| | Internet of Things is rapidly growing and its growth rate has been improving in the last decade. With the introduction of more IoT devices, there has been increasing concerns regarding security and privacy issues included with the usage of these devices. One of the main appeals of IoT is the fact that many devices are connected together which can lead to interoperability of these devices. However, interoperability is a double-edged sword as sharing information between devices can result in more exposure.
|
| | Physical risks are inherently defined by the physical environment. Cyber security risks are similarly defined by the combined physical and electronic environment. However, unlike the increased risk from speed in the rain on the highway at night, the dimensions of both the combined environment and the nature of the underlying risks are not so obvious. Physical risks are often transparent, and inherently aligned with human information processing capacity: contextual, often visual, and at a pace that fits well within a human narrative. In contrast, cyber risks are ill-suited for human risk perception: either they are literally invisible or identified in a decontextualized manner. There is a critical need in computer security to communicate risks and thereby enable informed decisions by average, non-expert computer users.
|
| | IoT devices are highly susceptible to cyber attacks and compare to software, they are usually an easier target for vulnerability hunting and eventually pwning. A proper defense against this, is to setup a fine grained firewall where it only allows each IoT device, to communicate with some predefined destinations. For instance, a smart bulb would not need to communicate with a smart toaster, or a smart crock-pot should not communicate with a www.i-am-safe.com.
|
| | The services offered by mobile apps are useful but these apps can also be privacy invasive, meaning that they compile and share more information than is needed for the task the app performs. For example, researchers at University of California Berkeley analyzed 940 apps and found that one third of them requested permissions for resources that were far beyond what was required for the functionality of the app. Such over-permissioning creates risk to both user security and privacy. These risks exist even in apps for the most vulnerable users, such as those that are designed for children. Currently, Android and iOS privacy ecosystems are grounded in permissions which control access to sensitive resources. These systems explicitly ask users for authorization to allow apps to access sensitive information. Therefore, in is important that permission requests effectively communicate privacy risk to the user so that they can make informed decisions.
|
| | Since a core problem with BGP resiliency is the concept of trust, then trust and risk must be a core of the solution. Understanding routing updates as a function of trust and risk enables approaching such updates as partially trusted. Cryptographic solutions attempt to provide perfectly trustworthy sources and paths. Yet Certificate Authority subversion in the TLS realm have shown that today’s certificates are not themselves trustworthy; nor does this proposed solution address misconfiguration or malicious configurations. We propose analysis of BGP from a different perspective, one that recognizes routing as a geographical, economic, political and technical challenges. The result is recognizing routes and updates as partially trusted.
|
| | Passwords are the primary, most widely used single sign-on and multiple point authentication scheme adapted across the globe. Our research looks at not only how people create and use passwords, but also at external factors that may influence their behavior, such as to what extent changes in password policies and in system requirements impact password usage and reuse.
|
| | My work combines large-scale modeling and datasets with targeted smaller experiments to create effective insights for the greater whole. In routing, we combined large scale route views with geographical and political data for measures of trustworthiness of route updates. In certificates we combined small scale local browsing communities with terabytes of certificate data, proving that important features for the detection of rogue and phishing certificates is the geography and governance of the recipient, the entity certified, and the certificate authority. In addition our group has implemented traditional macroeconomic regression techniques to identify features that are correlated with different types of ecrime.
|
| | Ubiquitous computing (also known as ubicomp)
will be a transformative technology, particularly in the home. Demographic trends, the economics of long term care, new medical technologies, and social norms may collide to result in widespread unexamined adoption of home-based ubicomp and aging. The current model of aging in place cannot be sustained with the retirement and caregiving needs of the Boomer generation. For aging in place, the current model is a single caregiver with complete responsibility for helping the older adult. Aging in Place can lead to social isolation and safety/security risks for increasingly frail elders. New monitoring technologies risk further increasing isolation, as personal caregivers may be less likely to participate in human contact, or offer connectivity based on the design of the system. Without a deeper understanding of privacy, a compelling concern in ubicomp, this transformational change will be framed as a Hobson’s choice: the right to privacy or home-based ubicomp
|
| | Accurate communication of risk is not only an issue of high accuracy of underlying data but also in correctly designed simple communication. Past work on risk communication and usable privacy have focused primary on two cases: privacy risk via permissions in Android and security risks in browsing. Accurate feedback requires communication of risk, learning from the feedback, and aligning with user mental models.
|
| | What are the challenges, threats, implications and potential for SDN in terms of creating a resilient network? To answer this question, we have created clear threat models grounded in documented and realistic use cases; extracted resulting enumerated authentication requirements; implemented one case of the necessary next-generation network modeling to evaluate authentication interactions, such that the models address all layers from physical to human; and finally the demonstrated practical forward movement to meeting these challenges as an open source network component named Bongo.
|
| | Models for Enabling Continuous Reconfigurability of Secure Missions, a five-year, $23.2 million cooperative agreement, will form a collaborative research alliance consisting of Indiana University, Penn State, Carnegie Mellon University, University of California Davis, University of California Riverside and the Army Research Laboratory.
|