Authentication

group_project

Visible to the public TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 7:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 7:09am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Small: Automated Security Testing for Applications Integrating Third-Party Services

Submitted by David Evans on Mon, 10/23/2017 - 11:44pm

Modern web and mobile applications increasingly rely on code and services from multiple parties, including services that provide security-critical functions like authentication, payments, and sharing. Developers often make mistakes in integrating these services into their applications that lead to serious security vulnerabilities. These integration failures are mainly due to failures to understand and ensure assumptions necessary for secure use of the external service.

group_project

Visible to the public TWC: Small: Collaborative: Secure Data Charging Architecture for Mobile Devices in 3G/4G Cellular Networks: Vulnerabilities and Solutions

Submitted by Chunyi Peng on Wed, 10/18/2017 - 6:55pm

Wireless cellular networks serve as an essential cyber-infrastructure for mobile users. Unlike the Internet, cellular networks have adopted usage-based charging, rather than the simpler flat-rate charging. Data-plan subscribers have to pay their data bills based on the consumed traffic volume in 3G/4G networks. Although this metered charging system has been operational and generally successful for years, the security study of such a system remains largely unaddressed.

group_project

Visible to the public TWC: Small: Evidence of Presence for Intelligent Vehicles using Environment-Based Security

Submitted by Chiu Tan on Wed, 10/18/2017 - 5:52pm

Emerging intelligent automobiles will be able to harness advance on-car sensors to support new applications such as pollution detection, road condition monitoring, and traffic control. All these applications require the ability to verify both the location and the time of a reading. This project involves the design of verification methods that make use of environment factors, such as the presence of light and shadows and the measured wireless signal strength, instead of conventional public key infrastructure-based methods, in order to verify when and where data was collected.

group_project

Visible to the public STARSS: Small: Collaborative: Zero-Power Dynamic Signature for Trust Verification of Passive Sensors and Tags

Submitted by Shantanu Chakraba... on Wed, 10/18/2017 - 3:13pm

As passive tagging technologies like RFID become more economical and ubiquitous, it can be envisioned that in the future, millions of sensors integrated with these tags could become an integral part of the next generation of smart infrastructure and the overall concept of internet-of-things. As a result, securing these passive assets against data theft and counterfeiting would become a priority, reinforcing the importance of the proposed dynamic authentication techniques.

group_project

Visible to the public SBE: Small: Continuous Human-User Authentication by Induced Procedural Visual-Motor Biometrics

Submitted by Yong Guan on Wed, 10/18/2017 - 10:29am

Validating a user's identity is one of the fundamental security requirements in cyberspace. Current authentication approaches require people to create and remember secret credentials such as complex passwords, or to possess special hardware authentication tokens. Both are vulnerable to being compromised, or illegally shared. Even worse, authentication is typically supported solely at the start of a session.

group_project

Visible to the public TWC: Small: Imparting Privacy to Biometric Data in Cyberspace

Submitted by Arun Ross on Mon, 10/16/2017 - 4:11pm

Recent work has established the possibility of deriving auxiliary information from biometric data. For example, it has been shown that face images can be used to deduce the health, gender, age and race of a subject; further, face images have been used to link a pseudonymous profile in the Web with a true profile, thereby compromising the privacy of an individual. The objective of this work is to design and implement techniques for imparting privacy to biometric data such as face, fingerprint and iris images.