Projects
Active projects are listed below. A list of completed projects is also available.
Reliable Anonymous Communication Evading Censors And Repressors (RACECAR)
The Reliable Anonymous Communication Evading Censors And Repressors (RACECAR) project develops unobservable and compromise-resistant obfuscation channels (sometimes called pluggable transports) for censorship-resistant communication.
RACECAR is a collaborative project between Georgetown University, the U.S. Naval Research Laboratory, and the Tor Project; and is funded through the DARPA RACE project.
Privacy-Preserving Tor Measurements
This project (in collaboration with researchers at University of New South Wales and the U.S. Naval Research Lab) conducts a detailed privacy-preserving measurement study of Tor, to better understand how the network is being (mis)used.
The Tor network is difficult to measure because, if not done carefully, measurements could risk the privacy (and potentially the safety) of the network’s users. Recent work has proposed the use of differential privacy and secure aggregation techniques to safely measure Tor. We significantly enhance two such tools—PrivCount and Private Set-Union Cardinality (PSC)—in order to support the safe exploration of three major aspects of Tor usage: how many users connect to Tor and from where do they connect, with which destinations do users most frequently communicate, and how many onion services exist and how are they used.
Private Set-Union Cardinality (PSC)
This project, in collaboration with researchers at Tulane University and the U.S. Naval Research Lab, introduces a cryptographic protocol for efficiently aggregating a count of unique items across a set of data collectors privately – that is, without exposing any information other than the count. Our protocol allows for more secure and useful statistics gathering in privacy-preserving distributed systems such as anonymity networks; for example, it allows operators of anonymity networks such as Tor to securely answer the question: how many unique users were observed using the distributed service? We formally prove the correctness and security of our protocol in the Universally Composable framework against an active adversary that compromises all but one of the aggregation parties. We also show that the protocol provides security against adaptive corruption of the distributed data collectors, which prevents them from being victims of targeted compromise. To ensure safe measurements, we also show how the output can satisfy differential privacy.
We present a proof-of-concept implementation of the private set-union cardinality protocol (PSC) and use it to demonstrate that PSC operates with low computational overhead and reasonable bandwidth. In particular, for reasonable deployment sizes, the protocol run at timescales smaller than the typical measurement period would be and thus is suitable for distributed measurement.
DeDOS: Declarative Dispersion-Oriented Software
The goal of this project is to create fundamentally new defenses against distributed denial-of-service (DDoS) attacks that can provide far greater resilience to these attacks compared to existing solutions. Today’s responses to DDoS attacks largely rely on old-school network-based filtering or scrubbing, which are slow and manual, and cannot handle new attacks. DeDOS takes a radically different approach that combines techniques from declarative programming, program analysis, and real-time resource allocation in the cloud.
Rather than relying on traditional detection and mitigatiton techniques, the project aims to develop a new software architecture from the ground up that make it significantly harder for an attacker to slow down to system without expending large amounts of resources. For example, instead of running monolithic software and naively replicating it when under an attack, DeDOS logically and physically restructures complex software systems into smaller components that can react to attacks at a much finer granularity. DeDOS also uses state-of-the-art resource allocation algorithms to achieve near-optimal use of system resources and to support critical, time-sensitive applications, such as situational awareness.
Hidden Voice Commands
Voice interfaces are becoming more ubiquitous and are now the primary input method for many devices. We explore in this project how they can be attacked with hidden voice commands that are unintelligible to human listeners but which are interpreted as commands by devices. We evaluate these attacks under two different threat models. In the black-box model, an attacker uses the speech recognition system as an opaque oracle. We show that the adversary can produce difficult to understand commands that are effective against existing systems in the black-box model. Under the white-box model, the attacker has full knowledge of the internals of the speech recognition system and uses it to create attack commands that we demonstrate through user testing are not understandable by humans. We then evaluate several defenses, including notifying the user when a voice command is accepted; a verbal challenge-response protocol; and a machine learning approach that can detect our attacks with 99.8% accuracy. More info…