CACC Computing Research @ UCONN.
The Connecticut Cybersecurity Center (C3) leverages the synergies existing in CHEST, CSI, and VoTeR to investigate, develop, promote, and nurture the best hardware and software based security practices for indispensible defense and commercial (e.g., insurance, telecommunications) application domains and, in particular, for emerging fields such as mobile device security.
Affiliated faculty members
July 2006 - Present
The mission of the VoTeR Center is to advise state agencies in the use of electronic election technologies, to investigate voting solutions and voting equipment, and to develop and recommend safe use procedures for electronic systems used in the electoral process. Home page
July 2015 - Present
The Center for Hardware Assurance, Security, and Engineering (CHASE) has now transitioned into CHEST, the Center for Hardware and Embedded Systems Security and Trust. The CHEST consortium is funded by a combination of National Science Foundation grants and memberships by industry and non-profit institutions. Home page
July 2017 - Present
With an investment over the next 5 years, Synchrony Financial and UConn aim to counter teh growing threats of foreign and domestic cybercrime by developing information security talent and leading research to help companies and coumsers stay ahead of these threats. Through the partnership, Synchrony Financial will provide an endowment for the Synchrony Financial Chair in Sybersecurity to lead cybersecurity education at UConn and help develop a strong pipeline of information security talent. Home page
July 2012 - Present
The School of Engineering at the University of Connecticut, in partnership with Comcast, inaugurated a signature initiative, establishing the Comcast Center of Excellence for Security Innovation.Comcast, one of the largest cable and content providers in the country, is committed to providing the highest security to its customers. The CSI center mission is to lead research, teaching, and workforce development in hardware, software, and network security. Home page
Flow correlation is the core technique used in a multitude of deanonymization attacks on Tor. Despite the importance of flow correlation attacks on Tor, existing flow correlation techniques are considered to be ineffective and unreliable in linking Tor flows when applied at a large scale, i.e., they impose high rates of false positive error rates or require impractically long flow observations to be able to make reliable correlations. In this paper, we show that, unfortunately, flow correlation attacks can be conducted on Tor traffic with drastically higher accuracies than before by leveraging emerging learning mechanisms. We particularly design a system, called DeepCorr, that outperforms the state-of-the-art by significant margins in correlating Tor connections. DeepCorr leverages an advanced deep learning architecture to learn a flow correlation function tailored to Tor's complex network- this is in contrast to previous works' use of generic statistical correlation metrics to correlate Tor flows. We show that with moderate learning, DeepCorr can correlate Tor connections (and therefore break its anonymity) with accuracies significantly higher than existing algorithms, and using substantially shorter lengths of flow observations. For instance, by collecting only about 900 packets of each target Tor flow (roughly 900KB of Tor data), DeepCorr provides a flow correlation accuracy of 96% compared to 4% by the state-of-the-art system of RAPTOR using the same exact setting. We hope that our work demonstrates the escalating threat of flow correlation attacks on Tor given recent advances in learning algorithms, calling for the timely deployment of effective countermeasures by the Tor community.
One of the first major breakthroughs of computer science in the 21st century has been the discovery and practical demonstration of encrypted computing technologies such as Fully Homomorphic Encryption (FHE). FHE allows sensitive data to be encrypted such that arbitrary programs can be securely run over the encrypted data where the output, when decrypted, is equivalent to the result of running the original algorithm on the unencrypted data. FHE is ground-breaking in its ability for privacy-preserving data science on sensitive data sets. As part of academic work supported by DARPA, the NIH and private investors, we discuss theory, algorithmic, software engineering and systems research that has enabled the application of FHE in practical military, medical and financial applications, such as secure end-to-end encrypted VoIP teleconferencing on stock iPhones, Genome-Wide Association Studies on encrypted genomic data and Anti-Money-Laundering (AML) applications. Enabling these research and application activities is the PALISADE open-source lattice encryption library.
We study the hardness of error correction in the exponent and the implications for computational fuzzy extractors. We give a tight lower bound on source entropy to for security of our construction. Specifically, this talk will focus on the motivation for error correcting codes in the exponent and what is possible with purely linear operations in the Generic Group Model.
The extraction of consistent and identifiable features from an image of the human iris is known as iris recognition. Identifying which pixels belong to the iris, known as segmentation, is the first stage of iris recognition. Errors in segmentation propagate to later stages. We focus on approaches using convolutional neural networks (CNN). Variants of CNNs are used to both segment iris images and extract feature vectors per iris. These features are ultimately fed into a cryptography pipeline for key derivation. We choose the iris since it is empirically among the best biometrics. Deriving keys from irises is harnessing the entropy embedded into the iris. The segmentation and the feature extraction process output noisy feature vectors. We see ways to reduce this noise since the noisy feature vector has implications on the correctness and security of the key derivation scheme. We see different trade-offs and their effects on the security of the key derivation system.
An obfuscated program reveals nothing about its design other than its input/output behavior. A digital locker is an obfuscated program that outputs a stored cryptographic key if and only if a user enters a previously stored password. A digital locker is private if it provides an adversary with no information with high probability. An ideal digital locker also prevents an adversary from mauling an obfuscation on one password and key into a new program that obfuscates a related password or key. There are no known constructions of nonmalleable digital lockers (in the standard model).
Komargodski and Yogev (Eurocrypt, 2018) constructed a simpler primitive: a nonmalleable keyless digital locker. For this functionality, a user can only confirm if their point is correct. This primitive is known as nonmalleable point obfuscation. Their construction prevents an adversary from transforming an obfuscation into an obfuscation on a related password.
We construct the first two nonmalleable digital lockers. Our designs are a novel combination of a new single-bit digital locker, nonmalleable codes, and universal hashing. The first construction supports a binary nonmalleable code and the second extends to larger alphabets.
Both constructions require a common reference string.
Tolerant Algebraic Side-Channel Attack (TASCA) is a combination of algebraic and side-channel analysis with error tolerance. Oren et al., used mathematical programming to implement TASCA over a round-limited version of AES. Liu et al. revisited their results and introduced a TASCA-CP model that delivers solutions to this 1-round relaxation with orders of magnitude improvement in both solving time and memory consumption.
My talk focuses on our latest work which extends the result and considers TASCA for the full 10-rounds AES algorithm. Two approaches are introduced: staged and integrated. The staged approach uses TASCA-CP as a spring board to enumerate and check its candidate solutions against the requirements of subsequent rounds. The integrated model formulates all the rounds of AES together with side-channel constraints on all rounds within a single unified optimization model. Empirical results shows both approaches are suitable to find the correct key of AES while the integrated model dominates the staged both in simplicity and solving time.
Since the famous cyber warfare, Stuxnet, was known to the world, the security issues of industrial control systems or cyber-physical systems draw a huge amount of attention. Most of the cyber-physical systems in practice are still using legacy devices, which offer very limited computational power and almost no security protection. Cryptography, as a basic primitive to achieve security goals, is sometimes considered to be too expensive in computation for legacy systems. In this dissertation, we will show how to efficiently leverage the limited computational power on CPS devices to secure a CPS under the attacks initiated from sensors, controllers and servers using cryptographic methods. More specifically, we will present an intrusion-tolerant and privacy-preserving sensor fusion scheme, a lightweight intrusion detection system for CPSs, and a two-factor authenticated key exchange protocol based on historical data.
The development of smart grid in the U.S. over the last decade significantly enhanced data acquisition capabilities on the transmission system. For the distribution network, numerous remote control devices and voltage/var control systems have been installed and millions of smart meters are now operational on the customer side. Although the level of automation has been improved, there are great challenges in the grid's ability to withstand extreme events such as catastrophic hurricanes and earthquakes. Resiliency of the future grid can be achieved by enabling flexible reconfiguration with distributed resources, e.g., microgrid, distributed generations, as well as renewable and storage devices. Advanced and distributed operation and control will be critical for the vision. Fast increasing connectivity of the devices and systems on the power grid also led to a serious concern over the security of the complex cyber-physical system. Progress has been made in developing new technologies for cyber security of the power grid, including monitoring, vulnerability assessment, intrusion detection, and mitigation.
This talk will present three topics about the security of industrial control systems. In particular, they are power grid, wind farm and industrial robots. The usual attack vectors will be presented. In addition, I will talk about the competition Saeed, Mason and I participated last semester in NYU. The theme of the competition is to build an intrusion detection system for industrial control system. We will give the FRIST EVER DEMO in our security seminar to show the effectiveness of our system.
Cryptographically Protected Database Search / Ben Fuller (University of Connecticut). Protected database search systems cryptographically isolate the roles of reading from, writing to, and administering the database. This separation limits unnecessary administrator access and protects data in the case of system breaches. Since protected search was introduced in 2000, the area has grown rapidly; systems are offered by academia, start-ups, and established companies. However, there is no best protected search system or set of techniques. Design of such systems is a balancing act between security, functionality, performance, and usability. This challenge is made more difficult by ongoing database specialization, as some users will want the functionality of SQL, NoSQL, or NewSQL databases. This database evolution will continue, and the protected search community should be able to quickly provide functionality consistent with newly invented databases.
At the same time, the community must accurately and clearly characterize the tradeoffs between different approaches. In this talk, we survey the range of tradeoffs between security and privacy. In particular, we
1) identify the important primitive operations across database paradigms,
2) evaluate the current state of protected search systems in implementing these base operations, and
3) analyze attacks against protected search for different base queries.
Modern CPUs take advantage of speculative out-of-order execution methods to provide better performance. Recently, two fatal attacks, Meltdown and Spectre, have been introduced which can exploit this feature and break down the security of most PCs, Laptops, Smartphones, and clouds. Currently, there is no effective solution to mitigate the attacks and it seems that serious changes must be considered in designing of modern CPUs. In this talk, Meltdown and Spectre will be explained.
Cyber-Physical Systems (CPSs) form a ubiquitous, networked, computing substrate that underlies much of modern technological society. Researchers and hackers have shown that these kinds of networked embedded systems are vulnerable to remote security attacks, which can cause damage to physical infrastructure such as vehicles, power grids, manufacturing systems and so on, while hiding the effects from monitors. The requirement of designing secure CPSs introduces new challenges. We will provide an overview of research that uses the knowledge of the system dynamics to guarantee security and resiliency properties of CPSs, capable of dealing with attacks on the environment of the controller, including attacks on sensors, actuators, and communication media. From the perspective of detection, the trade-off between control system performance and the detection rate for attacks highlights the need to provide an optimal control policy that balances the security overhead with control cost. We employ a hybrid state, zero-sum, stochastic game approach to obtain an optimal switching policy between subsystems in presence of different types of attacks. We also design low cost, time-varying coding techniques with respect to sensor outputs for detecting stealthy data injection attacks to the communication channels.
Bias-resistant public randomness is a critical component in many (distributed) protocols. Generating public randomness is hard, however, because active adversaries may behave dishonestly to bias public random choices toward their advantage. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. We proposed two large-scale distributed protocols, RandHound and RandHerd, which provide publicly-verifiable, unpredictable, and unbiasable randomness against Byzantine adversaries. RandHound relies on an untrusted client to divide a set of randomness servers into groups for scalability, and it depends on the pigeonhole principle to ensure output integrity, even for non-random, adversarial group choices. RandHerd implements an efficient, decentralized randomness beacon by using RandHound in a one-time setup to arrange participants into verifiably unbiased random secret-sharing groups, which then repeatedly produce random output at predefined intervals. Our prototype demonstrates that RandHound and RandHerd achieve good performance across hundreds of participants while retaining a low failure probability by properly selecting protocol parameters, such as a group size and secret-sharing threshold. RandHound (512 nodes sharded into groups of 32) produces fresh random output after 240 seconds while RandHerd after approximately 6 seconds, following one-time RandHound setup. For this configuration, both protocols operate at a failure probability of at most 0.08% against a Byzantine adversary.
We consider a setting where users store their encrypted documents on a remote server and can selectively share documents with each other. A user should be able to perform keyword searches over all the documents she has access to, including the ones that others shared with her. The contents of the documents, and the search queries, should remain private from the server.
This setting was considered by Popa et al. (NSDI '14) who developed a new cryptographic primitive called Multi-Key Searchable Encryption (MKSE), together with an instantiation and an implementation within a system called Mylar, to address this goal. Unfortunately, Grubbs et al. (CCS '16) showed that the proposed MKSE definition fails to provide basic security guarantees, and that the Mylar system is susceptible to simple attacks. Most notably, if a malicious Alice colludes with the server and shares a document with an honest Bob then the privacy of all of Bob's search queries is lost.
In this work we revisit the notion of MKSE and propose a new strengthened definition that rules out the above attacks. We then construct MKSE schemes meeting our definition. We first give a simple and efficient construction using only pseudorandom functions. This construction achieves our strong security definition at the cost of increasing the server storage overhead relative to Mylar, essentially replicating the document each time it is shared. We also show that high server storage overhead is not inherent, by giving an alternate (albeit impractical) construction that manages to avoid it using obfuscation.
Given the value of imported counterfeit and pirated goods, the need for secure supply chain management is pertinent.
Maleki et al.(HOST 2017) propose a new management scheme based on RFID tags (with 2-3K bits NVM) which, if compared to other schemes, is competitive on several performance and security metrics. Its main idea is to have each RFID tag stores its reader events in its own NVM while moving through the supply chain. In order to bind a tag's identity to each event such that an adversary is not able to impersonate the tag's identity on another duplicate tag, a function with a weak form of unforgeability is needed. In this paper, we formally define this security property, present three constructions (MULTIPLY-ADD, ADD-XOR, and S-Box-CBC) having this security property, and show how to bound the probability of successful impersonation in concrete parameter settings. Finally, we compare our constructions with the light-weight hash function PHOTON used by Maleki et al. in terms of security and circuit area needed. We conclude that our ADD-XOR and S-Box-CBC constructions have approximately 1/4 - 1/3 of PHOTON's total circuit area (this also includes the control circuitry besides PHOTON) while maintaining an appropriate security level which takes care of economically motivated adversaries
Bitcoin is a blockchain protocol where finalized transactions need a "proof of work". Such protocols have been criticized for a high demand for computing power i.e., electricity. There is another family of protocols which deals with a "proof of stake". In these protocols, the ability to make a transaction depends on your "stake" in the system instead of your computing power. In both cases, it is notoriously difficult to mathematically prove that these protocols are secure. Only a handful of provably secure protocols exist today.
In this talk, I will tell a lighthearted story about the basics of the proof-of-work vs. proof-of-stake protocols. No equations. Please drop by.
AES is a mainstream block cipher used in many protocols and whose resilience against attack is essential for cybersecurity. In , Oren et al. discuss a Tolerant Algebraic Side-Channel Analysis (TASCA) and show how to use optimization technology to exploit side-channel information and mount a computational attack against AES. This paper revisits the results and posits that Constraint Programming is a strong contender and a potent optimization solution. It extends bit-vector solving as introduced in , develops a CP and an IP model and compares them with the original Pseudo-Boolean formulation. The empirical results establish that CP can deliver solutions with orders of magnitude improvement in both run time and memory usage, traits that are essential to potential adoption by cryptographers.
Messaging applications are in wide use, but users are rightfully concerned about commercial and governmental surveillance. Popular messaging applications provide end-to-end encryption for data, but leave the sensitive metadata exposed - at least to the service providers. Existing proposals and systems for anonymous messaging are either impractical, due to excessive costs and complexity, or insecure, with anonymity depending on trusted provider(s).
We report on our research towards truly anonymous, yet practical, messaging systems. We present the Anonymous Post-office Protocol (AnonPoP), a messaging protocol ensuring strong anonymity to senders and recipients, even against powerful adversaries. AnonPoP utilizes two kinds of (possibly corrupt) servers: mixes and post-offices. AnonPoP is practical, scalable and efficient, with reasonable overhead in latency and communication. Furthermore, it is appropriate even for use in mobile devices, with modest, reasonable energy consumption (validated experimentally).
The AnonPoP design is not yet sufficient for a complete anonymous system. We discuss some of the additional required work, including several research directions (and some early results). These include an efficient anonymous notification protocol (AnoNotify), protocol to mitigate malicious mix servers, and investigation of mechanisms to securely setup the anonymous keying materials.
Joint work with George Danezis, Nethanel Gelernter, Hemi Leibowitz and Ania Piotrowska.
Research Education Opportunities for Undergraduates and Graduate Assistants in Areas of National Needs
Summer 2020 REU site is canceled due to the COVID-19 situation. We regret any inconvenience this may cause, and your understanding is appreciated.
Multiple 3-year fellowships available for PhD students interested in security
Keep your calendar open for the 2020 edition of CyberSEED!
Hosted by the Synchrony Center, CyberSEED brings together dozens of universities and colleges to compete in unique cybersecurity challenges for awesome prizes. CyberSEED
Hosted at IPB On behalf of SoTS together with ACR (last summer). It was led by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), the National Association of State Election Directors (NASED), and the National Association of Secretaries of State (NASS).
Feel free to contact any of us if you wish to ask questions about CACC or its sub-centers. We will be delighted to help you out!
Innovation Partnership Building 159 Discovery Drive Storrs, CT 06269