Securing human information interaction and privacy via new protocols and architectures

摘要

The ubiquity of the Internet and lower cost of computers and mobile devices have resulted in a hyper-connected computing paradigm. This emerging environment has led to the movement of everything going online and attracted many inexperienced users. However, the current computing infrastructure is not user-friendly and lacks easy-to-use and transparent security architecture. As a result, establishing security is in some part left to the consumers. This practice results in users quickly becoming overwhelmed and unable to protect themselves, especially those who are not well versed in technology.;In current practices, users are seeking third-party services to aggregate their finances. However, due to lack of a better secure method, they are sharing their accounts' login credentials. This practice along with users' habit of reusing passwords across accounts, leads to increased vulnerability. Also, when users continue to use plaintext email messages over insecure networks and servers, they put themselves in jeopardy. As a result, personal and confidential information that is stored unencrypted on hard disks or sent over insecure networks is vulnerable to attackers. The recurring cyber-attacks (e.g., ransomware, server breaches, and distributed denial-of-service (DDoS) attacks) are indications of flaws, usability, and vulnerability of the current computing infrastructure. Therefore, we need to design underlying technologies that protect users with minimum or no effort on their part.;In this dissertation, we present new and original security models using novel protocols and architectures to secure online accounts and email messages. The first model provides a new authentication mechanism as an alternative login architecture and new access control sandbox technique to provide granular access control. These new methods are more secure than using username and password combination along with accounts that get full-access upon login. The second model protects email messages and provides non-repudiation. It consists of a new architecture with fully integrated infrastructure and an enhanced public key distribution system. This model eliminates inflexible and difficult to use email security that exists in current practices. The simplified design is easy to use to protect all users, especially average users who are incapable of protecting themselves while using insecure networks and servers.