Research Infrastructure

group_project

Visible to the public CAREER: Non-Black-Box Cryptography: Defending Against and Benefiting from Access to Code

Submitted by danadach on Mon, 10/23/2017 - 6:41pm

Cryptography is an essential and widespread tool for providing information security. Traditional cryptographic models assume only black-box, or input/output access to devices, thereby limiting the class of attacks. In practice, an attacker may obtain non-black-box access to a device and attack a particular algorithm or specific implementation such as through timing or fault injection attacks. Exploiting non-black-box access has been a remarkably effective technique for compromising cryptosystems.

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

Submitted by Wenke Lee on Mon, 10/23/2017 - 1:48pm

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TWC SBE: Small: Establishing market based mechanisms for CYBer security information EXchange (CYBEX)

Submitted by Shamik Sengupta on Mon, 10/23/2017 - 1:43pm

Robust cybersecurity information sharing infrastructure is required to protect the firms from future cyber attacks which might be difficult to achieve via individual effort. The United States federal government clearly encourage the firms to share their discoveries on cybersecurity breach and patch related information with other federal and private firms for strengthening the nation's security infrastructure.

group_project

Visible to the public STARSS: Small: Trapdoor Computational Fuzzy Extractors

Submitted by Srini Devadas on Thu, 10/19/2017 - 9:39pm

Fuzzy extractors convert biometric data into reproducible uniform random strings, and make it possible to apply cryptographic techniques for biometric security. They are used to encrypt and authenticate user data with keys derived from biometric inputs. This research investigates how hardware security primitives can have provable cryptographic properties, a connection which is largely lacking in currently available hardware primitives.

group_project

Visible to the public STARSS: Small: Collaborative: Zero-Power Dynamic Signature for Trust Verification of Passive Sensors and Tags

Submitted by Shantanu Chakraba... on Wed, 10/18/2017 - 3:13pm

As passive tagging technologies like RFID become more economical and ubiquitous, it can be envisioned that in the future, millions of sensors integrated with these tags could become an integral part of the next generation of smart infrastructure and the overall concept of internet-of-things. As a result, securing these passive assets against data theft and counterfeiting would become a priority, reinforcing the importance of the proposed dynamic authentication techniques.

group_project

Visible to the public  STARSS: Small: Automatic Synthesis of Verifiably Secure Hardware Accelerators

Submitted by Zhiru Zhang on Wed, 10/18/2017 - 3:08pm

Specialized hardware accelerators are growing in popularity across the computing spectrum from mobile devices to datacenters. These special-purpose hardware engines promise significant improvements in computing performance and energy efficiency that are essential to all aspects of modern society. However, hardware specialization also comes with added design complexity and introduces a host of new security challenges, which have not been adequately explored.

group_project

Visible to the public TWC: Medium: Collaborative: Broker Leads for Privacy-Preserving Discovery in Health Information Exchange

Submitted by Carl Gunter on Wed, 10/18/2017 - 2:18pm

Support for research on distributed data sets is challenged by stakeholder requirements limiting sharing. Researchers need early stage access to determine whether data sets are likely to contain the data they need. The Broker Leads project is developing privacy-enhancing technologies adapted to this discovery phase of data-driven research. Its approach is inspired by health information exchanges that are based on a broker system where data are held by healthcare providers and collected in distributed queries managed by the broker.

group_project

Visible to the public SaTC: STARSS: Collaborative: IPTrust: A Comprehensive Framework for IP Integrity Validation

Submitted by Swarup Bhunia on Wed, 10/18/2017 - 10:20am

To reduce production cost while meeting time-to-market constraints, semiconductor companies usually design hardware systems with reusable hardware modules, popularly known as Intellectual Property (IP) blocks. Growing reliance on these hardware IPs, often gathered from untrusted third-party vendors, severely affects the security and trustworthiness of the final system. The hardware IPs acquired from external sources may come with deliberate malicious implants, undocumented interfaces working as hidden backdoor, or other integrity issues.

group_project

Visible to the public TWC: Medium: Collaborative: Development and Evaluation of Next Generation Homomorphic Encryption Schemes

Submitted by Berk Sunar on Tue, 10/17/2017 - 4:37pm

Fully homomorphic encryption (FHE) is a promising new technology that enables an untrusted party to efficiently compute directly on ciphertexts. For instance, with FHE a cloud server without access to the user's encrypted content can still provide text search services. An efficient FHE scheme would significantly improve the security of sensitive user data stored and processed on cloud servers. Significant progress has been made in bringing FHE proposals closer to practice.

group_project

Visible to the public TWC SBE: Option: Frontier: Collaborative: Towards Effective Web Privacy Notice and Choice: A Multi-Disciplinary Prospective

Submitted by Barbara van Schewick on Mon, 10/16/2017 - 5:20pm

Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. Yet, there is ample evidence that users generally do not read these policies and that those who occasionally do struggle to understand what they read. Initiatives aimed at addressing this problem through the development of machine implementable standards or other solutions that require website operators to adhere to more stringent requirements have run into obstacles, with many website operators showing reluctance to commit to anything more than what they currently do.

Outcomes Report URL: 
https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_win...