Cryptography is a cornerstone of modern computer security and is ubiquitous on the computer systems we depend on daily. However, there is a significant gap between the theoretical guarantees provided by formalized security models, and the reality present in deployed systems today. The central research goals of this project are to perform an empirical study of cryptographic deployments on a global scale and to develop a framework for experimental cryptographic security research. This project develops and disseminates tools for measuring cryptographic security, and will result in increased security for cryptographic software and hardware in real use by detecting and eliminating flaws. Results are published for the academic community as well as popularized for nonacademic and industry audiences and incorporated into course materials. The project yields fundamental new insights and deepens the understanding of cryptographic deployments in the real world. The main activities include the refinement of existing methods and development of new tools for collecting and processing large-scale cryptographic datasets. The research also investigates the development of efficient algorithmic tools for real-time cryptographic anomaly detection, improved methodology for tracing vulnerabilities to implementations, advancements in the state of high-performance computing for cryptanalysis, and the development of more precise security models and requirements for cryptographic systems.
CAREER: Cryptographic Security at Internet Scale