Transition to Practice

group_project

Visible to the public TWC SBE: TTP Option: Medium: Collaborative: EPICA: Empowering People to Overcome Information Controls and Attacks

This project studies the security of representative personalized services, such as search engines, news aggregators, and on-line targeted advertising, and identifies vulnerabilities in service components that can be exploited by pollution attacks to deliver contents intended by attackers.

group_project

Visible to the public TWC SBE: Option: Frontier: Collaborative: Towards Effective Web Privacy Notice and Choice: A Multi-Disciplinary Prospective

Natural language privacy policies have become a de facto standard to address expectations of notice and choice on the Web. Yet, there is ample evidence that users generally do not read these policies and that those who occasionally do struggle to understand what they read. Initiatives aimed at addressing this problem through the development of machine implementable standards or other solutions that require website operators to adhere to more stringent requirements have run into obstacles, with many website operators showing reluctance to commit to anything more than what they currently do.

group_project

Visible to the public  SBE: Option: Small: Safety for the Ages: Generational Differences in Motivations to Use Security Protections in an Online Banking Context

How does the average user cope with the threats they encounter while engaged in the most sensitive of all online activities, online banking? Online Safety for the Ages (OSA) examines generational differences in motivations to use risky online services and self-protective measures in the context of online banking. An influx of older adults attracted to the Internet by social media but at times unfamiliar with dealing with the hazards of online life, as well as younger users who are sometimes oblivious to those dangers, pose distinct challenges to the preservation of online safety.

group_project

Visible to the public TWC: Small: Middleware for Certificate-Based Authentication

Every time someone uses a phone or computer to connect to an Internet site, software determines whether the connection is safe or being intercepted by attackers. Unfortunately, this software is error-prone, leaving users vulnerable to having their privacy violated or their personal information stolen due to phishing attacks, identity theft, and unauthorized inspection of their encrypted traffic. A number of solutions are being proposed, but the software is fragmented across many platforms and redundantly or incorrectly implemented.

group_project

Visible to the public SaTC-EDU:EAGER:A Wiki Space for Information Security Education Exchange

Information security remains a persistent and growing problem in the United States due to ever-progressing reliance on information technologies and systems to provide critical services and enable society's contemporary way of life. The economics of computing favor performance and functionality over security and may continue to do so for some time. This environment is created by graduates of education programs, programs which can be argued to be lacking in emphasis on security impacts associated with this new information age.

group_project

Visible to the public TWC: Small: New Directions in Field Programmable Gate Arrays (FPGA) Security

Field-programmable gate arrays (FPGAs) represent an important computing infrastructure which must be protected from attackers. They are used in a wide variety of applications, including networking routers, satellites, military equipment, and automobiles, among others. The storage of FPGA programming information in memory external to the device creates a natural security weakness which, to date, has primarily been addressed via bitstream encryption.

group_project

Visible to the public EAGER: Model Driven Framework for Audio Forensics

The goal of this project is to investigate the reliability, robustness, and computationally efficiency of digital audio forensic methods under various adversarial conditions, e.g., lossy compression attack. We aim to identify and develop mathematical tools for modeling and characterizing of microphone nonlinearities (fingerprints), statistical methods for acoustic environment estimation, and system identification based framework for linking an acquisition device to the audio recording.

group_project

Visible to the public TWC: Small: On Imperfect Randomness and Leakage-Resilient Cryptography

The availability of ideal randomness is a common assumption used not only in cryptography, but in many other areas of computer science, and engineering in general. Unfortunately, in many situations this assumption is highly unrealistic, and cryptographic systems have to be built based on imperfect sources of randomness. Motivated by these considerations, this project will investigate the validity of this assumption and consider several important scenarios where secure cryptographic systems must be built based on various kinds of imperfect randomness.

group_project

Visible to the public EAGER: Neurobiological Basis of Decision Making in Online Environments

Considerable research in the field has been focused on developing new technologies to enhance privacy; encryption of personal data is often presented as a potential solution. Many of the technologies resulting from this research are not being effectively utilized because of issues rooted in human judgment under risk and uncertainty. The majority of existing models and products related to human judgement are based on a limited number of documented incidents and on questionable assumptions about user intent and behavior.