Usability

group_project

Visible to the public TWC: Small: Noisy Secrets as Alternatives to Passwords and PKI

Submitted by Leonid Reyzin on Mon, 11/20/2017 - 3:46pm

In order to establish a secure communication channel, each communicating party needs some method to authenticate the other, lest it unwittingly establish a channel with the adversary instead. Current techniques for authentication often rely on passwords and/or the public-key infrastructure (PKI). Both of these methods have considerable drawbacks since passwords are frequently breached, and PKI relies on central authorities which have proven to be less than reliable. Thus there is a need to use other sources of information for the communicating parties to authenticate each other.

group_project

Visible to the public TWC: Small: Secure Near Field Communications between Mobile Devices

Submitted by Kai Zeng on Tue, 11/14/2017 - 11:20am

By the end of this decade, it is estimated that Internet of Things (IoT) could connect as many as 50 billion devices. Near Field Communication (NFC) is considered as a key enabler of IoT. Many useful applications are supported by NFC, including contactless payment, identification, authentication, file exchange, and eHealthcare, etc. However, securing NFC between mobile devices faces great challenges mainly because of severe resource constraints on NFC devices, NFC systems deployed without security, and sophisticated adversaries.

group_project

Visible to the public TWC: Small: System Infrastructure for SMM-based Runtime Integrity Measurement

Submitted by Karen Karavanic on Tue, 11/14/2017 - 11:11am

The World Wide Web and computer "clouds" have become widely used, and are interwoven into many activities of daily life, from shopping to socializing to education. But the data center servers that are the backbone of this richly connected world remain vulnerable to malicious software ("malware"). Over the past decade, attacks have increased in number and sophistication, motivated by both financial and political goals. The results include consumer concerns about identify theft and fraudulent charges, corporate concerns about millions of dollars in losses, and potential defense concerns.

group_project

Visible to the public TWC: TTP Option: Medium: Collaborative: Identifying and Mitigating Trust Violations in the Smartphone Ecosystem

Submitted by Giovanni Vigna on Mon, 11/13/2017 - 7:21am

The adoption of smartphones has steadily increased in the past few years, and smartphones have become the tool with which millions of users handle confidential information, such as financial and health-related data. As a result, these devices have become attractive targets for cybercriminals, who attempt to violate the trust assumptions underlying the smartphone platform in order to compromise the security and privacy of users.

group_project

Visible to the public CRII: SaTC: Improving Computer Security Technologies through Analyzing Security Needs and Practices of Journalists

Submitted by Franziska Roesner on Mon, 11/13/2017 - 6:33am

Advances in digital communication technologies, and their proliferation in recent decades, have had a remarkable impact on journalism. Security weaknesses in these technologies have put journalists and their sources increasingly at risk, hindering efforts at investigative reporting, transparency, and whistleblowing. Because of their willingness to be early adopters, and to openly communicate their issues, journalists provide an opportunity to identify security issues and requirements in new communication methods.

group_project

Visible to the public EAGER: A Mathematical Model of Privacy Decisions: A Behavioral Economic Perspective

Submitted by Fariborz Farahmand on Mon, 11/13/2017 - 5:57am

When making decisions about information privacy, people do not always act rationally according to their best interests. It is thus important to understand why people express concerns about privacy, but often act contrary to their stated intentions.

group_project

Visible to the public EAGER: Exploring Job Applicant Privacy Concerns

Submitted by Donald Truxillo on Tue, 11/07/2017 - 6:06am

Millions of people in the U.S. and worldwide apply for jobs online, and the use of online job application systems is growing. Thus, online job applicants are an important population to study. However, few studies have examined job applicants' concerns about their privacy and how to protect it. Further, job applicants' privacy concerns may affect how willing they are to apply for jobs and even whether job applicants pursue legal action against employers for privacy violations.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...
group_project

Visible to the public SaTC-EDU: EAGER: INCUBATE - INjecting and assessing Cybersecurity edUcation with little internal suBject mATter Expertise

Submitted by David Voorhees on Tue, 10/31/2017 - 4:49am

This project will develop novel ways to teach cybersecurity topics. It is challenging for computer science (CS) programs with limited faculty resources to cover the breadth and depth of the discipline. The challenge increases as CS curriculum guidelines places more emphasis on emerging areas such as cybersecurity.

group_project

Visible to the public TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 7:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.