Scientific Foundations

group_project

Visible to the public  TWC: Small: Safeguarding Mobile Cloud Services: New Challenges and Solutions

Submitted by XiaoFeng Wang on Wed, 10/25/2017 - 12:16pm

Mobile cloud technologies have begun to rely heavily on services known as Mobile Back-end as a Service (MBaaS), including push messaging, data synchronization, and mobile identity management. Many of today's popular apps have already integrated push messaging services such as Google Cloud Messaging (GCM), Amazon Device Messaging (ADM), and third parties like Baidu, to enable the apps to receive notifications such as private messages, financial secrets or family members' locations.

group_project

Visible to the public TWC: Small: Privacy Preserving Cooperation among Microgrids for Efficient Load Management on the Grid

Submitted by Yuan Hong on Wed, 10/25/2017 - 12:14pm

Smart grid integrates sensors and communication infrastructure into the existing power grid to enable operational intelligence. The concept of microgrid is emerging in conjunction with the smart grid wherein small segments of the grid can be isolated into self-sufficient islands to feed their own demand load with their local energy, e.g., wind, solar.

group_project

Visible to the public TWC: Small: MIST: Systematic Analysis of Microarchitectural Information Leakage on Mobile Platforms

Submitted by Sandip Kundu on Wed, 10/25/2017 - 12:02pm

Smart phones have permeated all facets of our lives facilitating daily activities from shopping to social interactions. Mobile devices collect sensitive information about our behavior via various sensors. Operating systems (OS)enforce strict isolation between apps to protect data and complex permission management. Yet, apps get free access to hardware including CPU and caches. Access to shared hardware resources result in information leakage across apps. Microarchitectural attacks have already proven to succeed in stealing information on PC and even on virtualized cloud servers.

group_project

Visible to the public TWC: Small: Hardware Security for Embedded Computing Systems

Submitted by Tilman Wolf on Wed, 10/25/2017 - 11:51am

Embedded processing systems are widely used in many devices and systems that are essential for daily life. These embedded systems are increasingly connected to networks for control and data access, which also exposes them to remotely launched malicious attacks. It is of paramount importance to develop embedded processing systems that are hardened to withstand these remote attacks while continuing to operate effectively.

group_project

Visible to the public TWC: Small: Fundamental Limits in Differential Privacy

Submitted by Sewoong Oh on Wed, 10/25/2017 - 11:47am

Differential Privacy has emerged as a well-grounded approach to balancing personal privacy and societal as well as commercial use of data. The basic idea is to add random noise to analysis results sufficient to obscure the impact of any single individual's data on the analysis, thus protecting individual privacy. While general approaches to providing differential privacy exist, in many cases the bounds are not tight; more noise is added than needed. This project uses information theoretic techniques to explore the fundamental privacy/accuracy tradeoffs in differential privacy.

group_project

Visible to the public TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

Submitted by Zhuoqing Mao on Wed, 10/25/2017 - 11:45am

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

Visible to the public TWC: Small: Confidentiality Measurement of Complex Computations using Quantitative Information Flow

Submitted by Stephen McCamant on Wed, 10/25/2017 - 11:26am

Concern about information privacy is a major obstacle to user adoption of new information technology applications, from smart phone applications to the deployment of automated workflows in the largest health-care and government enterprises. This project addresses privacy concerns caused by software through errors and malicious attacks. A major security concern about software revolves around whether computers reveal information that they should not.

group_project

Visible to the public TWC: Small: Collaborative: Wearable Authentication Solutions for Ubiquitous and Personal Touch-enabled Devices

Submitted by Tam Vu on Wed, 10/25/2017 - 11:23am

This project for Wearable Authentication Solutions for Ubiquitous and Personal Touch-Enabled Devices (WASUP) studies and designs models and techniques to identify, authenticate, and audit touches on touch-sensing devices using a small wearable token. The token, such as a bracelet or ring, embeds a security code in the capacitive touch signature of a user, which is detected with the existing capacitive sensors used in many touch screens. This offers a number of distinct and desirable properties. First, the code is clearly associated with a touch, even if multiple potential users are nearby.

group_project

Visible to the public  TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses

Submitted by Zhiyun Qian on Wed, 10/25/2017 - 9:34am

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security.

group_project

Visible to the public  TWC: Small: Cache-based Side Channel Attacks on Smartphone Graphics Buffers: New Vulnerabilities and Defenses

Submitted by Zhiyun Qian on Wed, 10/25/2017 - 9:22am

Touch screens on smart mobile devices such as cell phones or tablets allow both user input (touch events) and display output. For a touch screen to function, the mobile device stores input and display data in a graphics buffer internal to the device. The researchers have discovered that a malicious application running on the mobile device could silently monitor characteristics of the graphics buffer to identify the alphanumeric characters that the user types into the touch keyboard or information displayed on the screen.