Home

Security Research

The Insider Threat

Researchers:
Xiaofeng Wang and L. Jean Camp

Description:
How can you distinguish between legitimate insiders and malicious actors on your network? What is the primary source of the networked insider threat: a malicious outsider who is masquerading as an insider; a malicious insider; or an insider who has inadvertently empowered a malicious outsider?

Economics of Security

Researchers:
L. Jean Camp

Description:
When should a firm invest in a security technology? The answer to this question depends upon the economic as well as the technical characteristics of the security technology. Research at IU builds on previous work on vulnerabilities and network economics to examine a range of technologies with fundamentally different economic characteristics: patching of vulnerabilities, IPv6 adoption, and proof work.

Net Trust

Researchers:
L. Jean Camp

Description:
Net Trust is a highly distributed, user-centered, usable trust management architecture resistant to spoofing, sybil attacks, and web scripting. Net Trust fills the gap created by the widespread failure to adopt effective server-to-client authentication mechanisms. Instead of evaluating risk based on unverifiable server-supplied claims (e.g., trust seals or company logos), Net Trust rests upon data sources outside of the target server’s control: behavior of user-selected peer networks and trusted third-parties. Net Trust explicitly leverages the end user as sources of unreliable information, and combines flows of unreliable information to produce reliable information. Net Trust becomes more reliable as the size of the network increases. Net Trust identifies threats using locally-stored individual history, social network history, and third party advisors. Net Trust then responds to threat detection with notification, sometimes prevention through a blocked connection, and potentially remediation or remediation instruction as the indicated threat level increases.

Privacy in Home-Based Ubicomp

Researchers:
L. Jean Camp, Kay Connelly, and Lesa Huber

Description:
Ubiquitous computing, or ubicomp, integrates technology into our everyday environments. Ubicomp fundamentally alters privacy by creating continuous detailed data flows. The privacy challenge is particularly acute in the case of home-based health care where vulnerable populations risk enforced technological intimacy. The promise of ubicomp is also particularly great in the area of home-based health case with the aging of the population. The combination of a vulnerable population, embedded computing, and inadequate privacy regimes may lead to a digital perfect storm. The ubicomp transformation has the ability to lead us to an Orwellian society where people will no longer be aware when they are interacting with the network and creating data records. The potential negative implications of this are clear, and frightening. However, ubicomp has immense potential to improve lives, including the lives of vulnerable individuals who can leverage the abilities of ubicomp to reach or maintain personal independence and autonomy. The difference is how well security and privacy are embedded in design.

Context and Location Aware Access Control

Researchers:
Raquel Hill and Jalal Al-Muhtadi (King Saud University)

Description:
Pervasive computing promises to revolutionize computing, empower mobile users, and enhance mobility, customizability and adaptability of computing environments. Intrinsic to the notion of such environments is the capturing of location and context information. Context awareness and validation enables significant functionality to pervasive computing applications, users, resources and the ways they interact. Much of this functionality depends on validating context information and using it for granting access to data or resources. In this project we propose an encryption and access control framework that uses both context and identity to determine whether an entity or a group of entities may access protected services, data, devices, and other resources. We assume that the resources are context-sensitive, thus requiring the requesting entity to be under a specific context before it is able to access the resource or decrypt the information. Our approach is unique in the way that we decouple context from identity, which adds extra security, facilitates value-added services, and enables efficient key management for group communication.

Access Control for Electronic Voting

Researchers:
Raquel Hill and Juan Gilbert (Auburn University)

Description:
As with most aspects of our society, the voting process has moved from analog to digital. What began in 1850 with an electrochemical vote recorder for legislative roll calls has evolved into systems like PRIME III, a multi-modal voting machine that enables individuals with disabilities to independently cast their votes. In addition to the inherent vulnerabilities in the voting process, the use of computing technology has introduced new ways by which the voting process can be compromised. With the possibility of electronic voting systems becoming more common place, much attention has focused on the evaluation of the security of such systems. These evaluations have shown that the access control and other computer security mechanisms that protect against unauthorized use of electronic voting systems are easily circumvented.

In this project we will use the PRIME III electronic voting platform. First, we hope to understand the access control requirements for electronic voting systems. We plan to map the actions and responsibilities of poll workers and election officials to specific access privileges in the electronic voting system. We also plan to leverage the access control and cryptographic functionality of the IBM 4764 cryptographic co-processor to provide confidentiality and ensure protected access to election ballots and vote count totals.

Characterizing Trusted State

Researchers:
Raquel Hill

Description:
Given the proliferation of malware and software bugs, that often leave our computing systems in a compromised state, we are often making a leap of faith that the computing application or system will perform as expected. Traditional assessment mechanisms like recommendation, reputation, and referral are used to determine whether to trust an entity. These mechanisms may be effective when used in social interactions between humans or maybe even technology assisted interactions with a centralized system. These mechanisms, often manually executed, are far less effective when used to assess the trust of a distributed entity. To be effective, your assessment mechanism must determine whether you are communicating with the appropriate entity, whether that entity’s software will behave as expected, and whether the underlying communication infrastructure is functioning properly. The problem of assessing trust is further complicated by the proliferation of malware, faulty software, and various other security attacks (i.e. spoofing, phishing/imposter systems, etc).

In this project, we will characterize trusted criteria for distributed computing elements. In addition, we will explore the use of trusted computing hardware, such as the Trusted Platform Module (TPM), for measuring and attesting this trusted state.