Kevin Fu

Kevin Fu	傅佳偉
Professor ACM Fellow, IEEE Fellow, Sloan Research Fellow, Dr. Dwight E. Harken Memorial Lecturer Northeastern University Electrical & Computer Engineering and Khoury College of Computer Sciences Contact — PGP Key — Bio — CV

Home Publications Research Talks Service Teaching Students Musings Fun Blog

My research focuses on embedded security: the art and science of creating embedded systems resistant to attack. Medical devices, autonomous vehicles, and the Internet of Things depend crucially on embedded security.

Abstracts of current research

Security and privacy of implantable medical devices
› Link to Download Publications & Bibliography ‹

My research on RFID security and privacy led me to the broader problem of securing medical treatments and keeping medical information private. Implantable medical devices increasingly use wireless communication for monitoring patients in hospitals and homes. Such medical devices include heart rate sensors, pacemakers, defibrillators, drug delivery systems, and neurostimulators. These devices can contain sensitive personal data and other health-related information. In addition to sensing events, pacemakers and implantable cardiac defibrillators (ICDs) treat chronic disease with electrical therapy that can be wirelessly modified. Thus, patients will desire strong security and privacy to gain confidence in these emerging therapies and infrastructure for collecting telemetry. Yet there is little understanding of how to model or mitigate malicious threats against such untrusted infrastructure.

My approach to improving the security and privacy of pervasive healthcare involves the design and implementation of zero-power security modules for implantable devices, vulnerability analysis, threat modeling, and patient studies.

RFID security and privacy
› Link to Download Publications & Bibliography ‹

My research investigates security and privacy for pervasive computation by analyzing the limits of computation on RFID-based systems and discovering methods to adapt cryptographic systems to this constrained environment. RFID tags belong to a class of inexpensive wireless devices that identify and authenticate objects and people—in short, devices that must label things securely. Radio-Frequency Identification (RFID) tags, contactless smartcards, and low-resource sensors represent a class of computing devices that promises to be the most numerous in the world. A unifying characteristic of these devices is that they do not perform autonomous computation and often lack internal power sources. Nomadic tags respond automatically to reader interrogation, and thus they have highly sporadic network connectivity. Extending the network to new physical dimensions, pervasive devices promise to serve as the fingertips of the next-generation Internet.

My approach to RFID security and privacy consists of vulnerability analysis and discovery of energy-aware abstractions on microwatt-powered devices. The contributions include the Mementos system to execute long-running code on tags that reboot constantly; a security analysis of RFID-enabled credit cards and related cryptographic protocols; a quantification of the limits of computation and cryptography on an RF-powered, Ultra-High Frequency RFID tag; and development of practical and inexpensive ways to harvest true random numbers and fingerprints without additional RFID tag circuitry.

Abstracts of past research

Secure File Systems and Operating Systems
› Link to Download Publications & Bibliography ‹
1. Lazy revocation
  
  Lazy revocation reduces the performance cost of re-encryption in cryptographic storage following a revocation of a user's access. The method relaxes the the enforcement of access control by applying the revocation to new data immediately, and old data as soon as possible.
2. Key regression for access control in cryptographic storage
  
  Through replication and careful positioning, content distribution networks (CDNs) increase the availability of content to consumers of information. Already millions of people benefit from CDNs. However, these CDNs traditionally use centrally-managed, trusted replicas to distribute content. A secure CDN that works without trusting replicas would satisfy a stronger notion of security while also making new storage resources available for replication.
  
  My dissertation investigates how to maintain security of content served by untrusted replicas. Two objectives guided our research in secure content distribution. First, clients must be able to verify that content from replicas are what the content owner intended. Our approach in the SFS read-only file system is to use a Merkle hash tree mapped over the directory structure of a file system. Second, content owners should not trust replicas to mediate access to restricted content. Our Chefs file system uses key regression to let content owners control access to private content served by untrusted replicas. Key regression relies on one-way functions and trapdoor permutations to enable decentralized access control.
  
  Key regression coalesces many versions of a shared, symmetric key into one short key. A client can easily unwind one version of the key to derive past versions of the key. Only the group manager can wind a key forward to produce new versions of the key. Key regression is helpful when key distribution is not possible because a group manager is offline or has nearly zero throughput.
  
  The SFS read-only file system and the Chefs file system provide respectively integrity and access control in single-writer, many-reader content distribution using untrusted servers.
3. Proxy re-encryption file systems
  
  In proxy re-encryption, a semi-trusted proxy converts a ciphertext for Alice into a ciphertext for Bob without seeing the underlying plaintext. The proxy does not have access to any private key material, yet it can assist in atomically re-encrypting content. Our research demonstrates the usefulness of proxy re-encryption as a method of adding access control to the SFS read-only file system.
  
  Our research analyzes constructions for proxy re-encryption that use an untrusted third party to grant access to a protected resource. However, future work must address the challenge of having an untrusted third party efficiently revoke access to encrypted storage. This problem is more challenging than granting access because revoking access involves re-encrypting the stored data itself rather than the metadata. Asymmetric cryptography can efficiently protect metadata, but efficient methods for protecting data involves symmetric cryptography, for which no proxy re-encryption schemes are known to exist. In the longer term, the goal is to investigate efficient methods for providing security and privacy in applications built on top of untrusted infrastructure.

Cookie-based authentication on the Web
› Link to Download Publications & Bibliography ‹

Client authentication has been a continuous source of problems on the Web. Although many well-studied techniques exist for authentication, Web sites continue to use extremely weak authentication schemes, especially in non-enterprise environments such as store fronts. These weaknesses often result from careless use of authenticators within Web cookies. Of the twenty-seven sites we investigated, we weakened the client authentication on two systems, gained unauthorized access on eight, and extracted the secret key used to mint authenticators from one.

We provide a description of the limitations, requirements, and security models specific to Web client authentication. This includes the introduction of the interrogative adversary, a surprisingly powerful adversary that can adaptively query a Web site.

We provide a set of hints for designing a secure client authentication scheme. Using these hints, we present the design and analysis of a simple authentication scheme secure against forgeries by the interrogative adversary. In conjunction with SSL, our scheme is secure against forgeries by the active adversary.
- Web cookies: Not just a privacy risk.
  by Emil Sit and Kevin Fu.
  Communications of the ACM, 44(9), September 2001.
  [Publication Link]
- Dos and don'ts of client authentication on the web.
  by Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster.
  In Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August 2001. An extended version is available as MIT-LCS-TR-818 (Best Student Paper Award)
  [Publication Link]

Past Research Advisors

Frans Kaashoek, MIT, PhD thesis advisor.
Mahesh Kallahalla, DoCoMo USA Labs, PhD thesis committee.
David Mazières, MIT and NYU, PhD thesis committee.
Sivaramakrishnan Rajagopalan, Bellcore, masters thesis advisor
Ron Rivest, MIT, PhD thesis co-advisor, masters thesis advisor.
Avi Rubin, Bellcore and Johns Hopkins, PhD thesis committee.
Ram Swaminathan, Hewlett-Packard Labs, PhD thesis committee.