Garman earns NSF CAREER award

03-22-2021

Every time we message a friend, make a credit card purchase, or remotely unlock our cars, we engage with cryptographic protocols. We securely rely (often unknowingly) on the security of systems that use cryptography. Though in recent years, there have been a number of serious failures and vulnerabilities in cryptographic systems. Some of these failures have resulted in large consequences. When these failures happen, multiple problems can be blamed: poor design, tough implementation, and misuse of secure primitives. Though ultimately, the common denominator in all of these problems is the human element.

Computer science assistant professor and security researcher Christina Garman, received a CAREER award from the National Science Foundation (NSF) to study solutions to the human element problem. Her project is dedicated to building tools to aid in the deployment of complex cryptography, automating the discovery of vulnerabilities in popular zero-knowledge proof instantiation, and automate the discovery and identification of modern cryptographic algorithms and techniques. 

Garman works in cryptographic automation, a new and promising research area designed to help solve many of these issues and make developing secure systems far easier and less error-prone, even for a non-expert.  
Her project focuses on removing the human element from the deployment and analysis of cryptographic systems. Through the use of cryptographic automation and the development of tools, the project's aim is to make it easier to design and securely deploy new and complex cryptographic systems while preventing insecurities from occurring in such systems. 

The project has three main components. The core of the project centers around building tools to aid in the deployment of complex cryptography. These tools focus on automating the end-to-end development of zero-knowledge proof code, from expressing the proof statement to realizing the implementation, with additional applications to anonymous credentials. 

The second component focuses on automating the discovery of cryptographic vulnerabilities in applications that use zkSNARKs, a popular zero-knowledge proof instantiation. This will leverage fuzzing to help both programmers and end users detect inconsistencies and errors in existing, already deployed zkSNARK circuits and applications. 

The third component works to automate the discovery and identification of modern cryptographic algorithms and techniques in both traditional as well as heavily obfuscated binaries, through a novel combination of various dynamic analysis and machine learning based approaches. 

The project will, for both expert and non-expert developers alike, make it easier to find vulnerable algorithms and use cryptography to reduce insecurities caused by the human element as we engage with cryptographic protocols.   

NSF CAREER awards are the organization’s most prestigious awards given to junior faculty who embody the role of teacher-scholars through research, education and the integration of those concepts within the mission of their organizations. CAREER awards support promising and talented researchers in building a foundation for a lifetime of leadership. Receiving this award reflects this project’s merit of the NSF statutory mission and its worthiness of financial support.

Professor Garman is a security researcher and assistant professor in the Department of Computer Science at Purdue University. Her research interests focus largely on practical and applied cryptography. More specifically, her work has focused on the security of deployed cryptographic systems from all aspects, including the evaluation of real systems, improving the tools that we have to design and create them, and actually creating real, deployable systems. Some of her recent work has been on the weaknesses of RC4 in TLS, cryptographic automation, decentralized anonymous e-cash, and decentralized anonymous credentials. She is also one of the co-founders of ZCash, a startup building a cryptocurrency based on Zerocash. Her work has been publicized in The Washington Post, Wired, and The Economist. Prior to joining Purdue, Garman received her PhD in Computer Science from Johns Hopkins University in 2017. She received an NSF CAREER Award in 2021 and an ACM CCS Best Paper Award in 2016.