CORE

Encryption is the process of encoding data into a ciphertext such that only the intended recipient can decode and learn the data. This project pushes the frontiers of what is achievable for encryption. The project's novelties are building encryption systems with advanced capabilities that have provable security under standard assumptions. These include the capability to trace malicious users who leak confidential information as well as the ability to only release select pieces of information to users on a need to know basis.

Large-scale computer systems that can perform challenging computations can now be leased by the general public for seconds, minutes, or hours at a time. Although these systems typically use microprocessors for most computation, recently, special reconfigurable computer chips called field-programmable gate arrays (FPGAs) have been integrated into these publicly-available systems. Although these chips are more powerful than microprocessors, they have security weaknesses that could put users' data at risk and expose their personal information.

Authentication solutions for personal computing devices, such as people use to login to their laptops and smart phones, are usually designed with able-bodied individuals in mind. But designs for the able-bodied often make authentication difficult for people with disabilities, particularly for those with upper extremity impairment. Such persons often lack the range of motion, strength, endurance, speed, and/or accuracy associated with normal behavior of the arms, hands, or fingers. Over 20 million people in the U.S. alone suffer from conditions that lead to upper extremity impairment.

People today are faced with many privacy decisions in their daily interactions with mobile devices. In the past decade, researchers have studied the design of many tools and mechanisms, such as privacy nudges, that aim to help individuals make better privacy decisions. But just like decision support tools in other domains, these tools cannot make users perfect decision-makers. Users still make mistakes and regret their privacy decisions later. This project casts a fresh perspective on Privacy-by-Redesign by helping users revisit and rectify past privacy decisions that they may regret.

Web browsers are vulnerable to side-channel attacks, which usually play an important, first-step role in jump-starting a chain of attacks. For example, a web-level precise clock can help adversaries to break operating system level memory protection mechanisms, such as address-space layout randomization (ASLR). Browser fingerprinting, a variation of web side channels, can be used to obtain users' private information for launching social engineering attacks.