly increases attackers’ capacity to do harm by selling the stolen information to third parties, blackmail, or publicly releasing intimate or sensitive messages — all with built-in cryptographic proof of authenticity.
This paper introduces non-attributable email, which guarantees that a wide class of adversaries are unable to convince discerning third parties of the authenticity of stolen emails. We formally define non-attributability, and present two system proposals — KeyForge and TimeForge — that provably achieve non-attributability while maintaining the important spam/spoofing protections currently provided by DKIM. Finally, we implement both and evaluate their speed and band- width performance overhead. We demonstrate the practicality of KeyForge, which achieves reasonable verification overhead while signing faster and requiring 42% less bandwidth per message than DKIM’s RSA-2048.
USENIX
The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in US Federal Elections
Michael A. Specter, James Koppel, and Daniel Weitnzer
In 29th USENIX Security Symposium (USENIX Security 20) , 2020
2023 Research Award from the Election Verification Network (EVN)
In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz." Although there is no public formal description of Voatz’s security model, the company claims that election security and integrity are maintained through the use of a permissioned blockchain, biometrics, a mixnet, and hardware-backed keystorage modules on the user’s device. In this work, we present the first public security analysis of Voatz, based on a reverse engineering of their Android application and the minimal available documentation of the system. We performed a clean-room reimplementation of Voatz’s server and present an analysis of the election process as visible from the app itself.
We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot. We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality. Our findings serve as a concrete illustration of the common wisdom against Internet voting,and of the importance of transparency to the legitimacy of elections.
CACM
Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I Schiller, Bruce Schneier, Michael A. Specter, and Daniel J. Weitzner
Twenty years ago, law enforcement organizations lobbied to require data and communication services to engineer their products to guarantee law enforcement access to all data. After lengthy debate and vigorous predictions of enforcement channels "going dark," these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law enforcement agencies found new and more effective means of accessing vastly larger quantities of data. Today we are again hearing calls for regulation to mandate the provision of exceptional access mechanisms. In this report, a group of computer scientists and security experts, many of whom participated in a 1997 study of these same topics, has convened to explore the likely effects of imposing extraordinary access mandates.
We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20years ago. In the wake of the growing economic and social cost of the fundamental insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force Internet system developers to reverse "forward secrecy" design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated,hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.