Cryptography is the science of communication in the presence of a potential adversary and is an essential component in computer security. The past three decades of the study of cryptography continue to have a tremendous impact on society, having enabled, for example, world-wide ATM networks, pay TV, private email, VPNs, and electronic commerce. This project is developing cryptography that is more user-friendly, fault-tolerant and secure, thus broadening its applicability to our increasingly electronic lives. More specifically, the past study of cryptography, while very successful, has made many implicit assumptions about the environments in which cryptographic constructions operate. Such assumptions often turn out to be untrue in real-life deployments, resulting in serious security vulnerabilities. This project focuses on freeing cryptography of the following unrealistic assumptions: that users have uniformly random long keys, which are remembered perfectly, never accidentally disclosed to the adversary, and used in computing devices that leak no information. As just one example, little work has been done on tailoring cryptographic schemes to real users, who cannot remember thousand-bit-long secret keys. Thus, despite all cryptographic achievements, the most commonly used method of user-authentication today is via passwords. Passwords, as they are currently used, do not provide good security and inconvenience users unnecessarily. This project is developing alternatives to passwords that enhance security and user convenience. It is developing means of biometrics identification that do not require storage of the biometric template, thus reducing privacy risks. It is also studying the possibilities of using small inexpensive hardware tokens for opening virtual doors to those authorized, similarly to how physical keys are used to open physical doors. This project is also studying techniques that will recover gracefully and automatically from security breaches, such as unauthorized disclosure of passwords or keys. In addition to innovative cryptographic research, the educational components of the project focus on enabling students to think rigorously about computer security and to be able to critically evaluate various (often unjustified) security claims.
CAREER: Cryptography Outside the Box