Cryptography, applied

group_project

Visible to the public TWC: Small: Addressing the challenges of cryptocurrencies: Security, anonymity, stability

Submitted by Arvind Narayanan on Mon, 10/16/2017 - 4:20pm

Secure digital payments are essential for e-commerce and cybersecurity. Cryptocurrencies, which are virtual currencies designed using cryptographic principles, are well suited for digital payments but face several hurdles to adoption for legitimate e-commerce.

group_project

Visible to the public TWC: Medium: Collaborative: Distribution-Sensitive Cryptography

Submitted by Ari Juels on Mon, 10/16/2017 - 3:52pm

Contemporary encryption schemes are almost exclusively distribution-agnostic. Their security properties are independent of the statistical characteristics of plaintexts, and the output of these schemes are ciphertexts that are uniformly distributed bit strings, irrespective of use case. While conceptually simple, such encryption schemes fail to meet basic, real-world requirements and have left longstanding functional gaps in key security applications.

group_project

Visible to the public TTP: Medium: Democratizing Secure Password Management

Submitted by Ari Juels on Mon, 10/16/2017 - 3:45pm

The theft of passwords and other user credentials from online services has become an epidemic, with password breaches regularly impacting large user populations and leaving both consumers and businesses vulnerable to attack. A number of research results point the way toward methods that could greatly improve the security of password systems. There is thus both an urgent need and a clear opportunity to transform the general state of industry practice in password management. Toward this end, the researchers build an easy-to-deploy password-protection system called PASS.

group_project

Visible to the public TWC: Small: Blameworthy Programs: Accountability via Deviance and Causal Determination

Submitted by anupamdatta on Mon, 10/16/2017 - 3:04pm

Security protocols enable useful tasks over untrusted networks. For example, confidential communication over the Internet between users and Web services like Google, Facebook, Amazon and Bank of America rely on protocols like SSL/TLS and the supporting Public Key Infrastructure (PKI). These protocols are designed to provide global security properties like authentication and confidentiality when various parties (e.g., the user, the Web service, and participants in the PKI such as certificate authorities) execute their prescribed programs.

group_project

Visible to the public TWC: Medium: Collaborative: Measuring and Improving the Management of Today's PKI

Submitted by Alan Mislove on Mon, 10/16/2017 - 11:00am

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation.

group_project

Visible to the public EAGER: Guaranteed-Secure and Searchable Genomic Data Repositories

Submitted by Adam ONeill on Mon, 10/16/2017 - 10:23am

Publicly available and searchable genomic data banks could revolutionize clinical and research settings, but privacy concerns about releasing such information are currently preventing its usage. This project aims to address these concerns by providing new mechanisms by which individuals can donate their genomic information to a data bank in such a way that third parties, such as doctors or researchers, querying the data bank are guaranteed to learn only aggregate functions of the population's data that the individuals authorize.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public TTP: Small: Collaborative: Defending Against Website Fingerprinting in Tor

Submitted by RDingledine on Fri, 10/13/2017 - 1:39pm

The more people use the Internet, the more they risk sharing information they don't want other people to know. Tor is a technology that every day helps millions of people protect their privacy online. Tor users -- ranging from ordinary citizens to companies with valuable intellectual property -- gain protection for the content of their online messages and activities, as well as whom they interact with and when. For the most part, Tor is very secure. However, it has a known vulnerability to an attack called website fingerprinting.

group_project

Visible to the public TWC: Medium: Collaborative: Privacy-Preserving Distributed Storage and Computation

Submitted by Roberto Tamassia on Fri, 10/13/2017 - 1:34pm

This project aims at developing efficient methods for protecting the privacy of computations on outsourced data in distributed settings. The project addresses the design of an outsourced storage framework where the access pattern observed by the storage server gives no information about the actual data accessed by the client and cannot be correlated with external events. For example, the server cannot determine whether a certain item was previously accessed by the client or whether a certain algorithm is being executed.