Office: Gates-Hillman 7225
E-mail: [jblocki AT cs
DOT cmu DOT edu]
Usable and Secure Password Management: Although
millions of users use passwords everyday to protect
important assets (e.g., online banking, trading, commerce, email, social
networks, and enterprise resources) we do not know how to create secure and
usable passwords. A typical computer user today has many password protected
online accounts: Amazon, eBay, PNC bank, Gmail, etc..
Informally, a password management scheme is any method for creating and
retrieving each password. A typical user has to select and remember a password
for over one-hundred different accounts. Many sites have vastly different
password requirements: minimum length, maximum length, special characters,
capitalization, etc. Intimidated by the prospect of remembering so many
different passwords many users adopt an insecure password management scheme:
writing down passwords, reusing passwords and picking weak (low entropy)
passwords. A large scale study of password habits revealed that in 2007 a
typical user had no more than 7 unique passwords and reused each password
around 4 times on average. While there are many articles (and even several
books) on how to generate good passwords, there is still a clear need to
develop password management schemes which are usable and secure.
I am interested in password management
schemes which can be implemented on “human hardware”. A good password
management scheme should be usable and secure. Informally, a password
management scheme is usable if a human can create and recall passwords without
too much effort. A secure password management scheme must provide concrete
security guarantees even against an adversary who has already learned one or
more of the user’s passwords. I have several goals:
1) I am developing
a mathematical framework for analyzing the security of a password management
2) I am developing
a mathematical framework for analyzing the usability of a password management
3) Evaluating the
usability and security of existing password management schemes.
4) Developing new
password management schemes.
Other Interests: I am generally interested in theoretical computer
science, especially cryptography and data privacy. Lately I have been thinking about ways in
which a data curator can answer useful questions about a social network while
preserving differential privacy. I am
also interested in game theory and learning theory and their applications to
practical security problems like auditing.
Private Data Analysis of Social Networks via Restricted Sensitivity. With Avrim Blum, Anupam Datta, and Or Sheffet. ITCS
2013. [arXiv] [Slides]
The Johnson-Lindenstrauss transform itself preserves differential
privacy. With Avrim Blum, Anupam Datta, and Or Sheffet (lead author). FOCS 2012. [arXiv]
Audit Strategies for
Provable Risk Management and Accountable Data
Datta, Nicolas Christin
and Arunesh Sinha.
GameSec 2012. [Paper]
Audit Mechanisms for
Privacy Protection in Healthcare Environments. With Anupam Datta, Nicolas Christin and Arunesh Sinha.
HealthSec 2011. [Position Paper]
Regret Minimizing Audits:
A Learning-Theoretic Basis for Privacy Protection. With Anupam Datta, Nicolas Christin and Arunesh Sinha.
the Complexity of Some Data Privacy Problems. With Ryan Williams. ICALP 2010. [arXiv] [Slides]
with Low Pairwise Intersection. With Calvin Beideman. [arXiv]
Usable and Secure Password Management [Slides]
Differentially Private Data Analysis of Social
Networks via Restricted Sensitivity [Slides]
Regret Minimization in Bounded Memory Games [Slides]
Resolving the Complexity of Some Data Privacy Problems [Slides]
[CMU, Spring 2012] TA. 15-453 Formal Languages, Automata and Computability. (Instructor: Lenore Blum)
[CMU, Fall 2010] Head TA. 15-451 Algorithms. (Instructor: Manuel Blum)
2008] TA. 15-859P Introduction to
Theoretical Cryptography. (Instructor: Manuel Blum)
2008] TA. 15-251 Great Theoretical Ideas in Computer Science. (Instructor: Luis von Ahn)
Senior Research Thesis: Direct Zero-Knowledge Proofs [Extended
The Turing Machine Kernel Is Not Computable [Blog Post]
The Computational Complexity of Kn
I am happy to be married to my beautiful wife
I am involved in
Graduate Christian Fellowship at CMU.
I am a huge fan
of Pitt basketball and
football, the Penguins, and the Steelers. After years of bad seasons the Pirates are finally on track this
I enjoy playing
basketball, Frisbee, softball, and most other sports that mankind has invented.