These projects analyze vehicular networks to identify unqiue security requirements and propose a number of novel solutions for authentication, key management, and verification of data.

Flicker proposes techniques using new features of CPUs from AMD and Intel to minimize the amount of code and hardware that must be trusted when performing security-sensitive tasks.

Phoolproof Phishing Prevention uses a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user’s account even in the presence of keyloggers and most forms of spyware.

Seeing-Is-Believing uses 2D barcodes and camera phones to implement a visual channel for authentication and demonstrative identification of devices.

MiniSec is a secure sensor network communication protocol that provides for stronger security properties while simultaneously consumes less energy.

Broadcast authentication enables receivers of to verify that received messages originated with the claimed source and were not modified en-route. The problem becomes more complex in common settings where other receivers of the data are untrusted, and where lost packets are not retransmitted.

Our projects show how we can design security software for everyday, non-expert users. Projects include: an analysis of two industry pairing specifications; the design of two anti-phishing technologies; and the design of a configuration interface for wireless networks.

We worked on several projects to defend against Denial-of-Service (DoS) and large-scale Distributed-Denial-of-Service Attacks (DDoS), such as network capabilities (SIFF), IP traceback (AMS, FIT), and Path identification (Pi, StackPi).

We seek to improve the security of interdomain routing on the Internet, with a focus on easing the significant deployment hurdles faced by secure routing architectures. This includes innovative approaches to securing the BGP protocol (e.g., SPV, Grassroots PKI) and using multi-path to provide robustness despite insecure BGP.

Today computing systems are increasingly under attack from malware. We explore techniques to prevent malware from tampering with legitimate software executing on computing systems. Our work encompasses a wide variety of computing systems ranging from embedded devices like sensor nodes and cell phones to network servers, without any specialized hardware support such as TCG's TPM chip.

These projects leverage TCG TPM hardware and secure processor extensions to build high-assurance secure systems.

Bump-in-the-Ether (BitE) is a system which leverages a mobile device such as a cell phone to act as a proxy for sensitive user input to a computer platform. The mobile device verifies attestations from the TPM in the platform, before allowing sensitive input to pass to the platform. The user's input is encrypted from the mobile device to the memory space of a target application, defending against traditional forms of spyware and keyloggers.

Typical TPM-based attestation provides load-time guarantees of code loaded for execution. Binding Instructions aNd Data (BIND) is a system which strengthens these properties in three different ways.

We present several projects on secure ad-hoc network routing: Ariadne, SEAD, RAP.

These projects analyze vehicular networks to identify unqiue security requirements and propose a number of novel solutions for authentication, key management, and verification of data.

We present a series of overview articles on secure sensor networks.

Key distribution is the basic task of preloading secret information onto sensor nodes to allow the establishment of shared secret keys for secrecy, authentication and integrity. Large scales of deployment and limited hardware capabilities make this problem particularly challenging for sensor networks. We describe several efficient methods for key distribution that are resilient against attackers that can perform node compromise.

The deployment of sensor networks in security- and safety-critical environments requires secure communication primitives. We present a series of building blocks needed for secure sensor network communication. Our protocol requires no special hardware and provides message delivery even in an environment with active adversaries.

Sensor networks are subject to a number of insidious attacks, including replication attacks, denial-of-message attacks, wormhole and Sybil attacks. Our work investigates innovative algorithms for preventing and/or detecting these attacks.

In-network data aggregation allows sensor nodes to efficiently transmit large volumes of data to an off-site querier. However, since this class of data processing algorithms relies on sensor nodes to perform computations, malicious nodes present in the network can subvert the operation of the network by misrepresenting the data collected by the aggregation algorithm. We present algorithms to detect the presence of falsified aggregation results in sensor networks, thus ensuring the integrity of reported data even in the presence of adversarial sensor nodes.