In this work, we explore the properties of the global PKI as it exists in practice. We then leverage this information to construct flexible mechanisms that allow observers to fashion individualized policies to determine certificate trust.
Labs: Silicon Valley
Dhwani enables information theoretically secure Near Field Communication (NFC) on existing mobile phones without requiring any special hardware or PKI infrastructure. It uses existing microphones and speakers on phones to perform acoustic NFC.
The XCG Lab Security and Cryptography teams do development, applied research, and theoretical research in the fields of systems security and cryptography. These teams include the Cryptography Research team, the Security & Cryptography team, and the Systems Incubation team.
We investigate how people's behaviour online can be characterized in terms of psychometric measurements such as the Big-5 personality traits openness, conscientiousness, extraversion, agreeableness, and neuroticism as well as general intelligence and satisfaction-with-life. We investigate patterns of Facebook usage, website preferences, query logs, and Facebook Likes and look for interesting correlations which can be used to predict users behaviours, preferences or characteristics.
Embassies is a new model of client-side application delivery that keeps the client code minimal and secure, while pushing almost all functionality into the vendor-supplied applications. The code in this project implements the system described in the NSDI 2013 paper.
ZQL is a language and compiler that allows for client side compuations to be compiled with appropriate cryptographic checks to provide privacy and integrity.
The Web form is the primary mechanism for collecting personal information.
A new initiative to build networks of female researchers in different areas of mathematics, through Research Collaboration Conferences at math insitutes which focus on building collaboration groups consisting of senior and junior women in a given area.
The performance of the elliptic curve method (ECM) for integer factorizationplays an important role in the security assessment of RSA-based protocols as a cofactorization tool inside the number field sieve. This webpage gives addition-subtracting chains to optimize Edwards ECM in terms of both performance and memory requirements. See for more details the "ECM at Work" paper.
One of the barriers to adoption cloud database technologies such as SQL Azure is data security and privacy. Data is a valuable asset to most organizations and storing the data in the cloud is often perceived as a security risk. This project investigates encryption as a mechanism to address such data security concerns. In particular, the goal of the project is to research, design, and build a comprehensive database system that supports encryption as a first class citizen.
Mobile user experiences are enriched by applications that support disconnected operations to provide better mobility, availability, and response time. However, offline data access is at odds with security when the user is not trusted, especially in the case of mobile devices, which must be assumed to be under the full control of the user. Pasture leverages commodity trusted hardware to provide secure offline data access by untrusted users.
Labs: Silicon Valley
Mobile personalization and privacy
U-Prove is an innovative cryptographic technology that allows users to minimally disclose certified information about themselves when interacting with online resource providers. U-Prove provides a superset of the security features of Public Key Infrastructure (PKI), and also provide strong privacy protections by offering superior user control and preventing unwanted user tracking.
In the last 25 years, Elliptic Curve Cryptography (ECC) has become a mainstream primitive for cryptographic protocols and applications. ECC has been standardized for use in key exchange and digital signatures. This project focuses on efficient generation of parameters and implementation of ECC and pairing-based crypto primitives, across architectures and platforms.
Counterdog is an automated theorem prover for a counterfactual meta-logic on propositional Datalog. The prover is complete for the logic, and can prove (or disprove) counterfactual statements such as: "if 'p' is false in a Datalog program, but would be true if it contained 'a:-b', then 'b' is true in the program.". Counterdog is useful for reasoning about Datalog-based trust management languages. The theory and implementation were developed by Moritz Y. Becker and Nik Sultana.
Research on privacy concerns shows that the users are becoming more aware about third party tracking but have no effective means to deal with the issue. We have created a Cookie Tracker, an agent that watches the requests for cookie installations. It presents the user with online information about the sources of the cookies in question.
Curating verification problems and solutions for cryptographic software in C.
Outsourcing data streams and desired computations to a third party such as the cloud is practical for many companies due to overwhelming flow of information and excessively high resource requirements of their data stream applications. However, data outsourcing and remote computations intrinsically raise issues of trust, making it crucial to verify results returned by third parties. The SECOA project investigates techniques addressing this problem.
We study real-world systems, such as browsers and web applications, that have very big user bases; we identify classes of new security and privacy threats; we construct convincing end-to-end attacks to show these threats intuitively so that the industry must take actions to address them.
Cryptographic code in C, such as security protocols and hardware security modules, is a critical substrate of our software infrastructures. The Csec project aims to develop software analysis techniques to verify and find bugs in such code.
In the ServiceOS project, we re-think the client platform design for the era of software-as-a-service.
Verifiable computation schemes enable a client to outsource the computation of a function F on various inputs to an untrusted worker, and then verify the correctness of the returned results. Critically, the outsourcing and verification procedures must be more efficient than performing the computation itself.
The protocol reverse engineering project includes a set of tools developed for automatically reverse engineering formats of network messages or files.
Tupni, a tool that can reverse engineer an input format with a rich set of information, including record sequences, record types, and input constraints.
Discoverer is a tool for automatically reverse engineering the protocol message formats of an application from its network trace.