Karim Eldefrawy

Karim Eldefrawy
SRI International | SRI · Computer Science Laboratory (CSL)

Ph.D. in Computer Science from the University of California Irvine (UCI)

About

87
Publications
26,761
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,526
Citations
Introduction
My research interests lie in security and privacy in distributed systems. I focus on cryptography and secure and privacy-preserving computation, security of cyber-physical and embedded systems, and computer-aided verification and software & hardware synthesis to guarantee security and privacy. More information at: https://keldefrawy.github.io/
Additional affiliations
January 2018 - December 2019
University of San Francisco
Position
  • Professor (Associate)
January 2017 - present
SRI International
Position
  • Researcher
March 2013 - December 2016
University of California, Irvine
Position
  • Professor (Associate)
Education
August 2007 - August 2010
University of California, Irvine
Field of study
  • Computer Science
September 2005 - August 2007
University of California, Irvine
Field of study
  • Computer Science
September 2003 - July 2005
Cairo University
Field of study
  • Electrical Engineering

Publications

Publications (87)
Conference Paper
Full-text available
In standard Secret Sharing (SS) a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any \(t+1\) parties can efficiently recover s. Over a long period of time all parties may be corrupted and the threshold t may be violated, which is accounted for in Proactive Secret Sharing (PS...
Chapter
The recent work of Garg et al. from TCC’18 introduced the notion of registration based encryption (RBE). The principal motivation behind RBE is to address the key escrow issue of identity based encryption (IBE), where an IBE authority is trusted to generate private keys for all users in the system. Although RBE has excellent asymptotic properties,...
Chapter
We look at two basic coding theoretic and cryptographic mechanisms developed separately and investigate relationships between them and their implications. The first mechanism is Proactive Secret Sharing (PSS), which allows randomization and repair of shares using information from other shares. PSS enables constructing secure multi-party computation...
Conference Paper
Full-text available
The recent work of Garg et al. from TCC’18 introduced the notion of registration based encryption (RBE). The principal motivation behind RBE is to address the key escrow issue of identity based encryp- tion (IBE), where an IBE authority is trusted to generate private keys for all users in the system. Although RBE has excellent asymptotic prop- erti...
Conference Paper
Secret sharing methods are fundamental data representation and distribution techniques that are crucial to securing distributed storage and multi-party computation. Error correcting codes are the fundamental representation mechanism for tolerating and recovering from faults in data: messages and storage. This work looks at variants of both primitiv...
Preprint
Full-text available
Fully Homomorphic Encryption (FHE) allows computing on encrypted data, enabling secure offloading of computation to untrusted serves. Though it provides ideal security, FHE is expensive when executed in software, 4 to 5 orders of magnitude slower than computing on unencrypted data. These overheads are a major barrier to FHE's widespread adoption. W...
Preprint
Full-text available
This paper introduces two techniques that make the standard Quantum Approximate Optimization Algorithm (QAOA) more suitable for constrained optimization problems. The first technique describes how to use the outcome of a prior greedy classical algorithm to define an initial quantum state and mixing operation to adjust the quantum optimization algor...
Preprint
Full-text available
MPC-in-the-Head (MitH) is a general framework that allows constructing efficient Zero Knowledge protocols for general NP-relations from secure multiparty computation (MPC) protocols. In this paper we give the first machine-checked implementation of this transformation. We begin with an EasyCrypt formalization of MitH that preserves the modular stru...
Conference Paper
Full-text available
In modern distributed systems, an adversary's limitations when corrupting subsets of a system's components (e.g., servers) may not necessarily be based on threshold constraints, but rather based on other technical or organizational characteristics. This means that the corruption patterns (and thus protection guarantees) are not based on the adversa...
Chapter
In modern distributed systems, an adversary’s limitations when corrupting subsets of a system’s components (e.g., servers) may not necessarily be based on threshold constraints, but rather based on other technical or organizational characteristics. This means that the corruption patterns (and thus protection guarantees) are based on the adversary b...
Chapter
Implementation flaws in cryptographic libraries, design flaws in underlying cryptographic primitives, and weaknesses in protocols using both, can all lead to exploitable vulnerabilities in software. Manually fixing such issues is challenging and resource consuming, especially when maintaining legacy software that contains broken or outdated cryptog...
Chapter
Full-text available
In Secret Sharing (SS), a dealer shares a secret s among n parties such that an adversary corrupting no more than t parties does not learn s, while any \(t+1\) parties can efficiently recover s. Proactive Secret Sharing (PSS) retains confidentiality of s even when a mobile adversary corrupts all parties over the secret’s lifetime, but no more than...
Preprint
Full-text available
Implementation flaws in cryptographic libraries, design flaws in algorithms underlying cryptographic primitives, and weaknesses in protocols using both, can all lead to exploitable vulnerabilities in software. Manually fixing such issues is challenging and resource consuming, especially when maintaining legacy software that contains broken or outda...
Conference Paper
Full-text available
Secure Multiparty Computation (MPC) enables a group of n</> distrusting parties to jointly compute a function using private inputs. MPC guarantees correctness of computation and confidentiality of inputs if no more than a threshold t</> of the parties are corrupted. Proactive MPC (PMPC) addresses the stronger threat model of a \emphmobile adversary...
Preprint
Full-text available
Modern society is increasingly surrounded by, and accustomed to, a wide range of Cyber-Physical Systems (CPS), Internet-of-Things (IoT), and smart devices. They often perform safety-critical functions, e.g., personal medical devices, automotive CPS and industrial automation (smart factories). Some devices are small, cheap and specialized sensors an...
Conference Paper
Full-text available
Remote Attestation (RA) is a distinct security service that allows a trusted verifier (Vrf) to measure the software state of an untrusted remote prover (Prv). If correctly implemented, RA allows Vrf to remotely detect if Prv is in an illegal or compromised state. Although several RA approaches have been explored (including hardware-based, software-...
Conference Paper
Full-text available
Remote Attestation (RA) of embedded/smart/IoT devices is a very important issue on today's security landscape. RA enables a verifier to measures the current internal memory state of an untrusted remote device (prover). RA helps the verifier establish a static or dynamic root of trust in prover. Despite much prior work, state-of-the-art RA technique...
Chapter
Full-text available
We conducted a longitudinal study to analyze the misuse of Bitcoin. We first investigated usage characteristics of Bitcoin by analyzing how many addresses each address transacts with (from January 2009 to May 2018). To obtain a quantitative estimate of the malicious activity that Bitcoin is associated with, we collected over 2.3 million candidate B...
Article
Full-text available
Recent years have witnessed an increasing demand for biometrics based identification, authentication and access control (BIA) systems, which offer convenience, ease of use, and (in some cases) improved security. In contrast to other methods, such as passwords or pins, BIA systems face new unique challenges; chiefly among them is ensuring long-term...
Preprint
Full-text available
In this work, we take the first step towards formal verification of RA by designing and verifying an architecture called VRASED: Verifiable Remote Attestation for Simple Embedded Devices. VRASED instantiates a hybrid (hardware/software -- HW/SW) RA co-design aimed at low-end embedded systems, e.g., simple IoT devices. VRASED provides a level of sec...
Chapter
Full-text available
One option to instantiate Mobile Target Defense (MTD) [27] strategies in distributed storage and computing systems is to design such systems from the ground up using cryptographic techniques such as secret sharing (SS) and secure multiparty computation (MPC). In standard SS a dealer shares a secret s among n parties such that an adversary corruptin...
Conference Paper
Full-text available
Assuring integrity of information (e.g., data and/or software) is usually accomplished by cryptographic means, such as hash functions or message authentication codes (MACs). Computing such integrity-ensuring functions can be time-consuming if the amount of input data is large and/or the computing platform is weak. At the same time, in real-time or...
Conference Paper
Full-text available
Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and...
Chapter
Full-text available
Recent years have witnessed an increase in demand for biometrics based identification, authentication and access control (BIA) systems, which offer convenience, ease of use, and (in some cases) improved security. In contrast to other methods, such as passwords or pins, BIA systems face new unique challenges; chiefly among them is ensuring long-term...
Conference Paper
Full-text available
Self-stabilization refers to the ability of systems to recover after temporal violations of conditions required for their correct operation. Such violations may lead the system to an arbitrary state from which it should automatically recover. Today, beyond recovering functionality, there is a need to recover security and confidentiality guarantees...
Conference Paper
Full-text available
Remote Attestation (RA) allows a trusted entity (verifier) to securely measure internal state of a remote untrusted hardware platform (prover). RA can be used to establish a static or dynamic root of trust in embedded and cyber-physical systems. It can also be used as a building block for other security services and primitives, such as software upd...
Conference Paper
Full-text available
A fuzzy extractor (FE) enables reproducible generation of high-quality randomness from noisy inputs having sufficient min-entropy. FEs have been proposed for deriving cryptographic keys from biometric data. FEs rely in their operation on a public “helper string” that is guaranteed not to leak too much information about the original input. Unfortuna...
Conference Paper
Full-text available
In the last decade, Remote Attestation (RA) emerged as a distinct security service for detecting attacks on embedded devices, cyber-physical systems (CPS) and Internet of Things (IoT) devices. RA involves verification of current internal state of an untrusted remote hardware platform (prover) by a trusted entity (verifier). RA can help the latter e...
Conference Paper
Full-text available
In a secret sharing scheme a dealer shares a secret s among n parties such that an adversary corrupting up to t parties does not learn s, while any t+1 parties can efficiently recover s. Over a long period of time all parties may be corrupted thus violating the threshold, which is accounted for in Proactive Secret Sharing (PSS). PSS schemes periodi...
Conference Paper
Full-text available
Proactive secret sharing (PSS) schemes are designed for settings where long-term confidentiality of secrets is required, specifically, when all participating parties may eventually be corrupted. PSS schemes periodically refresh secrets and reset corrupted parties to an uncorrupted state; in PSS the corruption threshold of parties is replaced with a...
Patent
Full-text available
Described is a system, method, and computer program product for ensuring that promises are kept in an anonymous system. A verifiable interaction is established between at least two users. Each user utilizes at least one pseudonym to protect their identity, which is verifiable by a third party. The pseudonyms are stored in an anonymous database cont...
Patent
Full-text available
Described is a system for allowing sets of processors to engage in a secure pattern matching protocol. An input pattern is received from a first set of processors, while a text is received from a second set of processors. A matrix is constructed based on values computed for each character determined by each character's position in the pattern. The...
Conference Paper
Full-text available
Most current digital currency schemes and associated ledgers are either centralized or completely distributed similar to the design adopted by Bitcoin. Centralized schemes enable accountability, but leave the privacy of users' identities and transactions in the hands of one organization. Distributed schemes can ensure better privacy but provide lit...
Article
Full-text available
In PODC 1991 Ostrovsky and Yung [35] introduced the proactive security model, where corruptions spread throughout the network, analogous to the spread of a virus or a worm. PODC 2006 distinguished lecture by Danny Dolev, that also appears in the PODC06 proceedings, lists the above work as one of PODC's "Century Papers at the First Quarter-Century M...
Article
Full-text available
In ubiquitous computing environments, providing appropriate services and information to users at the right place in the right way is challenging for many reasons: different user interests, heterogeneous devices and services, dynamic networks, information overload, or differing privacy levels, for example. Agent technology is a paradigm expected to...
Article
Full-text available
Balancing security and privacy concerns with information sharing is a top priority for corporations, law enforcement agencies, governments, and other organizations. Secure pattern matching (SPM) addresses some of the challenges faced in sharing and searching private data.
Conference Paper
Full-text available
Network coding (NC) has frequently been promoted as an approach for improving throughput in wireless networks. Existing work has mostly focused on the fundamental aspects of NC, while constraints arising in real-world network deployments have not received much attention. In particular, NC requires network nodes to overhear each other's packets, whi...
Conference Paper
Full-text available
This paper proposes an architecture for a resilient cloud computing infrastructure that provably maintains cloud functionality against persistent successful corruptions of cloud nodes. The architecture is composed of a self-healing software mechanism for the entire cloud, as well as hardware-assisted regeneration of compromised (or faulty) nodes fr...
Patent
Full-text available
A system and method for filtering unwanted Internet Protocol traffic based on blacklists receives a first blacklist containing a first plurality of Internet protocol addresses associated with unwanted Internet traffic. The system also operates a first plurality of access control lists adapted to block the unwanted Internet traffic from one of the f...
Conference Paper
Full-text available
Ensuring security and privacy of content in a mobile ad-hoc network (MANET) is a challenging problem, especially when that content is distributed over the network using some form of peer-to-peer dissemination scheme. Since cooperation among nodes is vital in MANETs, the capture or compromise of a single node not only exposes locally cached content,...
Conference Paper
Full-text available
In this paper we consider the problem of secure pattern matching that allows single character wildcards and substring matching in the malicious (stand-alone) setting. Our protocol, called 5PM, is executed between two parties: Server, holding a text of length n, and Client, holding a pattern of length m to be matched against the text, where our noti...
Article
Full-text available
Remote attestation is the process of securely veri-fying internal state of a remote hardware platform. It can be achieved either statically (at boot time) or dy-namically, at run-time in order to establish a dynamic root of trust. The latter allows full isolation of a code region from preexisting software (including the oper-ating system) and guara...
Article
Full-text available
Mobile Ad-Hoc Networks (MANETs) are particularly useful and well-suited for critical scenarios, including military, law enforcement as well as emergency rescue and disaster recovery. When operating in hostile or suspicious settings, MANETs require communication security and privacy, especially, in underlying routing protocols. Unlike most networks,...
Article
Full-text available
In most common mobile ad hoc networking (MANET) scenarios, nodes establish communication based on long-lasting public identities. However, in some hostile and suspicious settings, node identities must not be exposed and node movements should be untraceable. Instead, nodes need to communicate on the basis of their current locations. While such MANET...