Protect

Human beings have evolved to detect and react to threats in their physical environment, and have developed perceptual systems selected to assess these physical stimuli for current, material risks. In cyberspace, the same stimuli are often absent, subdued, or deliberately manipulated by malicious third parties. Hence, security and privacy concerns that would normally be activated in the offline world may remain muted, and defense behaviors may be hampered.

Physical side channels pose a big threat to the security of embedded hardware. The differential power analysis (DPA) attack is a well known side channel threat which exploits the linear dependence of the power on the secret data or an intermediate value correlated to the secret data through statistical model building. This project addresses the DPA vulnerability by deploying a technology cell library consisting of private gates. The technique developed will make embedded hardware less vulnerable to side-channel attacks, thereby securing private user data and transactions.

To date, the application of quantitative security and privacy metrics metrics has seen its greatest successes when exploring the worst-case properties of a system. That is, given a powerful adversary, to what extent does the system preserve some relevant set of properties? While such analyses allow experts to build systems that are resistant to strong attackers, many deployed systems were not designed in this manner. In fact, there is growing evidence that users' privacy is routinely compromised as a byproduct of using social, participatory, and distributed applications.

The more people use the Internet, the more they risk sharing information they don't want other people to know. Tor is a technology that every day helps millions of people protect their privacy online. Tor users -- ranging from ordinary citizens to companies with valuable intellectual property -- gain protection for the content of their online messages and activities, as well as whom they interact with and when. For the most part, Tor is very secure. However, it has a known vulnerability to an attack called website fingerprinting.

This project aims at developing efficient methods for protecting the privacy of computations on outsourced data in distributed settings. The project addresses the design of an outsourced storage framework where the access pattern observed by the storage server gives no information about the actual data accessed by the client and cannot be correlated with external events. For example, the server cannot determine whether a certain item was previously accessed by the client or whether a certain algorithm is being executed.