Develop Approaches

group_project

TWC: Small: Hardware Security for Embedded Computing Systems

Submitted by Tilman Wolf on Wed, 10/25/2017 - 10:51am

Embedded processing systems are widely used in many devices and systems that are essential for daily life. These embedded systems are increasingly connected to networks for control and data access, which also exposes them to remotely launched malicious attacks. It is of paramount importance to develop embedded processing systems that are hardened to withstand these remote attacks while continuing to operate effectively.

group_project

TWC: Small: Exposing Attack Vectors and Identifying Defense Solutions for Data Cellular Networks

Submitted by Zhuoqing Mao on Wed, 10/25/2017 - 10:45am

This project addresses several key emerging security challenges that arise due to the wildly successful large-scale adoption of mobile devices with diverse network capabilities. The novel approach focuses on to understanding how various information that are legitimately and willingly provided by smartphone users due to the requested permissions of downloaded applications can be potentially abused. The second research focus is to identify improvements in the design of cellular network middlebox (e.g., firewall) policies by detailed exposure and explicitly defining the key requirements.

group_project

TWC: Medium: Hardware Trojans in Wireless Networks - Risks and Remedies

Submitted by Yiorgos Makris on Wed, 10/25/2017 - 8:06am

This project investigates the risks instigated by malicious hardware modifications (hardware Trojans) in the nodes of a wireless network and aims to develop remedies, thereby enabling secure deployment and fostering technology trustworthiness. Due to the lack of assurance mechanisms in the globalized integrated circuit (IC) supply chain, hardware Trojans have recently become the topic of intensified concern.

group_project

TWC: Medium: Handling a Trillion Unfixable Flaws on Billions of Internet-of-Things

Submitted by vsekar on Wed, 10/25/2017 - 8:03am

The Internet-of-Things (IoT) has quickly moved from concept to reality, with estimates that the number of deployed IoT devices will rise to 25 billion in 2020. However, studies show that many IoT devices have serious security vulnerabilities. Moreover, the limitations of IoT devices and scale of networks of IoT devices often make traditional IT security approaches impractical.

group_project

TWC: Medium: Collaborative: The Theory and Practice of Key Derivation

Submitted by Yevgeniy Dodis on Wed, 10/25/2017 - 8:00am

Most cryptographic applications crucially rely on secret keys that are chosen randomly and are unknown to an attacker. Unfortunately, the process of deriving secret keys in practice is often difficult, error-prone and riddled with security vulnerabilities. Badly generated keys offer a prevalent source of attacks that render complex cryptographic applications completely insecure, despite their sophisticated design and rigorous mathematical analysis.

group_project

TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

Submitted by Serge Egelman on Wed, 10/25/2017 - 7:50am

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others.

group_project

TWC: Medium: Collaborative: Retrofitting Software for Defense-in-Depth

Submitted by Trent Jaeger on Wed, 10/25/2017 - 7:05am

The computer security community has long advocated the concept of building multiple layers of defense to protect a system. Unfortunately, it has been difficult to realize this vision in the practice of software development, and software often ships with inadequate defenses, typically developed in an ad hoc fashion.

group_project

TWC: Medium: Automating Countermeasures and Security Evaluation Against Software Side-channel Attacks

Submitted by Yunsi Fei on Tue, 10/24/2017 - 12:56pm

Side-channel attacks (SCA) have been a realistic threat to various cryptographic implementations that do not feature dedicated protection. While many effective countermeasures have been found and applied manually, they are application-specific and labor intensive. In addition, security evaluation tends to be incomplete, with no guarantee that all the vulnerabilities in the target system have been identified and addressed by such manual countermeasures.

group_project

TWC: Small: Analysis and Tools for Auditing Insider Accesses

Submitted by Daniel Fabbri on Mon, 10/23/2017 - 7:00pm

Compliance officers specify organizations' policies and procedures for mitigating risk to sensitive data. However, demands for employees' quick access to organizational data often limit which security technologies can be deployed. As a result, many organizations configure an open access environment in which authenticated employees can access any piece of data (e.g., a common practice across health care facilities).

group_project

STARSS: TTP Option: Small: A Quantum Approach to Hardware Security: from Theory to Optical Implementation

Submitted by Yaoyun Shi on Thu, 10/19/2017 - 9:48pm

The problem of ensuring that computer hardware is not surreptitiously malicious is a growing concern. The case of random number generators (RNGs) is particularly important because random numbers are foundational to information security. All current solutions in practice require trusting the hardware, and are therefore vulnerable to hardware attacks. This project explores a quantum-based solution to hardware security by designing and implementing a new class of RNGs that can prove their own integrity to the user.