Upload
joella-teresa-mcdaniel
View
216
Download
0
Embed Size (px)
Citation preview
Research Overview
Nitesh [email protected]
Research areas: computer and network security, applied cryptography
Research Group
5 Ph.D. students 2 M.S. students 1 undergraduate student You?
if you is creative if you likes math (at least not math-phobic) if you is good at programming if you does not like being spoon-fed if you is a team player if you have a life beyond work
Collaboration
NYU-Poly NYU Nokia Research, Finland INRIA, France UC Irvine CMU University of Split, Croatia
Secure Device Pairing
The Problem
How to bootstrap secure communication between Alice’s and Bob’s devices when they have no prior context no common trusted CA or TTP
Examples
Pairing a bluetooth cell phone with a headset
Pairing a WiFi laptop with an access point
Idea make use of a physical channel between devices with least involvement from Alice and Bob
Audio; Visual; Tactile
Research Challenges
OOB channels are low-bandwidth Devices may be constrained in terms of
interfaces User is constrained - Usability Multiple devices
Sensor network initialization Group formation
Ohh! I cannot even pair my socks!
RFID Security and Privacy
The Privacy Problem
Good tags, Bad readers
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Viagramedical drug #459382
The Authentication Problem
Good readers, Bad tags
500 Eurosin wallet
Serial numbers:597387,389473
…
Wigmodel #4456
(cheap polyester)
30 items of lingerie
Das Kapital and Communist-
party handbook
Viagramedical drug #459382
Counterfeit!!
Relay Attacks (e.g., Ghost-and-Leech Attacks)
challenge
challenge
challenge
response
response
response
Research Challenges
Very limited resources a $0.03 tag can’t do much computationally
only and-or-xor operations might be feasible has only ~2,000 gates for security
operations few bits to few bytes of memory
No user interfaces Atypical usage model Studying real-world deployments
Other Ongoing Projects
Mobile Phone Assisted Strong Password Authentication
Password-Protected Secret Sharing and Distributed Function Computation
Privacy of Web Search Security and Privacy of P2P Systems Inference of Private Attributes on
Facebook Games and Security
Thanks!
More details: http://cis.poly.edu/~nsaxena/research.html