My current research is in network security and usable security, with a particular focus on anywhere that humans interact with security and privacy features.
TrustBase is an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The secure socket API extends the POSIX socket API to provide simple developer usability for TLS and administrator control over how TLS is configured on their machines. This work is led by Mark O'Neill.
Most popular secure messaging applications are usable because they hide many of the details of how encryption is provided. However, the strength of the security properties of these applications rests on the authentication ceremony, in which users validate the encryption keys being used. Unfortunately, recent studies show that most users do not know how to successfully complete this ceremony and are thus vulnerable to potential attacks. We have studied the usability of a variety of secure messaging applications and are developing methods to improve the usability of the authentication ceremony, so that it is easy for users to locate and complete the ceremony. This work is led by Elham Vaziripour.
We are interested in understanding obstacles to the adoption of encryption by the general public. Our current work includes a recent paper developing mental models of how people understand and interact with encryption. We are working on applying lessons learned from this work to new designs for secure applications. This work is led by Justin Wu.
We are interested in understanding how to help people understand when they are at risk when interacting with web pages. As all web pages are beginning to be served over HTTPS, connection security is no longer a sufficient indicator of risk. This work is led by Matt Holt.
A major challenge for secure applications is key management, particularly for the general public, who typically have little experience with cryptography. Significant issues include key discovery, key backup, and key portability.
Past research topics include measurements of TLS proxies, measurements of the Steam game network, cloud storage, sentiment analysis, wireless networks, streaming video algorithms, peer-to-peer networking, and multicast routing. See Publications for more details.