Transition to Practice

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by Wenke Lee on Mon, 10/23/2017 - 2:48pm

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TTP: Medium: Securing the Wireless Philadelphia Network

Submitted by Steven Weber on Thu, 10/19/2017 - 10:56pm

The Wireless Philadelphia Network (WPN) is a metropolitan?area network (MAN) consisting of thousands of Tropos 5210 wireless mesh routers distributed across the entire city of Philadelphia and connected by a fiber backbone. This project is employing this network as a testbed to investigate three diverse security challenges facing any large-scale wireless network servicing a heterogeneous population.

group_project

Visible to the public STARSS: TTP Option: Small: A Quantum Approach to Hardware Security: from Theory to Optical Implementation

Submitted by Yaoyun Shi on Thu, 10/19/2017 - 10:48pm

The problem of ensuring that computer hardware is not surreptitiously malicious is a growing concern. The case of random number generators (RNGs) is particularly important because random numbers are foundational to information security. All current solutions in practice require trusting the hardware, and are therefore vulnerable to hardware attacks. This project explores a quantum-based solution to hardware security by designing and implementing a new class of RNGs that can prove their own integrity to the user.

group_project

Visible to the public TWC: Medium: Collaborative: New Protocols and Systems for RAM-Based Secure Computation

Submitted by Samuel Gordon on Thu, 10/19/2017 - 4:57pm

Secure computation allows users to collaboratively compute any program on their private data, while ensuring that they learn nothing beyond the output of the computation. Existing protocols for secure computation primarily rely on a boolean-circuit representation for the program being evaluated, which can be highly inefficient. This project focuses on developing secure-computation protocols in the RAM model of computation. Particularly challenging here is the need to ensure that memory accesses are oblivious, and do not leak information about private data.

group_project

Visible to the public TWC: Small: Collaborative: Secure Data Charging Architecture for Mobile Devices in 3G/4G Cellular Networks: Vulnerabilities and Solutions

Submitted by Chunyi Peng on Wed, 10/18/2017 - 7:55pm

Wireless cellular networks serve as an essential cyber-infrastructure for mobile users. Unlike the Internet, cellular networks have adopted usage-based charging, rather than the simpler flat-rate charging. Data-plan subscribers have to pay their data bills based on the consumed traffic volume in 3G/4G networks. Although this metered charging system has been operational and generally successful for years, the security study of such a system remains largely unaddressed.

group_project

Visible to the public CAREER: At-scale Analysis of Issues in Cyber-Security and Software Engineering

Submitted by jules on Wed, 10/18/2017 - 7:30pm

One of the most significant challenges in cybersecurity is that humans are involved in software engineering and inevitably make security mistakes in their implementation of specifications, leading to software vulnerabilities. A challenge to eliminating these mistakes is the relative lack of empirical evidence regarding what secure coding practices (e.g., secure defaults, validating client data, etc.), threat modeling, and educational solutions are effective in reducing the number of application-level vulnerabilities that software engineers produce.

group_project

Visible to the public CAREER: Contextual Protection for Private Data Storage and Retrieval

Submitted by Christopher Kanich on Wed, 10/18/2017 - 7:26pm

This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives. We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information.

group_project

Visible to the public  TWC: Medium: Designing Strongly Obfuscated Hardware with Quantifiable Security against Reverse Engineering

Submitted by Christof Paar on Wed, 10/18/2017 - 7:21pm

Our world has become increasingly reliant on integrated circuits (ICs). Mobile phones are deeply enmeshed in our everyday lives, we drive cars equipped with hundreds of ICs, and have come to depend on the power grid and other cyber physical systems that are controlled by ICs. Not surprisingly, the issue of securing hardware has become increasingly vital. A reverse engineering adversary may, for example, be motivated by extracting intellectual property from a circuit, cloning a design for product piracy, or creating a targeted backdoor for stealing cryptographic keys.

group_project

Visible to the public NSFSaTC-BSF: TWC: Small: Horizons of Symmetric-Key Cryptography

Submitted by Chris Peikert on Wed, 10/18/2017 - 6:57pm

Symmetric-key primitives are the lifeblood of practical cryptography, and are critical components of nearly any computer security system. The cryptographic community has developed a rich body of work on theoretically sound symmetric objects, but they are many orders of magnitude too slow for realistic usage. Thus, practitioners use fast primitives that have been designed to withstand known attacks, but which lack rigorous security guarantees based on natural mathematical problems.

group_project

Visible to the public TWC: Medium: Collaborative: Broker Leads for Privacy-Preserving Discovery in Health Information Exchange

Submitted by Carl Gunter on Wed, 10/18/2017 - 3:18pm

Support for research on distributed data sets is challenged by stakeholder requirements limiting sharing. Researchers need early stage access to determine whether data sets are likely to contain the data they need. The Broker Leads project is developing privacy-enhancing technologies adapted to this discovery phase of data-driven research. Its approach is inspired by health information exchanges that are based on a broker system where data are held by healthcare providers and collected in distributed queries managed by the broker.