We have been exploring a few solutions for data security, considering potentially dangerous but realistic situations — e.g., physical attacks when the attacker has full control over the target machine and can coerce the machine owner into revealing encryption passwords. We believe such a strong attacker model is in accordance with current state-level adversaries with high technical capabilities and legal/questionable/illegal powers (e.g., US FISA, clandestine NSA programs). I will discuss four related proposals: Gracewipe (coercion-resistant disk data deletion), Hypnoguard (cold-boot protection for RAM data in sleep), SafeKeeper (protecting web credentials from rougue IT admins), and Blindfold (protecting PKI private keys from human admins). While our solutions are possibly a step forward, more importantly, we highlight pitfalls of such solutions against a strong adversary.
Mohammad Mannan is an associate professor at the Concordia Institute for Information Systems Engineering, Concordia University, Montreal. He has a Ph.D. in Computer Science from Carleton University in Internet authentication and usable security. He was a post-doctoral fellow at the University of Toronto from 2009 to 2011. His research interests lie in the Internet and systems security on solving high-impact security and privacy problems of today's Internet. He is an associate editor for the IEEE Security and Privacy magazine (from 2020), and has been involved in several well-known conferences (e.g., program committee: ACM CCS 2019, 2016, USENIX Security 2018, 2022; general co-chair: ACM CCS 2018), and journals (e.g., ACM TISSEC, IEEE TDSC, IEEE TIFS).