Protect

This project aims to address privacy concerns of smartphone users. In particular, it investigates how the usages of the smartphone applications (apps) may reshape users' privacy perceptions and what is the implication of such reshaping. There has been recent work that investigates privacy leakage and potential defense mechanisms. However, so far there is only limited understanding on the consequences of such privacy losses, especially when large amount of privacy information leaked from smartphone users across many apps.

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security.

End-users' online behavior can significantly affect the reliability and security of next-generation software systems. For instance, skipping repeated requests to update software or ignoring security warnings while visiting unknown websites, while extremely dangerous, are not uncommon. Although end-users' actions (or inactions) often open up the opportunity for cyber-attacks, the lack of emotional appeals and poor design of the current software update/warning messages are to blame to a large extent for such risky behavior, which is addressed as follows.

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.

Software is responsible for many critical government, business, and educational functions. This project aims to develop new methods for finding and repairing some of the most challenging, poorly understood security vulnerabilities in modern software that have the potential to jeopardize the security and reliability of the nation's cyber infrastructure.