Security & Privacy
Developing technologies that intelligently support usable security and privacy for ubiquitous computing environments

The proliferation of networked devices has long posed a security challenge in protecting sensitive content, along with a usability challenge for people trying to access it.

Similarly, as people increase their virtual presence – personally and professionally – users are unaware of the many real threats to privacy.

PARC Approach

PARC’s pioneering work in ubiquitous computing highlighted the need for a world-class research capability in security. With expertise in applied cryptography, human factors, and network security, PARC researchers are developing new technologies that intelligently support usable security and privacy for ubiquitous computing environments.

While our security researchers' work is often a key component of client-sponsored engagements, the team has also developed turnkey security and privacy solutions.

Focus Areas

• Usable Security — enabling easy management of large networks of devices, as well as usable access control for distributed content
   
• Fraud and Crimeware Defense — using a socio-technical approach to anticipate trends and develop robust protection mechanisms
   
• Data Privacy — using semi-automated methods for protecting content, based on deep content analysis and inference control

Team & Activities

Contributors

• Richard Chow
• Philippe Golle
• Markus Jakobsson
• Teresa Lunt 
• Elaine Shi
• Diana Smetters
• Jessica Staddon

Recent Selected Publications

Breaking out of the Browser to Defend Against Phishing Attacks, CEAS 2008

Love and Authentication, ACM CHI 2008

Delegating Capabilities in Predicate Encryption Systems, ICALP 2008

Why and How to Perform Fraud Experiments, IEEE Security & Privacy March/April 2008

Machine Learning Attacks Against the Asirra CAPTCHA, ACM CCS 2008

Detecting Privacy Leaks Using Corpus-based Association Rules, KDD 2008

Ad hoc guesting: when exceptions are the rule, Usability, Psychology and Security (UPSEC) 2008

Making CAPTCHAs Clickable, HotMobile 2008

A content-driven access control system, IDTrust '08

Private Social Network Analysis: How to Assemble Pieces of a Graph Privately, Workshop on Privacy in the Electronic Society
[2007 Runner-Up Award for Outstanding Research in Privacy Enhancing Technologies, PET Workshop]

Vault: Practical Uses of Virtual Machines for Protection of Sensitive User Data, Proceedings of The 3rd Information Security Practice and Experience Conference

Web-based inference detection, USENIX Security 2007

Cryptanalysis of a cognitive authentication scheme, IEEE Security and Privacy 2007

Conferences

• ACM Workshop on AISec
• Financial Crypto 2009
• AsiaCCS 2009
• ACNS 2009

Journals

• International Journal of Information Security and Privacy
• International Journal of Information and Computer Security (IJICS)
• Journal of Computer Security