Cybersecurity
Explore our Research Topics
|
Reza Curtmola |
Research Areas: Cybersecurity, software security, web security and privacy Defending Software Supply Chains Against Hackers Funded by DARPA and the NSF, we have developed in-toto, an open-source framework that promises to safeguard software for developers and end users. In-toto provides organizations with insights into the software development and distribution chain, such as having a provable assurance that proper software development practices were followed. With in-toto in place, it will be more difficult for malicious code to be slipped into software products, thus raising the bar significantly for attackers. Through integrations, in-toto is currently used by thousands of companies and has improved the security of millions of users. Web Security and Privacy The goal of this project is to explore targeted privacy attacks on the web through the lens of side channels. We uncovered new attacks that can lead to targeted deanonymization on the web by using CPU cache side channels. In particular, we uncover a set of practical and scalable attacks that can deanonymize users in several important settings for which prior attack methods are not effective. This affects all major browsers, including Chrome, Firefox, Safari, Edge, Tor Browser and numerous major sites, including Google, Twitter, LinkedIn, TikTok, Facebook, Instagram and Reddit. Our attacks run in less than 3 seconds in most cases and can be scaled to target an exponentially large number of users. More importantly, we provide a comprehensive countermeasure against all of the attacks we discovered. This countermeasure is already available on the Chrome and Firefox extension stores and can be downloaded and installed immediately by concerned users. This work was published in the 31st USENIX Security Symposium. |
|
|
Iulian Neamtiu
|
Research Areas: Programming languages, software engineering and their applications to reliable AI, smartphones, security Android Security Our research is focused on security issues in Android apps and the Android platform, including exposing deceptive practices in apps, apps attempting to cover their traces, ransomware, unauthorized collection and transmission of user data in general and personally identifiable health information in particular, apps refusing to disclose the data they collect or refusing to delete data when legally mandated.
|
|
|
Kurt Rohloff |
Research Areas: Encrypted computing, lattice encryption implementation, homomorphic encryption, cryptographic program optimization Combating Data Leaks: PALISADE We developed a widely used open-source lattice encryption library and software engineering tools for a new family of encryption technologies. This software library provides encrypted computing capabilities such as homomorphic encryption, allowing organizations to outsource computation to cloud computing environments without risking privacy and leaking sensitive information to potential adversaries. Improving Usability of Open-Source Software Funded by the first DARPA Young Faculty Award at NJIT and the IARPA HECTOR project, our MARSHAL and Verona projects focus on making it easier to rapidly optimize open-source software to run on commodity hardware. This research focuses on the deployment of the PALISADE open source lattice encryption library on embedded systems. |
|
|
Shantanu Sharma |
Research Areas: Database, security, privacy, blockchain, IoT Information-Theoretically Secure Processing Despite over two decades of research, secure data outsourcing remains an open challenge. Information-theoretically secure techniques provide the highest level of security regardless of the computational capabilities of an adversary. One of the well-known information-theoretically secure techniques is Shamir’s secret sharing. We develop information-theoretically secure data processing systems that can efficiently execute different types of SQL queries on large databases. Furthermore, we focus on information-theoretically secure machine learning techniques. Smart and Privacy-Preserving Smart Spaces Smart spaces are rapidly growing in present time. Examples of smart spaces are office/university buildings, shopping malls, train/bus stations and airports that capture user-related data via different types of sensors. While such sensor data is beneficial to developing multiple value- added services, smart spaces jeopardize user privacy due to mixing sensor data with the digital representation of space. For example, tracking a person in real-time can reveal their behavior. We develop an end-to-end secure and privacy-preserving smart space that respects user privacy at each stage of data processing, such as data collection, storage, processing, sharing and auditing. |
|
|
Cong Shi |
Research Areas: Mobile security, robust and trustworthy machine learning Audio-Domain Position-Independent Backdoor Attack via Unnoticeable Triggers Deep learning models have become key enablers of voice user interfaces. In this project, we aim to investigate an effective yet stealthy training-phase (backdoor) attack in the audio domain, where hidden/unnoticeable trigger patterns are injected through training set poisoning and overwrite the model’s predictions in the inference phase. An attacker can simply play an unnoticeable audio trigger (e.g., bird chirps, foot steps) into live speech of a victim to launch the attack. |
|
