Authentication

group_project

Visible to the public TTP: Medium: Democratizing Secure Password Management

Submitted by Ari Juels on Mon, 10/16/2017 - 3:45pm

The theft of passwords and other user credentials from online services has become an epidemic, with password breaches regularly impacting large user populations and leaving both consumers and businesses vulnerable to attack. A number of research results point the way toward methods that could greatly improve the security of password systems. There is thus both an urgent need and a clear opportunity to transform the general state of industry practice in password management. Toward this end, the researchers build an easy-to-deploy password-protection system called PASS.

group_project

Visible to the public EAGER: Unattended/Automated Studies of Effects of Auditory Distractions on Users Performing Security-Critical Tasks

Submitted by alfredkobsa on Mon, 10/16/2017 - 12:47pm

User errors or delays while performing security-critical tasks can lead to undesirable or even disastrous consequences. The impact of both accidental and intentional distractions on users in such situations has received little investigation. In particular, it is unclear whether and how sensory stimuli (e.g., sound or light) influence users' behavior and trigger mistakes. Better understanding of the effects of such distractions can lead to increased user awareness and countermeasures.

group_project

Visible to the public TWC: Medium: Collaborative: Privacy-Preserving Distributed Storage and Computation

Submitted by Roberto Tamassia on Fri, 10/13/2017 - 1:34pm

This project aims at developing efficient methods for protecting the privacy of computations on outsourced data in distributed settings. The project addresses the design of an outsourced storage framework where the access pattern observed by the storage server gives no information about the actual data accessed by the client and cannot be correlated with external events. For example, the server cannot determine whether a certain item was previously accessed by the client or whether a certain algorithm is being executed.

group_project

Visible to the public TTP: Medium: A Campus Pilot For A Privacy-Enabled Cloud Storage, Search, and Collaboration Portal for Education

Submitted by Radu Sion on Wed, 10/11/2017 - 1:23pm

As higher education institutions consider moving services to the cloud to save costs and improve collaboration, significant challenges to successful large-scale adoption still exist. Institutions are unwilling to risk cloud deployment because provable technological defenses have thus far been lacking. Control over sensitive data is relinquished without the institution's knowledge, liability is shifted and data breach risks are significantly increased. Further, regulatory-sensitive data has become an increasingly attractive target.

group_project

Visible to the public TWC: Small: Designing Strong End-to-End Authentication Mechanisms for Modern Telephony Systems

Submitted by Patrick Traynor on Wed, 10/11/2017 - 11:55am

Telephony is the dominant means of digital communication across the globe. With more than six billion users worldwide, these systems represent the only communications infrastructure available to the majority of people on the planet. Authentication has traditionally been the most central security issue for telephony providers. Tied directly to the billing process, authentication ensures that providers are able to correctly charge specific parties for their network usage.

group_project

Visible to the public TWC: Small: Evaluating and Improving Security in Emerging Branchless Banking Systems

Submitted by Patrick Traynor on Wed, 10/11/2017 - 11:51am

Branchless banking brings much-needed financial services to the unbanked in both the developing and developed worlds. Leveraging ubiquitous cellular networks, these services are now being deployed as smart phone apps, providing an electronic payment infrastructure where alternatives such as credit cards generally do not exist. Over 30% of the GDP in many such nations can now be attributed to branchless banking applications, many of which now perform more transactions per month than traditional payment processors including PayPal.

group_project

Visible to the public EDU: Development and Analysis of a Spiral Theory-based Cybersecurity Curriculum

Submitted by Vinod Lohani on Wed, 10/11/2017 - 12:49am

In this SaTC-EDU project at Virginia Tech, faculty members and graduate students in the Engineering Education, Computer Science (CS), Electrical & Computer Engineering (ECE) and the Hume Center for National Security and Technology in College of Engineering are collaborating to develop and implement a unique curriculum delivery model in cybersecurity into the CS and ECE curricula using Jerome Bruner's spiral theory approach.

group_project

Visible to the public EDU: Developing Open Authentic Case Studies for a MS in Cybersecurity Capstone Course

Submitted by Grandon Gill on Wed, 10/11/2017 - 12:36am

The project will develop a case method capstone course for a new multidisciplinary Master's degree program in Cybersecurity at the University of South Florida (USF). It extends a project that focused on developing a capstone course for an undergraduate program employing the case method pedagogy. That study demonstrated the feasibility of building a course entirely around discussions of local case studies and demonstrated positive learning outcomes using a variety of instruments.

group_project

Visible to the public TWC: Small: Collaborative: The Master Print: Investigating and Addressing Vulnerabilities in Fingerprint-based Authentication Systems

Submitted by Nasir Memon on Tue, 10/10/2017 - 10:55am

The objective of this project is to investigate the security of fingerprint authentication systems, especially those using partial fingerprints. A number of consumer electronic devices, such as smartphones, are beginning to incorporate fingerprint sensors for user authentication. The sensors embedded in these devices are generally very small and the resulting images are, therefore, limited in size.

group_project

Visible to the public TWC: Frontier: Collaborative: Rethinking Security in the Era of Cloud Computing

Submitted by Michael Swift on Mon, 10/09/2017 - 11:45am

There are at least two key features of the move to cloud computing that introduce the opportunity for significant leaps forward in computer security for tenant services. First, a compute cloud provides a common software, hardware and management basis for rolling out cross-cutting services en masse that have resisted incremental deployment in a one-service-at-a-time fashion. Second, compute clouds offer providers a broad view of activity across an unprecedented diversity of tenant services.