| Maintaining Security While Respecting Privacy
by David Pescovitz
woven into the fabric of our everyday lives and the memory of September
11 fresh in our minds, how do we balance computer security with
personal privacy? That's the grand challenge underlying the research
of UC Berkeley computer scientist Doug Tygar, who holds a joint
faculty position in the College of Engineering and the School of
Information Management and Systems.
Tygar is co-author with Adrian Perrig of the book Secure
Broadcast Communication in Wired and Wireless Networks,
published in November 2002 by Kluwer Academic Publishers.
"With the rise of the Internet, and especially since the attacks
on September 11, computer security has become front page news,"
says Tygar, chair of the Department of Defense's Information Science
and Technology Study Group on Security with Privacy. "At Berkeley,
we've steadily been increasing the portion of our research directed
at security and privacy concerns."
Tygar develops systems that address these concerns on several fronts
from software that enables the average person to protect
his or her data from electronic eavesdropping to securing electronic
broadcasts of information to large groups to ensuring that the data
received from ubiquitous wireless sensors is not tainted by malicious
hackers. These are some of the topics Tygar will address in his
forthcoming talk at the Berkeley
in Silicon Valley symposium on March 1.
Tygar's work dovetails with a key research thrust in the Berkeley-based
Center for Information Technology Research in the Interest of Society
(CITRIS). In collaboration with the Intel Research at Berkeley laboratory,
CITRIS scientists are developing sensorwebs, wireless networks of
tiny sensors that detect light, temperature, motion, and myriad
other environmental conditions. Sensorwebs could be deployed in
buildings to determine their seismic stability, save energy, or
someday help rescue workers locate survivors after a catastrophe.
"We need to trust that the data we send to the devices reaches them
and that the information we receive back is real," Tygar says.
Tygar literally wrote the book on these kinds of broadcast security
systems. His most recent text, Secure Broadcast Communication
in Wired and Wireless Networks, co-authored with Berkeley professor
Adrian Perrig, details several innovative security methods for wireless
sensorwebs, electronic commerce systems, and other potentially vulnerable
networks. The techniques improve upon today's encryption systems
that scramble data in such a way that the recipient, whether a person
or a node on a sensorweb, must have a special key to decrypt it.
For the uninitiated, however, even the simplest encryption can be
tricky business. Several years ago, Tygar and a graduate student
asked twelve computer users to send and receive encrypted emails
with software called Pretty Good Privacy (PGP), the best-known encryption
program of its kind. The less-than-encouraging results of the "usability"
study resulted in a report called "Why Johnny Can't Encrypt."
"One problem we're looking at is how to devise a very easy way for
people to say what kind of information is private and under what
conditions their data can be used," Tygar says. "Normally, if you
don't know how to use all the features in a program like Microsoft
Word, that's OK. But with privacy, you need to have a method that
people can understand."
While Tygar works
to develop user-friendly cryptography systems, he and his graduate
students have also devised software that generates the cryptographic
protocols themselves. Two years ago, Tygar and then-graduate student
Dawn Song built Athena, a tool to automatically find flaws in new
security protocols. While previous analysis methods took hours or
days, Song's system completes the task in milliseconds. The success
of Athena, Tygar explains, has led to a new way not only to test
protocols but also synthesize them on demand.
"For example, you might want a new security protocol for electronic
payment," he says. "We can generate every possible protocol to not
only find the most secure protocol but also the one that meets your
needs most efficiently."
Last year, Song and another Berkeley graduate student specializing
in computer security took faculty positions at Carnegie Mellon University
where Tygar used to teach. CMU, Tygar says, is Berkeley's biggest
rival in computer security research. It's no surprise, he adds,
that the school would look to Berkeley graduates to enhance its
"Berkeley is not just conducting interesting research in computer
security, we're producing some of the most skilled researchers out
there who can continue working on these problems at other institutions,"
Doug Tygar's Home Page
Athena: A New Approach To Efficient Automatic Security Protocol Analysis (abstract)
"Secure Broadcast Communication in Wired and Wireless Networks" by Adrian Perrig and JD Tygar
Lab Notes is published online by the Public Affairs Office of the UC Berkeley College of Engineering. The Lab Notes mission is to illuminate groundbreaking
research underway today at the College of Engineering that will dramatically change our lives tomorrow.
Editor, Director of Public Affairs: Teresa Moore
Writer, Researcher: David Pescovitz
Designer: Robyn Altman
Subscribe or send comments to the Engineering Public Affairs Office: email@example.com.
© 2003 UC Regents.