Raquel Hill

Context and location-aware encryption for pervasive computing environments

Pervasive computing promises to revolutionize computing, empower mobile users, and enhance mobility, customizability and adaptability of computing environments. Intrinsic to the notion of such environments is the capturing of location and context information. Context awareness and validation enables significant functionality to pervasive computing applications, users, resources and the ways they interact. Much of this functionality depends on validating context information and using it for granting access to data or resources. In this paper we propose an encryption and access control framework that uses both context and identity to determine whether an entity or a group of entities may access protected services, data, devices, and other resources. We assume that the resources are context-sensitive, thus requiring the requesting entity to be under a specific context before it is able to access the resource or decrypt the information. Our approach is unique in the way that we decouple context from identity, which adds extra security, facilitates value-added services, and enables efficient key management for group communication

Supporting dynamically changing authorizations in pervasive communication systems

In pervasive computing environments, changes in context may trigger changes in an individuals access permissions. We contend that existing access control frameworks do not provide the fine-grained revocation needed to enforce these changing authorizations. In this paper, we present an authorization framework, in the context of the Gaia OS for active spaces, which integrates context with authorization and provides fine-grained control over the enforcement of dynamically changing permissions using cryptographic mechanisms. Our design, implemented in middleware using distributed objects, addresses the limitations of traditional authorization frameworks and the specific access control needs of pervasive computing environments. As part of our proposed framework, we define cryptographic protocols that enforce access to the systems communication channels and provide secure delivery of messages. We also provide a proof of correctness of key agreement and freshness using the standard BAN deduction system.

Quantifying non-functional requirements: a process oriented approach

In this work, we propose a framework for quantifying non-functional requirements (NFRs). This framework uses quality characteristics of the execution domain, application domain and component architectures to refine qualitative requirements into quantifiable ones. Conflicts are resolved during the refinement process and more concrete non-functional requirements are produced.

Uniqueness and how it impacts privacy in health-related social science datasets

Social scientists, like those performing research at the Kinsey Institute for Research in Sex, Gender and Reproduction, may use surveys to gather large amounts of sensitive data. Unlike purely medical-related datasets, these social science datasets tend to be sparse and high-dimensional, which presents opportunities to characterize participants in the dataset in unique ways. These unique characterizations may enable individuals to be linked to external data in ways that have not been previously considered. Therefore, traditional approaches to de-identifying data, such as fulfilling HIPAA requirements, may not be sufficient for preventing the re-identification of participants in large social science datasets. In this paper, we evaluate the statistical characteristics of two high-dimensional social science datasets to better understand how unique features impact privacy. We apply a class of statistical de-anonymization attacks in an attempt to achieve theoretical re-identification of participants. We assume that an attacker has exact knowledge of a subset of attribute values for a particular record, and wants to link this subset of data to the actual record to discover the remaining content. We show that although 98% of the records within the dataset are unique given any three attributes, re-identification of the records may not be easily achieved. We attribute limited re-identification to the inherent similarity in the human behavior that the scientists measure. This work is the first to characterize re-identification risks in high-dimensional data that is collected in surveys designed to capture the various behaviors and experiences of groups of individuals.

Detecting covert communication on Android

Using covert channels, malicious applications on Android-based smartphones are able to subvert the permission system and share data in a potentially untraceable manner. These channels are easy to exploit today, and have enough bandwidth to transmit sensitive information in real-time between collaborating applications. In this paper, we define and implement an application layer covert communications detector that does not require special permission from the user. We quantify the effect our detector has on channel capacities for malicious applications that wish to remain stealthy. Lastly, we evaluate the robustness of the volume and vibration channels on the Android emulator, HTC G1, and Motorola Droid, as well as characterize the effects of background noise on data loss and transfer rates.

Building a trusted image for embedded systems

In this work, we propose PlugNPlay Trust, an integrity measurement framework which enables a remote system to evaluate the integrity and state of an embedded node. The PlugNPlay Trust design exploits the relatively static nature of embedded communication systems and uses a Trusted Platform Module (TPM) to measure the state and provide identity verification for the embedded host. This framework enables remote parties to confirm the integrity of embedded communication systems, thereby limiting the effects and the proliferation of malware in compromised system. We implement a prototype of the PlugNPlay framework using Live CD technologies and a USB Flash-drive. We measure the performance of our system and show that our design choices result in efficient measurement and verification of system integrity.

Quantifying and Classifying Covert Communications on Android

By exploiting known covert channels, Android applications today are able to bypass the built-in permission system and share data in a potentially untraceable manner. These channels have sufficient bandwidth to transmit sensitive information, such as GPS locations, in real-time to collaborating applications with Internet access. In this paper, we extend previous work involving an application layer covert communications detector. We measure the stability of the volume and vibration channels on the Android emulator, HTC G1, and Motorola Droid. In addition, we quantify the effect that our detector has on channel capacities for stealthy malicious applications using a theoretical model. Lastly, we introduce a new classification of covert and overt communication for the Android platform.

A Language Based Security Approach for Securing Map-Reduce Computations in the Cloud

We present a model for securing Map/Reduce computation in the cloud. The model uses a language based security approach to enforce information flow policies that vary dynamically due to a restricted revocable delegation of access rights between principals. The decentralized label model (DLM) is used to express these policies. We present a scenario that shows the flexibility and efficiency of our model in securing Map/Reduce computations running on the cloud infrastructure.

StaticTrust: A Practical Framework for Trusted Networked Devices

Given the proliferation of malware and malicious activities, the integrity of communication systems is an ever growing concern. In this work, we propose StaticTrust, an integrity measurement framework which enables a system to evaluate the integrity and state of a remote client prior to providing trusted communication services. StaticTrust is designed for a specific class of network devices that have software images that change infrequently and require tight configuration control (e.g. routers, switches, trusted gateways, or high-low guards). StaticTrust exploits the relatively static nature of these communication systems and uses a Trusted Platform Module (TPM) to measure the state and provide identity verification for the device. This framework, coupled with the attestation and dynamic firewall exception services we authored, enables remote parties to confirm the integrity of clients, thereby limiting the effects and the proliferation of malware in a compromised system. We implement a prototype of the StaticTrust framework and measure the performance of our system to show that our design choices for constructing the software image result in efficient measurement and verification of system integrity.

Prime III: Defense-in-Depth Approach to Electronic Voting

Abstract Usability and security are critical issues in electronic voting system development. With these as the main concern, the Prime III electronic voting system implements usability with security such that all eligible voters regardless of their ability or disability to privately and securely vote using the same model of election machines. The Prime III electronic voting system has openly addressed many of the associated problems of usability, by using a multimodal user interface that enables voters to cast their vote by touch and/or voice. The purpose of this article is to examine the security components within Prime III because very little attention has been given to potential solutions to issues in electronic voting.