Systems are only as secure as their weakest point of attack. Indeed, the only way to increase the security of a system as a whole is to improve the resilience of its most vulnerable component. Much successful research has focused on developing cryptographic protocols which are secure as long as some information (i.e., a key) is kept secret from the adversary. However, as such algorithms are increasingly deployed on inexpensive, mobile, and unprotected devices (e.g., laptops, mobile phones, and PDAs), the risk of key exposure is becoming a serious threat to the security of many real-world systems. This project aims to develop new paradigms and to design efficient algorithms for maintaining security even in the event of a key exposure attack. Among other topics, the project will focus on (1) forward-secure public-key encryption; (2) forward secrecy in key-exchange protocols; and (3) protecting signcryption schemes against key exposure attacks. The techniques developed as part of this research are expected to help improve the security of a number of different systems, from handheld devices to ad-hoc networks.
Graduate students will be involved in all aspects of this project, and undergraduate involvement will be encouraged as well. The techniques stemming from this research will be incorporated into undergraduate and graduate courses in cryptography and computer security. In these ways, the project will help train future scientists in the important area of information security.
