Our research
Content type
+
Downloads (436)
+
Events (392)
 
Groups (149)
+
News (2566)
 
People (818)
 
Projects (1051)
+
Publications (11872)
+
Videos (5117)
Labs
Research areas
Algorithms and theory47205 (247)
Communication and collaboration47188 (182)
Computational linguistics47189 (173)
Computational sciences47190 (181)
Computer systems and networking47191 (659)
Computer vision208594 (32)
Data mining and data management208595 (51)
Economics and computation47192 (93)
Education47193 (78)
Gaming47194 (67)
Graphics and multimedia47195 (191)
Hardware and devices47196 (189)
Health and well-being47197 (69)
Human-computer interaction47198 (764)
Machine learning and intelligence47200 (697)
Mobile computing208596 (25)
Quantum computing208597 (8)
Search, information retrieval, and knowledge management47199 (604)
Security and privacy47202 (256)
Social media208598 (13)
Social sciences47203 (228)
Software development, programming principles, tools, and languages47204 (529)
Speech recognition, synthesis, and dialog systems208599 (44)
Technology for emerging markets208600 (24)
1–25 of 256
Sort
Show 25 | 50 | 100
1234567Next 
Andrew Baumann, Marcus Peinado, and Galen Hunt

To appear.

Publication details
Date: 1 October 2014
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Blase Ur, Jaeyeon Jung, and Stuart Schechter

We investigated how household deployment of Internetconnected locks and security cameras could impact teenagers’ privacy. In interviews with 13 teenagers and 11 parents, we investigated reactions to audit logs of family members’ comings and goings. All parents wanted audit logs with photographs, whereas most teenagers preferred text-only logs or no logs at all. We unpack these attitudes by examining participants’ parenting philosophies, concerns, and current monitoring practices. In a follow-up online...

Publication details
Date: 15 September 2014
Type: Inproceeding
Publisher: Ubicomp
Jaeyeon Jung and Matthai Philipose

Small and always-on, wearable video cameras disrupt social norms that have been established for traditional hand-held video cameras, which explicitly signal when and which subjects are being recorded to people around the camera-holder. We first discuss privacy-related social cues that people employ when recording other people (as a camera-holder) or when being recorded by others (as a bystander or a subject). We then discuss how low-fidelity sensors such as far-infrared imagers can be used to capture...

Publication details
Date: 14 September 2014
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Dan Liebling and Sören Preibusch

Multiple vendors now provide relatively inexpensive desktop eye and gaze tracking devices. ith miniatureization and decreasing manufacturing costs, gaze trackers will follow the path of webcams, becoming ubiquitous and inviting many of the same privacy concerns. However, whereas the privacy loss from webcams may be obvious to the user, gaze tracking is more opaque and deserves special attention. In this paper, we review current research in gaze tracking and pupillometry and argue that gaze data should...

Publication details
Date: 13 September 2014
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Saranga Komanduri, Rich Shay, Lorrie Cranor, Cormac Herley, and Stuart Schechter
Publication details
Date: 20 August 2014
Type: Inproceeding
Publisher: USENIX
Publication details
Date: 20 August 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-95
Joseph Bonneau and Stuart Schechter

Challenging the conventional wisdom that users cannot remember cryptographically-strong secrets, we test the hypothesis that users can learn randomly-assigned 56-bit codes (encoded as either 6 words or 12 characters) through spaced repetition. We asked remote research participants to perform a distractor task that required logging into a website 90 times, over up to two weeks, with a password of their choosing. After they entered their chosen password correctly we displayed a short code (4 letters or 2...

Publication details
Date: 20 August 2014
Type: Inproceeding
Publisher: USENIX
Christian Paquin

The U-Prove Cryptographic Specification focuses on the core U-Prove capabilities; the specified features were selected to simplify implementation and integration into existing systems, while meeting the needs of a wide array of scenarios. By design, the specification provides extension points, making it possible to extend the core capabilities to meet additional needs.

This paper describes recently released features compatible with the U-Prove technology. The reader is assumed to be familiar with...

Publication details
Date: 5 August 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-105
Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila

Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem; we accompany these ciphersuites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using...

Publication details
Date: 5 August 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-107
Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall

We present an app automation tool called Brahmastra for helping app stores and security researchers to test thirdparty components in mobile apps at runtime. The main challenge is that call sites that invoke third-party code may be deeply embedded in the app, beyond the reach of traditional GUI testing tools. Our approach uses static analysis to construct a page transition graph and discover execution paths to invoke third-party code. We then perform binary rewriting to “jump start” the third-party code...

Publication details
Date: 1 August 2014
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Arvind Arasu, Ken Eguro, Manas Joglekar, Raghav Kaushik, Donald Kossmann, and Ravi Ramamurthy

Cipherbase is a comprehensive database system that provides strong end-to-end data confidentiality through encryption. Cipherbase is based on a novel architecture that combines an industrial strength database engine (SQL Server) with lightweight processing over encrypted data that is performed in secure hardware. Cipherbase has the smallest trusted computing base (TCB) among comparable systems and provides significant benefits over the state-of-the-art in terms of security, performance, and...

Publication details
Date: 1 August 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-106
Dinei Florencio, Cormac Herley, and Paul C. van Oorschot

We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows. We find that approaches justified by loss-minimization alone, and those that ignore important attack vectors (e.g., vectors exploiting re-use), are amenable to analysis but unrealistic. In contrast, we propose, model and analyze portfolio management under a realistic attack suite, with an objective function costing both loss and...

Publication details
Date: 1 August 2014
Type: Article
Publisher: Choose...
Yuri Gurevich, Efim Hudis, and Jeannette Wing

We say that an item of your personal information is private if you have it but nobody else does. It is inversely private if somebody has it but you do not. We analyze the provenance of inverse privacy and argue that technology and appropriate public policy can reduce inverse privacy to a minimum.

Publication details
Date: 1 July 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-100
Joppe Bos, Craig Costello, Patrick Longa, and Michael Naehrig

This document explains the details of the curve generation algorithms and provides the parameters for the NUMS (Nothing Up My Sleeve) curves. These curves are supported in the MSR Elliptic Curve Cryptography Library (MSR ECCLib).

Publication details
Date: 27 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-92
Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as gRaphical Passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether,...

Publication details
Date: 1 June 2014
Type: Article
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Number: 6
Xi He, Ashwin Machanavajjhala, and Bolin Ding

Privacy definitions provide ways for trading-off the privacy of individuals in a statistical database for the utility of downstream analysis of the data. In this paper, we present Blowfish, a class of privacy definitions inspired by the Pufferfish framework, that provides a rich interface for this trade-off. In particular, we allow data publishers to extend differential privacy using a policy, which specifies (a) secrets, or information that must be kept secret, and (b)...

Publication details
Date: 1 June 2014
Type: Proceedings
Publisher: ACM – Association for Computing Machinery
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying bit decomposition proofs, useful for other extension protocols.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-83
Christian Paquin and Greg Zaverucha

This document extends the U-Prove Cryptographic Specification by specifying how the Prover and the Issuer can collaborate to issue tokens encoding attributes unknown to the Issuer.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-84
Kristin Lauter, Adriana Lopez-Alt, and Michael Naehrig

A number of databases around the world currently host a wealth of genomic data that is invaluable to researchers conducting a variety of genomic studies. However, patients who volunteer their genomic data run the risk of privacy invasion. In this work, we give a cryptographic solution to this problem: to maintain patient privacy, we propose encrypting all genomic data in the database. To allow meaningful computation on the encrypted data, we propose using a homomorphic encryption...

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-93
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying equality of discrete logarithm representation proofs. This allows proving equality between U-Prove attribute values.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-86
Christian Paquin and Lan Nguyen

This document extends the U-Prove Cryptographic Specification by specifying an efficient revocation mechanism based on a dynamic accumulator. This scheme requires a designated verifier that shares the Revocation Authority’s private key. Unlike many accumulator schemes based on bilinear pairings, this scheme is built using a prime-order group and is therefore suitable for system that require standard constructions used in the U-Prove protocol.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-85
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying equality of discrete logarithm representation proofs. This allows proving equality between U-Prove attribute values.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-87
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying set membership proofs. This allows proving that a U-Prove attribute value is within a set of values without disclosing which one.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-89
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying set membership proofs. This allows proving that a committed value is less than, less than or equal to, greater than, or greater than or equal to another (committed) value.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-88
Eric Chen, Shuo Chen, Shaz Qadeer, and Rui Wang

Serious logic vulnerabilities exist in real-world services that use security protocols such as OpenID, OAuth, and PayPal Standard. We introduce Certified Symbolic Transaction (CST), an approach for building provably secure multiparty online services. The kind of provable security that we focus on is actually an extreme form, which we call protocol-agnostic security – it holds a system implementation to an end-to-end global security predicate completely independent of the adopted protocol, and thus...

Publication details
Date: 22 May 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-72
1–25 of 256
Sort
Show 25 | 50 | 100
1234567Next 
> Our research