Cryptography, applied

This project addresses how semiconductor designers can verify the correctness of ICs that they source from possibly untrusted fabricators. Existing solutions to this problem are either based on legal and contractual obligations, or use post-fabrication IC testing, both of which are unsatisfactory or unsound. As a sound alternative, this project designs and fabricates verifiable hardware: ICs that provide proofs of their correctness for every input-output computation they perform in the field.

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

Cyber security is considered one of the most important aspects of our information technology based society. Key Exchange(KE) is a fundamental cryptographic primitive, and authenticated KE (AKE) is one of the most used cryptographic tools in secure communication protocols (e.g. SSL/TLS, IPSec, SSH) over the Internet. In light of the threat that quantum computers pose to cryptosystems such as RSA and ECC, this project is devoted to the development of secure and efficient AKE alternatives for the post-quantum computer world, which is now considered of a high priority by the US government.

The Transport Layer Security (TLS) protocol constitutes the key building block for today's Internet security and is, for example, used for encrypted web connections using the HTTPS protocol. However, from its first version in 1994 until today, researchers and practitioners keep discovering TLS deficiencies undermining the protocol's security on a regular basis. While the academic community has applied intense scrutiny to the TLS/X.509 ecosystem, much of such work depends on access to difficult to acquire representative data on the protocol's deployment and usage.

Outsourcing storage to the cloud has become more widespread in recent years; however, cloud storage services are constantly exposed to a number of non-trivial adversarial threats. This work addresses security risks arising from the leakage of access patterns, which is the ability of an adversary to detect when the same item is accessed repeatedly on a storage server, which has been shown to substantially impact data privacy.