Protect

Side channels in the security domain are known to be challenging to discover and eliminate systematically. Nevertheless, they can lead to a variety of stealthy attacks seriously compromising cybersecurity. This work focuses on an important class of side channels that are fundamental to the operations of networked systems.

Loss of personal data or leakage of corporate data via apps on mobile devices poses a significant risk to users. It can have both a huge personal and financial cost. This work is designing new novel techniques to help reduce the risks for end-users who use a single device for multiple spheres of activity. Getting security right when a single device is used for multiple spheres of activity is a major research challenge, with unforeseen information flows between various subsystems that are currently difficult to control.

Data structures have a prominent modern computational role, due to their wide applicability, such as in database querying, web searching, and social network analysis. This project focuses on the interplay of data structures with security protocols, examining two different paradigms: the security for data structures paradigm (SD) and the data structures for security paradigm (DS).

As wireless technologies become more pervasive, it becomes increasingly important for devices to authenticate the locations of other devices. For example, patients with implantable medical devices (IMDs) may reasonably expect that any device used to control their IMD would have to be within arm's reach, to help prevent unauthorized access to their device. In other words, IMDs should enforce policies based on the proximity, and in general the location, of wirelessly connected devices.

The telephony system, which enabled near universal voice communication, has undergone a dramatic change due to technological advances and legal and regulatory changes. Although these changes offer many benefits, including low cost calling and richer functionality, they have introduced new vulnerabilities that can seriously undermine the trust people have in transactions conducted over the telephony channel. In fact, caller impersonation and social engineering over the phone are increasingly being used to commit fraud and steal credentials for online account takeovers.