cybersecurity/data privacy, & security - MIT Industrial Liaison ...

CYBERSECURITY/DATA PRIVACY, & SECURITYCLOUD, NETWORK & INTERNET SECURITY;

CRYPTOGRAPHY; DATA PRIVACY; DATA SHARING...

RESEARCHSURVEY

MIT Industrial Liaison Program September 2019 | Page 2

Cybersecurity, Data Privacy & Security This research survey by MIT’s Industrial Liaison Program identifies selected MIT research and expertise in areas related to cybersecurity and data privacy. Fields of research covered in this survey include cloud, network, and internet security, cryptography, cyber-physical systems and IoT security, cybersecurity capabilities and policies, data privacy, anonymity and identity protection, and secure data sharing. Cybersecurity is the practice of protecting networks, systems, and programs from cyber attack or unauthorized access. The importance of cybersecurity has never been greater, as society has become more dependent on computers and the internet. As Deloitte points out, “[e]very time a device is connected to a sensor that in turn connects to a network, a new cyber vulnerability emerges at each connection point.”1 The potential systems affected are everywhere, but some key domains include financial, healthcare, government, and utility systems. As an example, in March 2019, a portentous milestone was reached when the U.S. power grid marked its first ever disruptive cyber attack.2 One key and growing concern within cybersecurity is that of data security. Andrew Burt, Chief Privacy Officer at Immuta, wrote in the Harvard Business Review that “privacy and security are converging, thanks to the rise of big data and machine learning.” He goes on to say that the biggest risk to privacy and security is the “threat of unintended inferences, due to the power of increasingly widespread machine learning techniques.”3 Machine learning is powering the ability for entities to infer a great deal on information about people and has been able to, for example, identify authorship of anonymized text based on language patterns, learn about a person’s physical health, and one’s political views. Breaches of personal data, as well as the volume of personal data that is collected by tech companies, among others, is fueling questions about how that data is secured and used, and who should own or control such data. For more information, please contact MIT’s Industrial Liaison Program at +1-617-253-2691. __________________ 1Galletto,Nick,EdPowers,andTimothyMurphy.2019.Cyber,cybereverywhere.July29.AccessedSeptember13,2019.https://www2.deloitte.com/us/en/insights/topics/risk-management/cyber-security-threats.html2Sobczak,Blake.2019.“Reportrevealsplay-by-playoffirstU.S.gridcyberattack.”E&ENews,September6.AccessedSeptember13,2019.https://www.eenews.net/stories/10611112893 Burt, Andrew. 2019. “Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies.” Harvard Business Review, January 3. Accessed September 12, 2019, https://hbr.org/2019/01/privacy-and-cybersecurity-are-converging-heres-why-that-matters-for-people-and-for-companies

MIT Industrial Liaison Program September 2019 | Page 3

CLOUD, NETWORK, AND INTERNET SECURITY ....................................................................................... 8DAVID D CLARK ................................................................................................................................................. 8

Video: Internet Governance and Culture ......................................................................................................... 8SRINIVAS (SRINI) DEVADAS ................................................................................................................................ 8

MACS: A Modular Approach to Cloud Security .............................................................................................. 9DynaFlow: An efficient website fingerprinting defense based on dynamically-adjusting flows .......................... 9

DANIEL N JACKSON ............................................................................................................................................ 9Software Design Group .................................................................................................................................10

Poirot: Secure Protocol Implementation by Design ...................................................................................................... 10Bridging the Gap Between Protocol Design and Implementation Through Automated Mapping ......................11A formal approach for detection of security flaws in the android permission system .......................................11

DANIELA L RUS .................................................................................................................................................12Distributed Robotics Laboratory ....................................................................................................................12

Practical Secure Computation ..................................................................................................................................... 12Enabling Secure and Private Cloud Computing Using Coresets .....................................................................12

KAREN R SOLLINS .............................................................................................................................................13Denial of Service Mitigation through Protocol Design ...................................................................................13

JOHN R WILLIAMS .............................................................................................................................................13Design and implementation of Negative Authentication System ......................................................................14Video: The Future of the Web ........................................................................................................................14

CRYPTOPGRAPHY ..........................................................................................................................................14ADAM CHLIPALA ...............................................................................................................................................14

Programming Languages & Verification........................................................................................................14Simple High-Level Code For Cryptographic Arithmetic – With Proofs, Without Compromises ........................15

Automated cryptocode generator is helping secure the web .......................................................................................... 15SRINIVAS (SRINI) DEVADAS ...............................................................................................................................16

Return of the Byzantine Generals ...................................................................................................................16Trapdoor Computational Fuzzy Extractors ....................................................................................................16Sanctorum: A lightweight security monitor for secure enclaves ......................................................................17

SHAFRIRA (SHAFI) GOLDWASSER .......................................................................................................................17RONALD L RIVEST .............................................................................................................................................17JEFFREY H SHAPIRO ...........................................................................................................................................18

Optical and Quantum Communications Group ...............................................................................................18Quantum low probability of intercept .............................................................................................................18Large-alphabet encoding for higher-rate quantum key distribution ................................................................19Security-proof framework for two-way Gaussian quantum-key-distribution protocols .....................................19

VINOD VAIKUNTANATHAN .................................................................................................................................19Developing Cryptographic Tools to Keep Data Private and Secure ................................................................20Foundations of Lattice-Based Cryptography ..................................................................................................20Computing on Encrypted Data .......................................................................................................................20Worst-case hardness for LPN and cryptographic hashing via code smoothing ................................................21Indistinguishability obfuscation from functional encryption ............................................................................21Some open problems in information-theoretic cryptography ...........................................................................22Fortifying the future of cryptography .............................................................................................................22

CYBER PHYSICAL SYSTEMS AND INTERNET OF THINGS SECURITY ................................................23SAURABH AMIN .................................................................................................................................................23

MIT Industrial Liaison Program September 2019 | Page 4

Resilient Infrastructure Networks Lab ............................................................................................................23Resilient Design of Networked Infrastructure Systems: Models, Validation, and Synthesis ..............................23Collaborative Research: Foundations of Resilient Cyber-Physical Systems (FORCES) ...................................24

DANIEL N JACKSON ...........................................................................................................................................25Software Design Group .................................................................................................................................25

Security by Design for Cyberphysical Systems ............................................................................................................ 25HOWARD E SHROBE ...........................................................................................................................................26

Automated Attack Tree Generation for Critical Infrastructure ........................................................................26Securing IoT ..................................................................................................................................................26Security of Cyberphysical Systems: Chaining Induction and Deduction ..........................................................26Highly Assured Safety and Security of e-Health Applications .........................................................................27IIoT Cybersecurity Risk Modeling for SCADA Systems ...................................................................................27

ARMANDO SOLAR-LEZAMA ...............................................................................................................................28Computer-Aided Programming Group ...........................................................................................................28

Cyber-Physical Security.............................................................................................................................................. 28KAREN R SOLLINS .............................................................................................................................................28

IoT big data security and privacy versus innovation .......................................................................................28JOHN R WILLIAMS .............................................................................................................................................29

Video: Cyber Security of IoT..........................................................................................................................29CYBERSECURITY CAPABILITIES AND POLICY .......................................................................................29

JOEL BRENNER ..................................................................................................................................................29NAZLI CHOUCRI ................................................................................................................................................30

BOOK: International Relations in the Cyber Age: The co-evolution dilemma ................................................30Cyber Acquisition: Policy Changes to Drive Innovation in Response to Accelerating Threats in Cyberspace ..30

STUART E MADNICK ..........................................................................................................................................30Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment ....................................................................................................................................................31The Internet of Things Promises New Benefits and Risks: A Systematic Analysis of Adoption Dynamics of IoT Products .................................................................................................................................................31Health care and cybersecurity: Bibliometric analysis of the literature ............................................................31Systematically understanding the cyberattack business: A survey ...................................................................32

ABEL SANCHEZ .................................................................................................................................................32Situational Awareness Tool for Cyber Security Event Prediction and Quantification (SAFFRON) ..................32Video: Situational Awareness Tool for Cyber Security Event Prediction and Quantification (SAFFRON) .......33

MICHAEL D SIEGEL ...........................................................................................................................................33A Smart IoT Integrity – First Communication Protocol via an Ethereum Blockchain Light Client ...................33

KALYAN VEERAMACHANENI ..............................................................................................................................34Acquire, adapt, and anticipate: Continuous learning to block malicious domains ...........................................34eX2: A framework for interactive anomaly detection .......................................................................................34

DATA PRIVACY, ANONYMITY, IDENTITY PROTECTION .......................................................................34HAROLD ABELSON.............................................................................................................................................34SRINIVAS (SRINI) DEVADAS ...............................................................................................................................35

Scaling strong anonymity...............................................................................................................................35Using Bitcoin to prevent identify theft ............................................................................................................35Design of Efficient, Horizontally-Scaling, and Strongly Anonymous Communication Networks .......................36

THOMAS HARDJONO ..........................................................................................................................................36BOOK: Trusted Data: A New Framework for Identity and Data Sharing .......................................................37

MIT Industrial Liaison Program September 2019 | Page 5

The effect of a blockchain-supported, privacy-preserving system on disclosure of personal data .....................37The Impact of Blockchain for Government: Insights on Identity, Payments, and Supply Chain ........................37Data Cooperatives: Towards a Foundation for Decentralized Personal Data Management ............................37Decentralized Trusted Computing Base for Blockchain Infrastructure Security...............................................38

SILVIO MICALI ..................................................................................................................................................38Algorand: A secure and efficient distributed ledger ........................................................................................38

CARLO RATTI ....................................................................................................................................................38Towards matching user mobility traces in large-scale datasets .......................................................................39

The privacy risks of compiling mobility data ............................................................................................................... 39DANIEL J WEITZNER ..........................................................................................................................................40

Transparency Bridges: Exploring Transparency Requirements in Smartphone Ecosystems .............................40On the Incommensurability of Laws and Technical Mechanisms: Or, What Cryptography Can’t Do ...............40Video: Data Ownership Impact on Privacy and Security ................................................................................41

NICKOLAI ZELDOVICH .......................................................................................................................................41Verifying Security for Data Non-Interference .................................................................................................41Stadium: A Distributed Metadata-Private Messaging System .........................................................................42Algorand: Scaling Byzantine Agreements for Cryptocurrencies ......................................................................42

SECURE DATA SHARING ...............................................................................................................................43BONNIE A BERGER ............................................................................................................................................43

Emerging technologies towards enhancing privacy in genomic data sharing ..................................................43Protecting Genomic Data Privacy with Probabilistic Modeling ......................................................................43Realizing private and practical pharmacological collaboration ......................................................................44

Cryptographic protocol enables greater collaboration in drug discovery........................................................................ 44MICHAEL J CASEY .............................................................................................................................................44

Book: The Truth Machine ..............................................................................................................................45Video: The Truth Machine: The Blockchain and the Future of Everything .................................................................... 45

CHRISTIAN CATALINI .........................................................................................................................................45Blockchain Technology for Healthcare: Facilitating the Transition to Patient-Driven Interoperability ...........46

ANDREW B LIPPMAN .........................................................................................................................................46MedRec: A Network for Personal Information Distribution ............................................................................46

SAMUEL R MADDEN ..........................................................................................................................................47A Licensing Model and Ecosystem For Data Sharing .....................................................................................47

ROBERT MORRIS ...............................................................................................................................................47Towards Multiverse Databases ......................................................................................................................48

ALEX (SANDY) PENTLAND .................................................................................................................................48Human Dynamics Group ...............................................................................................................................48

Open Algorithms (OPAL) ........................................................................................................................................... 49RoboChain: A secure data-sharing framework for human-robot interaction .................................................................. 49

Open algorithms for identity federation..........................................................................................................49LABS, CENTERS, PROGRAMS, ETC..............................................................................................................50

COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY (CSAIL) ......................................................50Advanced Network Architecture Group ..........................................................................................................50

Denial of Service Mitigation through Protocol Design ................................................................................................. 50Computation Structures Group ......................................................................................................................50

Secure Demand Paging for Trusted Execution Environments ....................................................................................... 51Scaling strong anonymity............................................................................................................................................ 51Using Bitcoin to prevent identify theft ......................................................................................................................... 51

MIT Industrial Liaison Program September 2019 | Page 6

Cryptography and Information Security Group ..............................................................................................52Basing Cryptography on Structured Hardness .............................................................................................................. 52Splinter: Practical Private Queries on Public Data ........................................................................................................ 52Data Garbling: Computing on Encrypted Data ............................................................................................................. 53

Decentralized Information Group ..................................................................................................................53PrivacyML - A Privacy Preserving Framework for Machine Learning .......................................................................... 53Solid: Social Linked Data ........................................................................................................................................... 53

Parallel and Distributed Operating Systems...................................................................................................54Vuvuzela: Metadata private messaging ........................................................................................................................ 54

MIT CONNECTION SCIENCE ...............................................................................................................................54Data Cooperatives: Digital Empowerment of Citizens and Workers ...............................................................54Trust::Data Consortium ................................................................................................................................54

OPAL: Privacy-Preserving Data Sharing ..................................................................................................................... 55Personas & Identity .................................................................................................................................................... 55

CYBERSECURITY AT MIT SLOAN ........................................................................................................................55INTERNET POLICY RESEARCH INITIATIVE (IPRI) .................................................................................................56

Cybersecurity ................................................................................................................................................56Keeping America Safe: Toward More Secure Networks for Critical Sectors ................................................................. 56Cybersecurity for Global Medical Device Supply Chain: The U.S. FDA's Role ............................................................ 56What Countries and Companies Can Do When Trade and Cybersecurity Overlap ......................................................... 57Why Botnets Persist: Designing Effective Technical and Policy Interventions .............................................................. 57

Privacy .........................................................................................................................................................57Consumer attitudes towards privacy and security in home assistants ............................................................................. 58

6.S978 Privacy Legislation: Law and Technology ..........................................................................................58AI, the law, and our future .............................................................................................................................58

MEDIA LAB .......................................................................................................................................................59Civic Media Group ........................................................................................................................................59

RockStar-ai ................................................................................................................................................................ 59Digital Currency Initiative .............................................................................................................................59

cryptography and policy ............................................................................................................................................. 60MIT PROFESSIONAL EDUCATION ........................................................................................................................60

Applied Cybersecurity ...................................................................................................................................60MIT SLOAN EXECUTIVE EDUCATION ..................................................................................................................61

Cybersecurity for Managers: A Playbook (online) ..........................................................................................61Cybersecurity Leadership for Non-Technical Executives ................................................................................61

MIT-RELATED STARTUPS .............................................................................................................................61MIT STARTUP EXCHANGE..................................................................................................................................61ALTASTATA ......................................................................................................................................................62DISTILLED IDENTITY ..........................................................................................................................................62DUALITY TECHNOLOGIES ...................................................................................................................................62ENGIMA ............................................................................................................................................................62EXIMCHAIN .......................................................................................................................................................63GATACA ............................................................................................................................................................63KRYPTON ..........................................................................................................................................................63PATTERNEX ......................................................................................................................................................63PREVEIL............................................................................................................................................................64SHAPE SECURITY ...............................................................................................................................................64SIMSPACE CORPORATION...................................................................................................................................64

MIT Industrial Liaison Program September 2019 | Page 7

SOMERSET RECON .............................................................................................................................................64TRUSTLAYERS INC.............................................................................................................................................65YAXA ................................................................................................................................................................65

MIT Industrial Liaison Program September 2019 | Page 8

CLOUD, NETWORK, AND INTERNET SECURITY

DAVID D CLARK Senior Research Scientist, https://www.csail.mit.edu/person/david-clark, http://groups.csail.mit.edu/ana/People/Clark.html Since the mid 70s, Dr. Clark has been leading the development of the Internet; from 1981-1989 he acted as Chief Protocol Architect in this development, and chaired the Internet Activities Board. His current research looks at re-definition of the architectural underpinnings of the Internet, and the relation of technology and architecture to economic, societal and policy considerations. He is technical director of the MIT Internet Policy Research Initiative at CSAIL. He is helping the U.S. National Science foundation organize their Future Internet Architecture program. He is past chairman of the Computer Science and Telecommunications Board of the National Academies, and has contributed to a number of studies on the societal and policy impact of computer communications. He was elected to the American Academy of Arts and Sciences in 2002 and serves as a member of its Council.

Video: Internet Governance and Culture ILP Video, November 15, 2017, http://ilp.mit.edu/videodetail.jsp?confid=null&ilp-videos=Y&id=2225# Hardly a week goes by without a report about another cyberattack. With almost every major organization having been victim, including most government organizations, such as Equifax, Target, Sony, NSA, and the US Office of Personnel Management, you might ask: "Why are these problems not being fixed? Who is in charge here?" The answer is that nobody is in charge, and that is the secret of the Intenet's success. The governance structure of the Internet is bottom-up, not top-down. However, certain sorts of problems are hard to solve in a bottom-up governance regime. In this session we will discuss the history of Internet governance, different points of view about the future of Internet governance, and how different aspects of cyber-security depend on different actors for their solution. We will use a case study of a current security challenge to illustrate how problems get solved in a fluid space of governance organizations.

SRINIVAS (SRINI) DEVADAS Edwin Sibley Webster Professor of Electrical Engineering and Computer Science, https://www.csail.mit.edu/person/srini-devadas, http://people.csail.mit.edu/devadas/ Srini Devadas is the Webster Professor of Electrical Engineering and Computer Science and has been on the MIT EECS faculty since 1988. He served as Associate Head of the Department of Electrical Engineering and Computer Science, with responsibility for Computer Science, from 2005 to 2011. Devadas’s research interests span Computer-Aided Design (CAD), computer security and computer architecture and he has received significant awards from each discipline. In 2015, he received the ACM/IEEE A. Richard Newton Technical Impact award in Electronic Design Automation. He received the IEEE Computer Society Technical Achievement Award in 2014 for inventing Physical Unclonable Functions and single-chip secure processor architectures. Devadas’s work on hardware information flow tracking published in the 2004 ASPLOS received the ASPLOS Most Influential Paper Award in 2014. His papers on analytical cache modeling and the Aegis single-chip secure processor were included as influential papers in “25 Years of the International Conference on Supercomputing.” In 2017 he received the IEEE W. Wallace McDowell Award for contributions to secure hardware. He is an IEEE and ACM Fellow.

MIT Industrial Liaison Program September 2019 | Page 9

MACS: A Modular Approach to Cloud Security Principal Investigator: Srini Devadas, Shafrira Goldwasser, M. Frans Kaashoek, Nickolai Zeldovich, Vinod Vaikuntanathan Project Dates: October 1, 2014 – September 30, 2019 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1413920 The goal of the Modular Approach to Cloud Security (MACS) project is to develop methods for building information systems with meaningful multi-layered security guarantees. The modular approach of MACS focuses on systems that are built from smaller and separable functional components, where the security of each component is asserted individually, and where the security of the system as a whole can be derived from the security of its components. The project concentrates on building outsourced, cloud-based information services with client-centric security guarantees. The MACS project addresses a diverse set of security challenges. These include the design of hardware with built-in secrecy and integrity properties, small and versatile operating systems that offer minimal functionality but are simpler and easier to analyze, privacy-preserving and verifiable memory access for outsourced applications, security-preserving overlay and software-defined networks, and algorithms for privacy-preserving verifiable outsourced computations and database systems. Crucially, we combine all of these security mechanisms with their piecemeal analyses into a global security guarantee. Furthermore, the analysis is modular, allowing the substitution of components with others that provide potentially comparable guarantees based on different techniques and trust assumptions. The research team comprises experts in different aspects of information security and cryptography. The research is highly collaborative and pools together key areas of expertise in order to provide overall security guarantees. A key component of the project is the Massachusetts Open Cloud, which provides the research team with a test-bed for deploying and testing the developed mechanisms in a production cloud….

DynaFlow: An efficient website fingerprinting defense based on dynamically-adjusting flows

Lu, D., Bhat, S., Kwon, A., Devadas, S., Proceedings of the ACM Conference on Computer and Communications Security, 15 October 2018, Pages 109-113, https://doi.org/10.1145/3267323.3268960 Website fingerprinting attacks enable a local adversary to determine which website a Tor user visits. In recent years, several researchers have proposed defenses to counter these attacks. However, these defenses have shortcomings: many do not provide formal guarantees of security, incur high latency and bandwidth overheads, and require a frequently-updated database of website traffic patterns. In this work, we introduce a new countermeasure, DynaFlow, based on dynamically-adjusting flows to protect against website finger-printing. DynaFlow provides a similar level of security as current state-of-the-art while being over 40% more efficient. At the same time, DynaFlow does not require a pre-established database and extends protection to dynamically-generated websites.

DANIEL N JACKSON Professor of Electrical Engineering and Computer Science, Associate Director, Computer Science and Artificial Intelligence Laboratory (CSAIL), VanBuren N Hansford (1937) - MacVicar Faculty Fellow, Director, Middle East Education Through Technology (MISTI MIT-MEET) http://people.csail.mit.edu/dnj/ https://www.csail.mit.edu/person/daniel-jackson,

MIT Industrial Liaison Program September 2019 | Page 10

Lab: http://sdg.csail.mit.edu/ Publications: http://sdg.csail.mit.edu/publications Daniel Jackson is a professor in the Department of Electrical Engineering and Computer Science, and leads the Software Design Group in the Computer Science and Artificial Intelligence Laboratory. He received an MA from Oxford University (1984) in Physics, and his SM (1988) and PhD (1992) from MIT in Computer Science. He was a software engineer for Logica UK Ltd. (1984-1986), Assistant Professor of Computer Science at Carnegie Mellon University (1992-1997), and has been at MIT since 1997. He has broad interests in software engineering, especially in development methods, design and specification, formal methods, and safety critical systems.

Software Design Group http://sdg.csail.mit.edu/, https://www.csail.mit.edu/research/software-design-group Projects: http://sdg.csail.mit.edu/projects Publications: http://sdg.csail.mit.edu/publications We're inventing new programming paradigms (Déjà Vu, Espalier) so that end users can create more sophisticated apps themselves, and programmers can build more flexible complex systems with less code. We're developing a new theory of software design, which focuses not on the question of how to implement, but on the harder question of what to implement (and how to tell in advance if it's likely to be usable). We've been working for a while on software security for web and mobile applications; we're now beginning a new project on cyberphysical systems. We continue to support and extend the Alloy modeling language and analyzer, still the only tool to provide fully automatic analysis of software designs that involve rich state. Our research style is principled, practical and irreverent: we don't pay much attention to all the assumptions that are usually made in software engineering and programming languages (e.g., that only code matters, that proving things correct means that they work right, or that the most important engineering questions can be answered empirically).

Poirot: Secure Protocol Implementation by Design https://www.csail.mit.edu/research/poirot-secure-protocol-implementation-design A typical security protocol is designed by experts, checked for correctness, and then implemented by developers in their applications. This division of labor is assumed to be robust, but actually it isn’t. Protocols have been formally verified and faithfully implemented (with each protocol action correctly coded), and then later found to have serious vulnerabilities. How can this happen? The problem is that some platforms introduce new behaviors, causing traditional modular reasoning to fail. In web apps, for example, cross-site request forgeries can undermine a protocol, making the security guarantees of the designed actions worthless. To prevent this, we designed a framework called Poirot that allows a protocol to be analyzed in the context of a particular platform. The developer needs only to provide a mapping that indicates how protocol actions are mapped to platform operations — for example, that the sending of a message is

MIT Industrial Liaison Program September 2019 | Page 11

mapped to an HTTP request. Using a built-in repertoire of platform models, the framework reanalyzes the abstract protocol to find vulnerabilities under that mapping. The approach has successfully identified vulnerabilities in commercial applications, and has been used (in an extension) to synthesize mappings for two versions of OAuth.

Bridging the Gap Between Protocol Design and Implementation Through Automated Mapping

Principal Investigator: Daniel Jackson Project Dates: September 1, 2018 – August 31, 2021 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801399 Computer networking and the internet have revolutionized our societies, but are plagued with security problems which are difficult to tame. Serious vulnerabilities are constantly being discovered in network protocols that affect the work and lives of millions. Even some protocols that have been carefully scrutinized by their designers and by the computer engineering community have been shown to be vulnerable afterwards. Why is developing secure protocols so hard? This project seeks to address this question by developing novel design and implementation methods for network protocols that allow to identify and fix security vulnerabilities semi-automatically. The project serves the national interest as cyber-security costs the United States many billions of dollars annually. Besides making technical advances to the field, this project will also have broader impacts in education and curriculum development, as well as in helping to bridge the gap between several somewhat fragmented scientific communities working on the problem. Technically, the project will follow a formal approach building upon a novel combination of techniques from security modeling, automated software synthesis, and program analysis to bridge the gap between an abstract protocol design and a low-level implementation. In particular, the methodology of the project will be based on a new formal behavioral model of software that explicitly captures how the choice of a mapping from a protocol design onto an implementation platform may result in different security vulnerabilities. Building on this model, this project will provide (1) a modeling approach that cleanly separates the descriptions of an abstract design from a concrete platform, and allows the platform to be modeled just once and reused, (2) a synthesis tool that will automatically construct a secure mapping from the abstract protocol to the appropriate choice of platform features, and (3) a program analysis tool that leverages platform-specific information to check that an implementation satisfies a desired property of the protocol. In addition, the project will develop a library of reusable platform models, and demonstrate the effectiveness of the methodology in a series of case studies. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

A formal approach for detection of security flaws in the android permission system Bagheri, H., Kang, E., Malek, S., Jackson, D., Formal Aspects of Computing, Volume 30, Issue 5, 1 September 2018, Pages 525-544, https://doi.org/10.1007/s00165-017-0445-z The ever increasing expansion of mobile applications into nearly every aspect of modern life, from banking to healthcare systems, is making their security more important than ever. Modern smartphone operating systems (OS) rely substantially on the permission-based security model to enforce restrictions on the operations that each application can perform. In this paper, we perform an analysis of the permission protocol implemented in Android, a popular OS for smartphones. We propose a formal model of the Android permission protocol in Alloy, and describe a fully automatic analysis that identifies potential flaws in the protocol. A study of real-world Android applications corroborates our finding that

MIT Industrial Liaison Program September 2019 | Page 12

the flaws in the Android permission protocol can have severe security implications, in some cases allowing the attacker to bypass the permission checks entirely.

DANIELA L RUS Director, Computer Science and Artificial Intelligence Laboratory (CSAIL), Andrew (1956) and Erna Viterbi Professor of Computer Science and Engineering, Co-Director, CSAIL Center for Robotics, https://www.csail.mit.edu/person/daniela-rus, http://danielarus.csail.mit.edu Lab: https://www.csail.mit.edu/research/distributed-robotics-laboratory Publications: http://danielarus.csail.mit.edu/index.php/about-daniela-2/publications-2/ Daniela Rus is the Andrew (1956) and Erna Viterbi Professor of Electrical Engineering and Computer Science and Director of the Computer Science and Artificial Intelligence Laboratory (CSAIL) at MIT. Rus’s research interests are in robotics, mobile computing, and data science. Rus is a Class of 2002 MacArthur Fellow, a fellow of ACM, AAAI and IEEE, and a member of the National Academy of Engineering, and the American Academy for Arts and Science. She earned her PhD in Computer Science from Cornell University.

Distributed Robotics Laboratory https://www.csail.mit.edu/research/distributed-robotics-laboratory Our work spans: computational design and fabrication of robots; algorithms for perception, planning reasoning and control with guarantees; algorithms for auditable machine learning; and algorithms for collaborating machines and people. Our innovations enable new applications in smart living, transportation, healthcare, manufacturing, monitoring, exploration, and much more. We focus on developing the science of network, distributed, and collaborative robotics by asking: how can many machines collaborate to achieve a common goal? Our research addresses the development of algorithms and systems that enable collaboration, increase autonomous capabilities, and rethink the ways in which we design and interact with the physical world.

Practical Secure Computation https://www.csail.mit.edu/research/practical-secure-computation Can you run a program on an Amazon cloud without telling it the data it should run on? Can you run your private data on someone else’s secret algorithm, without telling each other what the data or the algorithm are? Cryptographic schemes that allow secure computation without revealing the data they work on, have been known for decades. However, such schemes are still far from being efficient enough to be practically applied. In our research we develop new tools and infrastructure that push secure computation toward practicality.

Enabling Secure and Private Cloud Computing Using Coresets Principal Investigator: Daniela Rus Project Dates: October 1, 2015 – September 30, 2019 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1526815 By collecting sensor data from individuals in a user community, e.g., using their smartphones, it is possible to learn the behavior of communities, for example locations, activities, and events. Similarly, using data from personal health monitoring sensors, it is possible to learn about the health risks and

MIT Industrial Liaison Program September 2019 | Page 13

responses to treatments for population groups. But is it possible to use the valuable information for the greater good without disclosing information about the individuals contributing the data? What about protecting this information from improper access? This project uses cloud computing augmented with a combination of data reduction techniques and methods from differential privacy and homomorphic encryption to address such questions. The key ideas are (1) to use coresets as a way of mitigating the computational challenges around the state of the art in differential privacy and homomorphic encryption and to ensure private secure computation on the server side and the client side, and (2) to give the data owners control over setting access to their data as a trade-off between data access control guarantees and computation accuracy. Combining coresets, differential privacy, and homomorphic encryption has the potential for practical private and secure computation in the cloud….

KAREN R SOLLINS Principal Research Scientist, https://www.csail.mit.edu/person/karen-sollins Dr. Karen Sollins is currently a Principal Research Scientist in the Advanced Network Architecture Group at CSAIL. Her research interests have focused on support for network-based systems and applications. Her doctoral thesis was on distributed name management. She has published papers on an authentication protocol and global naming. More recently she led the Information Mesh Project, addressing architectural problems of an extremely long-lived global mesh of information, followed by work on issues of extreme scaling in the net. She was a guest editor of a special issue of Personal Communication on Smart Environments in October of 2000.

Denial of Service Mitigation through Protocol Design https://www.csail.mit.edu/research/denial-service-mitigation-through-protocol-design Denial of service attacks pose a serious threat to the current Internet architecture. The most common attack methods used today leverage just a small handful of vulnerabilities in common network protocols such as TCP and DNS. To avoid repeating this problem, great care must be taken to identify potential vulnerabilities when evaluating proposals for new protocols and future Internet architectures. Our goal is to develop a model for designing more robust protocols and identifying flaws in existing ones. This model will enable us to understand the vulnerabilities inherent in features like mobility, to determine which layer of the protocol stack is best suited to handle such features securely, and to more accurately compare seemingly disparate protocols.

JOHN R WILLIAMS Professor of Information Engineering, Civil and Environmental Engineering and Engineering Systems, http://cee.mit.edu/people_individual/john-r-williams/ Professor Williams holds a BA in physics from Oxford University, an M.Sc. in physics from UCLA, and a Ph.D. from Swansea University. His area of specialty is large scale computer analysis applied to both physical systems and to information. Professor Williams is internationally recognized in the field of computational algorithms for large-scale particle simulators and has authored two books and over 100 publications. For the past eight years, his research has focused on architecting of large scale distributed simulation systems. He teaches graduate courses on Modern Software Development and on Web System Architecting.

MIT Industrial Liaison Program September 2019 | Page 14

Design and implementation of Negative Authentication System Dasgupta, D., Nag, A.K., Ferebee, D., Saha, S.K., Subedi, K.P., Roy, A., Madero, A., Sanchez, A., Williams, J.R., International Journal of Information Security, Volume 18, Issue 1, 5 February 2019, Pages 23-48, https://doi.org/10.1007/s10207-017-0395-8 Modern society is mostly dependent on online activities like official or social communications, fund transfers and so on. Unauthorized system access is one of the utmost concerns than ever before in cyber systems. For any cyber system, robust authentication is an absolute necessity for ensuring security and reliable access to all type of transactions. However, more than 80% of the current authentication systems are password based, and surprisingly, they are prone to direct and indirect cracking via guessing or side channel attacks. The inspiration of Negative Authentication System (NAS) is based on the negative selection algorithm. In NAS, the password-based authentication data for valid users are termed as password profile or self-region (positive profile); any element other than the self-region is defined as non-self-region in the same representative space. The anti-password detectors are generated which covers most of the non-self-region. There are also some uncovered regions left in the non-self-region for inducing uncertainty to the attackers. In this work, we describe the design and implementation of three approaches of NAS and its efficacy over the other authentication methods. These three approaches represent three different ways to achieve obfuscation of password points with non-password space. The experiments are conducted with both real and simulated password profiles to justify the efficiency of different implementations of NAS.

Video: The Future of the Web ILP Video, November 30, 2017, http://ilp.mit.edu/videodetail.jsp?confid=null&ilp-videos=Y&id=2291 The World Wide Web has given rise to new business models, such as Google, Facebook and Uber, but has also created cyber-security problems because of its inherent ‘trust’ model. Many researchers believe we need to rewire the web to remove our reliance on centralized, trusted third parties. As demonstrated by BitCoin, using BlockChain, very different architectures are possible. This talk will review how Web 1.0 was architected and then discuss how other architectures, such as those used by BitTorrent, GitHub, BlockChain and the Inter-Planetary File System can solve many of the problems but not perhaps all.

CRYPTOPGRAPHY

ADAM CHLIPALA Associate Professor of Computer Science, https://www.csail.mit.edu/person/adam-chlipala, http://adam.chlipala.net/ Lab: https://www.csail.mit.edu/research/programming-languages-verification Publications: http://adam.chlipala.net/papers/ Adam’s background is in programming languages and formal methods. He is interested in developing simpler and more effective abstractions for building correct, secure, and performant systems -- usually taking advantage of machine-checked mathematical proofs somehow. His work applies ideas like object-capability systems, proof-carrying code, transactions, type systems, and whole-program optimizing compilers for high-level languages; with applications in computer architecture, cryptography, databases, and operating systems, including novel designs that span traditional layers.

Programming Languages & Verification https://www.csail.mit.edu/research/programming-languages-verification

MIT Industrial Liaison Program September 2019 | Page 15

Our basic mission is to build the programming platform of the future, based on close integration of computer theorem-proving tools, especially the Coq proof assistant. While formal methods are commonly viewed today as an extra (and non-cost-effective!) activity piled on top of the normal programming process, we believe that machine-checked proofs will have a transformative effect on the development process by enabling new forms of abstraction and modularity, with associated benefits in lowered human effort and improved security and performance. We are gradually piecing together a proof-of-concept platform that runs inside of Coq, where the theorem prover becomes the IDE that the programmer interacts with primarily from the beginning of a project. Ongoing work considers different abstraction levels, including mathematical specifications, functional programs, imperative programs, assembly language, and circuits suitable to be turned into hardware. A running theme throughout the different layers is highly automated formal proofs that still prove deep theorems from first principles. We also use functional programming with rich type systems almost everywhere. Simple High-Level Code For Cryptographic Arithmetic – With Proofs, Without Compromises Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala, Proceedings of the IEEE Symposium on Security & Privacy 2019 (S&P'19). May 2019 http://adam.chlipala.net/papers/FiatCryptoSP19/FiatCryptoSP19.pdf We introduce a new approach for implementing cryptographic arithmetic in short high-level code with machine-checked proofs of functional correctness. We further demonstrate that simple partial evaluation is sufficient to transform such initial code into the fastest-known C code, breaking the decades-old pattern that the only fast implementations are those whose instruction-level steps were written out by hand. These techniques were used to build an elliptic-curve library that achieves competitive performance for 80 prime fields and multiple CPU architectures, showing that implementation and proof effort scales with the number and complexity of conceptually different algorithms, not their use cases. As one outcome, we present the first verified high-performance implementation of P-256, the most widely used elliptic curve. Implementations from our library were included in BoringSSL to replace existing specialized code, for inclusion in several large deployments for Chrome, Android, and CloudFlare.

Automated cryptocode generator is helping secure the web System automatically writes optimized algorithms to encrypt data in Google Chrome browsers and web applications. Rob Matheson, MIT News Office, June 17, 2019, http://news.mit.edu/2019/fiat-cryptography-chrome-android-0617 Nearly every time you open up a secure Google Chrome browser, a new MIT-developed cryptographic system is helping better protect your data. In a paper presented at the recent IEEE Symposium on Security and Privacy, MIT researchers detail a system that, for the first time, automatically generates optimized cryptography code that’s usually

MIT Industrial Liaison Program September 2019 | Page 16

written by hand. Deployed in early 2018, the system is now being widely used by Google and other tech firms. The paper now demonstrates for other researchers in the field how automated methods can be implemented to prevent human-made errors in generating cryptocode, and how key adjustments to components of the system can help achieve higher performance….

SRINIVAS (SRINI) DEVADAS Edwin Sibley Webster Professor of Electrical Engineering and Computer Science, Margaret MacVicar Faculty Fellow, https://www.csail.mit.edu/person/srini-devadas, http://people.csail.mit.edu/devadas/ Srini Devadas is the Webster Professor of Electrical Engineering and Computer Science and has been on the MIT EECS faculty since 1988. He served as Associate Head of the Department of Electrical Engineering and Computer Science, with responsibility for Computer Science, from 2005 to 2011. Devadas’s research interests span Computer-Aided Design (CAD), computer security and computer architecture and he has received significant awards from each discipline. In 2015, he received the ACM/IEEE A. Richard Newton Technical Impact award in Electronic Design Automation. He received the IEEE Computer Society Technical Achievement Award in 2014 for inventing Physical Unclonable Functions and single-chip secure processor architectures. Devadas’s work on hardware information flow tracking published in the 2004 ASPLOS received the ASPLOS Most Influential Paper Award in 2014. His papers on analytical cache modeling and the Aegis single-chip secure processor were included as influential papers in “25 Years of the International Conference on Supercomputing.” In 2017 he received the IEEE W. Wallace McDowell Award for contributions to secure hardware. He is an IEEE and ACM Fellow.

Return of the Byzantine Generals https://www.csail.mit.edu/research/return-byzantine-generals This project studies new solutions to the Byzantine General Problem and its applications in distributed systems and cryptography. A group of Byzantine generals lay siege to a city. How do they agree on a time to attack, even if some generals are treacherous? While classical solutions exist, the Byzantine generals need better solutions to succeed in modern warfare.

Trapdoor Computational Fuzzy Extractors Principal Investigator: Srini Devadas Project Dates: September 1, 2015 – August 31, 2018 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1523572 Fuzzy extractors convert biometric data into reproducible uniform random strings, and make it possible to apply cryptographic techniques for biometric security. They are used to encrypt and authenticate user data with keys derived from biometric inputs. This research investigates how hardware security primitives can have provable cryptographic properties, a connection which is largely lacking in currently available hardware primitives. The development of such computational fuzzy extractors could result in substantially more efficient and reliable key extractors which may be better received by industry and other stakeholders, due to their improved efficiency and well-established security properties.

MIT Industrial Liaison Program September 2019 | Page 17

Computational fuzzy extractors derive keys from biometric sources including silicon biometric sources, and their security is based on the difficulty of problems such as Learning Parity With Noise (LPN). Existing computational fuzzy extractors require exponential time to extract keys when the bits generated by the biometric source contain a constant fraction of errors. The project explores the concept of a noise-avoiding trapdoor that results in a computational fuzzy extractor that can correct errors in polynomial time in a constant fraction of the bits generated by the biometric source. The security assumption is exactly the assumption of computational hardness of LPN. This approach remains secure under weaker assumptions about biometric data than previous schemes which assumed uniform distributions of biometric data. The project introduces high-school students to research in applied cryptography and security through the MIT PRIMES high-school outreach program.

Sanctorum: A lightweight security monitor for secure enclaves Lebedev, I., Hogan, K., Drean, J., Kohlbrenner, D., Lee, D., Asanović, K., Song, D., Devadas, S. Proceedings of the 2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, 14 May 2019, Article number 8715182, Pages 1142-1147, https://doi.org/10.23919/DATE.2019.8715182 Enclaves have emerged as a particularly compelling primitive to implement trusted execution environments: strongly isolated sensitive user-mode processes in a largely untrusted software environment. While the threat models employed by various enclave systems differ, the high-level guarantees they offer are essentially the same: attestation of an enclave's initial state, as well as a guarantee of enclave integrity and privacy in the presence of an adversary. This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel’s SGX. While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which may be replaced or patched as needed. Sanctorum implements a formally verified specification for generic enclaves on an in-order multiprocessor system meeting baseline security requirements, e.g., the MIT Sanctum processor and the Keystone enclave framework. Sanctorum requires trustworthy hardware including a random number generator, a private cryptographic key pair derived via a secure bootstrapping protocol, and a robust isolation primitive to safeguard sensitive information. Sanctorum’s threat model is informed by the threat model of the isolation primitive, and is suitable for adding enclaves to a variety of processor systems.

SHAFRIRA (SHAFI) GOLDWASSER RSA Professor of Computer Science and Engineering, Associate Member, Broad Institute https://www.csail.mit.edu/person/shafi-goldwasser Shafi Goldwasser is the RSA Professor of Electrical Engineering and Computer Science in MIT, a co-leader of the cryptography and information security group and a member of the complexity theory group within the Theory of Computation Group and the Computer Science and Artificial Intelligence Laboratory.

RONALD L RIVEST Institute Professor, Professor of Computer Science and Engineering, https://www.csail.mit.edu/person/ronald-rivest, http://people.csail.mit.edu/rivest Publications: http://people.csail.mit.edu/rivest/pubs.html

MIT Industrial Liaison Program September 2019 | Page 18

Professor Rivest is an Institute Professor at MIT. He joined MIT in 1974 as a faculty member in the Department of Electrical Engineering and Computer Science. He is a member of MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), a member of the lab's Theory of Computation Group and a founder of its Cryptography and Information Security Group. He is a co-author (with Cormen, Leiserson, and Stein) of the text, Introduction to Algorithms. He is also a founder of RSA Data Security, now named RSA Security (the security division of EMC), Verisign, and Peppercoin. Professor Rivest has research interests in cryptography, computer and network security, algorithms, and voting security.

JEFFREY H SHAPIRO Julius A Stratton Professor of Electrical Engineering, Principal Investigator, Optical and Quantum Communications Group (RLE), http://www.rle.mit.edu/people/directory/jeffrey-shapiro/, https://www.eecs.mit.edu/people/faculty/jeffrey-shapiro http://www.rle.mit.edu/qoptics/ Professor Jeffrey H. Shapiro is the former Director of the Research Laboratory of Electronics (RLE) at MIT…. Dr. Shapiro’s research interests have centered on the application of communication theory to optical systems. He is best known for his work on the generation, detection, and application of squeezed-state light beams, but he has also published extensively in the areas of atmospheric optical communication, coherent laser radar, and quantum information science.

Optical and Quantum Communications Group http://www.rle.mit.edu/qoptics/ The Optical and Quantum Communications Group develops entanglement source and measurement technologies, as well as protocols that use them in photon-efficient communication, imaging, and metrology. The overarching goal is to enable and to demonstrate, in proof-of-principle experiments, capabilities that greatly exceed what can be realized with conventional, classical-physics systems for these applications.

Quantum low probability of intercept Shapiro, J.H., Boroson, D.M., Ben Dixon, P., Grein, M.E., Hamilton, S.A., Journal of the Optical Society of America B: Optical Physics, Volume 36, Issue 3, March 2019, Pages B41-B50, https://doi.org/10.1364/JOSAB.36.000B41 Conventional cryptography—such as the Rivest–Shamir–Adleman public-key infrastructure—may be rendered insecure by the ever-increasing capabilities of classical computers and the emergence of quantum computers. Quantum key distribution and post-quantum cryptography are presently being pursued as solutions to the quantum threat, but they offer no protection against an adversary who has obtained decryption keys by hacking the computer where they are stored, or by bribing a code clerk who has access to them. This paper introduces a protocol, which we call quantum low probability of intercept (QLPI), that has the potential to solve the key-disclosure problem. It transmits a ciphertext in such a way that laws of physics prevent an eavesdropper’s obtaining anything but an error-ridden version of that ciphertext from an individual attack or a restricted class of collective attacks. Consequently, even were an adversary to possess the decryption key, the plain text could not be recovered from such attacks.

MIT Industrial Liaison Program September 2019 | Page 19

Furthermore, QLPI is capable of gigabits per second communication rates on optical fiber over metropolitan-area distances without space-division or wavelength-division multiplexing and without the need for any new technology.

Large-alphabet encoding for higher-rate quantum key distribution Lee, C., Bunandar, D., Zhang, Z., Steinbrecher, G.R., Ben Dixon, P., Wong, F.N.C., Shapiro, J.H., Hamilton, S.A., Englund, D., Optics Express, Volume 27, Issue 13, 2019, Pages 17539-17549, https://doi.org/10.1364/OE.27.017539 The manipulation of high-dimensional degrees of freedom provides new opportunities for more efficient quantum information processing. It has recently been shown that high-dimensional encoded states can provide significant advantages over binary quantum states in applications of quantum computation and quantum communication. In particular, high-dimensional quantum key distribution enables higher secret-key generation rates under practical limitations of detectors or light sources, as well as greater error tolerance. Here, we demonstrate high-dimensional quantum key distribution capabilities both in the laboratory and over a deployed fiber, using photons encoded in a high-dimensional alphabet to increase the secure information yield per detected photon. By adjusting the alphabet size, it is possible to mitigate the effects of receiver bottlenecks and optimize the secret-key rates for different channel losses. This work presents a strategy for achieving higher secret-key rates in receiver-limited scenarios and marks an important step toward high-dimensional quantum communication in deployed fiber networks.

Security-proof framework for two-way Gaussian quantum-key-distribution protocols Zhuang, Q., Zhang, Z., Lütkenhaus, N., Shapiro, J.H., Physical Review A, Volume 98, Issue 3, 28 September 2018, Article number 032332, https://doi.org/10.1103/PhysRevA.98.032332 Two-way Gaussian protocols have the potential to increase quantum key distribution (QKD) protocols' secret-key rates by orders of magnitudes [Phys. Rev. A 94, 012322 (2016)2469-992610.1103/PhysRevA.94.012322]. Security proofs for two-way protocols, however, are underdeveloped at present. In this paper, we establish a security proof framework for the general coherent attack on two-way Gaussian protocols in the asymptotic regime. We first prove that coherent-attack security can be reduced to collective-attack security for all two-way QKD protocols. Next, we identify two different constraints that each provide intrusion parameters which bound an eavesdropper's coherent-attack information gain for any two-way Gaussian QKD protocol. Finally, we apply our results to two such protocols.

VINOD VAIKUNTANATHAN Associate Professor of Electrical Engineering and Computer Science, https://www.csail.mit.edu/person/vinod-vaikuntanathan, http://people.csail.mit.edu/vinodv/ Publications: http://people.csail.mit.edu/vinodv/#pubs Professor Vinod Vaikuntanathan is an associate professor of computer science at MIT and the chief cryptographer at Duality Technologies. Vinod is the co-inventor of most modern fully homomorphic encryption systems and many other lattice-based (post-quantum secure) cryptographic primitives. His work has been recognized with a George M. Sprowls PhD thesis award (2009), an IBM Josef Raviv Fellowship (2008), a Sloan Faculty Fellowship (2013), a Microsoft Faculty Fellowship (2014), an NSF CAREER Award (2014), a DARPA Young Faculty Award (2018), and a Harold E. Edgerton Faculty

MIT Industrial Liaison Program September 2019 | Page 20

Award (2018). He holds SM and PhD degrees from MIT and a BTech degree from the Indian Institute of Technology Madras.

Developing Cryptographic Tools to Keep Data Private and Secure http://ilp.mit.edu/expertise_project_detail.jsp?project_id=32673 Machine learning and cryptography are flip sides of the same coin: one turns unstructured data into algorithms while the other hides the structure within data and algorithms. MIT-IBM researchers are exploiting these complementary traits to develop stronger cryptographic tools to keep sensitive data secure, as the health care, finance, and insurance industries, among others, handle more personal data. The researchers' goal is to build privacy protections into machine learning algorithms and make them less vulnerable to adversarial attacks.

Foundations of Lattice-Based Cryptography Principal Investigator: Vinod Vaikuntanathan Project Dates: August 1, 2017 – July 31, 2020 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1718161 Over the last two decades, lattices have emerged as a powerful mathematical basis for cryptography. For one, Lattice-based Cryptography has resisted quantum attacks while conventional crypto systems succumbed to it in the mid-90s. Secondly, Lattice-based Cryptography has been instrumental in realizing new and exciting functionality which is beyond the reach of conventional cryptography. The most notable examples, perhaps, are Fully Homomorphic Encryption (FHE) and general Attribute Based Encryption (ABE) which, respectively, allow us to compute on and achieve expressive access control of encrypted data. Finally, it has also been shown that basic lattice-based constructions such as digital signatures, pseudorandom functions and key exchange can be made very efficient, to the point that we now have growing interest from the government (NSA and NIST) and the industry (Google) in deploying lattice-based cryptographic solutions. Success in our endeavor will have implications beyond the cryptography: enabling new solutions for privacy concerns in a world where data and computations are increasingly being outsourced, as well as providing security in a post-quantum era. The goal of this project is three-fold: (a) New Cryptographic Constructions from Lattices: although we have made great strides in constructing advanced cryptographic primitives such as fully homomorphic, attribute based and functional encryption on standard lattice problems such as the learning with errors problem, much is left to be done. Perhaps the most prominent goal is to come up with a construction of program obfuscation (and thus, nearly all of cryptography) based on the hardness of standard lattice problems; (b) Efficient Lattice-based Cryptography: we aim to improve the efficiency of existing cryptographic constructions, starting from pseudorandom functions all the way to homomorphic and attribute-based encryption, an endeavor that is of tremendous importance in translating theoretical advances into practically useful objects; and (c) Foundations of Hardness of Lattice Problems: we aim to advance and deepen our understanding of the hardness of cryptographically relevant lattice problems. The project involves a significant educational component that consists of designing new courses in cryptography, making the lecture notes publicly available, giving expository lectures, writing survey articles and monographs intended for a broad audience, organizing a seminar series and a workshop on lattices, and advising graduate and undergraduate students.

Computing on Encrypted Data Principal Investigator: Vinod Vaikuntanathan Project Dates: April 15, 2014 – March 31, 2019 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1350619

MIT Industrial Liaison Program September 2019 | Page 21

The basic nature of encryption has always been all-or-nothing: anyone who is privy to the secret key can decode and recover the entire data; but, without the key, nothing can be revealed. In other words, the only useful action that could be performed on encrypted data was decryption using the secret key. In the modern world of cloud computing, we store much of our personal data in the cloud, and perform computations on them remotely. The numerous security concerns with cloud storage and computation raise a number of challenging questions: Can we encrypt data and run computations on it without decrypting? Can we encrypt programs and allow users to execute them without discovering any details about their internal operations, other than the eventual result? This project is dedicated to the study of the paradigm of computing on encrypted data and programs, and the design of fundamental cryptographic primitives underlying this broad goal. Specifically, it focuses on three major cryptographic primitives: (i) fully homomorphic encryption, which enables computations on encrypted data; (ii) functional encryption, which enables expressive access control; and (iii) program obfuscation, which lets us hide the structure of programs while preserving their functionality. The overarching goal is to develop constructions of these cryptographic primitives that achieve a high degree of efficiency, but also guarantee security under well-studied cryptographic assumptions. Towards this end, the project explores both software and hardware techniques, and the use of novel mathematical tools from algebra, geometry and number theory.

Worst-case hardness for LPN and cryptographic hashing via code smoothing Brakerski, Z., Lyubashevsky, V., Vaikuntanathan, V., Wichs, D., Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 11478 LNCS, 2019, Pages 619-635, https://doi.org/10.1007/978-3-030-17659-4_21 We present a worst case decoding problem whose hardness reduces to that of solving the Learning Parity with Noise (LPN) problem, in some parameter regime. Prior to this work, no worst case hardness result was known for LPN (as opposed to syntactically similar problems such as Learning with Errors). The caveat is that this worst case problem is only mildly hard and in particular admits a quasi-polynomial time algorithm, whereas the LPN variant used in the reduction requires extremely high noise rate of 1/2-1/poly(n). Thus we can only show that “very hard” LPN is harder than some “very mildly hard” worst case problem. We note that LPN with noise 1/2-1/poly(n)already implies symmetric cryptography. Specifically, we consider the (n, m, w)-nearest codeword problem ((n, m, w)-NCP) which takes as input a generating matrix for a binary linear code in m dimensions and rank n, and a target vector which is very close to the code (Hamming distance at most w), and asks to find the codeword nearest to the target vector. We show that for balanced (unbiased) codes and for relative error (Formula presented), (n, m, w)-NCP can be solved given oracle access to an LPN distinguisher with noise ratio 1/2-1/poly(n). Our proof relies on a smoothing lemma for codes which we show to have further implications: We show that (n, m, w)-NCP with the aforementioned parameters lies in the complexity class Search BPP SZK (i.e. reducible to a problem that has a statistical zero knowledge protocol) implying that it is unlikely to be NP -hard. We then show that the hardness of LPN with very low noise rate log 2 (n)/n implies the existence of collision resistant hash functions (our aforementioned result implies that in this parameter regime LPN is also in BPP SZK .

Indistinguishability obfuscation from functional encryption Bitansky, N., Vaikuntanathan, V., Journal of the ACM, Volume 65, Issue 6, November 2018, Article number 39, https://doi.org/10.1145/3234511

MIT Industrial Liaison Program September 2019 | Page 22

Indistinguishability obfuscation (IO) is a tremendous notion, powerful enough to give rise to almost any known cryptographic object. Prior candidate IO constructions were based on specific assumptions on algebraic objects called multi-linear graded encodings. We present a generic construction of indistinguishability obfuscation from public-key functional encryption with succinct encryption circuits and subexponential security. This shows the equivalence of indistinguishability obfuscation and public-key functional encryption, a primitive that has previously seemed to be much weaker, lacking the power and the staggering range of applications of indistinguishability obfuscation. Our main construction can be based on functional encryption schemes that support a single functional key, and where the encryption circuit grows sub-linearly in the circuit-size of the function. We further show that sublinear succinctness in circuit-size for single-key schemes can be traded with sublinear succinctness in the number of keys (also known as the collusion-size) for multi-key schemes. We also show that, under the Learning with Errors assumption, our techniques imply that any indistinguishability obfuscator can be converted into one where the size of obfuscated circuits is twice that of the original circuit plus an additive overhead that is polynomial in its depth, input length, and the security parameter.

Some open problems in information-theoretic cryptography Vaikuntanathan, V., Leibniz International Proceedings in Informatics, LIPIcs, Volume 93, 1 January 2018, Article number 5, https://doi.org/10.4230/LIPIcs.FSTTCS.2017.5 Information-theoretic cryptography is full of open problems with a communication-complexity flavor. We will describe several such problems that arise in the study of private information retrieval, secure multi-party computation, secret sharing, private simultaneous messages (PSM) and conditional disclosure of secrets (CDS). In all these cases, there is a huge (exponential) gap between the best known upper and lower bounds. We will also describe the connections between these problems, some old and some new.

Fortifying the future of cryptography Vinod Vaikuntanathan aims to improve encryption in a world with growing applications and evolving adversaries. Rob Matheson, MIT News Office, January 16, 2019, http://news.mit.edu/2019/faculty-vinod-vaikuntanathan-0116 As a boy growing up in a small South Indian village, Vinod Vaikuntanathan taught himself calculus by reading books his grandfather left lying around the house. Years later in college, he toiled away in the library studying number theory, which deals with the properties and relationships of numbers, primarily positive integers. This field of study naturally steered Vaikuntanathan toward what he calls “the most important application of number theory in the modern world”: cryptography. Today, Vaikuntanathan, a recently tenured associate professor of electrical engineering and computer science at MIT, is using number theory and other mathematical concepts to fortify encryption so it can be used for new applications and stand up to even the toughest adversaries. One major focus is developing more efficient encryption techniques that can be scaled to do complex computations on large datasets. That means multiple parties can share data while ensuring the data remains private. For example, if researchers could analyze genomic data and patient data together, they may be able to identify key genome sequences associated with diseases. But the information for genomes

MIT Industrial Liaison Program September 2019 | Page 23

and patients is kept private by separate entities, so collaboration is difficult. That’s a gap Vaikuntanathan wants to close….

CYBER PHYSICAL SYSTEMS AND INTERNET OF THINGS SECURITY

SAURABH AMIN Associate Professor of Civil and Environmental Engineering, http://cee.mit.edu/people_individual/saurabh-amin/ Lab: http://resil.mit.edu/ Publications: http://resil.mit.edu/publications Professor Amin’s research focuses on the design and implementation of high confidence network control algorithms for infrastructure systems. His research group works on robust diagnostics and control problems that involve using networked systems to facilitate the monitoring and control of large-scale critical infrastructures, including transportation, water, and energy distribution systems. The group also studies the effect of security attacks and random faults on the survivability of networked systems, and designs incentive-compatible control mechanisms to reduce network risks.

Resilient Infrastructure Networks Lab http://resil.mit.edu/ Research: http://resil.mit.edu/research Publications: http://resil.mit.edu/publications The Resilient Infrastructure Systems Lab seeks to improve the robustness and security of critical infrastructure systems by:

• Developing tools to detect and respond to incidents, both random and adversarial • Designing incentive mechanisms for efficient infrastructure management

Resilient Design of Networked Infrastructure Systems: Models, Validation, and Synthesis

Principal Investigator: Saurabh Amin Project Dates: June 15, 2015 – May 31, 2020 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1453126 This project advances the scientific knowledge on design methods for improving the resilience of civil infrastructures to disruptions. To improve resilience, critical services in civil infrastructure sectors must utilize new diagnostic tools and control algorithms that ensure survivability in the presence of both security attacks and random faults, and also include the models of incentives of human decision makers in the design process. This project will develop a practical design toolkit and platform to enable the integration of resiliency-improving control tools and incentive schemes for Cyber-Physical Systems (CPS) deployed in civil infrastructures. Theory and algorithms will be applied to assess resiliency levels, select strategies to improve performance, and provide reliability and security guarantees for sector-specific CPS functionalities in water, electricity distribution and transportation infrastructures. The main focus is on resilient design of network control functionalities to address problems of incident response, demand management, and supply uncertainties. More broadly, the knowledge and tools from this project will influence CPS designs in water, transport, and energy sectors, and also be applicable to

MIT Industrial Liaison Program September 2019 | Page 24

other systems such as supply-chains for food, oil and gas. The proposed platform will be used to develop case studies, test implementations, and design projects for supporting education and outreach activities. Current CPS deployments lack integrated components designed to survive in uncertain environments subject to random events and the actions of strategic entities. The toolkit (i) models the propagation of disruptions due to failure of cyber-physical components, (ii) detects and responds to both local and network-level failures, and (iii) designs incentive schemes that improve aggregate levels of public good (e.g., decongestion, security), while accounting for network interdependencies and private information among strategic entities. The validation approach uses real-world data collected from public sources, test cases developed by domain experts, and simulation software. These tools are integrated to provide a multi-layer design platform, which explores the design space to synthesize solutions that meet resiliency specifications. The platform ensures that synthesized implementations meet functionality requirements, and also estimates the performance guarantees necessary for CPS resilience. This modeling, validation, exploration, and synthesis approach provides a scientific basis for resilience engineering. It supports CPS education by providing a platform and structured workflow for future engineers to approach and appreciate implementation realities and socio-technical constraints.

Collaborative Research: Foundations of Resilient Cyber-Physical Systems (FORCES) Principal Investigator: Saurabh Amin, Hamsa Balakrishnan, Asuman Ozdaglar Project Dates: April 15, 2013 – March 31, 2018 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1239054 This NSF Cyber-Physical Systems (CPS) Frontiers project "Foundations Of Resilient CybEr-physical Systems (FORCES)" focuses on the resilient design of large-scale networked CPS systems that directly interface with humans. FORCES aims to pr ovide comprehensive tools that allow the CPS designers and operators to combine resilient control (RC) algorithms with economic incentive (EI) schemes. Scientific Contributions The project is developing RC tools to withstand a wide-range of attacks and faults; learning and control algorithms which integrate human actions with spatio-temporal and hybrid dynamics of networked CPS systems; and model-based design to assure semantically consistent representations across all branches of the project. Operations of networked CPS systems naturally depend on the systemic social institutions and the individual deployment choices of the humans who use and operate them. The presence of incomplete and asymmetric information among these actors leads to a gap between the individually and socially optimal equilibrium resiliency levels. The project is developing EI schemes to reduce this gap. The core contributions of the FORCES team, which includes experts in control systems, game theory, and mechanism design, are the foundations for the co-design of RC and EI schemes and technological tools for implementing them. Expected Impacts Resilient CPS infrastructure is a critical National Asset. FORCES is contributing to the development of new Science of CPS by being the first project that integrates networked control with game theoretic tools and the economic incentives of human decision makers for resilient CPS design and operation. The FORCES integrated co-design philosophy is being validated on two CPS domains: electric power distribution and consumption, and transportation networks. These design prototypes are being tested in real world scenarios. The team''s research efforts are being complemented by educational offerings on resilient CPS targeted to a large and diverse audience.

MIT Industrial Liaison Program September 2019 | Page 25

DANIEL N JACKSON Professor of Electrical Engineering and Computer Science, Associate Director, Computer Science and Artificial Intelligence Laboratory (CSAIL), VanBuren N Hansford (1937) - MacVicar Faculty Fellow, Director, Middle East Education Through Technology (MISTI MIT-MEET) https://www.csail.mit.edu/person/daniel-jackson, http://people.csail.mit.edu/dnj/ Lab: http://sdg.csail.mit.edu/ Publications: http://sdg.csail.mit.edu/publications Daniel Jackson is a professor in the Department of Electrical Engineering and Computer Science, and leads the Software Design Group in the Computer Science and Artificial Intelligence Laboratory. He received an MA from Oxford University (1984) in Physics, and his SM (1988) and PhD (1992) from MIT in Computer Science. He was a software engineer for Logica UK Ltd. (1984-1986), Assistant Professor of Computer Science at Carnegie Mellon University (1992-1997), and has been at MIT since 1997. He has broad interests in software engineering, especially in development methods, design and specification, formal methods, and safety critical systems.

Software Design Group http://sdg.csail.mit.edu/, https://www.csail.mit.edu/research/software-design-group Projects: http://sdg.csail.mit.edu/projects Publications: http://sdg.csail.mit.edu/publications We're inventing new programming paradigms (Déjà Vu, Espalier) so that end users can create more sophisticated apps themselves, and programmers can build more flexible complex systems with less code. We're developing a new theory of software design, which focuses not on the question of how to implement, but on the harder question of what to implement (and how to tell in advance if it's likely to be usable). We've been working for a while on software security for web and mobile applications; we're now beginning a new project on cyberphysical systems. We continue to support and extend the Alloy modeling language and analyzer, still the only tool to provide fully automatic analysis of software designs that involve rich state. Our research style is principled, practical and irreverent: we don't pay much attention to all the assumptions that are usually made in software engineering and programming languages (e.g., that only code matters, that proving things correct means that they work right, or that the most important engineering questions can be answered empirically).

Security by Design for Cyberphysical Systems https://www.csail.mit.edu/research/security-design-cyberphysical-systems We are investigating methods for improving the resilience of cyberphysical systems to malicious attack. In a collaboration with colleagues at the Singapore University of Technology and Design, we are experimenting with new approaches to software security in the context of two real cyberphysical systems: a water purification plant and an electricity distribution grid. Both are full systems with standard components and software, but which, as smaller scale testbeds, allow full access to code and physical plant. In an initial study, we used constraint solving to synthesize attacks on the water purification plant, and validated the attacks by applying them in real time. We are now investigating architectural interventions to guard against such attacks.

MIT Industrial Liaison Program September 2019 | Page 26

HOWARD E SHROBE Principal Research Scientist, https://www.csail.mit.edu/person/howard-shrobe, http://people.csail.mit.edu/hes/index.html Howard Shrobe is Associate Director and a Principal Research Scientist at CSAIL. His research interests include software and hardware architectures for computer security and the use of AI techniques in software development and other engineering disciplines.

Automated Attack Tree Generation for Critical Infrastructure https://www.csail.mit.edu/research/automated-attack-tree-generation-critical-infrastructure Using AI methods, we are developing an attack tree generator that automatically enumerates cyberattack vectors for industrial control systems in critical infrastructure (electric grids, water networks and transportation systems). The generator can quickly assess cyber risk for a system at scale. Our team will approach this problem by developing an AI planning system that can enumerate a set of multi-step attack plans capable of penetrating and compromising systems in the selected critical urban infrastructure sectors. Dr. Howard Shrobe’s work on Computational Vulnerability Analysis for Information Survivability will be used as the core of the attack graph generator; its ontology and knowledge base will be enhanced to reflect today’s urban cyber infrastructure. The attack graphs developed by this planer will provide automatic identification of concrete adversarial strategies aimed at compromising transportation systems and water networks. The attack vectors will be prioritized based on Gregory Falco et al.’s research SCADA Risk Modeling for Critical Infrastructure Cybersecurity in Smart Cities. In addition to developing an automated attack generator, the team will also develop a counter-planning system that will generate countermeasures and mitigation strategies. These will consider multi-prong attack scenarios where multiple attack vectors are pursued to compromise a city-wide sector. The counter-measures will be ranked both by coverage (number of attack plans prevented) and by cost (difficulty of implementation). Together the set of attack plans and their counter-measures will provide insight to the operators of urban critical infrastructure, illustrating worst-case scenarios and enabling an assessment of cyber risk. By having an understanding of prioritized adversarial actions and appropriate countermeasures, the team will explore how local policy can be crafted to help secure critical urban infrastructure against the most pressing security threats.

Securing IoT https://www.csail.mit.edu/research/securing-iot IoT devices primarily use free embedded Linux which has many security flaws. We are conducting penetration tests on IoT and developing a secure version of embedded Linux. IoT devices are deterministic, always-on systems that are growing in number by the billions yearly. Most of these devices are built using a version of embedded Linux. Embedded Linux has a number of ports and features that can be exploited if not appropriately closed off and secured. The research team is learning penetration testing tools and techniques to evaluate the security flaws of these systems. Further, we are developing a stripped down, secure version of embedded Linux that will be available for open-source use. This new version will close telnet and other ports that are particularly vulnerable to attack.

Security of Cyberphysical Systems: Chaining Induction and Deduction Khan, M.T., Shrobe, H., Computer, Volume 52, Issue 7, July 2019, Article number 8747216, Pages 72-75, https://doi.org/10.1109/MC.2019.2913138

MIT Industrial Liaison Program September 2019 | Page 27

Formal methods and machine learning have been successfully applied to detect and classify security threats in a variety of application domains. While both approaches have limitations, we argue for combining the best of them to detect and classify threats in cyberphysical systems.

Highly Assured Safety and Security of e-Health Applications Khan, M.T., Serpanos, D., Shrobe, H., International Conference on Wireless and Mobile Computing, Networking and Communications, Volume 2018-October, 26 December 2018, Article number 8589095, Pages 137-144, https://doi.org/10.1109/WiMOB.2018.8589095 Modern medical devices aim at providing invasive e-health care services to patients with long-term conditions. Typically, these services are implemented as embedded software applications that remotely and automatically control the operations of the devices according to the patient's condition as monitored by the underlying sensors. Such applications are neither safe nor secure mainly because of unreliable sensors, which may provide incorrect input data either due to its malfunctioning or due to some accidental (by privileged user) or intentional (by adversary) interference. Hence, the incorrect sensor data may lead to identification of inaccurate patient condition, which may threaten the patient's life. To ensure safety and security of e-health applications, current approaches employ data analysis techniques to monitor sensor data and alarm when some unusual value is detected and employ access control strategies to ensure that controller decisions are consistent with sensor input data. However, such approaches fail to detect stealthy attacks, e.g. bad data (false data injection) and bad computations because they do not understand what the application or device is trying to do. To this end, we evaluate our existing approach (i.e., ARMET) to assure safety and security of an emerging and critically real-time application domain of e-health. The approach is based on the specification of the application and device, which has a design and a run-time component. Given an application specification, the design component employs logical verification methods to assure that the application design is resilient to some bad data, i.e., there are no sensor input data values with meaningful threshold which are admissible to the specification but are not true. Given the specification, the runtime component monitors application's execution and assures that the execution is consistent with the specification and alarms whenever it detects a violation, i.e., there is a bad computation. We evaluate the methodology through its application to an example medical e-health application that controls and monitors blood glucose through an insulin pump.

IIoT Cybersecurity Risk Modeling for SCADA Systems Falco, G., Caldera, C., Shrobe, H., IEEE Internet of Things Journal, Volume 5, Issue 6, December 2018, Article number 8332467, Pages 4486-4495, https://doi.org/10.1109/JIOT.2018.2822842 Urban critical infrastructure such as electric grids, water networks, and transportation systems are prime targets for cyberattacks. These systems are composed of connected devices which we call the Industrial Internet of Things (IIoT). An attack on urban critical infrastructure IIoT would cause considerable disruption to society. Supervisory control and data acquisition (SCADA) systems are typically used to control IIoT for urban critical infrastructure. Despite the clear need to understand the cyber risk to urban critical infrastructure, there is no data-driven model for evaluating SCADA software risk for IIoT devices. In this paper, we compare non-SCADA and SCADA systems and establish, using cosine similarity tests, that SCADA as a software subclass holds unique risk attributes for IIoT. We then disprove the commonly accepted notion that the common vulnerability scoring system risk metrics of exploitability and impact are not correlated with attack for the SCADA subclass of software. A series of statistical models are developed to identify SCADA risk metrics that can be used to evaluate the risk that a SCADA-related vulnerability is exploited. Based on our findings, we build a customizable SCADA risk

MIT Industrial Liaison Program September 2019 | Page 28

prioritization schema that can be used by the security community to better understand SCADA-specific risk. Considering the distinct properties of SCADA systems, a data-driven prioritization schema will help researchers identify security gaps specific to this software subclass that is essential to our society's operations.

ARMANDO SOLAR-LEZAMA Associate Professor of Computer Science and Engineering, https://www.csail.mit.edu/person/armando-solar-lezama, http://people.csail.mit.edu/asolar/ Lab: http://groups.csail.mit.edu/cap/ Publications: http://groups.csail.mit.edu/cap/#publications Professor Solar-Lezama works with the Computer Assisted Programming Group. The group's goal is to develop techniques and tools that exploit automated reasoning and large amounts of computing power to tackle challenging programming problems.

Computer-Aided Programming Group http://groups.csail.mit.edu/cap/ Projects: http://groups.csail.mit.edu/cap/#projects Publications: http://groups.csail.mit.edu/cap/#publications We develop techniques and tools that exploit automated reasoning and large amounts of computing power to tackle challenging programming problems.

Cyber-Physical Security http://groups.csail.mit.edu/cap/#projects Safety-critical embedded systems are vulnerable to combinations of cyber and physical attacks. Examples include Stuxnet attacks on power grids and GPS spoofing. We use program analysis and synthesis techniques to analyze security vulnerability and develop defense mechanisms.

KAREN R SOLLINS Principal Research Scientist, https://www.csail.mit.edu/person/karen-sollins Dr. Karen Sollins is currently a Principal Research Scientist in the Advanced Network Architecture Group at CSAIL. Her research interests have focused on support for network-based systems and applications. Her doctoral thesis was on distributed name management. She has published papers on an authentication protocol and global naming. More recently she led the Information Mesh Project, addressing architectural problems of an extremely long-lived global mesh of information, followed by work on issues of extreme scaling in the net. She was a guest editor of a special issue of Personal Communication on Smart Environments in October of 2000.

IoT big data security and privacy versus innovation Sollins, K.R., IEEE Internet of Things Journal, Volume 6, Issue 2, April 2019, Article number 8643026, Pages 1628-1635, https://doi.org/10.1109/JIOT.2019.2898113 In this paper, we address the conflict in the collection, use, and management of Big Data at the intersection of security and privacy requirements and the demand of innovative uses of the data. This problem is exaggerated in the context of the Internet of Things (IoT). We propose a three-part

MIT Industrial Liaison Program September 2019 | Page 29

decomposition of the design space, in order to clarify requirements and constraints. To reach this final analysis, we begin by clarifying the challenges in the design space: 1) there is a little agreement on what is meant by IoT, and in particular the security and privacy implications of different definitions; 2) we then consider the requirement and constraints on the Big Data that result from various IoT system designs; and 3) in parallel, we examine the intricacies of the demand for innovation from both the legal and economic perspectives. In this context, we then can decompose the set of drivers and objectives for security/privacy of data as well as innovation into: 1) the regulatory and social policy context; 2) economic and business context; and 3) technology and design context. By identifying these distinct objectives for the design of IoT Big Data management, we propose that more effective design and control is possible at the intersection of these forces, through an iterative process of review and redesign.

JOHN R WILLIAMS Professor of Information Engineering, Civil and Environmental Engineering and Engineering Systems, http://cee.mit.edu/people_individual/john-r-williams/ Professor Williams holds a BA in physics from Oxford University, an M.Sc. in physics from UCLA, and a Ph.D. from Swansea University. His area of specialty is large scale computer analysis applied to both physical systems and to information. Professor Williams is internationally recognized in the field of computational algorithms for large-scale particle simulators and has authored two books and over 100 publications. For the past eight years, his research has focused on architecting of large scale distributed simulation systems. He teaches graduate courses on Modern Software Development and on Web System Architecting.

Video: Cyber Security of IoT ILP Video, April 9, 2019, http://ilp.mit.edu/videodetail.jsp?confid=null&ilp-videos=Y&id=2704# How can you protect yourself against threats you don?t know about? What measures can you take to assess your risk before a breach? How can you protect yourself against an attack that originates in an innocuous object like a toaster? Professor John Williams will discuss how organizations can prepare themselves to defend against cybersecurity threats to protect their enterprises. He will discussrisk a modeling and data analytics tool (Saffron), that helps to identify risk tolerance and strategies for assessing, responding to, and monitoring cyber security risks.

CYBERSECURITY CAPABILITIES AND POLICY

JOEL BRENNER Research Affiliate, http://joelbrenner.com/, https://cis.mit.edu/people/joel-brenner Joel F. Brenner specializes in cyber and physical security, data protection and privacy, intelligence law, the administration of classified information and facilities, and the regulation of sensitive cross-border transactions. He has represented companies and individuals in a wide variety of transactions and proceedings including sensitive foreign acquisitions involving the Committee on Foreign Investment in the U.S. (CFIUS), the law governing network operations, the liability of foreign governments, export controls, and internal corporate and government investigations. He has years of experience inside and outside government involving national and homeland security.

MIT Industrial Liaison Program September 2019 | Page 30

NAZLI CHOUCRI Professor of Political Science, Head, Middle East Program, PI - Explorations in Cyber International Relations (ECIR), https://polisci.mit.edu/people/nazli-choucri ; http://nchoucri.mit.edu/ Lab: http://ecir.mit.edu/ Publications: http://nchoucri.mit.edu/publications International relations; cybersecurity; international conflict; cyberpolitics; global accord; sustainable development; cyberwar. Nazli Choucri is Professor of Political Science. Her work is in the area of international relations, most notably on sources and consequences of international conflict and violence. Professor Choucri is the architect and Director of the Global System for Sustainable Development (GSSD), a multi-lingual web-based knowledge networking system focusing on the multi-dimensionality of sustainability. As Principal Investigator of an MIT-Harvard multi-year project on Explorations in Cyber International Relations (ECIR), she directed a multi-disciplinary and multi-method research initiative, constructing a cyber-inclusive view of international relations (Cyber-IR System) – with theory, data, analyses, simulations – to anticipate and respond to cyber threats and challenges to national security and international stability. She is Editor of the MIT Press Series on Global Environmental Accord and, formerly, General Editor of the International Political Science Review. She also previously served as the Associate Director of MIT’s Technology and Development Program.

BOOK: International Relations in the Cyber Age: The co-evolution dilemma Choucri, Nazli, and David D. Clark. 2018 Cambridge, MA: MIT Press, https://mitpress.mit.edu/books/international-relations-cyber-age A foundational analysis of the co-evolution of the internet and international relations, examining resultant challenges for individuals, organizations, firms, and states.

Cyber Acquisition: Policy Changes to Drive Innovation in Response to Accelerating Threats in Cyberspace

Klemas, T., Lively, R. & Choucri, N. (2018). CyCon U.S. 2018 Conference Papers. Army Cyber Institute, West Point. https://www.hsdl.org/?view&did=818911 https://nchoucri.mit.edu/sites/default/files/images/Cyber%20Acquisition%20Ref.pdf The United States of America faces great risk in the cyber domain because our adversaries are growing bolder, increasing in number, improving their capabilities, and doing so rapidly. Meanwhile, the associated technologies are evolving so quickly that progress to harden and secure this domain is ephemeral, as systems reach obsolescence in just a few years and revolutionary paradigm shifts, such as cloud computing and ubiquitous mobile devices, can pull the rug out from the best laid defensive planning by introducing entirely new regimes of operations. Contemplating these facts in the context of Department of Defense acquisitions is particularly sobering, because many cyber capabilities bought within the traditional acquisitions framework will be useless well before they reach the warfighters. Thus, it is a strategic imperative to improve DoD acquisitions pertaining to cyber capabilities, and this paper proposes novel ideas and a framework for addressing these challenges.

STUART E MADNICK John Norris Maguire Professor of Information Technologies, https://mitsloan.mit.edu/faculty/directory/stuart-madnick Professor of Engineering Systems

MIT Industrial Liaison Program September 2019 | Page 31

Stuart Madnick is the John Norris Maguire Professor of Information Technologies at the MIT Sloan School of Management, a Professor of Engineering Systems at the MIT School of Engineering, and the Founding Director of Cybersecurity at MIT Sloan: the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity. Madnick’s involvement in cybersecurity research goes back to 1979, when he coauthored the book Computer Security. Currently, he heads the Cybersecurity at MIT Sloan Initiative, formerly called the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity, aka (IC)3. Madnick served as the head of MIT's Information Technologies Group in the Sloan School of Management for more than 20 years. He is the author or coauthor of more than 300 books, articles, and reports. Besides cybersecurity, his other research interests include Big Data, semantic connectivity, database technology, software project management, and the strategic use of information technology. Madnick has served as a consultant to major corporations and has been the cofounder of five high-tech firms. He currently operates the 14th-century Langley Castle Hotel in England.

Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Jalali, M.S., Siegel, M., Madnick, S., Journal of Strategic Information Systems, Volume 28, Issue 1, March 2019, Pages 66-82, https://doi.org/10.1016/j.jsis.2018.09.003 We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity.

The Internet of Things Promises New Benefits and Risks: A Systematic Analysis of Adoption Dynamics of IoT Products

Jalali, M.S., Kaiser, J.P., Siegel, M., Madnick, S., IEEE Security and Privacy, Volume 17, Issue 2, March-April 2019, Article number 8677360, Pages 39-48, https://doi.org/10.1109/MSEC.2018.2888780 Cyber risk for buyers is a major obstacle to broad adoption of the Internet of Things (IoT). Using a system dynamics approach, we conducted a case study of a connected lighting product to understand how cybersecurity influences IoT adoption.

Health care and cybersecurity: Bibliometric analysis of the literature Jalali, M.S., Razak, S., Gordon, W., Perakslis, E., Madnick, S., Journal of Medical Internet Research, Volume 21, Issue 2, February 2019, Article number e12644, https://doi.org/10.2196/12644 Background: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery. Objective: The objective of this study was to provide an

MIT Industrial Liaison Program September 2019 | Page 32

overview of the literature at the intersection of cybersecurity and health care delivery. Methods: A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them. Results: Our final sample included 472 English-language journal articles. Our review results revealed that majority of the articles were focused on technology: Technology–focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32% of all clusters. This finding suggests that nontechnological variables (human–based and organizational aspects, strategy, and management) may be understudied. In addition, Software Development Security, Business Continuity, and Disaster Recovery Planning each accounted for 3% of the studied articles. Our results also showed that publications on Physical Security account for only 1% of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients. Conclusions: Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.

Systematically understanding the cyberattack business: A survey Huang, K., Siegel, M., Madnick, S., ACM Computing Surveys, Volume 51, Issue 4, July 2018, Article number 3199674, https://doi.org/10.1145/3199674 Cyberattacks are increasingly menacing businesses. Based on the literature review and publicly available reports, this article conducts an extensive and consistent survey of the services used by the cybercrime business, organized using the value chain perspective, to understand cyberattack in a systematic way. Understanding the specialization, commercialization, and cooperation for cyberattacks helps us to identify 24 key value-added activities and their relations. These can be offered "as a service" for use in a cyberattack. This framework helps to understand the cybercriminal service ecosystem and hacking innovations. Finally, a few examples are provided showing how this framework can help to build a more cyber immune system, like targeting cybercrime control-points and assigning defense responsibilities to encourage collaboration.

ABEL SANCHEZ Research Scientist, http://web.mit.edu/doval/www/index.html Publications: http://web.mit.edu/doval/www/research.html#papers Dr. Sanchez holds a Ph.D. from MIT. He is the Executive Director of MIT's Geospatial Data Center (GDC). His areas of specialty include the Internet of Things (IOT), Big Data, Cybersecurity, and Digital Innovation. He teaches graduate courses in Data Science, Cybersecurity, and Innovation. For the past eight years his research has focused on architecting large-scale computation.

Situational Awareness Tool for Cyber Security Event Prediction and Quantification (SAFFRON)

http://web.mit.edu/doval/www/research.html#projects-saffron SAFFRON is a risk modeling and data analytics tool that allows energy delivery OT operators to better understand the risks associated with cyber threats. At present they do not have the capability to fully understand the risks associated with the cyber threats of today and tomorrow – risks that will continue to grow as Information Technology (IT) and Operations Technology (OT) networks increasingly integrate. It is important to have a better understanding of these risks, costs, and potential consequences. This aggregation of risk data will inform EDS OT operators in understanding how risk

MIT Industrial Liaison Program September 2019 | Page 33

changes as the software deployed changes, and support actions (i.e., identify corrective actions that reduce the risk.) Similarly, risk computation will support operators in equipment replacement and procurement by quantifying device risk and impact on the network. SAFFRON has developed a risk model and data analytics tool, along with the necessary algorithms that identify risk tolerance and strategy for assessing, responding to, and monitoring cyber security risks. Foundational validated research is pressingly needed to develop risk models and visual analytics that are understandable to OT operators and leads to or even suggests corrective action. The tool uses a simulation model of the physical/IT system and acts as a proxy for the physical infrastructure.

Video: Situational Awareness Tool for Cyber Security Event Prediction and Quantification (SAFFRON)

ILP Video, April 9, 2019, http://ilp.mit.edu/videodetail.jsp?confid=null&ilp-videos=Y&id=2705# SAFFRON is a risk modeling and data analytics tool that allows energy delivery OT operators to better understand the risks associated with cyber threats. At present they do not have the capability to fully understand the risks associated with the cyber threats of today and tomorrow ? risks that will continue to grow as Information Technology (IT) and Operations Technology (OT) networks increasingly integrate. It is important to have a better understanding of these risks, costs, and potential consequences. This aggregation of risk data will inform EDS OT operators in understanding how risk changes as the software deployed changes, and support actions (i.e., identify corrective actions that reduce the risk.) Similarly, risk computation will support operators in equipment replacement and procurement by quantifying device risk and impact on the network. SAFFRON has developed a risk model and data analytics tool, along with the necessary algorithms that identify risk tolerance and strategy for assessing, responding to, and monitoring cyber security risks. Foundational validated research is presingly neededed to develop risk models and visual analytics that are understandable to OT operators and leads to or even suggests corrective action. The tool uses a simulation model of the physical/IT system and acts as a proxy for the physical infrastructure.

MICHAEL D SIEGEL Principal Research Scientist, and Co-Director, Cybersecurity at MIT Sloan, https://cams.mit.edu/ Michael Siegel is a Principal Research Scientist at the MIT Sloan School of Management and is currently the Co-Director of the PROductivity from Information Technology (PROFIT) Project. Siegel’s research interests include the integration and use of information from multiple and the use of modeling and data analytics to analyze complex systems.

A Smart IoT Integrity – First Communication Protocol via an Ethereum Blockchain Light Client

Presented to the 1st International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT 2019) by Elizabeth Reilly, Matthew Maloney, Michael Siegel, and Gregory Falco, March 27, 2019. https://cams.mit.edu/wp-content/uploads/A-Smart-City-IoT-Integrity-First-Communication.pdf Smart city IoT is responsible for communicating system-critical data about urban infrastructure that keeps our modern cities functioning. Today, IoT devices lack communication protocols with data integrity as a priority. Without data integrity, smart city infrastructure is at risk of actuating urban

MIT Industrial Liaison Program September 2019 | Page 34

environments on compromised data. Attackers can use this IoT communication flaw to wage cyber-physical attacks on Smart Cities. We designed and developed an integrity-first communication protocol for IoT that is distributed and scalable based on the Ethereum blockchain. Our light client ensures data communication integrity for systems that require it most.

KALYAN VEERAMACHANENI Principal Research Scientist, https://kalyan.lids.mit.edu/ Lab: https://dai.lids.mit.edu/research/publications/ Kalyan is a Principal Research Scientist in the Laboratory for Information and Decision Systems (LIDS, MIT). Previously he was a Research Scientist at CSAIL (CSAIL, MIT). His primary research interests are in machine learning and building large scale statistical models that enable discovery from large amounts of data. His research is at the intersection of Big data, machine learning and data science. He directs a research group called Data to AI in the new MIT Institute for Data Systems and Society (IDSS). The group is interested in Big data science and Machine learning, and is focused on how to solve foundational issues preventing artificial intelligence and machine learning solutions to reach their full potential for societal applications.

Acquire, adapt, and anticipate: Continuous learning to block malicious domains Arnaldo, I., Arun, A., Kyathanahalli, S., Veeramachaneni, K., Proceedings - 2018 IEEE International Conference on Big Data, Big Data 2018, 22 January 2019, Article number 8622197, Pages 1891-1898, https://doi.org/10.1109/BigData.2018.8622197 We present an automated learning system that continuously gathers domain data from open repositories, develops a deep learning model, uses the model to make detections, publishes unreported malicious domains, leverages threat intelligence to label the detected domains, and periodically updates the detection models. The results presented in this paper show that the system not only extends the detection coverage of threat intelligence feeds, but also that it reduces the delay in detection. We also leverage deep learning models to generate new, unregistered domains that are likely to be used by attackers in the future.

eX2: A framework for interactive anomaly detection Arnaldo, I., Lam, M., Veeramachaneni, K., CEUR Workshop Proceedings, Volume 2327, 2019, http://ceur-ws.org/Vol-2327/IUI19WS-ESIDA-2.pdf We introduce eX2 (coined after explain and explore), a framework based on explainable outlier analysis and interactive recommendations that enables cybersecurity researchers to efficiently search for new attacks. We demonstrate the framework with both publicly available and real-world cybersecurity datasets, showing that eX2 improves the detection capability of stand-alone outlier analysis methods, therefore improving the efficiency of so-called threat hunting activities.

DATA PRIVACY, ANONYMITY, IDENTITY PROTECTION

HAROLD ABELSON Class of 1922 Professor of Computer Science and Engineering, Professor of Media Arts and Sciences, https://www.csail.mit.edu/person/hal-abelson

MIT Industrial Liaison Program September 2019 | Page 35

Harold (Hal) Abelson is Class of 1922 Professor of Electrical Engineering and Computer Science at MIT and a Fellow of the IEEE. In 1992, Abelson was designated as one of MIT's six inaugural MacVicar Faculty Fellows, in recognition of his significant and sustained contributions to teaching and undergraduate education. Abelson was recipient in 1992 of the Bose Award (MIT's School of Engineering teaching award). Abelson is also the winner of the 1995 Taylor L. Booth Education Award given by IEEE Computer Society, cited for his continued contributions to the pedagogy and teaching of introductory computer science. He is co-director of the MIT-Microsoft iCampus Research Alliance in Educational Technology, co-chair of the MIT Council on Educational Technology, and serves on the steering committee of the HP-MIT Alliance. In these capacities, he played key roles in fostering MIT institutional educational technology initiatives such MIT OpenCourseWare and DSpace. He also consults to HP Laboratories in the area of digital information systems.

SRINIVAS (SRINI) DEVADAS Edwin Sibley Webster Professor of Electrical Engineering and Computer Science, Margaret MacVicar Faculty Fellow, https://www.csail.mit.edu/person/srini-devadas, http://people.csail.mit.edu/devadas/ Srini Devadas is the Webster Professor of Electrical Engineering and Computer Science and has been on the MIT EECS faculty since 1988. He served as Associate Head of the Department of Electrical Engineering and Computer Science, with responsibility for Computer Science, from 2005 to 2011. Devadas’s research interests span Computer-Aided Design (CAD), computer security and computer architecture and he has received significant awards from each discipline. In 2015, he received the ACM/IEEE A. Richard Newton Technical Impact award in Electronic Design Automation. He received the IEEE Computer Society Technical Achievement Award in 2014 for inventing Physical Unclonable Functions and single-chip secure processor architectures. Devadas’s work on hardware information flow tracking published in the 2004 ASPLOS received the ASPLOS Most Influential Paper Award in 2014. His papers on analytical cache modeling and the Aegis single-chip secure processor were included as influential papers in “25 Years of the International Conference on Supercomputing.” In 2017 he received the IEEE W. Wallace McDowell Award for contributions to secure hardware. He is an IEEE and ACM Fellow.

Scaling strong anonymity https://www.csail.mit.edu/research/scaling-strong-anonymity In an era of mass surveillance, maintaining anonymity on the Internet is an important yet very difficult challenge. Tor, the only widely deployed anonymity system, unfortunately fails to provide anonymity against an adversary who can globally monitor the Internet. On the other hand, most provably secure anonymity systems fail to scale to a large number of users, preventing wide adoption of such systems. The goal of this project is to create systems that can provide both strong anonymity while scaling to millions or more users. To achieve this goal, we design new cryptographic primitives and protocols, and build systems based on them.

Using Bitcoin to prevent identify theft https://www.csail.mit.edu/research/using-bitcoin-prevent-identify-theft Cadena is a system that uses Bitcoin’s security machinery to defend against online identity theft. An attacker who hacks a public-key encryption system, for instance, might “certify” — or cryptographically assert the validity of — a false encryption key, to trick users into revealing secret information. But it

MIT Industrial Liaison Program September 2019 | Page 36

couldn’t also decertify the true key without setting off alarms, so there would be two keys in circulation bearing certification from the same authority. The new system defends against such “equivocation.”

Design of Efficient, Horizontally-Scaling, and Strongly Anonymous Communication Networks

Principal Investigator: Srini Devadas Project Dates: September 1, 2018 – August 31, 2021 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1813087 Anonymous communication is an important aspect of freedom of speech. In many cases, anonymity remains the most important defense for persons expressing unpopular or prohibited opinions, from protest organizers who are fighting against repressive governments to whistleblowers who report sensitive news against powerful entities. Owing to its importance, there have been many systems that were designed to protect users’ anonymity in the past several decades. Unfortunately, most existing anonymity systems fall into one of two categories: systems that defend against global adversaries but are hard to scale and inefficient, and systems that are easy to scale and efficient but do not defend against powerful adversaries. Thus, anonymity network administrators are forced to either support only a limited number of users or suffer from attacks against their system. This project aims to design, implement, and deploy a system that marries the best aspects of the two categories so as to produce an efficient anonymous communication network that can scale easily while providing provable guarantees against a global adversary. Such a system can enhance users' freedom of speech by guaranteeing strong anonymity for a large number of users, and provide more privacy enhancing choices for Internet users today. The technical goal of this project is to create a system that provides provable anonymity against an adversary that controls (1) the network connection between all participants (2) a large number of users, and (3) any fraction of the servers, while scaling to large numbers of users with more servers. To achieve this goal, this project will answer the following three questions: (1) How can the system organize and utilize the servers in a scalable manner to provide anonymity against an adversary that monitors all of Internet? (2) How does the system prevent malicious users from deviating from the protocol? (3) How does the system prevent malicious servers from de-anonymizing users? The answers to these questions will lead to the design of a scalable strong anonymity system. A prototype of this design will be implemented, evaluated, and deployed across a volunteer network of many servers in an effort to reach a broad audience of users. In addition to graduate student theses, this project will provide research projects for high school students who are part of the MIT PRIMES outreach program, as well as MIT undergraduates through the MIT Undergraduate Research Opportunities Program. This award reflects NSF’s statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

THOMAS HARDJONO Technology Officer, Internet Trust Consortium; CTO, Connection Science and Engineering, http://hardjono.mit.edu/ Dr Thomas Hardjono is the Director of the MIT Trust: Data Consortium, part of MIT Connection Science. Prior to this he was the Executive Director of the MIT Kerberos Consortium for over 5 years, championing the deployment of the MIT Kerberos protocol to several platforms and ecosystems, including IoT devices, Mobile platforms and Enterprise Cloud services. Thomas has held several industry key technical positions in the past, including Distinguished Engineer at Bay Networks, Principal Scientist at VeriSign PKI, and CTO roles at several start-ups. He has been at the forefront of several identity, trust and cybersecurity initiatives in industry, ranging from network multicast security,

MIT Industrial Liaison Program September 2019 | Page 37

IoT Security, trusted computing to scalable identity systems, P2P networks and blockchain systems. Thomas has authored several technical papers, patents and books covering cryptography, networking, identity and blockchain security.

BOOK: Trusted Data: A New Framework for Identity and Data Sharing Edited by Thomas Hardjono, David L. Shrier and Alex Pentland, MIT Press, Nov 2019-Revised & Expanded Edition, https://mitpress.mit.edu/books/trusted-data-revised-and-expanded-edition How to create an Internet of Trusted Data in which insights from data can be extracted without collecting, holding, or revealing the underlying data.

The effect of a blockchain-supported, privacy-preserving system on disclosure of personal data

Frey, R.M., Buhler, P., Gerdes, A., Hardjono, T., Fuchs, K.L., Ilic, A. 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017, Volume 2017-January, 8 December 2017, Pages 1-5, https://doi.org/10.1109/NCA.2017.8171385 In light of digitalization, customers increasingly share private data through their online behaviors and actions. Yet, customers have become reluctant to share data due to privacy concerns. From a psychological perspective, a reduction of users' perceived risks should result in a higher willingness to share sensitive data. The development of blockchain-supported, multi-part computation thereby represents an interesting novel empirical context to study such willingness to disclose personal data, as such technologies involve a privacy-preserving approach that could not only technically solve privacy issues but also ought to address precisely the user's risk perception. Therefore, we conducted an online experiment with 420 participants to examine the willingness to disclose personal data dependent on different privacy protection mechanisms. A deception based experiment allowed to measure not only user intention, but also real user behavior. Surprisingly, our results demonstrate that participants shared similar amounts of personal data for blockchain-supported approaches and standard privacy policies. Even though an aversion to the blockchain system due to its novelty and potentially perceived complexity was not detected. Furthermore, we found that the willingness to share data increased significantly specifically for technically affine people when they were presented with the opportunity to monetize their data. We further discuss the effects of privacy awareness and whether prior knowledge of blockchain technology had a supporting effect for user acceptance.

The Impact of Blockchain for Government: Insights on Identity, Payments, and Supply Chain

Thomas Hardjono, http://hardjono.mit.edu/sites/default/files/documents/The-Impact-of-Blockchain-for-Government.pdf

Data Cooperatives: Towards a Foundation for Decentralized Personal Data Management

Thomas Hardjono, Alex Pentland, https://arxiv.org/abs/1905.08819 Data cooperatives with fiduciary obligations to members provide a promising direction for the empowerment of individuals through their own personal data. A data cooperative can manage, curate and protect access to the personal data of citizen members. Furthermore, the data cooperative can run internal analytics in order to obtain insights regarding the well-being of its members. Armed with these

MIT Industrial Liaison Program September 2019 | Page 38

insights, the data cooperative would be in a good position to negotiate better services and discounts for its members. Credit Unions and similar institutions can provide a suitable realization of data cooperatives.

Decentralized Trusted Computing Base for Blockchain Infrastructure Security Thomas Hardjono, Ned Smith, https://arxiv.org/abs/1905.04412 There is a growing interest today in blockchain technology as a possible foundation for the future global financial ecosystem. However, in order for this future financial ecosystem to be truly global, with a high degree of interoperability and stability, a number challenges need to be addressed related to infrastructure security. One key aspect concerns the security and robustness of the systems that participate in the blockchain peer-to-peer networks. In this paper we discuss the notion of the decentralized trusted computing base as an extension of the TCB concept in trusted computing. We explore how a decentralized TCB can be useful to (i) harden individual nodes and systems in the blockchain infrastructure, and (ii) be the basis for secure group-oriented computations making within the P2P network of nodes that make-up the blockchain system.

SILVIO MICALI Ford Professor of Engineering, https://www.csail.mit.edu/person/silvio-micali, http://people.csail.mit.edu/silvio/ Born in Palermo, Italy, Silvio Micali received his Ph.D. in Computer Science from the University of California at Berkeley in 1983. He joined MIT in 1983, where he is Ford Professor of Engineering. His scientific interests include complexity-based pseudorandom generation and cryptography, interactive and computationally sound proofs, zero knowledge, secure protocols, and mechanism design.

Algorand: A secure and efficient distributed ledger Chen, J., Micali, S., Theoretical Computer Science, Volume 777, 19 July 2019, Pages 155-183, https://doi.org/10.1016/j.tcs.2019.02.001 A distributed ledger is a tamperproof sequence of data that can be publicly accessed and augmented by everyone, without being maintained by a centralized party. Distributed ledgers stand to revolutionize the way a modern society operates. They can secure all kinds of traditional transactions, such as payments, asset transfers and titles, in the exact order in which the transactions occur; and enable totally new transactions, such as cryptocurrencies and smart contracts. They can remove intermediaries and usher in a new paradigm for trust. As currently implemented, however, distributed ledgers scale poorly and cannot achieve their enormous potential. In this paper we propose Algorand, an alternative, secure and efficient distributed ledger. Algorand is permissionless and works in a highly asynchronous environment. Unlike prior implementations of distributed ledgers based on “proof of work,” Algorand dispenses with “miners” and requires only a negligible amount of computation. Moreover, its transaction history “forks” only with negligible probability: that is, Algorand guarantees the finality of a transaction the moment the transaction enters the ledger.

CARLO RATTI Professor of the Practice, Director, Senseable City Laboratory, Co-Director, MIT-Italy Program (MISTI), http://dusp.mit.edu/faculty/carlo-ratti LAB: http://senseable.mit.edu/

MIT Industrial Liaison Program September 2019 | Page 39

An architect and engineer by training, Professor Carlo Ratti teaches at Massachusetts Institute of Technology, where he directs the Senseable City Lab, and is a founding partner of the international design office Carlo Ratti Associati. He graduated from the Politecnico di Torino and the École Nationale des Ponts et Chaussées in Paris, and later earned his MPhil and PhD at the University of Cambridge, UK. Ratti has co-authored over 500 publications and holds several patents. His work has been exhibited worldwide at venues such as the Venice Biennale, the Design Museum in Barcelona, the Science Museum in London, and The Museum of Modern Art in New York. Two of his projects – the Digital Water Pavilion and the Copenhagen Wheel – have been included by TIME Magazine in the list of the ‘Best Inventions of the Year’.

Towards matching user mobility traces in large-scale datasets Daniel Kondor; Behrooz Hashemian; Yves-Alexandre de Montjoye; Carlo Ratti, IEEE Transactions on Big Data, 24 September 2018, https://doi.org/10.1109/TBDATA.2018.2871693 The problem of unicity and reidentifiability of records in large-scale databases has been studied in different contexts and approaches, with focus on preserving privacy or matching records from different data sources. With an increasing number of service providers nowadays routinely collecting location traces of their users on unprecedented scales, there is a pronounced interest in the possibility of matching records and datasets based on spatial trajectories. Extending previous work on reidentifiability of spatial data and trajectory matching, we present the first large-scale analysis of user matchability in real mobility datasets on realistic scales, i.e. among two datasets that consist of several million people's mobility traces, coming from a mobile network operator and transportation smart card usage. We extract the relevant statistical properties which influence the matching process and analyze their impact on the matchability of users. We show that for individuals with typical activity in the transportation system (those making 3-4 trips per day on average), a matching algorithm based on the co-occurrence of their activities is expected to achieve a 16.8% success only after a one-week long observation of their mobility traces, and over 55% after four weeks. We show that the main determinant of matchability is the expected number of co-occurring records in the two datasets. Finally, we discuss different scenarios in terms of data collection frequency and give estimates of matchability over time. We show that with higher frequency data collection becoming more common, we can expect much higher success rates in even shorter intervals.

The privacy risks of compiling mobility data Merging different types of location-stamped data can make it easier to discern users’ identities, even when the data is anonymized. Rob Matheson, MIT News Office, December 7, 2018, http://news.mit.edu/2018/privacy-risks-mobility-data-1207 A new study by MIT researchers finds that the growing practice of compiling massive, anonymized datasets about people’s movement patterns is a double-edged sword: While it can provide deep insights into human behavior for research, it could also put people’s private data at risk. Companies, researchers, and other entities are beginning to collect, store, and process anonymized data that contains “location stamps” (geographical coordinates and time stamps) of users. Data can be grabbed from mobile phone records, credit card transactions, public transportation smart cards, Twitter accounts, and mobile apps. Merging those datasets could provide rich information about how humans travel, for instance, to optimize transportation and urban planning, among other things.

MIT Industrial Liaison Program September 2019 | Page 40

But with big data come big privacy issues: Location stamps are extremely specific to individuals and can be used for nefarious purposes. Recent research has shown that, given only a few randomly selected points in mobility datasets, someone could identify and learn sensitive information about individuals. With merged mobility datasets, this becomes even easier: An agent could potentially match users trajectories in anonymized data from one dataset, with deanonymized data in another, to unmask the anonymized data. In a paper published today in IEEE Transactions on Big Data, the MIT researchers show how this can happen in the first-ever analysis of so-called user “matchability” in two large-scale datasets from Singapore, one from a mobile network operator and one from a local transportation system….

DANIEL J WEITZNER Principal Research Scientist, https://www.csail.mit.edu/person/daniel-weitzner Director, MIT Internet Policy Research Initiative, https://internetpolicy.mit.edu/ Daniel J. Weitzner is the Founding Director of the MIT Internet Policy Research Initiative and Principal Research Scientist at the MIT Computer Science and Artificial Intelligence Lab. His group studies the relationship between network architecture and public policy, and develops new Web architectures to meet policy challenges such as privacy and intellectual property rights.

Transparency Bridges: Exploring Transparency Requirements in Smartphone Ecosystems

Principal Investigator: Daniel J. Weitzner Project Dates: September 1, 2016 – August 31, 2018 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1639994 Transparency Bridges undertakes a cross-cultural investigation of the differences in privacy attitudes between the US and the EU, as a means of exploring the design requirements for user control mechanisms. We (1) investigate the currently available mechanisms in smartphone ecosystems to inform people of collection and use of their personal data, (2) examine how these mechanisms comply with US and EU data privacy legal frameworks, and (3) analyze how different mechanisms respond to requirements in both jurisdictions. Our approach is grounded in a cross-cultural (US-EU) in-the-wild user study to analyze people's privacy behavior in the form of privacy expectations, preferences, and concerns of different pieces of personal data within and across these ecosystem according to which - EU or US - legal framework is applicable to them. The outcome of this study will (a) help clarify the role of ecosystem providers in shaping privacy governance; (b) the features and factors within US and EU regulations that are most preferred and trusted and are most effective in addressing people's needs when making use of services that depend on the collection and use of their personal data; and (c) outline legal and policy recommendations for a number of stakeholders in the smartphone ecosystem, including lawmakers, regulators, and companies which can be useful when considering interpretation and implementation of current rules, and the need for reformed ones.

On the Incommensurability of Laws and Technical Mechanisms: Or, What Cryptography Can’t Do

Feigenbaum, J., Weitzner, D.J., 2018 Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 11286 LNCS, 2018, Pages 266-279, https://doi.org/10.1007/978-3-030-03251-7_31

MIT Industrial Liaison Program September 2019 | Page 41

We examine several technology-policy debates in which technical and legal perspectives are so at odds that they approach incommensurability. Investigating the use of digital rights management systems in the online-copyright debate and the dispute over the impact of end-to-end encryption on lawful surveillance, we offer an analysis of the source of this incommensurability. In these two policy debates, both sides invoke the rule of law to support their position, but in each case they draw selectively from the constituent parts of the rule of law, resulting in seemingly irreconcilable differences. We show that the rule of law is actually composed of rules (susceptible to deterministic evaluation against a set of facts) and principles (expressing important values but not susceptible to purely formal evaluation). The clash between rules and principles exacerbates the difference in perspective between system designers, who favor formal rules, and policy makers, who are more comfortable with situational application of principles. Following our observation that the rules-principles gap makes for incommensurate debate between legal and technical actors, we identify steps that each discipline can take to move toward more coherent policy for the networked, digital environment.

Video: Data Ownership Impact on Privacy and Security ILP Video, November 14, 2018, http://ilp.mit.edu/videodetail.jsp?confid=null&ilp-videos=Y&id=2528#

NICKOLAI ZELDOVICH Professor of Software Technology, https://www.csail.mit.edu/person/nickolai-zeldovich, http://people.csail.mit.edu/nickolai/# Nickolai Zeldovich is an Associate Professor at MIT's department of Electrical Engineering and Computer Science, and a member of the Computer Science and Artificial Intelligence Laboratory. His research interests are in building practical secure systems, from operating systems and hardware to programming languages and security analysis tools. He received his PhD from Stanford University in 2008, where he developed HiStar, an operating system designed to minimize the amount of trusted code by controlling information flow. In 2005, he co-founded MokaFive, a company focused on improving desktop management and mobility using x86 virtualization. Prof. Zeldovich received a Sloan fellowship in 2010, and an NSF CAREER award in 2011.

Verifying Security for Data Non-Interference Principal Investigators: Nickolai Zeldovich, M. Frans Kaashoek, Robert T. Morris, Adam Chlipala Project Dates: September 1, 2018 – August 31, 2021 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1812522 Many security problems today stem from bugs in software. Although there has been significant effort in reducing bugs through better testing, fuzzing, model checking, and so on, subtle bugs remain and continue to be exploited. This proposal explores the use of formal verification to prove security of a file system implementation along with an example application in the form of a mail server. Machine-checked verification is a powerful approach that can eliminate a large class of bugs in software by proving that an implementation meets a precise specification. As long as the specification rules out a certain class of bugs, the machine-checked proof will ensure no such bugs can exist in the implementation. This project develops techniques for proving security of sophisticated applications, such as proving that a mail server will not inappropriately disclose confidential email messages. At the high level, the impact of this work will be a more secure software infrastructure. The key technical challenge that this project focuses on is data confidentiality. The project explores approaches for specifying confidentiality of systems software, including a mail server and a POSIX file system, as well as a framework for implementation and machine-checked verification of confidentiality properties for these applications.

MIT Industrial Liaison Program September 2019 | Page 42

The project also develops common infrastructure that such applications depend on, including a formal security specification for a POSIX file system and verified implementations of a mail server and a file system with proofs of security, which will be useful to the broader community. Finally, part of the project involves developing course modules focused on machine-checked proofs of correctness and security for systems software. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Stadium: A Distributed Metadata-Private Messaging System Tyagi, N., Gilad, Y., Leung, D., Zaharia, M., Zeldovich, N., SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles, 14 October 2017, Pages 423-440, https://doi.org/10.1145/3132747.3132783 Private communication over the Internet remains a challenging problem. Even if messages are encrypted, it is hard to deliver them without revealing metadata about which pairs of users are communicating. Scalable anonymity systems, such as Tor, are susceptible to traffic analysis attacks that leak metadata. In contrast, the largest-scale systems with metadata privacy require passing all messages through a small number of providers, requiring a high operational cost for each provider and limiting their deployability in practice. This paper presents Stadium, a point-to-point messaging system that provides metadata and data privacy while scaling its work efficiently across hundreds of low-cost providers operated by different organizations. Much like Vuvuzela, the current largest-scale metadata-private system, Stadium achieves its provable guarantees through differential privacy and the addition of noisy cover traffic. The key challenge in Stadium is limiting the information revealed from the many observable traffic links of a highly distributed system, without requiring an overwhelming amount of noise. To solve this challenge, Stadium introduces techniques for distributed noise generation and differentially private routing as well as a verifiable parallel mixnet design where the servers collaboratively check that others follow the protocol. We show that Stadium can scale to support 4× more users than Vuvuzela using servers that cost an order of magnitude less to operate than Vuvuzela nodes.

Algorand: Scaling Byzantine Agreements for Cryptocurrencies Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N., SOSP 2017 - Proceedings of the 26th ACM Symposium on Operating Systems Principles, 14 October 2017, Pages 51-68, https://doi.org/10.1145/3132747.3132757 Algorand is a new cryptocurrency that confirms transactions with latency on the order of a minute while scaling to many users. Algorand ensures that users never have divergent views of confirmed transactions, even if some of the users are malicious and the network is temporarily partitioned. In contrast, existing cryptocurrencies allow for temporary forks and therefore require a long time, on the order of an hour, to confirm transactions with high confidence. Algorand uses a new Byzantine Agreement (BA) protocol to reach consensus among users on the next set of transactions. To scale the consensus to many users, Algorand uses a novel mechanism based on Verifiable Random Functions that allows users to privately check whether they are selected to participate in the BA to agree on the next set of transactions, and to include a proof of their selection in their network messages. In Algorand’s BA protocol, users do not keep any private state except for their private keys, which allows Algorand to replace participants immediately after they send a message. This mitigates targeted attacks on chosen participants after their identity is revealed. We implement Algorand and evaluate its performance on 1,000 EC2 virtual machines, simulating up to 500,000 users. Experimental results show that Algorand confirms transactions in under a minute, achieves 125× Bitcoin’s throughput, and incurs almost no penalty for scaling to more users.

MIT Industrial Liaison Program September 2019 | Page 43

SECURE DATA SHARING

BONNIE A BERGER Simons Professor in Mathematics, Head, Computation and Biology Group (CSAIL), Associate Member, Broad Institute, http://math.mit.edu/directory/profile.php?pid=20, https://www.csail.mit.edu/person/bonnie-berger, http://people.csail.mit.edu/bab/ Group: https://www.csail.mit.edu/research/computation-and-biology Publications: http://people.csail.mit.edu/bab/publications.html Bonnie Berger is a Professor of Applied Mathematics at MIT, with a joint appointment in Computer Science in EECS. She is also head of the Computation and Biology group and member of the Theory of Computation group at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL). After beginning her career working in algorithms at MIT, she was one of the pioneer researchers in the area of computational molecular biology and, together with the many students she has mentored, has been instrumental in defining the field. She has won numerous awards and honors including: member of the American Academy of Arts and Sciences, the NIH Margaret Pittman Director's Lecture Award, Biophysical Society's Dayhoff Award, inclusion in Technology Review Magazine's inaugural TR100 as a top young innovator, ACM Fellow, ISCB Fellow, RECOMB Test of Time Award, NSF Career Award, as well as, recently, Honorary Doctorate from EPFL and elected to American Institute of Medical and Biological Engineering (AIMBE) College of Fellows. She currently serves as Vice President of ISCB, as Head of the steering committee for RECOMB, and on the NIGMS Advisory Council.

Emerging technologies towards enhancing privacy in genomic data sharing Berger, B., Cho, H., Genome Biology, Volume 20, Issue 1, 2 July 2019, Article number 128, https://doi.org/10.1186/s13059-019-1741-0 As the scale of genomic and health-related data explodes and our understanding of these data matures, the privacy of the individuals behind the data is increasingly at stake. Traditional approaches to protect privacy have fundamental limitations. Here we discuss emerging privacy-enhancing technologies that can enable broader data sharing and collaboration in genomics research.

Protecting Genomic Data Privacy with Probabilistic Modeling Simmons, S., Berger, B., Sahinalp, C., Pacific Symposium on Biocomputing. Pacific Symposium on Biocomputing, Volume 24, 2019, Pages 403-414 https://doi.org/10.1142/9789813279827_0037 The proliferation of sequencing technologies in biomedical research has raised many new privacy concerns. These include concerns over the publication of aggregate data at a genomic scale (e.g. minor allele frequencies, regression coefficients). Methods such as differential privacy can overcome these concerns by providing strong privacy guarantees, but come at the cost of greatly perturbing the results of the analysis of interest. Here we investigate an alternative approach for achieving privacy-preserving aggregate genomic data sharing without the high cost to accuracy of differentially private methods. In particular, we demonstrate how other ideas from the statistical disclosure control literature (in particular, the idea of disclosure risk) can be applied to aggregate data to help ensure privacy. This is achieved by combining minimal amounts of perturbation with Bayesian statistics and Markov Chain Monte Carlo techniques. We test our technique on a GWAS dataset to demonstrate its utility in practice. An implementation is available at https://github.com/seanken/PrivMCMC.

MIT Industrial Liaison Program September 2019 | Page 44

Realizing private and practical pharmacological collaboration Hie, B., Cho, H., Berger, B., Science, Volume 362, Issue 6412, 19 October 2018, Pages 347-350, https://doi.org/10.1126/science.aat4807 Although combining data from multiple entities could power life-saving breakthroughs, open sharing of pharmacological data is generally not viable because of data privacy and intellectual property concerns. To this end, we leverage modern cryptographic tools to introduce a computational protocol for securely training a predictive model of drug-target interactions (DTIs) on a pooled dataset that overcomes barriers to data sharing by provably ensuring the confidentiality of all underlying drugs, targets, and observed interactions. Our protocol runs within days on a real dataset of more than 1 million interactions and is more accurate than state-of-the-art DTI prediction methods. Using our protocol, we discover previously unidentified DTIs that we experimentally validated via targeted assays. Our work lays a foundation for more effective and cooperative biomedical research.

Cryptographic protocol enables greater collaboration in drug discovery Neural network that securely finds potential drugs could encourage large-scale pooling of sensitive data. Rob Matheson, MIT News Office, October 18, 2018, http://news.mit.edu/2018/cryptographic-protocol-collaboration-drug-discovery-1018 MIT researchers have developed a cryptographic system that could help neural networks identify promising drug candidates in massive pharmacological datasets, while keeping the data private. Secure computation done at such a massive scale could enable broad pooling of sensitive pharmacological data for predictive drug discovery. Datasets of drug-target interactions (DTI), which show whether candidate compounds act on target proteins, are critical in helping researchers develop new medications. Models can be trained to crunch datasets of known DTIs and then, using that information, find novel drug candidates. In recent years, pharmaceutical firms, universities, and other entities have become open to pooling pharmacological data into larger databases that can greatly improve training of these models. Due to intellectual property matters and other privacy concerns, however, these datasets remain limited in scope. Cryptography methods to secure the data are so computationally intensive they don’t scale well to datasets beyond, say, tens of thousands of DTIs, which is relatively small. In a paper published today in Science, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) describe a neural network securely trained and tested on a dataset of more than a million DTIs. The network leverages modern cryptographic tools and optimization techniques to keep the input data private, while running quickly and efficiently at scale….

MICHAEL J CASEY Senior Advisor for Blockchain Opportunities, Digital Currency Initiative (DCI), https://dci.mit.edu Senior Lecturer, Global Economics and Management (MIT Sloan), https://mitsloan.mit.edu/faculty/directory/michael-casey, https://www.michaeljcasey.com Michael Casey is a writer and researcher in the fields of economics, finance, and digital-currency technology. He is a Senior Lecturer at the MIT Sloan School of Management and Senior Advisor for the

MIT Industrial Liaison Program September 2019 | Page 45

Digital Currency Initiative at MIT's Media Lab, where he explores blockchain applications that advance financial inclusion, economic development, and resource efficiency.

Book: The Truth Machine Michael J. Casey and Paul Vigna St. Martin’s Press, 2018, https://www.michaeljcasey.com/author/, https://www.amazon.com/Truth-Machine-Blockchain-Future-Everything/dp/1250114578/ref=asap_bc?ie=UTF8 Big banks have grown bigger and more entrenched. Privacy exists only until the next hack. Credit card fraud is a fact of life. Many of the “legacy systems” once designed to make our lives easier and our economy more efficient are no longer up to the task. Yet there is a way past all this―a new kind of operating system with the potential to revolutionize vast swaths of our economy: the blockchain. The Truth Machine, the second book Michael co-authored with Paul Vigna, demystifies blockchain technology and explains how this new, decentralized approach to information-sharing marks a millennia-in-the-making shift in society’s management of trust. Along the way, it explains how we can restore personal control over our data, assets, and identities; grant billions of excluded people access to the global economy; and shift the balance of power to revive society’s faith in itself. The authors reveal the disruption it promises for industries, including finance, tech, legal, and shipping, and delve into the challenges that governments and communities face in redefining their systems of regulation to accommodate a fundamentally different system of economic governance.

Video: The Truth Machine: The Blockchain and the Future of Everything ILP Video, March 27, 2019, http://ilp.mit.edu/videodetail.jsp?confid=null&ilp-videos=Y&id=2689# As once-trusted institutions are ever more brazenly compromised, Casey lays out a case for blockchain, citing its potential to restore control over data, assets, and personal identities; disrupt industries from finance and tech to legal and shipping; and grant billions of people access to the global economy.

CHRISTIAN CATALINI Theodore T Miller (1922) Career Development Associate Professor, Associate Professor of Technological Innovation, Entrepreneurship, and Strategic Management https://mitsloan.mit.edu/faculty/directory/christian-catalini, http://www.catalini.com/ Christian Catalini is the Theodore T. Miller Career Development Professor at MIT, and an Associate Professor of Technological Innovation, Entrepreneurship, and Strategic Management at the MIT Sloan School of Management. Christian’s main areas of interest are the economics of digitization, entrepreneurship, and science. His research focuses on blockchain technology and cryptocurrencies, the economics of equity crowdfunding and startup growth, and the economics of scientific collaboration. Christian is one of the principal investigators of the MIT Digital Currencies Research Study, which gave access to all MIT undergraduate students to Bitcoin in the fall of 2014. He is also part of the MIT Initiative on the Digital Economy and the recently launched Digital Currency Initiative.His work has been featured in Nature, Science, The New York Times, The Wall Street Journal, The Economist, WIRED, NPR, Forbes, Bloomberg, TechCrunch, the Chicago Tribune, The Boston Globe, and VICE news among others. Christian has presented his research at a variety of institutions including Harvard University, MIT, Yale University,

MIT Industrial Liaison Program September 2019 | Page 46

London Business School, New York University, UC, Berkeley, the Federal Reserve Bank, the US Treasury, the World Bank, and the White House OSTP.

Blockchain Technology for Healthcare: Facilitating the Transition to Patient-Driven Interoperability

Gordon, W.J., Catalini, C., Computational and Structural Biotechnology Journal Volume 16, 1 January 2018, Pages 224-230, https://doi.org/10.1016/j.csbj.2018.06.003 Interoperability in healthcare has traditionally been focused around data exchange between business entities, for example, different hospital systems. However, there has been a recent push towards patient-driven interoperability, in which health data exchange is patient-mediated and patient-driven. Patient-centered interoperability, however, brings with it new challenges and requirements around security and privacy, technology, incentives, and governance that must be addressed for this type of data sharing to succeed at scale. In this paper, we look at how blockchain technology might facilitate this transition through five mechanisms: (1) digital access rules, (2) data aggregation, (3) data liquidity, (4) patient identity, and (5) data immutability. We then look at barriers to blockchain-enabled patient-driven interoperability, specifically clinical data transaction volume, privacy and security, patient engagement, and incentives. We conclude by noting that while patient-driving interoperability is an exciting trend in healthcare, given these challenges, it remains to be seen whether blockchain can facilitate the transition from institution-centric to patient-centric data sharing.

ANDREW B LIPPMAN Senior Research Scientist, Associate Director, MIT Media Laboratory, Co-Director, MIT Communications Futures Program, https://www.media.mit.edu/people/lip/overview/ Lab: https://www.media.mit.edu/groups/viral-communications/overview/ Publications: https://www.media.mit.edu/people/lip/publications/ Andrew Lippman is a senior research scientist at MIT and associate director of the Media Lab. He has been with the Lab since its inception. Lippman’s work here has ranged from digital video and HDTV to graphical interfaces, networking, and blockchains. He heads the Viral Communications research group, which examines scalable, real-time systems whose capacity increases with the number of members. This new approach to communications, human transactions, and broadcasting migrates "mainframe communications" technology to distributed, personally defined, cooperative communicators. These are peer-to-peer or bottom-up, decentralized systems.

MedRec: A Network for Personal Information Distribution Nchinda, N., Cameron, A., Retzepi, K., Lippman, A., 2019 International Conference on Computing, Networking and Communications, ICNC 2019, 8 April 2019, Article number 8685631, Pages 637-641, https://doi.org/10.1109/ICCNC.2019.8685631 MedRec is a simple, distributed system for personal control of identity and distribution of personal information. The work is done in the context of a medical information distribution system where patients retain control over who can access their data. We present a new architecture for the MedRec project, creating a network of trusted data repositories, the access to which are determined by a set of 'smart contracts'. These contracts are stored on a distributed ledger maintained by those who generate data. The distributed nature of the system allows unified access from diverse sources in a single application with no intermediary. This increases patient control while retaining a measure of privacy of

MIT Industrial Liaison Program September 2019 | Page 47

both data content and source. MedRec is amenable to extensions for decentralized messaging and distribution of information to third parties such as medical researchers, healthcare proxies, and other institutions. The system is based on a blockchain that contains smart contracts defining user identity and distribution specifics.

SAMUEL R MADDEN Professor of Computer Science and Engineering, Co-Director, Intel Science & Technology Center for Big Data, https://www.csail.mit.edu/person/sam-madden Professor Madden's research is in the area of database systems, focusing on database analytics and query processing, ranging from clouds to sensors to modern high performance server architectures. He joined the faculty in January, 2004 receiving his Ph.D. in 2003 from the University of California, Berkeley.

A Licensing Model and Ecosystem For Data Sharing Principal Investigator: Samuel Madden, Daniel Weitzner Project Dates: September 1, 2016 – August 31, 2019 https://www.nsf.gov/awardsearch/showAward?AWD_ID=1636766 …[O]ur new data sharing spoke will enable data providers to easily share data while enforcing constraints on the use of the data. This effort has two key components:(1) Creating a licensing model for data that facilitates sharing data that is not necessarily open or free between different organizations and (2) Developing a prototype data sharing software platform, ShareDB, which enforces the terms and restrictions of the developed licenses. We believe these efforts will have a transformative impact on how data sharing takes place. By moving data out of the silos of individuals and single organizations and into the hands of broader society, we can tackle many societally significant problems. This new data sharing spoke will enable data providers to easily share data while enforcing constraints on the use of the data. Many services and platforms that provide access to data sets exist already today. However, these platforms generally promote completely open access and do not address the aforementioned issues that arise when dealing with proprietary data. Thus, the effort has three key components: (1) Creating a licensing model for data that facilitates sharing data that is not necessarily open or free between different organizations, (2) developing a prototype data sharing software platform, ShareDB, which enforces the terms and restrictions of the developed licenses, and (3) developing and integrating relevant metadata that will accompany the datasets shared under the different licenses, making them easily searchable and interpretable….

ROBERT MORRIS Professor of Computer Science and Engineering, https://www.csail.mit.edu/person/robert-morris, https://pdos.csail.mit.edu/~rtm/ Robert Morris is an assistant professor in MIT’s EECS department and a member of the Computer Science and Artificial Intelligence Laboratory. He received a PhD from Harvard University for work on modeling and controlling networks with large numbers of competing connections. As a graduate student he helped design and build an ARPA-funded ATM switch with per-circuit hop-by-hop flow control. He led a mobile communication project which won a best student paper award from USENIX. He co-founded Viaweb, an e-commerce hosting service. His current interests include modular software-based routers, analysis of the aggregation behavior of Internet traffic, and scalable ad-hoc routing.

MIT Industrial Liaison Program September 2019 | Page 48

Towards Multiverse Databases Marzoev, A., Araújo, L.T., Schwarzkopf, M., Yagati, S., Kohler, E., Morris, R., Kaashoek, M.F., Madden, S. Proceedings of the Workshop on Hot Topics in Operating Systems, HotOS 2019, 12 May 2019, Article number 3321425, Pages 88-95, https://doi.org/10.1145/3317550.3321425 A multiverse database transparently presents each application user with a flexible, dynamic, and independent view of shared data. This transformed view of the entire database contains only information allowed by a centralized and easily-auditable privacy policy. By enforcing the privacy policy once, in the database, multiverse databases reduce programmer burden and eliminate many frontend bugs that expose sensitive data. Multiverse databases' per-user transformations risk expensive queries if applied dynamically on reads, or impractical storage requirements if the database proactively materializes policy-compliant views. We propose an efficient design based on a joint dataflow across "universes" that combines global, shared computation and cached state with individual, per-user processing and state. This design, which supports arbitrary SQL queries and complex policies, imposes no performance overhead on read queries. Our early prototype supports thousands of parallel universes on a single server.

ALEX (SANDY) PENTLAND Toshiba Professor of Media Arts and Sciences, https://www.media.mit.edu/people/sandy/overview/ Head, Human Dynamics Group, https://www.media.mit.edu/groups/human-dynamics Director, Media Lab Entrepreneurship Program Publications: https://www.media.mit.edu/people/sandy/publications/ Professor Alex 'Sandy' Pentland directs the MIT Connection Science and Human Dynamics labs and previously helped create and direct the MIT Media Lab and the Media Lab Asia in India. He is one of the most-cited scientists in the world, and Forbes recently declared him one of the "7 most powerful data scientists in the world" along with Google founders and the Chief Technical Officer of the United States. co-led the World Economic Forum discussion in Davos that led to the EU privacy regulation GDPR, and was central in forging the transparency and accountability mechanisms in the UN's Sustainable Development Goals. He has received numerous awards and prizes such as the McKinsey Award from Harvard Business Review, the 40th Anniversary of the Internet from DARPA, and the Brandeis Award for work in privacy. He is a founding member of advisory boards for Google, AT&T, Nissan, and the UN Secretary General, a serial entrepreneur who has co-founded more than a dozen companies including social enterprises such as the Data Transparency Lab and the Harvard-ODI-MIT DataPop Alliance . He is a member of the U.S. National Academy of Engineering and leader within the World Economic Forum.

Human Dynamics Group https://www.media.mit.edu/groups/human-dynamics/overview/ Projects: https://www.media.mit.edu/groups/human-dynamics/projects/ Publications: https://www.media.mit.edu/groups/human-dynamics/publications/ Today people leave digital breadcrumbs wherever they go, through smart phones, RFIDs, and more. The Human Dynamics group uses Reality Mining to ask how we can use this data to better organize companies, public health, and governance, by better understanding how social networks influence people when they make decisions, transmit information, adopt new technologies, or change behaviors.

MIT Industrial Liaison Program September 2019 | Page 49

Our projects have already demonstrated the potential to dramatically improve the competitiveness of companies, and hint at the ability to revolutionize social environments.

Open Algorithms (OPAL) https://www.media.mit.edu/projects/opal-health/overview/ OPAL preserves privacy using the following principles:

• Keeps data encrypted at all times • Allows only vetted algorithms • Moves the algorithm to the data (not vice versa) • Aggregates blinded data from distributed repositories • Executes on decentralized infrastructure • Returns “safe answers”

RoboChain: A secure data-sharing framework for human-robot interaction https://www.media.mit.edu/projects/robochain-a-secure-data-sharing-framework-for-human-robot-interaction/overview/ A learning framework for secure, decentralized, computationally efficient data and model sharing among multiple robot units installed at multiple sites. Robots have potential to revolutionize the way we interact with the world around us. One of their greatest potentials is in the domain of mobile health, where they can be used to facilitate clinical interventions. However, to accomplish this, robots need to have access to our private data in order to learn from these data and improve their interaction capabilities. To enhance this learning process, knowledge sharing among multiple robot units is the natural step forward. However, to date, there is no well-established framework which allows for such data sharing while preserving the privacy of the users, such as hospital patients. To this end, we introduce RoboChain: the first learning framework for secure, decentralized, computationally efficient data and model sharing among multiple robot units installed at multiple sites such as hospitals. RoboChain builds upon and combines the latest advances in open data access, blockchain technologies, and machine learning. We illustrate this framework using the example of a clinical intervention conducted in a private network of hospitals. Specifically, we lay down the system architecture that allows multiple robot units, conducting the interventions at different hospitals, to perform efficient learning without compromising the data privacy.

Open algorithms for identity federation Hardjono, T., Pentland, A., 2019 Advances in Intelligent Systems and Computing, Volume 887, 2019, Pages 24-42, https://doi.org/10.1007/978-3-030-03405-4_3 The identity problem today is a data-sharing problem. Today the fixed attributes approach adopted by the consumer identity management industry provides only limited information about an individual, and therefore, is of limited value to the service providers and other participants in the identity ecosystem. This paper proposes the use of the Open Algorithms (OPAL) paradigm to address the increasing need for individuals and organizations to share data in a privacy-preserving manner. Instead of exchanging static or fixed attributes, participants in the ecosystem will be able to obtain better insight through a collective sharing of algorithms, governed through a trust network. Algorithms for specific datasets must be vetted to be privacy-preserving, fair and free from bias.

MIT Industrial Liaison Program September 2019 | Page 50

LABS, CENTERS, PROGRAMS, ETC.

COMPUTER SCIENCE AND ARTIFICIAL INTELLIGENCE LABORATORY (CSAIL) https://www.csail.mit.edu/ Research: https://www.csail.mit.edu/research CSAIL is committed to pioneering new approaches to computing that will bring about positive changes in the way people around the globe live, play, and work. We focus on developing fundamental new technologies, conducting basic research that furthers the field of computing, and inspiring and educating future generations of scientists and technologists. With more than 60 research groups working on hundreds of diverse projects, researchers focus on discovering novel ways to make systems and machines smarter, easier to use, more secure, and more efficient.

Advanced Network Architecture Group https://www.csail.mit.edu/research/advanced-network-architecture-group The challenge that motivates the ANA group is to foster a healthy future for the Internet. The interplay of private sector investment, public sector regulation and public interest advocacy, as well as the global diversity in drivers and aspirations, makes for an uncertain future. Our goal is to carry out targeted research that can help shape this future. Our research targets core design principles and technology for large, decentralized, open-access networks such as the Internet. We are particularly concerned with the fundamental design principles that underlie tomorrow's networks--what we call the architecture of networks. Technology is not the primary force that is shaping the future of the Internet. Our research methods include engineering studies, software and prototype development, and the study of networks using a multi-disciplinary approach including law, economics and political science. Specific projects range from detailed TCP performance analysis to the interplay of economics, regulation and technology in shaping the future. We look at emerging issues such as the Internet of Things, and persistent challenges such as Internet security.

Denial of Service Mitigation through Protocol Design https://www.csail.mit.edu/research/denial-service-mitigation-through-protocol-design We aim to better understand the features of network protocols that facilitate denial of service attacks, in order to design more robust protocols and architectures in the future and evaluate existing designs more accurately. Denial of service attacks pose a serious threat to the current Internet architecture. The most common attack methods used today leverage just a small handful of vulnerabilities in common network protocols such as TCP and DNS. To avoid repeating this problem, great care must be taken to identify potential vulnerabilities when evaluating proposals for new protocols and future Internet architectures. Our goal is to develop a model for designing more robust protocols and identifying flaws in existing ones. This model will enable us to understand the vulnerabilities inherent in features like mobility, to determine which layer of the protocol stack is best suited to handle such features securely, and to more accurately compare seemingly disparate protocols.

Computation Structures Group https://www.csail.mit.edu/research/computation-structures-group

MIT Industrial Liaison Program September 2019 | Page 51

Our mission is fostering the creation and development of high-performance, reliable and secure computing systems that are easy to interact with. We conduct research in the areas of hardware synthesis, computer security, computer architecture and VLSI design. We are interested in the scaling of databases and data management systems to 1000-core processors, concurrency control for databases, synthesis and verification of large digital systems described using Guarded Atomic Action, and Memory Models and Cache Coherence Protocols for parallel architectures and languages. Recently, our group pointed out vulnerabilities in anonymizing networks, and designed Riffle, a system with strong anonymity.

Secure Demand Paging for Trusted Execution Environments https://www.csail.mit.edu/research/secure-demand-paging-trusted-execution-environments This project focuses on altering the way trusted execution environments handle paging to decouple page access patterns from the control flow of the program, preventing an attacker from using these access patterns to learn information about program secrets. Trusted execution environments, such as enclaves, allow the processor to run a program without requiring trust in any software, including system software such as the operating system. This makes enclaves particularly relevant in cloud environments where you do not have control of the software running on the machine. However, some indirect attack vectors, known as side channels, are still possible against enclaves as they rely not on explicitly attacking the memory encryption, but on observing information about program execution such as what order pages are accessed or which cache lines are read. This project aims to extend the MIT Sanctum secure processor, which already protects against cache side channels, with control flow independent demand paging. Ordinarily demand paging leaks information about the program’s control flow which could be private.

Scaling strong anonymity https://www.csail.mit.edu/research/scaling-strong-anonymity Our goal is to provide provable and practical anonymity to a large number of users online. In an era of mass surveillance, maintaining anonymity on the Internet is an important yet very difficult challenge. Tor, the only widely deployed anonymity system, unfortunately fails to provide anonymity against an adversary who can globally monitor the Internet. On the other hand, most provably secure anonymity systems fail to scale to a large number of users, preventing wide adoption of such systems. The goal of this project is to create systems that can provide both strong anonymity while scaling to millions or more users. To achieve this goal, we design new cryptographic primitives and protocols, and build systems based on them.

Using Bitcoin to prevent identify theft https://www.csail.mit.edu/research/using-bitcoin-prevent-identify-theft Cadena is a system that uses Bitcoin’s security machinery to defend against online identity theft. An attacker who hacks a public-key encryption system, for instance, might “certify” — or cryptographically assert the validity of — a false encryption key, to trick users into revealing secret

MIT Industrial Liaison Program September 2019 | Page 52

information. But it couldn’t also decertify the true key without setting off alarms, so there would be two keys in circulation bearing certification from the same authority. The new system defends against such “equivocation.”

Cryptography and Information Security Group https://www.csail.mit.edu/research/cryptography-and-information-security-group We seek to develop techniques for securing tomorrow's global information infrastructure by exploring theoretical foundations, near-term practical applications, and long-range speculative research. We aim to understand the theoretical power of cryptography and the practical engineering of secure information systems, from appropriate definitions and proofs of security, through cryptographic algorithm and protocol design, to implementations of real applications with easy-to-use security features. We are also interested in the relationship of our field to others, such as complexity theory, quantum computing, algorithms, machine learning, and cryptographic policy debates.

Basing Cryptography on Structured Hardness https://www.csail.mit.edu/research/basing-cryptography-structured-hardness We aim to base a variety of cryptographic primitives on complexity theoretic assumptions. We focus on the assumption that there exist highly structured problems --- admitting so called "zero-knowledge" protocols --- that are nevertheless hard to compute. Most of modern cryptography is based on the conjectured hardness of some very specific problems like factoring. A prominent goal in cryptographic research is to base cryptography on a firmer complexity theoretic footing, such as the assumption that P is not equal to NP (which we know is necessary). This seems very far from our current understanding and so we aim to base cryptographic primitives on general complexity theoretic assumptions, albeit ones that are stronger than P not equals NP. Specifically, the assumption that P is not equal to NP means that there exists a language L that (1) is not in P but (2) is in NP. In this project we consider strengthening this assumption in two ways: 1) We assume that L is hard to compute for most instances (rather than merely hard in the worst-case). 2) We assume not only that L belongs to NP, but that it has additional structure. In particular, we assume that L is in the complexity class SZK, that is, membership in L can be proved by "statistical" zero-knowledge proofs -- interactive proofs that reveal nothing but the validity of the statement. So far, we have proved that this assumption yields public-key encryption schemes, as long as we further assume that the zero-knowledge protocol also satisfies certain natural structural properties. We have also shown that a variant of the above assumption yields a certain generalization of "collision resistant hash functions" - hash functions that are compressing but for which it is computationally difficult to find collisions.

Splinter: Practical Private Queries on Public Data https://www.csail.mit.edu/research/splinter-practical-private-queries-public-data Many online services let users query public datasets like maps or restaurant reviews. But these queries can reveal sensitive data that compromise user privacy. Splinter protects users’ queries on public data and scales to realistic applications. A user splits her query into multiple parts and sends each part to a different provider that holds a copy of the data. As long as any one of the providers is honest and does not collude with the others, the providers cannot determine the query.

MIT Industrial Liaison Program September 2019 | Page 53

Splinter uses and extends a new cryptographic primitive called Function Secret Sharing (FSS) that makes it up to an order of magnitude more efficient than prior systems based on Private Information Retrieval and garbled circuits. We develop protocols extending FSS to new types of queries, such as MAX and TOPK queries.

Data Garbling: Computing on Encrypted Data https://www.csail.mit.edu/research/data-garbling-computing-encrypted-data What do hospitals and smartphones have in common? Hospitals have vast amounts of patient data that would be useful to third-party researchers, but cannot freely share the data due to a myriad of privacy issues. Similarly, smartphones often outsource the processing of voice commands to powerful central servers, which may compromise the privacy of the user. There number of classical and more modern approaches to the the private outsourcing of data, including grabled circuits, multi-party computation, fully-homomorphic and functional encryption, and obfuscation. We are exploring new techniques to push the boundaries of what is feasible in this direction.

Decentralized Information Group https://www.csail.mit.edu/research/decentralized-information-group We’re exploring how to radically change the way Web applications work today, resulting in decentralized architectures that enable true data ownership; working on frameworks that ensure information can be shared, used, and manipulated in a way that is compliant with regulation, business rules, social norms, and user preferences; as well as investigating methodologies to make algorithms trustworthy and accountable.

PrivacyML - A Privacy Preserving Framework for Machine Learning https://www.csail.mit.edu/research/privacyml-privacy-preserving-framework-machine-learning Enterprises usually provide strong controls to prevent external cyberattacks and inadvertent leakage of data to external entities. These controls usually focus on restricting unauthorized access. In the case where employees and data scientists have legitimate access to analyze and derive insights from the data, they are permitted access to all information about the customers of the enterprise including sensitive and private information. Though it is important to be being able to identify useful patterns of one’s customers for better customization and service, we do not believe that customers’ privacy must to be sacrificed to do so. One approach is to develop privacy preserving versions of machine learning algorithms. However, this requires analysts to be intimately familiar with privacy and be constantly aware of it. Our approach is to develop a general framework that enforces privacy internally enabling different kinds of machine learning to be developed that are automatically privacy preserving. This decoupling of privacy preservation and machine learning based analysis is important because it reduces the additional burden of privacy protection. Our goal is to protect the data from analysts who want to analyze it for various purposes while still enabling its utility.

Solid: Social Linked Data https://www.csail.mit.edu/research/solid-social-linked-data

MIT Industrial Liaison Program September 2019 | Page 54

When using the Web, people should have the freedom to choose where their data resides and who is allowed to access it by decoupling content from the application itself. Because applications are decoupled from the data they produce, users will be able to avoid vendor lock-in by seamlessly switching the apps and personal data storage servers, without losing any data or social connections. Developers will be able to easily innovate by creating new apps or improving current apps, all while reusing existing data that was previously created through other applications.

Parallel and Distributed Operating Systems https://www.csail.mit.edu/research/parallel-and-distributed-operating-systems, https://pdos.csail.mit.edu/ We have conducted research in operating systems, multi-core scalability, security, networking, mobile computing, language and compiler design, and systems architecture, taking a pragmatic approach: we build high-performance, reliable, and working systems.

Vuvuzela: Metadata private messaging https://www.csail.mit.edu/research/vuvuzela-metadata-private-messaging, https://vuvuzela.io/ Vuvuzela is a private chat application that hides metadata, including who you chat with and when you are chatting. Vuvuzela supports millions of users and is secure even if the network and a majority of the servers are compromised.

MIT CONNECTION SCIENCE https://connection.mit.edu/ Publications: https://connection.mit.edu/publications MIT Connection Science is working to unlock the trapped potential of the digital networks that surround us — from social media, to civic infrastructure systems, to enterprise databases that house and protect personal information.

Data Cooperatives: Digital Empowerment of Citizens and Workers https://connection.mit.edu/sites/default/files/publication-pdfs/Data-Cooperatives-final_0.pdf During the last decade, all segments of society have become increasingly alarmed by the amount of data, and resulting power, held by a small number of actors. Data is, by some, famously called ‘the new oil’, and comes from records of the behavior of citizens. Why then, is control of this powerful new resource concentrated in so few hands? During the last 150 years, questions about concentration of power have emerged each time the economy has shifted to a new paradigm; industrial employment replacing agricultural employment, consumer banking replacing cash and barter, and now ultra-efficient digital businesses replacing traditional physical businesses and civic systems….

Trust::Data Consortium Executive Director: Stephen Buckley https://trust.mit.edu/stephen-c-buckley https://www.trust.mit.edu/ Projects: https://trust.mit.edu/research The Trust::Data Consortium brings together MIT researchers and business vanguards to collaborate on the development of open-source software that enables better data security and privacy, while also

MIT Industrial Liaison Program September 2019 | Page 55

allowing for easier data sharing, and more robust digital identity. This collaboration operationalizes decades of research into digital security, identity, and privacy using state-of-the art technologies such as blockchain and encrypted computing, which will allow the world’s data systems to be updated to meet contemporary and future needs.

OPAL: Privacy-Preserving Data Sharing https://trust.mit.edu/research The OPAL project embraces three key concepts with the goal of making a broad array of data available for inspection and analysis without violating personal data privacy:

• Move the algorithm to the data. Performing algorithm-execution on data at the location of the data repository means that raw data never leaves its repository, and access to it is controlled by the repository owner. Only aggregate answers or "Safe Answers" are returned.

• Algorithms must be open. Algorithms must be openly published, studied and vetted by experts to be “safe” from violating privacy requirements and other needs stemming from the context of their use.

• Data is always in an encrypted state. Data must be in an encrypted state while being transmitted and during computation.

Through public-private partnerships, OPAL pilots are underway to assess the feasibility and value of statistical indicators derived through data analysis using the OPAL platform.

Personas & Identity https://trust.mit.edu/research The identity problem today is a data-sharing problem. Today the fixed attributes approach adopted by the consumer identity management industry provides only limited information about an individual, and therefore is of limited value to the service providers and other participants in the identity ecosystem. This project investigates the use of the Open Algorithms (OPAL) to obtain better insight about an individual's digital persona in a given context through a collective sharing of algorithms, governed through a trust network. Algorithms for specific data-sets must be vetted to be privacy-preserving, fair and free from bias. The project recognizes that a new model for privacy-preserving identities is needed if blockchain systems are to operate at a global scale: it must allow entities in the ecosystem to (i) verify the “quality” or security of an identity, and (ii) to assess the relative “freedom” or independence of an identity from any given authority (e.g. government, businesses, etc.), and (iii) to assess the source of trust for a digital identity

CYBERSECURITY AT MIT SLOAN https://cams.mit.edu/ Research: https://cams.mit.edu/research/ Cybersecurity at MIT Sloan (CAMS), formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity or (IC)3, is headquartered in the MIT Sloan School of Management. In collaboration with other parts of MIT, CAMS is addressing the important need to improve the cybersecurity of critical infrastructure through an interdisciplinary research approach focused on the strategic, managerial, and operational issues related to cybersecurity.

MIT Industrial Liaison Program September 2019 | Page 56

INTERNET POLICY RESEARCH INITIATIVE (IPRI) https://internetpolicy.mit.edu/ Research: https://internetpolicy.mit.edu/research/ Publications: https://internetpolicy.mit.edu/publications/ Tackling key issues, such as the encryption debate, critical infrastructure, cryptography, and IoT security The Internet Policy Research Initiative (IPRI) collaborates with policymakers and technologists to improve the trustworthiness and effectiveness of interconnected digital systems like the Internet. Our work provides global policymakers with technically grounded guidance for policies regarding cybersecurity, Internet privacy, and more. We accomplish our mission by relying on: core engineering and public policy research, education, and outreach.

Cybersecurity https://internetpolicy.mit.edu/research/security/ IPRI’s cybersecurity work focuses on the technical and policy aspects of security issues as they relate to the communication networks and software systems affecting the global society and economy. Our multidisciplinary cybersecurity work covers: the encryption debate, accountability, securing core economic and social infrastructure, measuring cyber risk, cryptography, data sharing, securing the Internet of Things, and developing secure communication channels between ISPs and users.

Keeping America Safe: Toward More Secure Networks for Critical Sectors https://www.csail.mit.edu/research/keeping-america-safe-toward-more-secure-networks-critical-sectors https://internetpolicy.mit.edu/critical-infrastructure-2017/ https://internetpolicy.mit.edu/reports/Report-IPRI-CIS-CriticalInfrastructure-2017-Brenner.pdf In a world where hackers can sabotage power plants and impact elections, there has never been a more crucial time to examine cybersecurity for critical infrastructure, most of which is privately owned. Over the last 25 years presidents from both parties have paid lip service to the topic while doing little about it, leading to a series of short-term fixes they liken to a losing game of “Whac-a-Mole.” This scattershot approach endangers national security. Our report offers a series of recommendations for the U.S. government to develop a coherent cybersecurity plan that coordinates efforts across departments, encourages investment, and removes parts of key infrastructure like the electric grid from the internet.

Cybersecurity for Global Medical Device Supply Chain: The U.S. FDA's Role Huang, K., Herscovici, S., Madnick, S., In Georgetown Journal of International Affairs, May 19, 2019, https://www.georgetownjournalofinternationalaffairs.org/online-edition/2019/5/14/cybersecurity-for-global-medical-device-supply-chain-the-us-fdas-role Cybersecurity of medical devices is not only an issue of privacy, but a matter of life and death. The U.S. Food and Drug Administration (FDA) should increase its leadership role in managing emerging cybersecurity risks within the global medical device supply chain.

MIT Industrial Liaison Program September 2019 | Page 57

As a result of the growing use of information and communication technology (ICT) within medical devices, cybersecurity within medical devices is becoming a serious global issue that can no longer be ignored. Cybersecurity risks leave patients’ lives vulnerable to cyber attack. Connection vulnerabilities could allow hackers to change the settings on a patient’s St. Jude pacemaker remotely. Malware in MRI machines and CT scans could add or remove cancerous nodules, causing a patient to be misdiagnosed and wrongly treated. Ransomware attacks on hospitals could leave doctors and staff without the critical data they need to save patients’ lives. Since medical devices rely on global supply chains and because cyber threats exist on an international level, it is crucial that the United States work with other countries to address medical device cybersecurity concerns.

What Countries and Companies Can Do When Trade and Cybersecurity Overlap Stuart Madnick, Simon Johnson, Keman Huang, In Harvard Business Review., January 4, 2019, https://hbr.org/2019/01/what-countries-and-companies-can-do-when-trade-and-cybersecurity-overlap Cybersecurity as a key issue for trade policy is a relatively new development. In the last few years there have been a number of news reports about various governments’ incorporating spyware, malware, or similar programs into computer-based products that are exported around the world. The governments typically have worked with private companies in their countries to do it. In the internet-of-things era, almost all products can be connected to the internet, and most of them can also be used for spying and other malicious activities. Furthermore, since data is considered a critical asset, services, from international banking to payment systems to consumer websites, are part of this too….

Why Botnets Persist: Designing Effective Technical and Policy Interventions Ahmad, W. (2019) Paper download: https://internetpolicy.mit.edu/publications-ipri-2019-02/ https://internetpolicy.mit.edu/wp-content/uploads/2019/09/publications-ipri-2019-02.pdf Why have botnets remained a key feature of network attacks and exploitations? Why have years of interventions by security researchers, private actors and law enforcement agencies been unable to effectively tackle this seemingly persistent feature of networks? This article analyzes the multiple technical and socio-economic factors contributing to the barriers in mitigating botnet-based attacks and exploitations in an attempt to determine weaknesses in the botnet attack model and areas for effective interventions. The lesson to be drawn is that a mix of varied technical and policy interventions along with greater collaboration between key stakeholders are needed in the fight against botnets.

Privacy https://internetpolicy.mit.edu/research/privacy/ The Privacy initiative focuses on privacy policy and its role in maintaining trustworthiness. Our research aims to help people understand current transparency mechanisms in order to highlight the access and sharing of their personal information as well as the possible outcomes (both positive and negative) associated with this use of information. IPRI’s work on privacy covers a wide variety of topics with worldwide implications affecting the international privacy policy landscape.

MIT Industrial Liaison Program September 2019 | Page 58

Consumer attitudes towards privacy and security in home assistants Fruchter, N., Liccardi, I., Conference on Human Factors in Computing Systems – Proceedings, Volume 2018-April, 20 April 2018, Article number LBW050, https://doi.org/10.1145/3170427.3188448 Home assistants such as Amazon’s Echo and Google’s Home have become a common household item. In this paper we investigate if and what consumers have reported online (in the form of reviews) related to privacy and security after purchasing or using these devices. We use natural language processing to first identify privacy and security related reviews, and then to investigate the topics consumers discuss within the reviews. We were interested in understanding consumers’ major concerns. Issues and/or concerns related to security and privacy have been reported within reviews; however, these topics only account for 2% of the total reviews given for these devices. Three major concerns were highlighted in our findings: data collection and scope, “creepy” device behavior, and violations of personal privacy thresholds.

6.S978 Privacy Legislation: Law and Technology https://groups.csail.mit.edu/mac/classes/6.S978/ This course brings together engineering students from MIT with law students from Georgetown Law School to explore current issues in privacy policy and technology. Students will learn about the fundamentals of privacy law and foundations of relevant technologies. With this knowledge, students will work together to develop solutions to privacy policy challenges. Interdisciplinary teams, consisting of law students and MIT students, will be responsible for preparing a detailed legal assessment of policy questions, researching and explaining the technological frameworks and challenges associated with the policy question, and then formulating policy and technological recommendations to address the question in the form of draft state legislation. All students will meet at MIT for the first class. Weekly classes will meet via videoconference-connected classrooms at each campus. The last class will be held in Washington, DC at Georgetown Law School (with travel support provided for MIT students). Students will have the opportunity to present their final projects to a panel of legislators and public policy experts in Washington, DC. This course will be taught jointly by faculty from MIT and Georgetown University Law School.

AI, the law, and our future MIT “Policy Congress” examines the complex terrain of artificial intelligence regulation. Peter Dizikes, MIT News Office, January 18, 2019, http://news.mit.edu/2019/first-ai-policy-congress-0118 Scientists and policymakers converged at MIT on Tuesday to discuss one of the hardest problems in artificial intelligence: How to govern it. The first MIT AI Policy Congress featured seven panel discussions sprawling across a variety of AI applications, and 25 speakers — including two former White House chiefs of staff, former cabinet secretaries, homeland security and defense policy chiefs, industry and civil society leaders, and leading researchers. Their shared focus: how to harness the opportunities that AI is creating — across areas including transportation and safety, medicine, labor, criminal justice, and national security — while vigorously confronting challenges, including the potential for social bias, the need for transparency, and missteps

MIT Industrial Liaison Program September 2019 | Page 59

that could stall AI innovation while exacerbating social problems in the United States and around the world….

MEDIA LAB https://www.media.mit.edu Research: https://www.media.mit.edu/research/ The MIT Media Lab transcends known boundaries and disciplines by actively promoting a unique, antidisciplinary culture that emboldens unconventional mixing and matching of seemingly disparate research areas…. …The Lab creates disruptive technologies that happen at the edges, pioneering such areas as wearable computing, tangible interfaces, and affective computing. Today, faculty members, research staff, and students at the Lab work in over 25 research groups and initiatives on more than 450 projects that range from digital approaches for treating neurological disorders, to advanced imaging technologies that can “see around a corner,” to the world’s first “smart” powered ankle-foot prosthesis. Lab researchers are committed to delving into the questions not yet asked, whose answers could radically improve the way people live, learn, express themselves, work, and play.

Civic Media Group https://www.media.mit.edu/groups/civic-media/overview/ Projects: https://www.media.mit.edu/groups/civic-media/projects/ Publications: https://www.media.mit.edu/groups/civic-media/publications/ Media and technology are now core parts of civic and political engagement. We believe designing these digital tools and spaces for social change is itself an engaged practice. As a collaboration between the MIT Media Lab and Comparative Media Studies at MIT, the Center for Civic Media pursues original scholarship and design work that investigates the tight-knit and dynamic relationships between communities, ecologies of media and technology, and the natures of information and power. In particular, we develop research tools and conduct case studies to help us understand media ecosystems, augment civic participation, and foster digital inclusion; we use design methods informed by social justice to build technologies that amplify the voices of communities often excluded from the public sphere.

RockStar-ai https://www.media.mit.edu/projects/rock-and-roll-spirit/overview/ Concerned about your privacy online? Worried with whom and how photos of you and/or your family might be shared on social media? You probably should be. Revelations about social networks (like Facebook) sharing your personal data with unethical actors (like Cambridge Analytica) are a major cause for concern. According to a recent Pew research study, 91 percent of Americans worry that social networks might misuse or resell their sensitive personal data. That's why we built RockStar, a fully-featured social network in which everyone’s identity is correlated to a rock. RockStar most literally ensures rock solid privacy….

Digital Currency Initiative https://dci.mit.edu, https://www.media.mit.edu/groups/digital-currency-initiative-dci/overview/

MIT Industrial Liaison Program September 2019 | Page 60

The Internet enabled people to easily call each other without a phone company, send a document without a mail carrier, or publish an article without a newspaper. As a result, more than 2.9 billion people depend on a decentralized communications protocol—the Internet—to communicate with one another more efficiently. Similarly, cryptocurrencies like bitcoin enable permission-less innovation for entrepreneurs and technologists to build world-changing applications which answer the demand for global transactions that has been created by global communication. The Digital Currency Initiative strives to be a neutral leader of world-class research to push the boundaries of knowledge around cryptocurrency and its underlying distributed ledger technology. We seek to clarify the real-world impact of these technologies, inspired by their potential for public good and mindful of the risks and ethical questions attached to them. We act in support of the MIT and open-source cryptocurrency communities, and yet are open to collaborating with all sectors of society.

cryptography and policy https://dci.mit.edu/cryptographyandpolicy The Digital Currency Initiative is interested in cryptography research beyond digital currency and blockchains. The DCI and its collaborators conduct research on cryptographic primitives that may be used in conjunction with blockchain technologies — such as zero-knowledge proofs and digital signatures — and on cryptographic tools and theories related to goals advanced by blockchain-based digital currency — such as anonymity, accountability/transparency, tamper-proofness, and free and secure communication. The DCI is also interested in technology policy, especially policy issues related to cryptography and digital currency. On one hand, how does or should modern technology policy impact use and development of cryptography and blockchain-based technologies? On the other hand, when and how can cryptographic tools efficiently promote specific policy goals — and when is cryptography or blockchain technology the wrong tool to achieve a given goal?

MIT PROFESSIONAL EDUCATION Programs: https://professional.mit.edu/programs

Applied Cybersecurity Lead Instructors: John R. Williams, Abel Sanchez Dates: Jun 17, 2019 - Jun 21, 2019 https://professional.mit.edu/programs/short-programs/applied-cybersecurity In today’s world, organizations must be prepared to defend against threats in cyberspace. Decision makers must be familiar with the basic principles and best practices of cybersecurity to best protect their enterprises. In this course, experts from academia, the military, and industry share their knowledge to give participants the principles, the state of the practice, and strategies for the future. Sessions will address information security, ethical and legal practices, and mitigating cyber vulnerabilities. Participants will also learn about the process of incident response and analysis. The content is targeted at ensuring the privacy, reliability, and integrity of information systems.

MIT Industrial Liaison Program September 2019 | Page 61

The majority of the course (about 75%) is geared toward participants at the decision-making level who need a broad overview, rather than those who are already deeply immersed in the technical aspects of cybersecurity (software development, digital forensics, etc.), although both groups will find the course valuable. Cybersecurity is a very large subject, and therefore this course is only intended to cover the basics of the current leading and pressing cybersecurity topics. The result is that we can cover many different approaches. We cover the introduction of a topic and after the fundamentals, you can explore further on your own. The goal is for participants to understand the utility of each topic, not to become specialists in any one subject.

MIT SLOAN EXECUTIVE EDUCATION https://executive.mit.edu/ MIT Sloan Executive Education’s non-degree executive programs are led by senior MIT Sloan faculty and provide business professionals from around the world with a targeted and flexible means to advance their career development goals and position their organizations for future growth….

Cybersecurity for Managers: A Playbook (online) Dates: Oct 30-Dec 17, 2019 | Feb 19-Apr 7, 2020 | Apr 22-Jun 9, 2020 | Jun 24-Aug 11, 2020 https://executive.mit.edu/openenrollment/program/cybersecurity-for-managers-a-playbook-online/ Minimizing cybercrime damage and disruption is not just the responsibility of the IT department; it’s every employee's job. There are managerial, strategic, and financial considerations in becoming cybersecure. This new online program helps you create a playbook with actionable next steps towards creating a more cyber-aware culture.

Cybersecurity Leadership for Non-Technical Executives Dates: Nov 14-15, 2019 | Apr 7-8, 2020 | Jun 11-12, 2020 | Oct 27-28, 2020 https://executive.mit.edu/openenrollment/program/cybersecurity-leadership-for-non-technical-executives/#.XW5o_yhKhPY Cyber risk and cybersecurity are a source of frustration for executives and government officials who spend inordinate time and worry trying to protect their data from sophisticated phishing schemes, ransomware, state-sponsored hacking. However, cybersecurity issues are not purely a technology problem—they are multi-headed hydras that need to be addressed with a multi-disciplinary approach. This timely cybersecurity course provides general managers with a holistic approach to keeping your company secure.

MIT-RELATED STARTUPS

MIT STARTUP EXCHANGE http://startupexchange.mit.edu/startupexchange/html/index.html MIT Startup Exchange is a web community for the MIT innovation ecosystem, particularly MIT ILP's members, MIT-connected startups and all MIT employees or alumni who have active startup engagements.

MIT Industrial Liaison Program September 2019 | Page 62

ALTASTATA MIT Relationship: Serge Vilvovsky (Founder, MIT Staff) Belmont, MA, https://www.altastata.com/ AltaStata provides a cyber-security toolkit to help organizations protect sensitive Big Data in the cloud against insider threat, transparently support popular Big Data engines and perform fast processing of encrypted data. AltaStata lets industry professionals focus on their algorithms and analysis instead of security infrastructure problems.

DISTILLED IDENTITY MIT Relationship: David Shrier (MIT Alum, Founder, CEO); Prof. Alex "Sandy" Pentland (Co-founder) Boston, MA, http://distilledidentity.com/ http://ilp.mit.edu/newsstory.jsp?id=25302 Distilled Identity is an AI-driven biometrics software company that builds better identity profiles for financial services institutions, improving how they handle risk, fraud, and credit. Distilled Identity’s innovative Predictive Identity platform enables next generation digital identity applications, to reduce fraud, improve authentication, enhance credit models, and conduct powerful aggregated human activity analytics.

DUALITY TECHNOLOGIES MIT Relationships: Shafi Goldwasser (Co-Founder, Chief Scientist, MIT Faculty), Vinod Vaikuntanathan (Co-Founder, Chief Cryptographer, MIT Faculty) Cambridge, MA, https://duality.cloud/ Founded by world-renowned cryptographers and data science executives, Duality Technologies addresses the rapidly growing need of enterprises across regulated industries to collaborate on sensitive data. Duality’s award-winning SecurePlus™ platform enables secure analysis and AI on encrypted data, deriving insights from sensitive data without exposing the data itself. The groundbreaking technology also protects valuable analytics models from exposure to external collaboration parties during computations. The unparalleled performance and scalability of Duality’s SecurePlus™ platform make it possible for enterprises to leverage advanced cryptographic methods for real-world data collaborations, while complying with data privacy regulations and protecting their IP.

ENGIMA MIT Relationships: Guy Zyskind (Co-Founder, CEO, MIT Alumnus), Alex Pentland (Co-Founder, Advisor, MIT Faculty), Can Kisagun (Co-Founder, Chief Product Officer, MIT Alumnus) San Francisco, CA, https://enigma.co/ A peer-to-peer network, enabling different parties to jointly store and run computations on data while keeping the data completely private. Enigma’s computational model is based on a highly optimized version of secure multi-party computation, guaranteed by a verifiable secret-sharing scheme. For storage, we use a modified distributed hashtable for holding secret-shared data. An external blockchain is utilized as the controller of the network, manages access control and identities, and serves as a tamper-proof log of events. Security deposits and fees incentivize operation, correctness, and fairness of the

MIT Industrial Liaison Program September 2019 | Page 63

system. Similar to Bitcoin, Enigma removes the need for a trusted third party, enabling autonomous control of personal data. For the first time, users are able to share their data with cryptographic guarantees regarding their privacy.

EXIMCHAIN MIT Relationships: Hope Liu (Co-Founder, CEO, MIT Alumna), Juan Sebastian Huertas (Co-Founder, CTO, MIT Alumnus), Louis Lamia (Director of Engineering, MIT Alumnus) Singapore, https://www.eximchain.com/ Eximchain is a protocol for scalable, public blockchain networks with privacy for enterprise supply chain applications. Eximchain enables businesses to connect, transact, and share information more efficiently and securely. Eximchain helps global enterprises in their business by bringing efficiencies, security and transparency through blockchain technology Eximchain does this by making blockchain easy to adopt and use through our proprietary technologies.

GATACA MIT Relationship: Irene Hernandez (Co-Founder, CEO, MIT Alumna) Boston, MA, https://www.gatacaid.com Gataca is a global digital ID that provides verified identities to deliver fast and secure customer onboarding experiences. The mobile identity wallet allows users to store their personal data securely and manage access to their digital services all in one place. For companies, Gataca offers identity verification and single sign-on tools to increase conversion rates, reduce customer acquisition costs, and keep piece of mind for GDPR and KYC regulations.

KRYPTON MIT Relationships: Kevin King (Co-Founder, CTO, MIT Alumnus), Alex Grinman (Co-Founder, CEO, MIT Alumnus), David Gifford (Co-Founder, Chief Scientist, MIT Faculty), Shafi Goldwasser (Advisor, MIT Faculty), Adam Chlipala (Advisor, MIT Faculty) Weston, MA, https://krypt.co/ At krypt.co we’re building the next generation of mobile-based authentication. Our vision is that authentication should be based on strong cryptography. Public key cryptography has existed for almost 40 years but it’s barely used to authenticate people. Most people cannot store a long private key in their head nor can they compute digital signatures on the fly. Therefore, we need to store the private key somewhere. It has to be accessible but also kept a secret. At krypt.co we’re tackling this very problem and we believe the smartphone is core to the solution.

PATTERNEX MIT Relationship: Kalyan Veeramachaneni (Co-Founder, Advisor, MIT Staff) San Jose, CA, https://www.patternex.com/ When your goal is to bring Artificial Intelligence to InfoSec, you better have the skills to back it up. Knowing the scope of the problem we were attacking, we set about identifying and recruiting the top minds in four key areas: Artificial Intelligence, distributed systems, operational security, and go-to-

MIT Industrial Liaison Program September 2019 | Page 64

market. This team and the advances in information technology that they have produced are changing the world of information security. For the better.

PREVEIL MIT Relationships: Sanjeev Verman (Founder, Chairman, MIT Alumnus) Boston, MA, https://www.preveil.com PreVeil provides the enterprise with an easy-to-use encrypted email and encrypted cloud storage solution to protect important email and files. Moreover, PreVeil uses the gold standard of end-to-end encryption to secure data. PreVeil also provides the enterprise with a “Trusted Community” for communicating with fellow employees, contractors, vendors or other third parties. With a Trusted Community, employees can communicate and exchange information without worrying about being phished, spoofed, becoming victims of BEC, or having their admins compromised.

SHAPE SECURITY MIT Relationship: Sumit Agarwal (Co-Founder, COO, MIT Alumnus) Mountain View, CA, https://www.shapesecurity.com Shape was founded in 2011 to disrupt automated attacks on web and mobile applications. We believe that criminal organizations function based upon economics, just like other businesses, and that if we can help our customers shift the economic burden onto those attackers, that we can cause them to go after other targets. We cause this shift by making it so expensive for attackers to understand how to penetrate our customers' applications, that they give up and go after softer targets.

SIMSPACE CORPORATION MIT Relationship: William Hutchison (Co-Founder, CEO, MIT Alumnus) Boston, MA, https://www.simspace.com/ SimSpace enables organizations to understand their current cyber risk and then take steps to reduce it through cyber military-style exercises, tailored training on dynamic defense methods using advanced threat scenarios on realistic clones of the organization’s network. This “gloves off” approach to training your security personnel empowers your organization to actively pursue and remove adversaries on your network. SimSpace personnel assess and train your organization, develop methods tailored to improve the cyber defense posture and stand ready to assist you if a cyber incident response is necessary.

SOMERSET RECON MIT Relationships: Grant Jordan (Co-Founder, President, MIT Alumnus), Michael Spindel (Co-Founder, MIT Alumnus), Michael Scarito (Co-Founder, MIT Alumnus) San Diego, CA, https://www.somersetrecon.com Somerset Recon, Inc. is a full-service computer security consulting firm. We provide security analysis, training, consulting, incident response, and penetration testing services to a wide variety of industries. Our team is comprised of world-class security professionals with experience in hardware and software reverse-engineering, code auditing, malware analysis, encryption, and embedded systems. They come

MIT Industrial Liaison Program September 2019 | Page 65

from diverse backgrounds including government, military, commercial sector, and academia, so we can address the unique requirements of our customers. Contact us today to find out how we can help with your specific security needs.

TRUSTLAYERS INC. MIT Relationships: Daniel Weitzner (Co-Founder, MIT Faculty), Hal Abelson (Advisor, MIT Faculty), Tim Berners-Lee (Advisor, MIT Faculty) Cambridge, MA, http://trustlayers.com/ Enterprises assume that locked data creates obstacles for innovating with big data: extensive controls and processes leave opportunities unrealized, changes to code require extensive mobilization of compliance and privacy professionals. TrustLayers unblocks data and gives organizations the freedom to use data in real-time while having the confidence to know data is being used properly.

YAXA MIT Relationships: Kalpesh Sheth (Co-Founder, CEO, MIT Alumnus) Concord, MA, https://yaxa.io High profile data breaches in recent years have shown that insider threats pose a greater challenge that cannot be met with traditional perimeter security. The solution uses data science and machine learning algorithms to learn and build over time a user's behavioral model, and applies it in real time in order to detect and terminate high risk sessions. The solution stops the attacks in its tracks, and prevents a rogue user from stealing sensitive data from the enterprise data center.