Encrypted Access Logging for Online Accounts: Device Attributions without Device Tracking
Carolina Ortega Pérez
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Crypto 4: Systems and Protocols
In an era where digital accounts permeate every aspect of life, ensuring their security and detecting compromise is paramount. This talk, presented by Carolina Ortega Pérez from Cornell Tech, introduces a novel approach to enhancing the integrity and privacy of **Account Security Interfaces (ASIs)**, which are crucial tools for users to monitor their online activity. The research, a collaborative effort with Ala Defala and Tom Rristenport, addresses a critical vulnerability in current ASIs: their susceptibility to device spoofing. By proposing **Clientside Encrypted Access Logging (CESL)** protocols, the work aims to provide reliable device attribution without compromising user privacy through device tracking.
AI review
Solid, well-motivated cryptographic systems paper that takes a real, documented problem — user-agent spoofing in ASIs — and proposes a formally defined, practically evaluated solution with a clear deployment path. The IPV/tech-abuse framing isn't advocacy padding; it's the actual threat model, and it sharpens design decisions throughout. Not groundbreaking crypto, but honest, careful work that advances a neglected corner of account security.