CAREER

This CAREER research focuses on human factors in authentication using mobile devices. Mobile authentication is a crucial component of authentication, especially as mobile devices become ever more connected to the broader security ecosystem. A major concern is how users authenticate as they use their devices over months or years. This research will involve empirical studies of the choices and actions users take over time. Qualitative and quantitative measures will be employed to better understand user mental models, perceptions, and behaviors related to mobile authentication.

This project focuses on tackling the security and privacy of Cyber-Physical Systems (CPS) by integrating the theory and best practices from the information security community as well as practical approaches from the control theory community. The first part of the project focuses on security and protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks in order to prevent disruptions that may cause loss of service, infrastructure damage or even loss of life.

Individuals and organizations routinely trust third party providers to hold sensitive data, putting it at risk of exposure. While the data could be encrypted under a key that is kept secret from the provider, it rarely is, due to the inconvenience and increased cost of managing the cryptography. This project will develop technologies for working with encrypted data efficiently and conveniently. In particular, it will enable searching on encrypted data, which is prevented by currently deployed encryption, and running arbitrary programs efficiently on encrypted data.

The goal of the project is to develop a multi-layer security framework to provide control technicians and engineers with far superior mechanisms to address the increasing risk of cybersecurity attack on vulnerable water treatment plants and reduce latent risks to public health and safety, industry, and national security. The findings will generate knowledge base and forensic tools to help control engineers to quickly detect and mitigate potential security flaws in central components across control systems, including industrial control software, sensors, and actuators.

Data collection and analysis enable great advancements in digital technology, but the stewards of this data have a responsibility to society to ensure that the practices of collection, storage, and user control abide by user expectations. Policies and regulations governing data privacy play a critical role in communicating privacy expectations to users and defining the bounds of permissible data use. However, in practice, there are severe mismatches between user expectations and the actual practices of software companies, even when those practices conform with their privacy policies.