Security Research for the Public Good: A Principled Approach

Abstract

Recent history is littered with examples of software vendors betraying user trust, exposing the public to exploitable code, data leaks, and invasive privacy practices. Undirected security research may be insufficient for preventing such foreseeable and preventable failures, as these problems are often the result of misaligned vendor incentives rather than the technical specifics of the systems themselves.

This dissertation illustrates the utility of security research that is motivated explicitly by the goal of realigning incentives of market actors toward providing better security. We find that a research approach guided by a deep understanding of the economic, regulatory, and technical attributes of the actors involved is crucial for solving important societally-relevant problems in computer security. We present three case studies in applying this vision:

Our first case study considers vulnerability discovery as applied to Internet voting. We perform a security analysis of the dominant Internet voting systems used in U.S. federal elections, including those used in the 2020 U.S. presidential race. We find that, despite decades of research in cryptography and voting, all deployed systems are of simplistic design and suffer basic security and privacy problems, supporting the conclusion that the market is in failure.

Our second case study involves designing cryptography to disincentivize (rather than prevent) bad behavior through the example of deniability in messaging. We find that the evolution of the email ecosystem has inadvertently resulted in most messages being nonrepudiable, incentivizing email theft and public exposure of private data. We present cryptographic constructions that solve this problem while fitting in with email’s already complicated ecosystem.

Our final case study involves government requests to mandate law enforcement access to encrypted data, colloquially known as ‘backdooring’ encryption. We perform a security analysis of technical proposals to provide such government exceptional access, and find that they would cause untenable security and privacy risks.

Finally, we conclude with a discussion of security research as a public good, and provide direction for future work.