CRII

group_project

Visible to the public CRII: SaTC: Analyzing Information Leak in Smart Homes

With the rapid adoption of the Internet of Things (IoT), we face a new world, where we are never alone. At all times, a plethora of connected devices, from smartphones to home assistants to motion detectors continuously sense and monitor our activities. While these devices provide us convenience, they are often backed by powerful analytics to sift through large volume of personal data, at times collected without our awareness or consent.

group_project

Visible to the public CRII: SaTC: Techniques for Measuring and Characterizing Robocalls

Automated calls (often called "robocalls"), which may range in purpose from telemarketing to outright fraud, have reached epidemic proportions. While some robocalls are societally useful, there are plenty that are used for malicious purposes. This is particularly concerning because some scam calls steal millions of dollars annually, often from vulnerable populations including the elderly and recent immigrants. Policy mechanisms like the National Do Not Call Registry have failed to meaningfully stop these calls.

group_project

Visible to the public CRII: SaTC: Searchable Encryption for Biometric Data

Biometrics are part of modern citizens' identity. Individuals' mobile devices collect facial, iris, fingerprint, and electrocardiogram data. Border checkpoints collect travelers' biometrics. National identity cards use biometrics to identify individuals. In many applications, a large group of users' biometrics are stored together in a centralized database. This type of widespread and expanding use of biometrics creates privacy concerns as biometrics are correlated to sensitive attributes such as race, gender, and disease risk factors.

group_project

Visible to the public CRII: SaTC: Vetting and Improving the Usage of Trusted Execution Environments for Authentication in Mobile Devices

In mobile devices, authentication protocols are used to ensure that users' intentions are communicated untampered to the applications' backend servers. Unfortunately, traditional authentication protocols do not defend against "root-attackers," i.e., attackers able to fully compromise the main operating system of a victim's device. Trusted Execution Environments (TEEs), specific hardware components available in modern mobile devices, can be used to mitigate this threat, since they run a separate, smaller codebase than the main operating system.

group_project

Visible to the public CRII: SaTC: Identifying Fraud in the Cryptocurrency Ecosystem

This project will advance understanding of how cybercrime has been able to flourish in the emerging cryptocurrency economy. Research has revealed cybercrime in the cryptocurrency economy, and the rate of fraud has seemed to increase. By understanding the incentives for crime and by modeling effective regulation, this research will make progress towards upending cryptocurrency-based crime. The project will collect data towards understanding how the underlying incentives work to cause fraudulent behavior and how the ecosystem perpetuates fraud.

group_project

Visible to the public CRII: SaTC CPS: RUI: Cyber-Physical System Security in Implantable Insulin Injection Systems

Increasingly medical devices are dependent on software and the wireless channel for their operations, which also pose new vulnerabilities to their safe, dependable, and trustworthy operations. Medical devices such as implantable insulin pumps, which are in wide use today, continuously monitor and manage a patient's diabetes without the need for frequent daily patient interventions. These devices, not originally designed against cyber security threats, must now mitigate these threats.

group_project

Visible to the public CRII: SaTC: A System for Privacy Management in Ubiquitous Environments

As mobile and network technologies proliferate, so does society's awareness of the vulnerability of private data within cyberspace. Protecting private information becomes specially important, since researchers estimate that 87% of Americans can be identified by name and address, if their zip code, gender, and birthday are known to intruders. The goal of this proposal will be to develop a new set of verification tools, algorithms, and interfaces that enable secure, effective and unobtrusive management of users' private information.

group_project

Visible to the public CRII: SaTC: Hardware based Authentication and Trusted Platform Module functions (HAT) for IoTs

Crucial and critical needs of security and trust requirements are growing in all classes of applications such as in automobiles and for wearable devices. Traditional cryptographic primitives are computation-intensive and rely on secrecy of shared or session keys, applicable on large systems like servers and secure databases. This is unsuitable for embedded devices with fewer resources for realizing sufficiently strong security. This research addresses new hardware-oriented capabilities and mechanisms for protecting Internet of Things (IoT) devices.

group_project

Visible to the public CRII: SaTC: Automated Proof Construction and Verification for Attribute-based Cryptography

This project develops a comprehensive proof construction and verification framework for a well-defined class of cryptographic protocols: attribute-based cryptosystems. In particular, existing automated proof construction and verification frameworks, such as EasyCrypt and CryptoVerif, are extended to provide support for attribute-based cryptography. The extensions consist of libraries of simple transformations, algebraic manipulations, commonly used abstractions and constructs, and proof strategies, which will help in generation and verification of proofs in attribute-based cryptography.

group_project

Visible to the public CRII: SaTC: Investigation of Side-Channel Attack Vulnerability in Near-Threshold Computing Systems

Security breaches in computing systems cost billions of dollars in economic damages every year, and the intangible destructive consequences left by malicious attacks are inestimable. Meanwhile, near-threshold computing (NTC) emerges as a promising solution to improve energy efficiency by reducing the supply voltage, making it attractive for a broad range of applications from Internet-of-Things (IoT) devices to cloud computing facilities. With the anticipated adoption of NTC in mainstream computing systems, security vulnerabilities that are unique to NTC will be ripe for exploitation.