Assure Information Flows

group_project

TWC: Small: Secure Near Field Communications between Mobile Devices

Submitted by Kai Zeng on Tue, 11/14/2017 - 11:20am

By the end of this decade, it is estimated that Internet of Things (IoT) could connect as many as 50 billion devices. Near Field Communication (NFC) is considered as a key enabler of IoT. Many useful applications are supported by NFC, including contactless payment, identification, authentication, file exchange, and eHealthcare, etc. However, securing NFC between mobile devices faces great challenges mainly because of severe resource constraints on NFC devices, NFC systems deployed without security, and sophisticated adversaries.

group_project

TWC: Medium: Collaborative: Hiding Hay in a Haystack: Integrating Censorship Resistance into the Mainstream Internet

Submitted by Joan Feigenbaum on Tue, 11/14/2017 - 10:44am

Freedom and openness of the Internet are under threat. Government censors in non-democratic countries are deploying network filters to block sources of uncensored information, suppress dissent, and prevent citizens from using the Internet to exercise their human rights such as freedom of speech and freedom of assembly.

group_project

TWC: Medium: Collaborative: Development and Evaluation of Next Generation Homomorphic Encryption Schemes

Submitted by Jeffrey Hoffstein on Tue, 11/14/2017 - 9:43am

Fully homomorphic encryption (FHE) is a promising new technology that enables an untrusted party to efficiently compute directly on ciphertexts. For instance, with FHE a cloud server without access to the user's encrypted content can still provide text search services. An efficient FHE scheme would significantly improve the security of sensitive user data stored and processed on cloud servers. Significant progress has been made in bringing FHE proposals closer to practice.

group_project

TWC: Medium: A Layered Approach to Securing Web Services

Submitted by Jon Solworth on Tue, 11/14/2017 - 6:02am

The modern web experience is dynamic, providing users with a highly responsive interface through which to interact with the world. Today's mechanisms allow servers---even those which are controlled by an attacker---to download arbitrary programs into a user's browser. It is extraordinarily difficult to secure the web browser (and its user) against attack in this scenario. While tools and techniques are useful to analyze and restrict downloaded code, they are by their very nature incomplete. As a result, the security of web services relies on a series of ad hoc, service-provided techniques.

group_project

TWC: Small: Privacy Preserving Outlier Detection and Recognition

Submitted by Jaideep Vaidya on Mon, 11/13/2017 - 3:34pm

Big data analytics can revolutionize innovation and productivity across diverse domains. However, this requires sharing or joint analysis of data, which is often inhibited due to privacy and security concerns. While techniques have been developed to enable the safe use of data for analysis, none of these work for the critical task of outlier detection. Outlier detection is one of the most fundamental data analysis tasks, useful in applications as far ranging as homeland security, to medical informatics, to financial fraud.

group_project

EAGER: Understanding the Strategic Values of Privacy Practices in Organizations

Submitted by Gwendolyn Lee on Mon, 11/13/2017 - 7:52am

As companies collect consumer data in increasingly larger quantity and mine the data more deeply, trade-offs arise with respect to companies' practices about information privacy. A company may choose practices that augment targeted advertisements or services. However, the financial rewards associated with privacy practices are highly uncertain, since they are affected by a company's competition with rivals.

group_project

TWC: Medium: Toward Trustworthy Mutable Replay for Security Patches

Submitted by Gail Kaiser on Mon, 11/13/2017 - 6:43am

Society is increasingly reliant on software, but deployed software contains security vulnerabilities and other bugs that can threaten privacy, property and even human lives. When a security vulnerability or critical error is discovered, a software patch is issued to attempt to fix the problem, but patches themselves can be incorrect, inadequate, and break necessarily functionality.

group_project

TWC: Small: Workflows and Relationships for End-to-End Data Security in Collaborative Applications

Submitted by Dominic Duggan on Tue, 11/07/2017 - 5:56am

Access control refers to mechanisms for protecting access to confidential information, such as sensitive medical data. Management of access control policies, in applications that involve several collaborating parties, poses several challenges. One of these is in ensuring that each party in such a collaboration only obtains the minimal set of access permissions that they require for the collaboration. In a domain such as healthcare, it may be critical that access be minimized in this way, rather than allowing all parties equal access to the sensitive information.

group_project

TWC SBE: Medium: Collaborative: A Socio-Technical Approach to Privacy in a Camera-Rich World

Submitted by Denise Anthony on Tue, 10/31/2017 - 5:06am

Cameras are now pervasive on consumer devices, including smartphones, laptops, tablets, and new wearable devices like Google Glass and the Narrative Clip lifelogging camera.

group_project

TWC: Small: Theory and Practice of Tweakable-Blockcipher-Based Cryptography

Submitted by Thomas Shrimpton on Wed, 10/25/2017 - 2:54pm

Blockciphers are the basic building block of shared-key cryptography. However, for certain important cryptographic goals, like building encryption schemes, the interface presented by blockciphers is limiting. A more modern primitive, the tweakable blockcipher (TBC), is often a better fit. Like a blockcipher, a TBC takes as input a secret key, a block of data and the tweak which is an additional input which provides variability to the TBC's input-output behavior without having to change the secret key.