Recent cyber attacks have shown the degree of vulnerability on the individual to the corporate to national level. Everyone is vulnerable, from the consumer using a credit card to make an online purchase, to the multi-national corporation whose systems are hacked, to national infrastructure and defense networks.
Recent criminal attacks on computing devices and computer systems allow criminals to access private data without actually breaking the paradigm of provable-security, by exploiting some alternative and subtle weaknesses of the implemented systems (for instance through physical attacks mounted on computing devices or through clever internet-based attacks via exploiting concurrency of the communication). Examples of such attacks include measuring the power consumption of a computing device or manipulating its randomness generation process, or attacking multiple instances of the same protocol simultaneously on the internet. Moreover, the spread of light-weight (and extremely cheap) devices such as smart-cards and RFID chips makes evident that physical leakage of information must be prevented even when criminals are capable of physical reset of a device as well as manipulating network messages of computing artifacts.
While the theory of many of the above attacks has been recently developed in cryptography, the ongoing research of security of network attacks and reset attacks so far produced very limited results. We address challenges posed by such sophisticated criminal attacks with the goal of making such attacks computationally much harder to perpetrate. Our objectives include designing stronger security defenses for an important class of attacks on computational devices, including information-theoretic guarantees even during reset and network attacks on weak computational devices. The goals of this research includes obtaining feasibility and impossibility results for multiple cryptographic tools, and developing novel security techniques that when combined together, provide much stronger defenses for deployed systems.