Our research
Content type
+
Downloads (434)
+
Events (385)
 
Groups (149)
+
News (2550)
 
People (821)
 
Projects (1052)
+
Publications (11812)
+
Videos (5060)
Labs
Research areas
Algorithms and theory47205 (238)
Communication and collaboration47188 (182)
Computational linguistics47189 (169)
Computational sciences47190 (180)
Computer systems and networking47191 (646)
Computer vision208594 (24)
Data mining and data management208595 (38)
Economics and computation47192 (89)
Education47193 (77)
Gaming47194 (65)
Graphics and multimedia47195 (190)
Hardware and devices47196 (186)
Health and well-being47197 (68)
Human-computer interaction47198 (752)
Machine learning and intelligence47200 (672)
Mobile computing208596 (21)
Quantum computing208597 (7)
Search, information retrieval, and knowledge management47199 (590)
Security and privacy47202 (251)
Social media208598 (13)
Social sciences47203 (228)
Software development, programming principles, tools, and languages47204 (523)
Speech recognition, synthesis, and dialog systems208599 (36)
Technology for emerging markets208600 (24)
1–25 of 251
Sort
Show 25 | 50 | 100
1234567Next 
Andrew Baumann, Marcus Peinado, and Galen Hunt

To appear.

Publication details
Date: 1 October 2014
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Blase Ur, Jaeyeon Jung, and Stuart Schechter

We investigated how household deployment of Internetconnected locks and security cameras could impact teenagers’ privacy. In interviews with 13 teenagers and 11 parents, we investigated reactions to audit logs of family members’ comings and goings. All parents wanted audit logs with photographs, whereas most teenagers preferred text-only logs or no logs at all. We unpack these attitudes by examining participants’ parenting philosophies, concerns, and current monitoring practices. In a follow-up online...

Publication details
Date: 15 September 2014
Type: Inproceeding
Publisher: Ubicomp
Jaeyeon Jung and Matthai Philipose

Small and always-on, wearable video cameras disrupt social norms that have been established for traditional hand-held video cameras, which explicitly signal when and which subjects are being recorded to people around the camera-holder. We first discuss privacy-related social cues that people employ when recording other people (as a camera-holder) or when being recorded by others (as a bystander or a subject). We then discuss how low-fidelity sensors such as far-infrared imagers can be used to capture...

Publication details
Date: 14 September 2014
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Dan Liebling and Sören Preibusch

Multiple vendors now provide relatively inexpensive desktop eye and gaze tracking devices. ith miniatureization and decreasing manufacturing costs, gaze trackers will follow the path of webcams, becoming ubiquitous and inviting many of the same privacy concerns. However, whereas the privacy loss from webcams may be obvious to the user, gaze tracking is more opaque and deserves special attention. In this paper, we review current research in gaze tracking and pupillometry and argue that gaze data should...

Publication details
Date: 13 September 2014
Type: Inproceeding
Publisher: ACM – Association for Computing Machinery
Publication details
Date: 20 August 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-95
Joseph Bonneau and Stuart Schechter

Challenging the conventional wisdom that users cannot remember cryptographically-strong secrets, we test the hypothesis that users can learn randomly-assigned 56-bit codes (encoded as either 6 words or 12 characters) through spaced repetition. We asked remote research participants to perform a distractor task that required logging into a website 90 times, over up to two weeks, with a password of their choosing. After they entered their chosen password correctly we displayed a short code (4 letters or 2...

Publication details
Date: 20 August 2014
Type: Inproceeding
Publisher: USENIX
Dinei Florencio, Cormac Herley, and Paul C. van Oorschot

We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows. We find that approaches justified by loss-minimization alone, and those that ignore important attack vectors (e.g., vectors exploiting re-use), are amenable to analysis but unrealistic. In contrast, we propose, model and analyze portfolio management under a realistic attack suite, with an objective function costing both loss and...

Publication details
Date: 1 August 2014
Type: Article
Publisher: Choose...
Ravi Bhoraskar, Seungyeop Han, Jinseong Jeon, Tanzirul Azim, Shuo Chen, Jaeyeon Jung, Suman Nath, Rui Wang, and David Wetherall

We present an app automation tool called Brahmastra for helping app stores and security researchers to test thirdparty components in mobile apps at runtime. The main challenge is that call sites that invoke third-party code may be deeply embedded in the app, beyond the reach of traditional GUI testing tools. Our approach uses static analysis to construct a page transition graph and discover execution paths to invoke third-party code. We then perform binary rewriting to “jump start” the third-party code...

Publication details
Date: 1 August 2014
Type: Inproceeding
Publisher: USENIX – Advanced Computing Systems Association
Yuri Gurevich, Efim Hudis, and Jeannette Wing

We say that an item of your personal information is private if you have it but nobody else does. It is inversely private if somebody has it but you do not. We analyze the provenance of inverse privacy and argue that technology and appropriate public policy can reduce inverse privacy to a minimum.

Publication details
Date: 1 July 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-100
Joppe Bos, Craig Costello, Patrick Longa, and Michael Naehrig

This document explains the details of the curve generation algorithms and provides the parameters for the NUMS (Nothing Up My Sleeve) curves. These curves are supported in the MSR Elliptic Curve Cryptography Library (MSR ECCLib).

Publication details
Date: 27 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-92
Kristin Lauter, Adriana Lopez-Alt, and Michael Naehrig

A number of databases around the world currently host a wealth of genomic data that is invaluable to researchers conducting a variety of genomic studies. However, patients who volunteer their genomic data run the risk of privacy invasion. In this work, we give a cryptographic solution to this problem: to maintain patient privacy, we propose encrypting all genomic data in the database. To allow meaningful computation on the encrypted data, we propose using a homomorphic encryption...

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-93
Bin B. Zhu, Jeff Yan, Guanbo Bao, Maowei Yang, and Ning Xu

Many security primitives are based on hard mathematical problems. Using hard AI problems for security is emerging as an exciting new paradigm, but has been under-explored. In this paper, we present a new security primitive based on hard AI problems, namely, a novel family of graphical password systems built on top of Captcha technology, which we call Captcha as gRaphical Passwords (CaRP). CaRP is both a Captcha and a graphical password scheme. CaRP addresses a number of security problems altogether,...

Publication details
Date: 1 June 2014
Type: Article
Publisher: IEEE – Institute of Electrical and Electronics Engineers
Number: 6
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying equality of discrete logarithm representation proofs. This allows proving equality between U-Prove attribute values.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-87
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying equality of discrete logarithm representation proofs. This allows proving equality between U-Prove attribute values.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-86
Christian Paquin and Lan Nguyen

This document extends the U-Prove Cryptographic Specification by specifying an efficient revocation mechanism based on a dynamic accumulator. This scheme requires a designated verifier that shares the Revocation Authority’s private key. Unlike many accumulator schemes based on bilinear pairings, this scheme is built using a prime-order group and is therefore suitable for system that require standard constructions used in the U-Prove protocol.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-85
Christian Paquin and Greg Zaverucha

This document extends the U-Prove Cryptographic Specification by specifying how the Prover and the Issuer can collaborate to issue tokens encoding attributes unknown to the Issuer.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-84
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying bit decomposition proofs, useful for other extension protocols.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-83
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying set membership proofs. This allows proving that a U-Prove attribute value is within a set of values without disclosing which one.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-89
Mira Belenkiy

This document extends the U-Prove Cryptographic Specification by specifying set membership proofs. This allows proving that a committed value is less than, less than or equal to, greater than, or greater than or equal to another (committed) value.

Publication details
Date: 1 June 2014
Type: Technical report
Publisher: Microsoft Research
Number: MSR-TR-2014-88
Eric Chen, Shuo Chen, Shaz Qadeer, and Rui Wang

Serious logic vulnerabilities exist in real-world services that use security protocols such as OpenID, OAuth, and PayPal Standard. We introduce Certified Symbolic Transaction (CST), an approach for building provably secure multiparty online services. The kind of provable security that we focus on is actually an extreme form, which we call protocol-agnostic security – it holds a system implementation to an end-to-end global security predicate completely independent of the adopted protocol, and thus...

Publication details
Date: 22 May 2014
Type: Technical report
Publisher: Choose...
Number: MSR-TR-2014-72
Andrew Miller, UMD, Elaine Shi, UMD, Ari Juels, Bryan Parno, and Jonathan Katz UMD

Bitcoin is widely regarded as the first broadly successful e-cash system. An oft-cited concern, though, is that mining Bitcoins wastes computational resources. Indeed, Bitcoin's underlying mining mechanism, which we call a scratch-off puzzle (SOP), involves continuously attempting to solve computational puzzles that have no intrinsic utility.

We propose a modification to Bitcoin that repurposes its mining resources to achieve a more broadly useful goal: distributed storage of archival data. We...

Publication details
Date: 20 May 2014
Type: Inproceeding
Publisher: IEEE
James Mickens

Pivot is a new JavaScript isolation framework for web applications. Pivot uses iframes as its low-level isolation containers, but it uses code rewriting to implement synchronous cross-domain interfaces atop the asynchronous cross-frame postMessage() primitive. Pivot layers a distributing scheduling abstraction across the frames, essentially treating each frame as a thread which can invoke RPCs that are serviced by external threads. By rewriting JavaScript call sites, Pivot can detect RPC invocations;...

Publication details
Date: 1 May 2014
Type: Inproceeding
Publisher: IEEE
Shayak Sen, Saikat Guha, Anupam Dutta, Sriram Rajamani, Janice Tsai, and Jeannette Wing

With the rapid increase in cloud services collecting and using user data to offer personalized experiences, ensuring that these services comply with their privacy policies has become a business imperative for building user trust. However, most compliance efforts in industry today rely on manual review processes and audits designed to safeguard user data, and therefore are resource intensive and lack coverage. In this paper, we present our experience building and operating a system to automate privacy...

Publication details
Date: 1 May 2014
Type: Inproceeding
Tolga Acar, Cedric Fournet, and Dan Shumow

We present DKM, a distributed key management system with a cryptographically verified code base. DKM implements a new data protection API. It manages keys and policies on behalf of groups of users that share data. To ensure long-term protection, DKM supports cryptographic agility: algorithms, keys, and policies can evolve for protecting fresh data while preserving access to old data. DKM is written in C# and currently used by several large data center applications. To verify our design and...

Publication details
Date: 15 April 2014
Type: Technical report
Publisher: Microsoft Technical Report
Number: MSR-TR-2014-48
Patrick Longa and Francesco Sica

The GLV method of Gallant, Lambert and Vanstone (CRYPTO 2001) computes any multiple kP of a point P of prime order n lying on an elliptic curve with a low-degree endomorphism Φ (called GLV curve) over GF(p) as

kP = k1P + k2Φ(P), with max|k1|,|k2| <= C1 n^(1/2)

for some explicit constant C1>0. Recently, Galbraith, Lin and Scott (EUROCRYPT 2009) extended this method to all curves over GF(p2) which...

Publication details
Date: 1 April 2014
Type: Article
Publisher: Springer
1–25 of 251
Sort
Show 25 | 50 | 100
1234567Next 
> Our research