My research is in computer security. My collaborators and I seek to answer basic questions about how to improve the status quo of keeping data and computations secure, while simultaneously providing insights and tools that help practitioners in the near term. Click on the links below to read brief descriptions of some example research projects or check out my full list of publications.

Papers: Crypto 2017, Crypto 2018, Crypto 2019, CCS 2019

Description: We have been exploring committing authenticated encryption, which refers to schemes for which adversaries cannot find multiple secret keys that decrypt the same ciphertext. This proves important in applications like message franking, a cryptographic technique used by Facebook to enable securely reporting of abusive end-to-end encrypted messages. We have also explored new cryptographic constructions for enabling message franking in anonymous communications, and providing the ability to trace the source of a forwarded abusive message - all without sacrificing end-to-end encryption guarantees.

This line of work discovered subtle vulnerabilities in Facebook's message franking scheme (subsequently fixed due to a responsible disclosure process).

Papers: See IPV research group website

Awards: CHI 2018 paper won a Best Paper Award, CSCW 2019 Honorable Mention award, ENGDBV Advocate of New York City 2019

Media coverage: See IPV research group website

Description: Abusers are increasingly exploiting digital technologies in the course of intimate partner violence. In partnership with the New York City Mayor's Office to Combat Domestic Violence, we have conducted qualitative studies of the IPV ecosystem in NYC to help understand how technology arises in abuse situations. We also have explored the spyware as used in intimate partner violence, surfacing the wide variety of apps that can be used as spyware by abusers. Google has already made changes to their policies as a result of our work, and we are working with Google and Symantec on the tricky challenges that "dual-use" apps represent.

Our research team's webpage is here. Our research led to founding the Clinic to End Tech Abuse (CETA), which you can read about here.

Papers: USENIX Security 2015, Oakland 2016, CCS 2017, Oakland 2019, CCS 2019

Awards: Oakland 2016 paper won Distinguished Student Paper Award

Media coverage: Technology Review - Threatpost - Slashdot

Description: We have developed improvements to the usability and security of password-based authentication. Our hardening service Pythia renders stored password hashes uncrackable by offline brute-force attacks using a new cryptographic primitive called a partially oblivious pseudorandom function. More recently, we investigated typo-tolerant password authentication that will automatically correct, on behalf of the user, frequently made typographical errors. In collaboration with Dropbox, we showed that deploying typo-tolerance would help users log in without degrading security. We have explored the implications of password breaches in terms of improving targeted guessing attacks, as well as helped design privacy-preserving breach detection systems as dpeloyed by Cloudflare and Google. Our research helped motivate a change to Google's protocol, and ongoing collaborations with Cloudflare and the HIBP service.

Papers: USENIX Security 2014, CCS 2015

Awards: Best Paper Award for USENIX Security 2014 paper.

Description: We have been investigating machine learning privacy and confidentiality issues. We performed a case study of privacy in pharmacogenetics, wherein doctors use machine learning models to help guide clinical assessments. We show that machine learning models can be abused by a clever attacker to infer genetic information about a person via a technique that we call model inversion. We show that previously suggested countermeasures based on the principle of differential privacy would prevent the attacks, but only while prohibitively increasing risk of negative patient outcomes. In follow-up work, we showed that model inversion works against facial recognition and lifestyle surveys because one can take advantage of real-valued confidence information released by machine learning prediction APIs

Papers: Eurocrypt 2014, Oakland 2015

Media Coverage: MIT Technology Review - Slashdot - Reddit - Business Week - Boston Globe - Threatpost - Daily Mail - Info Security Magazine - Gizmodo

Description: We introduce honey encryption, a form of password-based encryption in which decrypting with incorrect passwords yields fake, but realistic-looking, plaintexts.

CCS 2009, CCS 2012(a), CCS 2012(b), USENIX Security 2014, CCS 2014
Media Coverage (2012):
MIT Technology Review - MIT Technology Review (2) - MIT Technology Review (3) - The New York Times - Network World - Network World (2) - Computer World - Data Center Knowledge - IT Business Edge - - Infoworld
Media coverage (2012):
InformationWeek - MIT Technology Review - Arstechnica - Slashdot - Threatpost - Dark Reading - Hacker News

Practical impact: Our work is helping inform industry best practices. For example, we are referenced in the Cloud Security Alliance's cloud security guide and the European Network and Information Security Agency's report on cloud security. The CCS 2009 paper on new threats in public compute clouds is fortunate to be the second most-cited security paper of those published between 2008 and 2013. More recently, we have shown how side-channel attacks are possible on platform-as-a-service (PaaS) clouds, see our CCS 2014 paper.

CCS 2013, USENIX Security 2014, CCS 2014
My collaborators at Portland State University received a "New Digital Age" grant for our work on FTE. These awards are funded by a generous donation by Google Executive Chairman Eric Schmidt. News articles: ZDnet - Bloomberg

Our CCS 2013 paper was runner up for the Award for Outstanding Research in Privacy Enhancing Technologies.

Practical impact: We introduce format-transforming encryption (FTE), and build particular encryption schemes whose ciphertexts are guaranteed to match against a regular expression of one's choosing. This proves useful in a variety of settings: we show in particular how it can be used to force protocol misclassification by the kinds of deep-packet inspection (DPI) systems used to detect and block censorship circumvention tools such as Tor. Check out the FTE webpage for source code and more details.

Eurocrypt 2013, USENIX Security 2013
We introduce new encryption mechanisms for which ciphertexts can be usefully deduplicated by a storage service (without the keys). A prototype of our system, DupLESS, that can be used by organizations to perform encryption on client side but take advantage of cloud storage that is deduplicated, can be downloaded here.

WOOT 2012, USENIX Security 2013
Practical impact:
We discovered (and helped fix) security vulnerabilities in a widely used smartphone-based point-of-sale system (used to process credit card transactions). See the vulnerability report here. In subsequent work, we built a tool Fie for analyzing embedded firmware to find such vulnerabilities and even verify their absence in some cases.

Asiacrypt 2011, Crypto 2012(a), Crypto 2012(b)
Practical impact:
We uncovered a new attack against the TLS record layer, uncovered weak key pairs in HMAC, and provided the first formal security analysis for PKCS#5 (password-based cryptography).

ICALP 2007, Asiacrypt 2007, Eurocrypt 2009, Eurocrypt 2011
Practical impact:
Our design and analysis techniques are being used by contenders (such as Skein) for NIST's new cryptographic hash function standard SHA-3.