| Projects - Security
2002 LCS Annual Reports
Secure Hardware Processors using Silicon Physical One-Way Functions (View complete abstract)
Dwaine Clarke, Blaise Gassend, Marten van Dijk and Srinivas Devadas
Introduction: Physical one way functions (POWF) are functions that combine an input value with the state of a physical system to produce an output value. In addition, they have in common with classical one way functions (OWF) that they are difficult to invert: given an output value, it is hard to find an input value and a physical system that would produce that output.
POWFs were introduced in , where they are implemented by shining a mobile laser beam through a nonhomogenous medium and observing the resulting speckle pattern. They were used to make unclonable ID cards. Indeed, an important characteristic of POWFs is that when it is difficult to reproduce the physical system or to characterize it precisely enough to simulate it, an unclonable system results.
In many current applications, in particular smart cards, unclonability is provided by supplying a supposedly secure chip with a key that is supposed to remain hidden within the chip. The chip proves its identity by proving that it is the bearer of the right key. Unfortunately, experience shows that a host of techniques are available for hackers to extract the key from a chip (see ). Once the key is extracted an attacker knows everything about the chip and is able to make a clone, or a malicious imitation of it.
The Untrusted Computer Problem and Camera Based Authentication (View complete abstract)
Matt Burnside, Dwaine Clarke, Blaise Gassend, Thomas Kotwal, Marten van Dijk, Srinivas Devadas, Ronald Rivest
Introduction: The use of computers in public places is increasingly common in everyday life. In using one of these computers, a user is trusting it to correctly carry out her orders. For many transactions, particularly banking operations, blind trust in a public terminal will not satisfy most users. Our aim is therefore to provide the user with authenticated communication between herself and a remote trusted computer, via the untrusted public terminal.
Access-Controlled Resource Discovery (View complete abstract)
Matt Burnside, Dwaine Clarke, Sanjay Raman, Srinivas Devadas, Ronald Rivest
Introduction: Resource discovery is one of the fundamental challenges that must be faced in the context of pervasive computing. The dynamic nature of pervasive networks makes it difficult for users and applications to know exactly which resources are available at any given time. Furthermore, pervasive computing environments typically handle a diverse and heterogeneous set of users and resources, including computationally-limited devcies, posing new and different security challenges. Communication channels between many disparate devices must be secure and access control must be granted to resources in order to regulate their usage. While several systems propose resource discovery solutions for dynamic environments, they do not consider how the integration of security protocols influence scalability and performance. Here we describe a resource discovery system that provides access-controlled resource discovery, using the Intentional Naming System (INS). INS  is a naming system that enables applications to describe what they are looking for not where to find it. The access-controlled resource discovery system is part of a larger security infrastructure based strongly on proxy-based SPKI/SDSI  to provide a distributed security framework for pervasive networks of devices and computers.
Proxy-Based Security Protocols in Networked Mobile Resources (View complete abstract)
Matthew Burnside, Dwaine Clarke, Todd Mills, Andrew Maywah, Srinivas Devadas, Ronald Rivest
Introduction: The goals of ubiquitous and pervasive computing [1, 2] are becoming more and more feasible as the number of computing resources1 in the world increases rapidly. However, there are still significant hurdles to overcome when integrating wearable and embedded resources into a ubiquitous computing environment. These hurdles include designing resources smart enough to collaborate with each other, increasing ease-of-use, and enabling enhanced connectivity between the different resources. Security in the system is extremely important; resources must only allow access to authorized users and must also keep the communication secure when transmitting or receiving personal or private information.