Max Zinkus

I'm currently a graduate student pursuing a PhD in Computer Science at Johns Hopkins University in Baltimore, MD. I work in the ARC and SPAR labs, my advisor is Dr. Matthew Green, and my research is generally in the fields of applied cryptography, information security, systems, and computer science education. I earned my MSE degree in Computer Science from Johns Hopkins in August, 2020. I completed my undergraduate studies at California Polytechnic State University San Luis Obispo in 2018, with a BS in Computer Science and a minor in Mathematics. Outside of the lab I enjoy social dance and getting outdoors.

I can be reached at zinkus[at]cs[dot]jhu[dot]edu. If encryption is needed, I prefer Signal: introduce yourself via email and we can exchange contacts from there.

Our Systemization of Knowledge paper SoK: Cryptographic Confidentiality of Data on Mobile Devices was accepted for publication in PETS 2022 Issue 1! A preprint of this work can be found here.

Our recent work on the forensic security of mobile devices was featured in WIRED and Forbes! Thank you to Lily Hay Newman and Thomas Brewster for their reporting, and additionally to the DevNews podcast for hosting my co-author Tushar Jois and I to discuss mobile data security and our work.

Along with my advisor Dr. Green and fellow student Tushar Jois, I released the full version and accompanying website of our report on the security and privacy of data on mobile devices, specifically iOS and Android phones. To read a summary or the full report, visit our site.

I was interviewed by Ted Bridis who worked with a reporter for Fresh Take Florida, a University of Florida College of Journalism and Communications news service, to publish an article in which I was quoted. I did some forensic network analysis to trace the sender(s) of a bulk email which threatened voters in Florida, which turned out to be part of a larger operation reportedly by Iran to seed chaos in the US election by influencing voters. The article can be found here.

Gabrielle Beck and I had our first project under Dr. Green accepted for publication at the USENIX Security Symposium! In this work we branched into a developing area in constraint programming and satisfiability to apply a Max#SAT solver to the automation of developing novel padding oracle attacks before generalizing our work to arbitrary format oracles. The goal of the tool we created is to enable automatic development of end-to-end exploits for Chosen Ciphertext attacks in order to strengthen arguments for switching to authenticated encryption (despite being well-accepted, authenticated encryption is neglected by a startling number of systems!). A version of this work is available here.

Along with two excellent professors at Cal Poly SLO, Drs. DeBruhl and Khosmood, I developed an ultra-lightweight probabilistic intrusion detection system designed for IoT use cases, and performed end-to-end evaluation using a testbed of real IoT devices. As part of this work, we explored novel compressing non-cryptographic hash functions and their application to IDS. This work has been accepted for publication at GlobeCom 2019. A version of the paper is available here.

Along with my co-authors, I've had a paper accepted at ACM SIGCSE (Computer Science Education) 2019! Our work was on a project we called Fakesbook, a platform we designed, implemented, and used to teach computer security and privacy to students of various ages in middle and high school. A version of the paper is available here.

We were accepted for publication and to present our work developing, executing, and evaluating an experimental course which intersected technical privacy with policy and critical analysis. Additionally, this work included an exhaustive survey of almost 300 US ABET-accredited universities to demonstrate need for technical privacy education focused toward computer science (and similar) students. A version of the paper is available here.