Develop System Design Methods

group_project

Visible to the public TTP: Small: Collaborative: Defending Against Website Fingerprinting in Tor

Submitted by RDingledine on Fri, 10/13/2017 - 2:39pm

The more people use the Internet, the more they risk sharing information they don't want other people to know. Tor is a technology that every day helps millions of people protect their privacy online. Tor users -- ranging from ordinary citizens to companies with valuable intellectual property -- gain protection for the content of their online messages and activities, as well as whom they interact with and when. For the most part, Tor is very secure. However, it has a known vulnerability to an attack called website fingerprinting.

group_project

Visible to the public TWC: Medium: Collaborative: Privacy-Preserving Distributed Storage and Computation

Submitted by Roberto Tamassia on Fri, 10/13/2017 - 2:34pm

This project aims at developing efficient methods for protecting the privacy of computations on outsourced data in distributed settings. The project addresses the design of an outsourced storage framework where the access pattern observed by the storage server gives no information about the actual data accessed by the client and cannot be correlated with external events. For example, the server cannot determine whether a certain item was previously accessed by the client or whether a certain algorithm is being executed.

group_project

Visible to the public TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

Submitted by Ran Canetti on Thu, 10/12/2017 - 3:13pm

The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees.

group_project

Visible to the public SaTC-BSF: TWC: Small: Using Individual Differences to Personalize Security Mitigations

Submitted by Serge Egelman on Wed, 10/11/2017 - 4:07pm

Over the past decade, people have realized that failure to account for human factors has resulted in many software security problems. Yet, when software does feature user-centric design, it takes into account average user behavior rather than catering to the individual. Thus, systems designers have gone from designing for security experts to now appealing to the least common denominator.

group_project

Visible to the public NSFSaTC-BSF: TWC: Small: Cryptography and Communication Complexity

Submitted by Rafail Ostrovsky on Wed, 10/11/2017 - 2:27pm

Current cloud based systems enable distributed access to both information and computational resources. In this setting, it is imperative to have secure communication, and powerful and expensive cryptographic techniques have been proposed to address this issue. A severely limiting factor, however, is that these methods for securely accessing or processing data between participating parties can result in communication overheads when processing large amounts of data.

group_project

Visible to the public NSFSaTC-BSF: TWC: Small: Practical Plausibly Deniable Encryption through Low-Level Storage Device Behavior

Submitted by Radu Sion on Wed, 10/11/2017 - 2:25pm

Plausibly deniable encryption is the ability to hide that given data is on a device, whether the ability exists to decrypt it, or even that the data exists. Plausible deniability is a powerful property to protect data on devices the user has lost physical control over, such as protecting consumers from accidental mass disclosures of private data through misplaced devices. This issue is of particular concern for anyone who travels internationally with sensitive data, including human rights workers, diplomats, military personnel, or even business travelers.

group_project

Visible to the public TTP: Medium: A Campus Pilot For A Privacy-Enabled Cloud Storage, Search, and Collaboration Portal for Education

Submitted by Radu Sion on Wed, 10/11/2017 - 2:23pm

As higher education institutions consider moving services to the cloud to save costs and improve collaboration, significant challenges to successful large-scale adoption still exist. Institutions are unwilling to risk cloud deployment because provable technological defenses have thus far been lacking. Control over sensitive data is relinquished without the institution's knowledge, liability is shifted and data breach risks are significantly increased. Further, regulatory-sensitive data has become an increasingly attractive target.

group_project

Visible to the public TWC: Option: Medium: Collaborative: Authenticated Ciphers

Submitted by Phillip Rogaway on Wed, 10/11/2017 - 1:57pm

OpenSSH reveals excerpts from encrypted login sessions. TLS (HTTPS) reveals encrypted PayPal account cookies. DTLS is no better. EAXprime allows instantaneous forgeries. RFID security has been broken again and again. All of these failures of confidentiality and integrity are failures of authenticated ciphers: algorithms that promise to encrypt and authenticate messages using a shared secret key.