Following is a list of our active projects, broadly scoped and focusing on systems-oriented as well as theoretical aspects:
It is a well-accepted fact that human users tend to be the weakest link in the security of a computer system. For example, users choose weak and short passwords, re-use the same passwords across multiple sites, fall prey to various social engineering attacks and ignore security warnings. Our research aims at studying the weaknesses and strengths of human users, and incorporating the latter into secure system design. Currently, we are developing novel ways of strong user authentication (e.g., graphical passwords, mobile-phone assisted authentication) and user-aided device authentication. We are also exploring how fun and entertainment (such as computer games) can be embedded into security tasks to improve their usability and security.
- Secure Pairing of Wireless Devices [Project Overview]
The burgeoning popularity of wireless devices and gadgets brought new services and possibilities to users. There are many current everyday usage scenarios where two or more devices need to “work together.” Other emerging scenarios that involve sensors and personal RFID tags are expected to become commonplace in the near future. Since wireless communication is easy to eavesdrop upon and manipulate, before they can work together, devices must be securely associated or “paired.” Our research addresses this fundamental problem of securing wireless communication in a variety of settings. To this end, we have been utilizing out-of-band human-perceptible communication (such as audio, visual or tactile) channels, which offer some unique security properties.
- Security and Privacy in RFID Communication [Project Overview]
Many RFID tags and medical implants store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking and cloning or impersonation. RFID tags are also susceptible to different forms of relay attacks. Preventing these attacks, however, presents a unique and formidable set of challenges, mainly due to the constraints of these tags in terms of computation, memory, and power resources. The problem is exacerbated by the very strict requirements of RFID applications (originally geared for automation) in terms of usability. In this project, we are developing novel lightweight cryptographic techniques and sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model.
- Fault-Tolerant Distributed Security and Cryptographic Services [Project Overview]
Security of computer systems is based on the assumption that underlying secrets and cryptographic keys are readily available and remain secret. However, in practice, this assumption is often invalid. Threshold/distributed cryptography is a tool that allows for distribution of secrets, keys and cryptographic operations among multiple nodes, providing improved availability and secrecy. Our research focuses on design, development and evaluation of efficient distributed cryptographic protocols with an emphasis on building fault-tolerant online security services (e.g., certification), user-centric services exploiting social networks and cloud services, and decentralized key management in mobile ad hoc networks (MANETs).
Our past projects include:
Our sincere acknowledgments to our sponsors: