IEEE Security & Privacy

Today, with the rapid deployment of wireless systems, a wide variety of applications ranging from modern payment systems to access control for critical infrastructures depend on location and proximity information. With the advent of the Internet of Things and autonomous cyber-physical systems, the dependency on location and proximity is only likely to increase in the future. Current proximity veri... View full abstract»

Cloud computing has emerged as a dominant platform for computing forthe foreseeable future, resulting in an ongoing disruption to the waywe build and deploy software. This disruption offers a rareopportunity to integrate new approaches to computer security. In thispaper we outline a vision of security in this new era of cloudcomputing, laying out an argument for how the aggregating effect ofcloud ... View full abstract»

In August 2015 the U.S. National Security Agency (NSA) released a major policy statement on the need for post-quantumcryptography (PQC). This announcement will be a great stimulus to the development, standardization, and commercialization of new quantum-safe algorithms. However, certain peculiarities in the wording and timing of the statement have puzzled many people and given rise to much specula... View full abstract»

End-to-end (E2E) verifiability has been widely identified as a critical property for the adoption of e-voting systems in real world election procedures. In this work, we present a new e-voting system that is E2E verifiable without any additional “setup” assumption or access to a random oracle. Previously known E2E verifiable e-voting systems required such additional assumptions (spec... View full abstract»

A widely discussed issue in Internet voting is the secure platform problem: ensuring vote secrecy and/or vote integrity in the presence of compromised voting devices. A well-known approach to address this issue is code voting. Code voting systems differ regarding their security level: some ensure either vote secrecy or vote integrity, while others ensure both. However, these systems potentially im... View full abstract»

Users often don’t follow expert advice for staying secure online, but the reasons for users’ non-compliance are only partly understood. While some experts express frustration with users for ignoring existing advice, others argue that the advice itself is part of the problem. To inform this debate, we surveyed 231 security experts and asked, “What are the top 3 pieces of advice... View full abstract»

Secure internet voting still eludes us. Although progress has been slow, one of the most promising ways forward is cryptographic end-to-end verifiable internet voting (E2E-VIV), offering a robust and universal proof-based mechanism to detect fraud and errors in an election outcomes. Supporting an outcome with strong evidence makes sense, and a recent report by the U.S. Vote Foundation has even rec... View full abstract»

Cryptographic software is increasingly important but notoriously difficult to implement correctly. Emerging specification approaches and tools make it possible to automatically and rigorously prove equivalence between machine-readable cryptographic specifications and real-world implementations. Cryptol and the Software Analysis Workbench are specific tools that aim to make this process approachabl... View full abstract»

Modeling of system quality attributes, including security, is often done with low fidelity software models and disjointed architectural specifications by various engineers using their own specialized notations. These models are typically not maintained or documented throughout the life cycle and make it difficult to obtain a system view. However, a single-source architecture model of the system th... View full abstract»