ISG

As records of individuals' activities become increasingly computerized and linked, privacy becomes an ever more challenging problem. It is especially challenging when legitimate security needs require the ability to link different transactions and even obtain details about the individuals involved. The focus of this project is on cryptographic technologies that achieve a compromise: transaction records should be anonymous until special circumstances (such as wrong-doing on the part of a particular individual, or an emergency that requires special measures) arise.

Secure applications require trustworthy hardware for successful deployment. A trustworthy hardware device (e.g., a smart card) should maintain its security properties even against efforts at probing and reverse engineering; moreover, sensitive data stored on a trustworthy hardware device should be protected at all times. Side-channels attacks are used to learn the secrets stored by a device through monitoring the side effects of its computation. The well known power side-channel attack uses the effect that a cryptographic key has on the power waveform as the cipher runs.

This research project focuses on the development of cryptographic mathematical models and constructions that address realistic security requirements at the implementation level. This is a fundamental problem as cryptographic security formalisms are often criticized for lack of relevance given the wide range of attacks available at the implementation level.

Secure applications require trustworthy hardware for successful deployment. A trustworthy hardware device (e.g., a smart card) should maintain its security properties even against efforts at probing and reverse engineering; moreover, sensitive data stored on a trustworthy hardware device should be protected at all times. Side-channels attacks are used to learn the secrets stored by a device through monitoring the side effects of its computation. The well known power side-channel attack uses the effect that a cryptographic key has on the power waveform as the cipher runs.

When systems rely on a "human in the loop" to carry out a security-critical function, cyber trust indicators are often employed to communicate when and how to perform that function. Indicators typically serve as warnings or status indicators that communicate information, remind users of information previously communicated, and influence behavior. They include a variety of security- and privacy-related symbols in the operating system status bar or browser chrome, pop-up alerts, security control panels, or symbols embedded in web content.