Person:
Boldyreva,
Alexandra
Boldyreva,
Alexandra
Permanent Link
Associated Organization(s)
Organizational Unit
ORCID
ArchiveSpace Name Record
Publication Search Results
Now showing
1 - 3 of 3
-
ItemSecure Communication Channel Establishment: TLS 1.3 (Over TCP Fast Open) vs. QUIC(Georgia Institute of Technology, 2019-11-01) Boldyreva, AlexandraSecure channel establishment protocols such as TLS are some of the most important cryptographic protocols, enabling the encryption of Internet traffic. Reducing the latency (the number of interactions between parties) in such protocols has become an important design goal to improve user experience. The most important protocols addressing this goal are TLS 1.3 over TCP Fast Open (TFO), Google’s QUIC over UDP, and QUIC[TLS] (a new design for QUIC that uses TLS 1.3 key exchange) over UDP. There have been a number of formal security analyses for TLS 1.3 and QUIC, but their security, when layered with their underlying transport protocols, cannot be easily compared. We aim to thoroughly compare the security and availability properties of these protocols. Towards this goal, we develop novel security models that permit “layered” security analysis. In addition to the standard goals of server authentication and data privacy and integrity, we consider the goals of IP spoofing prevention, key exchange packet integrity, secure channel header integrity, and reset authentication, which capture a range of practical threats not usually taken into account by existing security models that focus mainly on the crypto cores of the protocols. Equipped with our new models we provide a detailed comparison of the above three protocols. We hope that our results will help protocol designers in their future protocol analyses and practitioners to better understand the advantages and limitations of novel secure channel establishment protocols. This is a joint work with Shan Chen, Samuel Jero, Matthew Jagielski, and Cristina Nita-Rotaru. It was published at ESORICS 2019 proceedings.
-
ItemMimesis Aegis: A Mimicry Privacy Shield(Georgia Institute of Technology, 2014-07) Lau, Billy ; Chung, Simon ; Song, Chengyu ; Jang, Yeongjin ; Lee, Wenke ; Boldyreva, AlexandraUsers are increasingly storing, accessing, and exchanging data through public cloud services such as those provided by Google, Facebook, Apple, and Microsoft. Although users may want to have faith in cloud providers to provide good security protection, the Snowden expos´e is the latest reminder of the reality we live in: the confidentiality of any data in public clouds can be violated, and consequently, while the providers may not be “doing evil”, we can not and should not trust them with data confidentiality. To better protect the privacy of user data stored on the cloud, in this paper we propose a privacy-preserving system called Mimesis Aegis (M-Aegis) that is suitable for mobile platforms. M-Aegis is a new approach to user data privacy that not only provides isolation but also preserves user experience, through the creation of a conceptual layer called Layer 7.5 (L-7.5), which is interposed between the application (Layer 7) and the user (Layer 8). This approach allows M-Aegis to implement a true endto- end encryption of user data with three goals in mind: 1) complete data and logic isolation from untrusted entities; 2) the preservation of original user experience with target apps; and 3) applicable to a large number of apps and resilient to updates.
-
ItemIntegrating cryptography with emerging security applications(Georgia Institute of Technology, 2012-01-01) Boldyreva, Alexandra