Transition to Practice

group_project

Visible to the public TWC: Large: Collaborative: Living in the Internet of Things

Submitted by Tadayoshi Kohno on Tue, 10/24/2017 - 1:51pm

More and more objects used in daily life have Internet connectivity, creating an "Internet of Things" (IoT). Computer security and privacy for an IoT ecosystem are fundamentally important because security breaches can cause real and significant harm to people, their homes, and their community.

group_project

Visible to the public CAREER: Cryptography for Secure Outsourcing

Submitted by David Cash on Tue, 10/24/2017 - 12:31am

Individuals and organizations routinely trust third party providers to hold sensitive data, putting it at risk of exposure. While the data could be encrypted under a key that is kept secret from the provider, it rarely is, due to the inconvenience and increased cost of managing the cryptography. This project will develop technologies for working with encrypted data efficiently and conveniently. In particular, it will enable searching on encrypted data, which is prevented by currently deployed encryption, and running arbitrary programs efficiently on encrypted data.

group_project

Visible to the public SaTC: An Architecture for Restoring Trust in Our Personal Computing Systems

Submitted by David August on Tue, 10/24/2017 - 12:03am

Computers today are so complex and opaque that a user cannot possibly hope to know, let alone trust, everything occurring within the machine. While software security techniques help ensure the integrity of user computations, they are only as trustworthy as the underlying hardware. Even though many proposals provide some relief to the problem of hardware trust, the user must ultimately rely on the assurances of other parties. This work restores hardware trust through a simple, small, and slow pluggable hardware element.

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

Submitted by Daniel Wichs on Mon, 10/23/2017 - 11:46pm

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

group_project

Visible to the public EAGER: Transparency Bridges: Exploring Transparency Requirements in Smartphone Ecosystems

Submitted by Danny Weitzner on Mon, 10/23/2017 - 11:36pm

Transparency Bridges undertakes a cross-cultural investigation of the differences in privacy attitudes between the US and the EU, as a means of exploring the design requirements for user control mechanisms. We (1) investigate the currently available mechanisms in smartphone ecosystems to inform people of collection and use of their personal data, (2) examine how these mechanisms comply with US and EU data privacy legal frameworks, and (3) analyze how different mechanisms respond to requirements in both jurisdictions.

group_project

Visible to the public STARSS: Small: SecureDust - The Physical Limits of Information Security

Submitted by Daniel Holcomb on Mon, 10/23/2017 - 11:25pm

Truly ubiquitous computing with very small, self-powered and wirelessly networked integrated circuits will become possible within a decade. Applications of these devices include biosensors, environmental monitors, and defense, all of which bring a need for security and privacy. Enabling the use of strong cryptographic algorithms on extremely constrained devices requires rethinking, from an energy-first perspective, the design and implementation of basic cryptographic building blocks.

group_project

Visible to the public TWC: Small: Analysis and Tools for Auditing Insider Accesses

Submitted by Daniel Fabbri on Mon, 10/23/2017 - 8:00pm

Compliance officers specify organizations' policies and procedures for mitigating risk to sensitive data. However, demands for employees' quick access to organizational data often limit which security technologies can be deployed. As a result, many organizations configure an open access environment in which authenticated employees can access any piece of data (e.g., a common practice across health care facilities).

group_project

Visible to the public TWC: Option: Medium: Collaborative: Authenticated Ciphers

Submitted by Daniel Bernstein on Mon, 10/23/2017 - 7:45pm

OpenSSH reveals excerpts from encrypted login sessions. TLS (HTTPS) reveals encrypted PayPal account cookies. DTLS is no better. EAXprime allows instantaneous forgeries. RFID security has been broken again and again. All of these failures of confidentiality and integrity are failures of authenticated ciphers: algorithms that promise to encrypt and authenticate messages using a shared secret key.

group_project

Visible to the public TWC: Small: Managing User-Level Compromises in Enterprise Networks

Submitted by Craig Shue on Mon, 10/23/2017 - 7:09pm

Organizations need to protect their computer systems from attackers. They often group their own computers into risk pools to reduce threat propagation and monitor the communication between these groups. Unfortunately, this boundary monitoring is unable to see traffic within groups and, since each monitor is segmented, they cannot form a holistic picture of the entire network. Finally, modern approaches must examine network traffic in isolation, without the ability to know what action on the originating computer caused it.