Human Aspects

The Public Key Infrastructure (PKI), along with the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, are responsible for securing Internet transactions such as banking, email, and e-commerce; they provide users with the ability to verify with whom they are communicating online, and enable encryption of those communications. While the use of the PKI is mostly automated, there is a surprising amount of human intervention in management tasks that are crucial to its proper operation.

Internet users may have compelling reasons to seek anonymity online, for example, to discuss stigmatizing issues with others like themselves, or to express dissident opinions. This project studies what people believe it means to be anonymous online, how their privacy and security are affected by their strategies to achieve anonymity, and how they are likely to use new anonymity services. These questions are important because the traceability of users? actions across sites and contexts is ever greater, increasing risks for users who may misjudge their actual anonymity.

Database Management Systems (DBMS) have been used to store and process data in organizations for decades. Larger organizations use a variety of databases (commercial, open-source or custom-built) for different departments. However, neither users nor Database Administrators (DBAs) know exactly where the data is stored on the system or how it is processed. Most relational databases store internal data using universal principles that can be inferred and captured.

Over 80 million households in the United States have a home computer and an Internet connection. The vast majority of these are overseen by people who have little computer security knowledge or training, and many users try to avoid making security decisions because they feel they don't have the knowledge and skills to maintain proper security. Nevertheless, home computer users still make security-related decisions on a regular basis --- for example, whether or not to click on a link in an email message --- without being aware that is what they are doing.

Informally speaking, Secure Multi-Party Computation (SMPC) allows two or more parties to jointly compute some function on their private inputs in a distributed fashion (i.e., without the involvement of a trusted third party) such that none of the parties learns anything beyond its dedicated output and what it can deduce from considering both this output and its own private input. Since its inception in 1982 by Yao, SMPC has advanced greatly and over the years a large body of work has been developed.