Blocki earns NSF CAREER Award
Data breaches have affected almost everyone with a password protected account. With so many dozens of personal passwords to maintain, many people cope with the necessity of a password change by using too simple of a replacement, such as kids or pets’ names followed by a memorable number. We know better, but the frustration with replacing passwords leaves most people vulnerable when they create new and equally weak passwords. The issue compounds when we reuse them across multiple accounts. Despite this common problem, the security industry still uses passwords as the most predominant form of authentication.
Computer Science professor and security researcher Jeremiah Blocki, received a CAREER award from the National Science Foundation (NSF) to study this problem and propose solutions. His project is dedicated to developing cryptographic tools to improve the security and usability of human authentication, especially password authentication.
Specifically, the project plans to develop new combinatorial techniques to design and analyze memory hard functions, a cryptographic primitive which can be used to protect low-entropy secrets such as master passwords, general passwords, and biometrics against brute-force attacks.
Key to this is developing stronger memory hard functions and analyzing the concrete security of prior memory hard functions such as SCRYPT, Argon2, and DRSample. Blocki also plans to adapt tools from statistics and game theory to better understand the distribution over user chosen passwords and predict how attackers could behave in a breach.
While taking into account the problems we face with authentication, the project hopes to develop mechanisms allowing users to (gradually) memorize stronger passwords. Ideally, this will allow users to securely manage multiple passwords without having to memorize unique passwords for every account. Even with current password manager products, which are designed to safely manage passwords across accounts, there are reports of master passwords being compromised. This research takes into account the various means industry and individuals use to keep their accounts secure.
NSF CAREER awards are the organization’s most prestigious awards given to junior faculty who embody the role of teacher-scholars through research, education and the integration of those concepts within the mission of their organizations. CAREER awards support promising and talented researchers in building a foundation for a lifetime of leadership. Receiving this award reflects this project’s merit of the NSF statutory mission and its worthiness of financial support.
Professor Blocki is a theoretical computer scientist interested in applying fundamental CS ideas to address practical problems in usable privacy and security. He is especially interested in developing usable authentication protocols for humans that are easy to create and remember. He has developed algorithms for conducting privacy preserving data analysis in several different application settings including social networks and password data. Prior to joining Purdue Computer Science in 2016, Blocki earned his PhD on Usable Human Authentication at Carnegie Mellon University and completed a post at Microsoft Research New England.