Jeremiah Blocki

Carnegie Mellon University

5000 Forbes Avenue

Pittsburgh, PA 15213

 

Office:         Gates-Hillman 7507

Telephone: (412)-268-3501

E-mail:       [jblocki AT cs DOT cmu DOT edu]

About Me: I am a graduate student at Carnegie Mellon University in the Computer Science Department, where I am pursuing a PhD.  I also completed my undergraduate studies at Carnegie Mellon University where I double majored in Computer Science and Mathematics.  I am fortunate to be co-advised by Manuel Blum and Anupam Datta.  I am also very thankful to be supported by a NSF Graduate Research Fellowship. 

Research Interests:

Usable and Secure Password Management: Although millions of users use passwords everyday to protect important assets (e.g., online banking, trading, commerce, email, social networks, and enterprise resources) we do not know how to create secure and usable passwords. A typical computer user today has many password protected online accounts: Amazon, eBay, PNC bank, Gmail, etc.. Informally, a password management scheme is any method for creating and retrieving each password. A typical user has to select and remember a password for over one-hundred different accounts. Many sites have vastly different password requirements: minimum length, maximum length, special characters, capitalization, etc. Intimidated by the prospect of remembering so many different passwords many users adopt an insecure password management scheme: writing down passwords, reusing passwords and picking weak (low entropy) passwords. A large scale study of password habits revealed that in 2007 a typical user had no more than 7 unique passwords and reused each password around 4 times on average. While there are many articles (and even several books) on how to generate good passwords, there is still a clear need to develop password management schemes which are usable and secure.

 

I am interested in password management schemes which can be implemented on “human hardware”. A good password management scheme should be usable and secure. Informally, a password management scheme is usable if a human can create and recall passwords without too much effort. A secure password management scheme must provide concrete security guarantees even against an adversary who has already learned one or more of the user’s passwords. I have several goals:

1)  I am developing a mathematical framework for analyzing the security of a password management scheme.

2)  I am developing a mathematical framework for analyzing the usability of a password management scheme.

3)  Evaluating the usability and security of existing password management schemes.

4)  Developing new password management schemes.

Other Interests: I am generally interested in theoretical computer science, especially cryptography and data privacy.  Lately I have been thinking about ways in which a data curator can answer useful questions about a social network while preserving differential privacy.  I am also interested in game theory and learning theory and their applications to practical security problems like auditing.

Publications:

Optimizing Password Composition Policies.With Saranga Komanduri, Ariel Procaccia, and Or Sheffet. EC 2013. [arXiv] [Slides]

Audit Games. With Nicolas Christin, Anupam Datta, Ariel Procaccia and Arunesh Sinha. IJCAI 2013. [arXiv]

Differentially Private Data Analysis of Social Networks via Restricted Sensitivity. With Avrim Blum, Anupam Datta, and Or Sheffet. ITCS 2013. [arXiv] [Slides]

The Johnson-Lindenstrauss transform itself preserves differential privacy. With Avrim Blum, Anupam Datta, and Or Sheffet (lead author). FOCS 2012. [arXiv]

Audit Strategies for Provable Risk Management and Accountable Data Governance. With Anupam Datta, Nicolas Christin and Arunesh Sinha. GameSec 2012. [Paper]

Audit Mechanisms for Privacy Protection in Healthcare Environments. With Anupam Datta, Nicolas Christin and Arunesh Sinha. HealthSec 2011.  [Position Paper]

Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection. With Anupam Datta, Nicolas Christin and Arunesh Sinha. CSF 2011.  [Paper]

Resolving the Complexity of Some Data Privacy Problems. With Ryan Williams. ICALP 2010. [arXiv] [Slides]

Working Papers:

Naturally Rehearsing Passwords. With Manuel Blum and Anupam Datta. [arXiv]

Adaptive Regret Minimization in Bounded-Memory Games. With Nicolas Christin, Anupam Datta and Arunesh Sinha. [arXiv] [Slides]

Talks:

·        Usable and Secure Password Management [Slides]

·        Differentially Private Data Analysis of Social Networks via Restricted Sensitivity [Slides]

·        Regret Minimization in Bounded Memory Games [Slides]

·        Resolving the Complexity of Some Data Privacy Problems [Slides]

·        K-Anonymity [Slides]

Teaching

[CMU, Spring 2012] TA. 15-453 Formal Languages, Automata and Computability. (Instructor: Lenore Blum)

[CMU, Fall 2010] Head TA. 15-451 Algorithms. (Instructor: Manuel Blum)

[CMU, Fall 2008] TA. 15-859P Introduction to Theoretical Cryptography. (Instructor: Manuel Blum)

[CMU, Spring 2008] TA. 15-251 Great Theoretical Ideas in Computer Science. (Instructor: Luis von Ahn)

Undergraduate Work:

·        Senior Research Thesis: Direct Zero-Knowledge Proofs [Extended Abstract]

·        The Turing Machine Kernel Is Not Computable [Blog Post]

·        The Computational Complexity of K­_n [Slides]

 Personal Life:

I am happy to be married to my beautiful wife Heather!

My Church

I am involved in Graduate Christian Fellowship at CMU.

I am a huge fan of Pitt basketball and football, the Penguins, and the Steelers. After years of bad seasons the Pirates have also been winning me over with a solid performance this year (2012).

I enjoy playing basketball, Frisbee, softball, and most other sports that mankind has invented.