TWC

Secure multi-party computation (MPC) allows several mutually untrusting parties to perform joint computations while keeping their inputs private. This project develops new techniques for constructing two-party secure computation protocols with low communication overhead. Building on the Principal Investigator's prior work for constructing special-purpose secure MPC protocols for greedy algorithms, this project develops new techniques that exploit the algorithmic structure of a function in order to develop more efficient secure computation protocols.

Much of the internet's business is conducted with dynamically generated documents --- HTML pages, SQL queries, and execution scripts --- that are generated on-the-fly by document-generator scripts written in PHP, Javascript, and JSP. The situation is a threat to internet security because the document-generator scripts are often faulty, generating malformed documents that are vulnerable to attackers.

Performing financial transactions on a smartphone raises a number of security concerns. How can a bank be certain that a request is authentic? How do we prevent the same transaction to be unintentionally repeated? How can we ensure your sensitive information cannot be copied even if a phone is lost? Strong hardware security functions such as device fingerprints and true random number generators are essential in addressing these questions. However, traditional hardware security functions are difficult and expensive to build.

There are very few publicly available network traces that contain application-level data, because of the enormous privacy risk that sharing such data creates. Application-level data is rich with personal and private information, such as human names, social security numbers, etc. that criminals can monetize. Yet such data is necessary for realistic testing of research products, and for understanding trends in the domain of networking and network applications.

Maintaining the security of one's systems and devices in a way that ensures the right balance between functionality, security, and convenience remains complicated for most people. For example, people are routinely asked by their systems whether to accept a security certificate, install an application, heed security warnings, or reconfigure operating-system security settings. While these examples represent situations in which people regularly find themselves, people rarely have any basis to make an informed decision or to establish one conveniently.