Scientific Foundations

group_project

Visible to the public CAREER: Trustworthy Social Systems Using Network Science

Submitted by mittal on Wed, 10/11/2017 - 2:01pm

Social media systems have transformed our societal communications, including news discovery, recommendations, societal interactions, E-commerce, as well as political and governance activities. However, the rising popularity of social media systems has brought concerns about security and privacy to the forefront. This project aims to design trustworthy social systems by building on the discipline of network science.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance

Submitted by Phillipa Gill on Wed, 10/11/2017 - 1:58pm

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

group_project

Visible to the public TWC: Option: Medium: Collaborative: Authenticated Ciphers

Submitted by Phillip Rogaway on Wed, 10/11/2017 - 1:57pm

OpenSSH reveals excerpts from encrypted login sessions. TLS (HTTPS) reveals encrypted PayPal account cookies. DTLS is no better. EAXprime allows instantaneous forgeries. RFID security has been broken again and again. All of these failures of confidentiality and integrity are failures of authenticated ciphers: algorithms that promise to encrypt and authenticate messages using a shared secret key.

group_project

Visible to the public TWC: Small: Collaborative: Towards Agile and Privacy-Preserving Cloud Computing

Submitted by Peng Liu on Wed, 10/11/2017 - 1:47pm

Cloud computing offers many benefits to users, including increased availability and flexibility of resources, and efficiency of equipment. However, privacy concerns are becoming a major barrier to users transitioning to cloud computing. The privilege design of existing cloud platforms creates great challenges in ensuring the trustworthiness of cloud by granting too much power to the cloud administrators, who could launch serious insider attacks by abusing the administrative privileges.

group_project

Visible to the public SBE: Small: Protecting Privacy in Cyberspace: From Neuroscience Investigations to Behavioral Interventions

Submitted by Paul Pavlou on Wed, 10/11/2017 - 1:44pm

A key characteristic of cyberspace is the collection of large amounts of data, and people's privacy becomes vulnerable given the hyper-connectivity of cyberspace and the ease of accessing data. This project aims to enhance the safety and trustworthiness of cyberspace by designing choice architecture interventions informed by the neural processes underlying privacy to help people make better decisions about their privacy in cyberspace.

group_project

Visible to the public TWC: Small: Designing Strong End-to-End Authentication Mechanisms for Modern Telephony Systems

Submitted by Patrick Traynor on Wed, 10/11/2017 - 12:55pm

Telephony is the dominant means of digital communication across the globe. With more than six billion users worldwide, these systems represent the only communications infrastructure available to the majority of people on the planet. Authentication has traditionally been the most central security issue for telephony providers. Tied directly to the billing process, authentication ensures that providers are able to correctly charge specific parties for their network usage.

group_project

Visible to the public TWC: Small: Evaluating and Improving Security in Emerging Branchless Banking Systems

Submitted by Patrick Traynor on Wed, 10/11/2017 - 12:51pm

Branchless banking brings much-needed financial services to the unbanked in both the developing and developed worlds. Leveraging ubiquitous cellular networks, these services are now being deployed as smart phone apps, providing an electronic payment infrastructure where alternatives such as credit cards generally do not exist. Over 30% of the GDP in many such nations can now be attributed to branchless banking applications, many of which now perform more transactions per month than traditional payment processors including PayPal.

group_project

Visible to the public TWC: Medium: Digital Healthcare-Associated Infection: Measurement, Defense and Prevention in a Modern Digital Healthcare Ecosystem

Submitted by Patrick Traynor on Wed, 10/11/2017 - 12:49pm

The pace of digitization and interconnection of hospital systems has increased tremendously as recent healthcare legislation has encouraged the interoperation of medical record systems. In addition to ordinary business operations data, hospital enterprise networks now carry patient record data and life-critical data streams from therapy systems (e.g., nuclear medicine, dialysis clinical systems). Unfortunately, the security implications of interconnecting such life-critical systems has been largely unstudied.

group_project

Visible to the public SaTC: STARSS: FAME: Fault-attack Awareness using Microprocessor Enhancements

Submitted by schaum on Wed, 10/11/2017 - 12:18pm

With the tremendous growth of sensitive and security-critical processing on embedded and pervasive platforms, the threat model for secure electronics is expanding from software into hardware. A wide range of fault attacks, based on physical manipulation of the electronics operating environment, is now available to the adversary.

group_project

Visible to the public SBE: Medium: Towards Personalized Privacy Assistants

Submitted by Norman Sadeh on Wed, 10/11/2017 - 11:14am

Whether it is on their smartphones, in their browsers or on social networks, people are confronted with an increasingly unmanageable number of privacy settings. What is needed is a new, more scalable paradigm that empowers them to regain control over the collection and use of their data. This is particularly the case for mobile apps people download on their smartphones. These apps have been shown to collect and share a wide variety of sensitive data, with users unable to keep up.