Collaborative

group_project

Visible to the public EAGER: Collaborative: PRICE: Using process tracing to improve household IoT users' privacy decisions

Submitted by alfredkobsa on Mon, 10/16/2017 - 1:54pm

Household Internet-of-Things (IoT) devices are intended to collect information in the home and to communicate with each other, to create powerful new applications that support our day-to-day activities. Existing research suggests that users have a difficult time selecting their privacy settings on such devices. The goal of this project is to investigate how, why and when privacy decisions of household IoT users are suboptimal, and to use the insights from this research to create and test a simple single user interface that integrates privacy settings across all devices within a household.

group_project

Visible to the public EAGER: Collaborative: Quantifying Information Leakage in Searchable Encryption

Submitted by Alexandra Boldyreva on Mon, 10/16/2017 - 1:19pm

Cloud storage is currently experiencing explosive growth as more and more businesses and organizations store large amounts of data on cloud servers. Encrypting such data provides security against untrusted servers or malicious intrusions. However, standard encryption has the drawback of compromising functionality and efficiency and it is so strong that its ciphertexts are not searchable. For this reason, searchable encryption (SE) has become an important research area, aimed at providing weaker forms of encryption that balance security, efficiency, and functionality goals.

group_project

Visible to the public TWC: Small: Collaborative: A Unifying Framework For Theoretical and Empirical Analysis of Secure Communication Protocols

Submitted by Alexandra Boldyreva on Mon, 10/16/2017 - 1:15pm

Many networking protocols have been designed without security in mind, and many cryptographic schemes have been designed without practical deployments in mind. Moreover, most of security-enhanced communication protocols still lack the provable-security treatment and hence the security guarantees. This project aims at bridging the gap between protocol design, implementation, deployment, and security guarantees by developing a novel general security framework that facilitates the provable-security analyses of practical networking protocols.

group_project

Visible to the public SBE: Medium: Collaborative: Understanding and Exploiting Visceral Roots of Privacy and Security Concerns

Submitted by Acquisti Alessandro on Mon, 10/16/2017 - 12:29pm

Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these physical stimuli for current, material risks. In cyberspace, the same stimuli are often absent, subdued, or deliberately manipulated by malicious third parties. Hence, security and privacy concerns that would normally be activated in the offline world may remain muted, and defense behaviors may be hampered.

group_project

Visible to the public TWC: Medium: Collaborative: Measuring and Improving the Management of Today's PKI

Submitted by Alan Mislove on Mon, 10/16/2017 - 12:00pm

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation.

group_project

Visible to the public TWC: Medium: Collaborative: Online Social Network Fraud and Attack Research and Identification

Submitted by Aidong Lu on Mon, 10/16/2017 - 11:36am

Online social networks (OSNs) face various forms of fraud and attacks, such as spam, denial of service, Sybil attacks, and viral marketing. In order to build trustworthy and secure OSNs, it has become critical to develop techniques to analyze and detect OSN fraud and attacks. Existing OSN security approaches usually target a specific type of OSN fraud or attack and often fall short of detecting more complex attacks such as collusive attacks that involve many fraudulent OSN accounts, or dynamic attacks that encompass multiple attack phases over time.

group_project

Visible to the public BD Spokes: PLANNING: NORTHEAST: Collaborative: Planning for Privacy and Security in Big Data

Submitted by Adam Smith on Mon, 10/16/2017 - 11:33am

Security and privacy play a key role in areas such as health, energy, and smart cities, as well as constituting a grand challenge in and of themselves. Privacy and security are critical for realizing Big Data's promise to advance society. If data are used without regard to privacy of individuals or protection of the data, then individuals may be hurt. If the data?s authenticity is not guaranteed, or if data are not permitted to be used at all due to privacy and security concerns, then the data's value is not realized.

group_project

Visible to the public TWC: Option: Medium: Collaborative: Semantic Security Monitoring for Industrial Control Systems

Submitted by Adam Slagell on Mon, 10/16/2017 - 11:29am

Industrial control systems differ significantly from standard, general-purpose computing environments, and they face quite different security challenges. With physical "air gaps" now the exception, our critical infrastructure has become vulnerable to a broad range of potential attackers. In this project we develop novel network monitoring approaches that can detect sophisticated semantic attacks: malicious actions that drive a process into an unsafe state without however exhibiting any obvious protocol-level red flags.

group_project

Visible to the public SaTC: CORE: Medium: Collaborative: Scalable Dynamic Access Control for Untrusted Cloud Environments

Submitted by Adam Lee on Mon, 10/16/2017 - 11:19am

When users store their data in the cloud, they take many privacy risks: Will the cloud storage provider allow others to see that data? If the user sets sharing rules for the data, will the cloud storage system follow those rules? Recent news stories of user data exfiltration from cloud storage systems show that users have reason for concern. Encrypting files before storing them in the cloud would provide strong protection, but this approach makes it very difficult for users to share data with others and to change their sharing policies.

group_project

Visible to the public EAGER: Collaborative: Faster and Stronger Onion Routing (FASOR)

Submitted by RDingledine on Fri, 10/13/2017 - 4:34pm

Tor is used daily by millions of users, including journalists, militaries and law enforcement, activists, companies, whistleblowers, and ordinary people, to protect their web browsing against surveillance. However, the internal architecture of Tor is very complicated. This complexity creates performance problems, and it makes security analysis difficult. Furthermore, Tor's encryption will be broken by future quantum computers.