Matthew W. Pagano

Charm: a framework for rapidly prototyping cryptosystems

We describe Charm, an extensible framework for rapidly prototyping cryptographic systems. Charm provides a number of features that explicitly support the development of new protocols, including support for modular composition of cryptographic building blocks, infrastructure for developing interactive protocols, and an extensive library of re-usable code. Our framework also provides a series of specialized tools that enable different cryptosystems to interoperate. We implemented over 40 cryptographic schemes using Charm, including some new ones that, to our knowledge, have never been built in practice. This paper describes our modular architecture, which includes a built-in benchmarking module to compare the performance of Charm primitives to existing C implementations. We show that in many cases our techniques result in an order of magnitude decrease in code size, while inducing an acceptable performance impact. Lastly, the Charm framework is freely available to the research community and to date, we have developed a large, active user base.

Securing electronic medical records using attribute-based encryption on mobile devices

We provide a design and implementation of self-protecting electronic medical records (EMRs) using attribute-based encryption on mobile devices. Our system allows healthcare organizations to export EMRs to locations outside of their trust boundary. In contrast to previous approaches, our solution is designed to maintain EMR availability even when providers are offline, i.e., where network connectivity is not available. To balance the needs of emergency care and patient privacy, our system is designed to provide fine-grained encryption and is able to protect individual items within an EMR, where each encrypted item may have its own access control policy. We implemented a prototype system using a new key- and ciphertext-policy attribute-based encryption library that we developed. Our implementation, which includes an iPhone app for storing and managing EMRs offline, allows for flexible and automated policy generation. An evaluation of our design shows that our ABE library performs well, has acceptable storage requirements, and is practical and usable on modern smartphones.

Securing medical records on smart phones

There is an inherent conflict between the desire to maintain privacy of ones medical records and the need to make those records available during an emergency. To satisfy both objectives, we introduce a flexible architecture for the secure storage of medical records on smart phones. In our system, a person can view her records at any time, and emergency medical personnel can view the records as long as the person is present (even if she is unconscious). Our solution allows for efficient revocation of access rights and is robust against adversaries who can access the phones storage offline.

Client-based authentication technology: user-centric authentication using secure containers

Todays authentication suffers from unsolved problems in security and usability. Adversaries have multiple attack vectors with which to steal user credentials, including phishing, malware, and attacks on service providers. Current security practices such as password-complexity policies and idle timeouts often compromise usability. We propose our solution, Client-Based Authentication Technology (CBAT), to simultaneously improve security and usability in authentication. The main component of CBAT is our Trusted Identity Manager (TIM), which resides within a hardware-based secure container on the users system. The TIM asserts the users authentication to local and remote service providers without releasing the users credentials. In addition, the TIM non-intrusively monitors the users physical presence and locks the system if the user leaves. We provide architectural and implementation details of CBAT in hopes of improving current methods of authentication.