Research

Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been shown to be insecure; most concerningly by not adequately hiding metadata. This is further complicated by the fact that wireless communication such as Bluetooth is inherently a broadcasting medium. In this paper, we present a new threat model that captures the security requirements of protesters in this setting. We then provide a solution that satisfies the required security properties, hides all relevant metadata, scales to moderately sized protests, and supports group messaging. This is achieved by broadcasting all messages in a way that limits the overhead of duplicate messages, ensuring that ciphertexts do not leak metadata, and limiting what can be learned by observing user behavior. We also build a model of our system and numerically evaluate it to support our claims and analyze how many users it supports. Finally, we discuss further extensions that remove potential bottlenecks in scaling and support substantially more users.

Before the Russian invasion of Ukraine, the Biden administration insisted in arms control talks with Russia that a follow-on agreement to the New Strategic Arms Reduction Treaty (New START) should cover all nuclear weapons and that such an agreement should focus on the nuclear warheads themselves. This would represent a significant change from previous agreements, which focused on delivery vehicles, such as missiles. The United States has been particularly interested in potential limits on nonstrategic nuclear warheads (NSNW). Such weapons have never been subject to an arms control agreement. Because Russia possesses an advantage in the number of such weapons, the US Senate has insisted that negotiators include them in a future agreement, making their inclusion necessary if such an accord is to win Senate approval and ultimately be ratified by Washington. In the wake of Russian nuclear threats in the Ukraine conflict, such demands can only be expected to grow if and when US and Russian negotiators return to the negotiating table. This work outlines such a Control Regime for Nonstrategic Nuclear Warheads in Europe.

We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI's codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants' language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future.

The Stanford Emerging Technology Review (SETR) is a pivotal initiative by Stanford University, aimed at educating policymakers about transformative technologies. It underscores the dual nature of technological advances: their potential to drive progress and the risks of misuse or stifling innovation. The report emphasizes the convergence of multiple technologies like synthetic biology, materials science, and neuroscience, which are rapidly reshaping society. SETR serves as a comprehensive guide covering ten critical technology areas: artificial intelligence, biotechnology and synthetic biology, cryptography, materials science, neuroscience, nuclear technologies, robotics, semiconductors, space technologies, and sustainable energy technologies, underlining their growing influence on American society. The initiative stresses the need for collaboration among academia, industry, and government to maintain American leadership in science and technology. It advocates for continuous learning and dialogue to harness the promise of emerging technologies effectively, recognizing the importance of understanding and embracing these advancements for collective benefit.