CRII

Distributed Denial of Service (DDoS) attacks disrupt the ability of computers to communicate over the Internet by flooding victims with large volumes of unwanted network traffic. Due to their high economic impact and low technical complexity, such attacks remain one of the most problematic and common attacks experienced by companies, organizations, and high-profile individuals.

The emergence of quantum computers poses a serious threat for existing security standards, which motivates post-quantum cryptography (PQC) research. Various PQC schemes have been proposed for standardization, whose mathematical soundness are under investigation. Unfortunately, even a mathematically sound cryptography scheme may be attacked at the implementation level. The primary research goal of this project is to develop secure implementations for lattice-based cryptosystems, a major class of PQC encryption proposals.

Hackers often target the information systems that underlie critical systems in domains ranging from finance to healthcare. The estimated cost of defending against and responding to hacking incidents currently runs at hundreds of billions of dollars annually. To reduce these costs, many organizations have aimed to develop timely, relevant, actionable, and shareable Cyber Threat Intelligence (CTI) about security and privacy threats to support cybersecurity decision-making. However, existing methods tend to react to known threats rather than proactively detecting emerging ones.

Rowhammer is a software-assisted cyber attack that causes malicious changes to the target memory cells of dynamic random-access memory (DRAM) due to charge leakage, by crafting memory access patterns which rapidly access the same row multiple times. This research focuses on proper hardware characterization towards a Rowhammer-resistant memory system. This characterization will also inform whether Rowhammer susceptibility increases with aging, and if so, will enable a method for detecting recycled chips.

The rapid development of machine learning in the domain of healthcare presents clear privacy issues, when deep neural networks and other models are built based on patients' personal and highly sensitive data such as clinical records or tracked health data. Further, these models can be vulnerable to attackers trying to infer the sensitive data that was used to build the model.