This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives. We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information. This system, called contextual data protection, enables users to passively manage their private and potentially lucrative stored data with minimal overhead, adding extra protection to private data which greatly lowers the risk inherent in long lived archives.
Simultaneously, we are creating effective defenses for data by improving our understanding of cybercrime, information use habits, and acceptable usability tradeoffs for data access. Building on previous research analyzing the financial successes of spam-based cybercrime, we are developing a methodology and apparatus for understanding the illicit value of stolen information. By understanding what is discoverable and valuable to attackers, we can develop techniques to focus security efforts on lucrative information, thereby preventing cybercriminals from turning a profit. Ultimately, our goal is to create a set of general techniques that use tools from cryptography that defend users' data by exploiting a deeper understanding of its value to both the users and the attackers. This research will shed light on the meaning of information value, ownership, and protection in this era of long-lived digital storage.
CAREER: Contextual Protection for Private Data Storage and Retrieval