Division of Computer and Network Systems (CNS)

group_project

Visible to the public CRII: SaTC: Vetting and Improving the Usage of Trusted Execution Environments for Authentication in Mobile Devices

In mobile devices, authentication protocols are used to ensure that users' intentions are communicated untampered to the applications' backend servers. Unfortunately, traditional authentication protocols do not defend against "root-attackers," i.e., attackers able to fully compromise the main operating system of a victim's device. Trusted Execution Environments (TEEs), specific hardware components available in modern mobile devices, can be used to mitigate this threat, since they run a separate, smaller codebase than the main operating system.

group_project

Visible to the public CRII: SaTC: Identifying Fraud in the Cryptocurrency Ecosystem

This project will advance understanding of how cybercrime has been able to flourish in the emerging cryptocurrency economy. Research has revealed cybercrime in the cryptocurrency economy, and the rate of fraud has seemed to increase. By understanding the incentives for crime and by modeling effective regulation, this research will make progress towards upending cryptocurrency-based crime. The project will collect data towards understanding how the underlying incentives work to cause fraudulent behavior and how the ecosystem perpetuates fraud.

group_project

Visible to the public CAREER: Efficient Query Processing for Private Data Federations

Almost all domains of life, including medicine, government, and business, have data recorded on them at an unprecedented rate by many independent parties. To realize insights from these fractured datasets, data scientists often set up a data federation in which multiple autonomous databases are united to appear as a single engine for querying. In many settings this is challenging due to privacy concerns and regulatory requirements.

group_project

Visible to the public CAREER: Towards Privacy and Availability of Inter-blockchain Communication

It has now become clear that blockchains represent much more than a financial innovation. There are innovative public or private blockchain solutions for supply chains, the "Internet of Things", and beyond. In our highly inter-connected world, it is inevitable that these solutions will soon have to interact with each other. Similar to the Internet today, this will eventually result in formation of a network of blockchains where transactions flow across disparate blockchains.

group_project

Visible to the public CAREER: Towards Elastic Security with Safe and Efficient Network Security Function Virtualization

Traditional network security functions are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. These traditional network security appliances often need to be placed at fixed network entry points and have a constant capacity with respect to the maximum amount of traffic they can process. Such rigid nature makes them inefficient in protecting today's prevailing programmable and virtualizable environments.

group_project

Visible to the public CAREER: Securing Mobile Devices by Hardening their System Software

Modern mobile devices, such as smartphones, tablets, and wearables, are targets of an increasing number of security attacks. Moreover, according to Google, an increasing number of attacks on (Android-based) mobile devices are targeting the operating system kernel. For example, 44% of attacks in 2016 targeted the kernel versus 9% and 4% respectively in 2015 and 2014. Unfortunately, contemporary mobile operating systems are large, complex, and full of vulnerabilities; hence they fall victims to these attacks more often than not.

group_project

Visible to the public CAREER: Trustworthy Machine Learning from Untrusted Models

Many of today's machine learning (ML)-based systems are not built from scratch, but are "composed" from an array of pre-trained, third-party models. Paralleling other forms of software reuse, reusing models can both speed up and simplify the development of ML-based systems. However, a lack of standardization, regulation, and verification of third-party ML models raises security concerns. In particular, ML models are subject to adversarial attacks in which third-party attackers or model providers themselves might embed hidden behaviors that are triggered by pre-specified inputs.

group_project

Visible to the public CAREER: Enhancing the User Experience of Privacy Preference Specification

The privacy settings provided by people's computers and mobile devices are the primary means by which users engage in privacy management. The constant stream of privacy related scandals and controversies highlight the challenges people face in understanding and utilizing these privacy settings to achieve the levels of privacy they desire. This research aims to overcome these challenges by developing and testing techniques to enhance the people's experience with their privacy preference specifications.

group_project

Visible to the public CAREER: Utilizing Principles of Energy Recovery Computing for Low-Energy and DPA-Resistant IoT Devices

This project will develop circuit design techniques for energy-recovery circuits and a library of such design cells to facilitate low-power implementation of block cipher for mobile Internet-of-Things (IoT) devices, where reducing power consumption is critical. The design challenge is to produce low-energy, lightweight, and secure devices, which are also resistant against malicious attacks that use power consumption traces to extract private or sensitive information.

group_project

Visible to the public CAREER: Cryptocurrency Forensics Tools

Cryptocurrencies, such as Bitcoin, are growing in popularity. These cryptocurrencies offer the promise of increased efficiency and decreasing frictions in the financial system, such as international money transfer fees and costs associated with raising investment capital. Unfortunately, they are also misused as a payment mechanism for illicit activities such as extortion, drugs, human trafficking, and cybercrime. These illicit activities have likely diminished the reputation of these cryptocurrencies and facilitated large amounts of harm for entities and individual people.