Develop System Design Methods

group_project

Visible to the public TWC: Small: On Imperfect Randomness and Leakage-Resilient Cryptography

The availability of ideal randomness is a common assumption used not only in cryptography, but in many other areas of computer science, and engineering in general. Unfortunately, in many situations this assumption is highly unrealistic, and cryptographic systems have to be built based on imperfect sources of randomness. Motivated by these considerations, this project will investigate the validity of this assumption and consider several important scenarios where secure cryptographic systems must be built based on various kinds of imperfect randomness.

group_project

Visible to the public TWC: Small: Collaborative: Multipath TCP Side Channel Vulnerabilities and Defenses

The objective of this project is to understand and strengthen the security of Multipath TCP (MPTCP) - an IETF standardized suite of TCP extensions that allow one MPTCP connection, consisting of multiple sub-connections between two hosts, to use multiple paths simultaneously. Even though MPTCP has been gaining momentum in being widely deployed, its security is yet to be well understood. The project is expected to raise awareness of MPTCP security and ultimately yield a foundation for MPTCP security.

group_project

Visible to the public TWC SBE: Small: Collaborative: Brain Password: Exploring A Psychophysiological Approach for Secure User Authentication

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.

group_project

Visible to the public TWC: Small: Finding and Repairing Semantic Vulnerabilities in Modern Software

Software is responsible for many critical government, business, and educational functions. This project aims to develop new methods for finding and repairing some of the most challenging, poorly understood security vulnerabilities in modern software that have the potential to jeopardize the security and reliability of the nation's cyber infrastructure.

group_project

Visible to the public EAGER: The Game Changer: A New Model for Password Security

We are evaluating a new model of password security in which users place pieces on a game board (e.g., chess pieces on a chessboard). The fact that existing systems are either memorable or secure, but not both, motivated our approach. We are testing 14-15 year old high school students, college students 18-30, and older adults 60-80, and we are conducting two types of experiments. First, we are measuring all groups' memories for passwords of two and four game pieces (after a 20-minute filled delay).

group_project

Visible to the public TWC: Small: Collaborative: Toward Trusted Third-Party Microprocessor Cores: A Proof Carrying Code Approach

Third-party hardware Intellectual Property (IP), written as code in a Hardware Description Language (HDL), is extensively used in modern integrated circuits. Contemporary electronics typically include 75% of third party hardware IP and only 25% in-house design to provide customization or a profit-making edge. Such extensive use of third-party hardware IP in both commercial and military applications raises security and trustworthiness concerns, especially in today's globalized market.

group_project

Visible to the public TWC: Small: Develop Fine-Grained Access Control for Third-Party Components in Mobile Systems

Smartphones and tablets are being used widely, and with such a pervasive use, protecting mobile systems is of critical importance. One of the unique features in mobile systems is that many applications incorporate third-party components, such as advertisement, social-network APIs, and the WebView component (that runs third-party JavaScript code).

group_project

Visible to the public TWC: Small: Discovering and Restricting Undesirable Information Flows Between Multiple Spheres of Activities

Loss of personal data or leakage of corporate data via apps on mobile devices poses a significant risk to users. It can have both a huge personal and financial cost. This work is designing new novel techniques to help reduce the risks for end-users who use a single device for multiple spheres of activity. Getting security right when a single device is used for multiple spheres of activity is a major research challenge, with unforeseen information flows between various subsystems that are currently difficult to control.

group_project

Visible to the public CAREER: Secure and Trustworthy Provenance for Accountable Clouds

Cloud computing has emerged as one of the most successful computing models in recent years. However, lack of accountability and non-compliance with data protection regulations have prevented major users such as business, healthcare, and defense organizations from utilizing clouds for sensitive data and applications. Due to the lack of information about cloud internals and the inability to perform trustworthy audits, today's clouds are often not used in regulated industries, preventing their widespread adoption.

group_project

Visible to the public  TWC: Small: Collaborative: Practical Security Protocols via Advanced Data Structures

Data structures have a prominent modern computational role, due to their wide applicability, such as in database querying, web searching, and social network analysis. This project focuses on the interplay of data structures with security protocols, examining two different paradigms: the security for data structures paradigm (SD) and the data structures for security paradigm (DS).