Authentication

Coercion attacks that compel an authorized user to reveal his or her secret authentication credentials can give attackers access to restricted systems. The PIs are developing a new approach to preventing coercion attacks using the concept of implicit learning from cognitive psychology. Implicit learning refers to learning of patterns without any conscious knowledge of the learned pattern. Using a carefully crafted keyboard-based computer game the PIs plant a secret password in the participant's brain without the participant having any conscious knowledge of the trained password.

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation.

While the mathematical study of cryptography has yielded a rich theory, and while the use of cryptography has become quite widespread, there is unfortunately still a significant gap between the theory and practice of cryptography. The goal of this project is to bridge this gap. The emphasis will be on the design and analysis of fundamental cryptographic primitives, such as hash functions and block ciphers, as well as other primitives derived from them, that are practical and yet theoretically sound. Indeed, hash functions and block ciphers are used in almost any cryptographic application.

Heavy vehicles, such as trucks and buses, are part of the US critical infrastructure and carry out a significant portion of commercial and private business operations. Little effort has been invested in cyber security for these assets. If an adversary gains access to the vehicle's Controller Area Network (CAN), attacks can be launched that can affect critical vehicle electronic components. Traditionally, physical access to a heavy vehicle was required to access the CAN.

Technology advances have brought numerous benefits to people and society, but also heightened risks to privacy. This project will investigate mechanisms and build tools to help people make privacy-aware decisions in different online contexts. The outcomes will help people to better understand their own privacy preferences and behavior, and enable them to better manage their privacy on the Internet. The project will create designs that can be integrated into mobile app markets and web browsers. The results will also inform Internet standards and governmental policies on Internet privacy.