Usable Security and Privacy, Applied Cryptography, Network Security.
Usable Security and Privacy for Mobile Authentication
The domain of Usable Security and Privacy is concerned with the human factor in secure systems: how do users interact with security systems and how does that interaction affect security? In particular, I am interested in mobile authentication which considers how the authentication occurs on the mobile devices, such as smartphones and tablets. I have extensively studied the Android Graphical Password system, or Android Unlock Patterns, as well as designed new mobile authentication systems. Much of this work is done in the PUSH group at UMBC.
Cryptographic Solutions to Achieving Access Privacy in the Cloud
While we may trust the cloud storage to store and provide our data honestly, but what's to stop the cloud from spying on your content or monitoring your actions. Even if data is stored encrypted in the cloud, such that content is not revealed, whenever an access or modification occurs, this can be known through the meta-data logs. Correlations between the timing of access and which files were access, even if encrypted, can reveal sensitive information about users.
The goal of this research is to design cryptographic systems that make these accesses oblivious to the cloud service such that the provider cannot know which encrypted data was accessed, only that something was accessed. One solution to this problem is a system that deploys an ORAM (Oblivious Random Access Memory), cryptographic primitives that provide oblivious read/write access to encrypted databases. The particular problems faced in this research is designing ORAMs that are efficient and practical for cloud applications.