Enrico Bacis
Software engineer in the Applied Privacy Research team in Google Zurich
Authored Publications
Google Publications
Other Publications
Sort By
Don’t Interrupt Me – A Large-Scale Study of On-Device Permission Prompt Quieting in Chrome
Marian Harbach
Ravjit Uppal
Andy Paicu
Elias Klim
Balazs Engedy
(2024)
Preview abstract
A recent large-scale experiment conducted by Chrome has demonstrated that a "quieter" web permission prompt can reduce unwanted interruptions while only marginally affecting grant rates. However, the experiment and the partial roll-out were missing two important elements: (1) an effective and context-aware activation mechanism for such a quieter prompt, and (2) an analysis of user attitudes and sentiment towards such an intervention. In this paper, we address these two limitations by means of a novel ML-based activation mechanism -- and its real-world on-device deployment in Chrome -- and a large-scale user study with 13.1k participants from 156 countries. First, the telemetry-based results, computed on more than 20 million samples from Chrome users in-the-wild, indicate that the novel on-device ML-based approach is both extremely precise (>99% post-hoc precision) and has very high coverage (96% recall for notifications permission). Second, our large-scale, in-context user study shows that quieting is often perceived as helpful and does not cause high levels of unease for most respondents.
View details
Mix&Slice for Efficient Access Revocation on Outsourced Data
Marco Rosa
Pierangela Samarati
Sabrina De Capitani di Vimercati
Sara Foresti
Stefano Paraboschi
IEEE Transactions on Dependable and Secure Computing (TDSC) (2023)
Preview abstract
A complex challenge when using encryption to enforce access control on resources stored at external cloud providers is the efficient enforcement of access revocation to users who know the key used for encrypting the outsourced resources. We present an approach addressing this challenge that relies on a mixing phase. The mixing phase transforms a plaintext resource into an encrypted resource with strong mutual inter-dependency among the bits in the encrypted representation. Our mixing is based on the iterative application of either a block cipher or an extended version of OAEP. The mixing phase is then followed by a slicing phase that splits the encrypted resource in carefully designed fragments. To revoke access on a resource, it is then sufficient to update a fragment , with the guarantee that the resource as a whole (and any portion of it) will become unintelligible to those from whom access is revoked. Our experimental results show the effectiveness and efficiency of our approach, and confirm its applicability, especially when managing large resources with dynamic access policy.
View details
I Told You Tomorrow: Practical Time-Locked Secrets using Smart Contracts
Dario Facchinetti
Marco Rosa
Marco Guarnieri
Matthew Rossi
Stefano Paraboschi
Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES '21), Association for Computing Machinery (2021)
Preview abstract
A Time-Lock enables the release of a secret at a future point in time. Many literature works implement Time-Locks as cryptographic puzzles, binding the recovery of the secret to the solution of it. Since the
time required to find the solution to the puzzle may vary due to a multitude of factors, including the computational effort spent, these solutions may not suit all the practical scenarios.
To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles.
We implement a prototype of ITYT on top of the Ethereum blockchain. The prototype leverages secure Multi-Party Computation to avoid any single point of trust. We also analyze resiliency to attacks with the help of economic game theory, in the context of rational adversaries. The experiments run demonstrate the low cost and limited resource consumption associated with our approach.
View details
No Results Found
