Privacy, applied

group_project

Visible to the public CAREER: Finding Levers for Privacy and Security by Design in Mobile Development

Mobile data are one of the fastest emerging forms of personal data. Ensuring the privacy and security of these data are critical challenges for the mobile device ecosystem. Mobile applications are easy to build and distribute, and can collect a large variety of sensitive personal data. Current approaches to protecting this data rely on security and privacy by design: encouraging developers to proactively implement security and privacy features to protect sensitive data.

group_project

Visible to the public EAGER: Collaborative: Design, Perception, and Action - Engineering Information Give-Away

The design of social media interfaces greatly shapes how much, and when, people decide to reveal private information. For example, a designer can highlight a new system feature (e.g., your travel history displayed on a map) and show which friends are using this new addition. By making it seem as if sharing is the norm -- after all, your friends are doing it -- the designer signals to the end-user that he can and should participate and share information.

group_project

Visible to the public EAGER: TWC: Collaborative: iPrivacy: Automatic Recommendation of Personalized Privacy Settings for Image Sharing

The objective of this project is to investigate a comprehensive image privacy recommendation system, called iPrivacy (image Privacy), which can efficiently and automatically generate proper privacy settings for newly shared photos that also considers consensus of multiple parties appearing in the same photo. Photo sharing has become very popular with the growing ubiquity of smartphones and other mobile devices.

group_project

Visible to the public TWC: Small: Practical Assured Big Data Analysis in the Cloud

The use of "cloud technologies" presents a promising avenue for the requirements of big data analysis. Security concerns however represent a major impediment to the further adoption of clouds: through the sharing of cloud resources, an attack succeeding on one node can tamper with many applications sharing that node.

group_project

Visible to the public TWC: Small: Collaborative: RUI: Towards Energy-Efficient Privacy-Preserving Active Authentication of Smartphone Users

Common smartphone authentication mechanisms such as PINs, graphical passwords, and fingerprint scans offer limited security. They are relatively easy to guess or spoof, and are ineffective when the smartphone is captured after the user has logged in. Multi-modal active authentication addresses these challenges by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction, hand movements, gait, voice, and phone location.

group_project

Visible to the public Forum on Cyber Resilience

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.

group_project

Visible to the public TWC: Small: Developing Advanced Digital Forensic Tools Based on Network Stack Side Channels

This project is developing the next generation of network measurement tools for penetration testers, digital forensics experts, and other cybersecurity professionals who sometimes need to know more about the Internet or a specific network. It is developing techniques based on TCP/IP side channel inferences, where it is possible to infer something about a remote machine's view of the network based on the use of shared, limited resources.

group_project

Visible to the public SBE TWC: Small: Collaborative: Privacy Protection in Social Networks: Bridging the Gap Between User Perception and Privacy Enforcement

Online social networks, such as Facebook, Twitter, and Google+, have become extremely popular. They have significantly changed our behaviors for sharing information and socializing, especially among the younger generation. However, the extreme popularity of such online social networks has become a double-edged sword -- while promoting online socialization, these systems also raise privacy issues.

group_project

Visible to the public TWC: Small: CrowdVerify: Using the Crowd to Summarize Web Site Privacy Policies and Terms of Use Policies

Everyday web users have little guidance in handling the growing number of privacy issues they face when they go online. Many web sites - some legitimate, some less so - have behaviors many would consider unexpected or undesirable. These include popular and well-known web sites, as well as web sites that aim to dupe customers with "free" trials. These kinds of sites often detail their behaviors in privacy policies and terms of use pages, but these policies are rarely read, hard to understand, and sometimes intentionally obfuscated with legal jargon, small text, and pale fonts.

group_project

Visible to the public TWC: Small: Collaborative: Advancing Anonymity Against an AS-level Adversary

Autonomous systems (AS) are key building blocks of the Internet's routing infrastructure. Surveillance of AS may allow large-scale monitoring of Internet users. Those who aim to protect the privacy of their online communications may turn to anonymity systems like Tor, but Tor is not designed to protect against such AS-level adversaries. AS-level adversaries present unique challenges for the design of robust anonymity systems and present a very different threat model from the ones used to design and study systems like Tor.