Scientific Foundations

group_project

Visible to the public TWC: Small: Better Security for Efficient Secret-Key Cryptography

Submitted by Stefano Tessaro on Wed, 10/25/2017 - 9:18am

Present-day cryptography crucially relies on secret-key cryptography, the setting where communicating parties use a shared secret key, hidden to the attacker, to securely encrypt and/or authenticate data. Secret-key cryptography is based on standardized efficient algorithms known as cryptographic primitives, such as block ciphers and hash functions. These act as building blocks for so-called modes of operations, cryptographic algorithms achieving strong security goals for encryption and authentication, and which are orders of magnitude faster than public-key ones.

group_project

Visible to the public TWC: Small: Behavior-Based Zero-Day Intrusion Detection for Real-Time Cyber-Physical Systems

Submitted by Sibin Mohan on Wed, 10/25/2017 - 9:15am

Cyber-Physical Systems (CPS) have distinct cyber and physical components that must work cohesively with each other to ensure correct operation. Examples include automobiles, power plants, avionics systems, and home automation systems. Traditionally such systems were isolated from external accesses and used proprietary components and protocols. Today that is not the case as CPS systems are increasingly networked. A failure to protect these systems from harm in cyber could result in significant physical harm.

group_project

Visible to the public TWC: Small: Automorphic Forms and Harmonic Analysis Methods in Lattice Cryptology

Submitted by Stephen Miller on Wed, 10/25/2017 - 9:12am

Cryptography is a fundamental part of cybersecurity, both in designing secure applications as well as understanding how truly secure they really are. Traditionally, the mathematical underpinnings of cryptosystems were based on difficult problems involving whole numbers (most famously, the apparent difficulty of factoring a product of two unknown primes back into those prime factors). More recently, several completely new types of cryptography have been proposed using the mathematical properties of lattices.

group_project

Visible to the public  TWC: Small: Automatic Techniques for Evaluating and Hardening Machine Learning Classifiers in the Presence of Adversaries

Submitted by Yanjun Qi on Wed, 10/25/2017 - 9:09am

New security exploits emerge far faster than manual analysts can analyze them, driving growing interest in automated machine learning tools for computer security. Classifiers based on machine learning algorithms have shown promising results for many security tasks including malware classification and network intrusion detection, but classic machine learning algorithms are not designed to operate in the presence of adversaries.

group_project

Visible to the public TWC: Medium: Hardware Trojans in Wireless Networks - Risks and Remedies

Submitted by Yiorgos Makris on Wed, 10/25/2017 - 9:06am

This project investigates the risks instigated by malicious hardware modifications (hardware Trojans) in the nodes of a wireless network and aims to develop remedies, thereby enabling secure deployment and fostering technology trustworthiness. Due to the lack of assurance mechanisms in the globalized integrated circuit (IC) supply chain, hardware Trojans have recently become the topic of intensified concern.

group_project

Visible to the public TWC: Medium: Handling a Trillion Unfixable Flaws on Billions of Internet-of-Things

Submitted by vsekar on Wed, 10/25/2017 - 9:03am

The Internet-of-Things (IoT) has quickly moved from concept to reality, with estimates that the number of deployed IoT devices will rise to 25 billion in 2020. However, studies show that many IoT devices have serious security vulnerabilities. Moreover, the limitations of IoT devices and scale of networks of IoT devices often make traditional IT security approaches impractical.

group_project

Visible to the public TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

Submitted by Yevgeniy Dodis on Wed, 10/25/2017 - 9:00am

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis.

group_project

Visible to the public TWC: Medium: Collaborative: Scaling and Prioritizing Market-Sized Application Analysis

Submitted by Somesh Jha on Wed, 10/25/2017 - 8:47am

The emergence of smartphones and more generally mobile platforms as a vehicle for communication, entertainment, and commerce has led to a revolution of innovation. Markets now provide a dizzying array of applications that inform and aid every conceivable human need or desire. At the same time, application markets allow previously unknown multitudes of application developers access to user devices through fast- tracked software publishing with well-documented consequent security concerns.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Vinod Ganapathy on Wed, 10/25/2017 - 8:09am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

Visible to the public TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Trent Jaeger on Wed, 10/25/2017 - 8:05am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.