Volume 3, Issue 1 Jan/Feb 2003

2002
2001

Maintaining Security While Respecting Privacy by David Pescovitz Printer-friendly version Doug Tygar is co-author with Adrian Perrig of the book Secure Broadcast Communication in Wired and Wireless Networks, published in November 2002 by Kluwer Academic Publishers. Peg Skorpinski photo With computers woven into the fabric of our everyday lives and the memory of September 11 fresh in our minds, how do we balance computer security with personal privacy? That's the grand challenge underlying the research of UC Berkeley computer scientist Doug Tygar, who holds a joint faculty position in the College of Engineering and the School of Information Management and Systems. "With the rise of the Internet, and especially since the attacks on September 11, computer security has become front page news," says Tygar, chair of the Department of Defense's Information Science and Technology Study Group on Security with Privacy. "At Berkeley, we've steadily been increasing the portion of our research directed at security and privacy concerns." Tygar develops systems that address these concerns on several fronts — from software that enables the average person to protect his or her data from electronic eavesdropping to securing electronic broadcasts of information to large groups to ensuring that the data received from ubiquitous wireless sensors is not tainted by malicious hackers. These are some of the topics Tygar will address in his forthcoming talk at the Berkeley in Silicon Valley symposium on March 1. Tygar's work dovetails with a key research thrust in the Berkeley-based Center for Information Technology Research in the Interest of Society (CITRIS). In collaboration with the Intel Research at Berkeley laboratory, CITRIS scientists are developing sensorwebs, wireless networks of tiny sensors that detect light, temperature, motion, and myriad other environmental conditions. Sensorwebs could be deployed in buildings to determine their seismic stability, save energy, or someday help rescue workers locate survivors after a catastrophe. "We need to trust that the data we send to the devices reaches them and that the information we receive back is real," Tygar says. Tygar literally wrote the book on these kinds of broadcast security systems. His most recent text, Secure Broadcast Communication in Wired and Wireless Networks, co-authored with Berkeley professor Adrian Perrig, details several innovative security methods for wireless sensorwebs, electronic commerce systems, and other potentially vulnerable networks. The techniques improve upon today's encryption systems that scramble data in such a way that the recipient, whether a person or a node on a sensorweb, must have a special key to decrypt it. For the uninitiated, however, even the simplest encryption can be tricky business. Several years ago, Tygar and a graduate student asked twelve computer users to send and receive encrypted emails with software called Pretty Good Privacy (PGP), the best-known encryption program of its kind. The less-than-encouraging results of the "usability" study resulted in a report called "Why Johnny Can't Encrypt." "One problem we're looking at is how to devise a very easy way for people to say what kind of information is private and under what conditions their data can be used," Tygar says. "Normally, if you don't know how to use all the features in a program like Microsoft Word, that's OK. But with privacy, you need to have a method that people can understand." Can computer security be balanced with personal privacy? We want to hear from you... While Tygar works to develop user-friendly cryptography systems, he and his graduate students have also devised software that generates the cryptographic protocols themselves. Two years ago, Tygar and then-graduate student Dawn Song built Athena, a tool to automatically find flaws in new security protocols. While previous analysis methods took hours or days, Song's system completes the task in milliseconds. The success of Athena, Tygar explains, has led to a new way not only to test protocols but also synthesize them on demand. "For example, you might want a new security protocol for electronic payment," he says. "We can generate every possible protocol to not only find the most secure protocol but also the one that meets your needs most efficiently." Last year, Song and another Berkeley graduate student specializing in computer security took faculty positions at Carnegie Mellon University where Tygar used to teach. CMU, Tygar says, is Berkeley's biggest rival in computer security research. It's no surprise, he adds, that the school would look to Berkeley graduates to enhance its research group. "Berkeley is not just conducting interesting research in computer security, we're producing some of the most skilled researchers out there who can continue working on these problems at other institutions," Tygar says. Doug Tygar's Home Page Athena: A New Approach To Efficient Automatic Security Protocol Analysis (abstract) CITRIS "Secure Broadcast Communication in Wired and Wireless Networks" by Adrian Perrig and JD Tygar Lab Notes is published online by the Public Affairs Office of the UC Berkeley College of Engineering. The Lab Notes mission is to illuminate groundbreaking research underway today at the College of Engineering that will dramatically change our lives tomorrow. Editor, Director of Public Affairs: Teresa Moore Writer, Researcher: David Pescovitz Designer: Robyn Altman Subscribe or send comments to the Engineering Public Affairs Office: lab-notes@coe.berkeley.edu. © 2003 UC Regents. Updated 1/24/03.