Luddy School of Informatics, Computing, and Engineering cutting-edge security research left a major impression at the recent 52nd Research Conference on Communications, Information and Internet Policy in Washington D.C.
Research conducted under the guidance of Jean Camp, professor of Informatics and director of the Center for Security and Privacy in Informatics, Computing, and Engineering, was presented by Informatics student Phenzi Blasio, who studies Cybersecurity, Informatics, Psychology, and Global Policy, and Jacob Abbott, a postdoctoral fellow at IU.
Camp, Blasio and Abbott, along with Luddy Informatics students Skyler Johnson, Katie Ferro and Eric Swiler, co-authored, Pki Incident Reporting Trends: What Can We Learn from Community Reporting?
Abbott and Blasio presented that paper. Blasio presented a poster, “Strengthening Cybersecurity: Unveiling Organizational Vulnerabilities in Public Key Infrastructures,” that was co-authored by Johnson, Ferro, Abbott and Camp.
“I am pleased and proud to have been one of Phenzi’s Research Experiences for Undergraduates advisers, but Jacob did the real work,” Camp said about her advisory role.
TPRC 52 is the preeminent annual interdisciplinary conference on communications, information, and internet policy that gathers researchers and policymakers from law, economics, computer science, data science, engineering, social sciences, industry, government and more from around the world. It promotes interdisciplinary thinking on current and emerging issues by disseminating and discussing new research relevant to policy issues in the United States and around the world.
“This conference was a prime opportunity for our work to intersect with Federal Communications Commission officials and technologists from related disciplines,” Blasio said.
The paper addressed how untrustworthy, non-compliant and dangerous certificates arise on the Web, and what causes it. Researchers compiled reports of public key infrastructure incidents from 2019 to 2021, and reviewed over 597 incident reports.
Blasio said public key infrastructure is a framework of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.
Research results, using qualitative and quantitative analyses, identified parties that have erred, the ways they did and patterns of behavior among and between certificate authorities.
Researchers said there is a need for immediate systematic improvement in public key public key infrastructure incidents, and that need will increase. They discussed potential avenues for more work to prevent future incidents and detect problematic certificates before they are issued.
Combined with the paper, Blasio said, “This research addressed security incidents and systematic vulnerabilities in certificate authorities, underscoring how even technological giants can face challenges in executing complex technical tasks.”
The conference was divided into about 15 sessions per day with each session led by researchers or industry professionals, “who used the platform to demonstrate the efficacy of their services or highlight current gaps in technological research,” Blasio said.
“I was particularly inspired by the presence and support of fellow women in the field. I realized the importance of my role as a repository of information for future generations. Being the youngest person there, and one of the youngest published in the conference’s history at twenty years old, was a significant personal achievement.”
Blasio said it’s challenging being one of the few black women in a male-dominated technological field.
“I believe my experiences will enable me to help others in the future. Receiving kind words from peers who acknowledged the importance of my work and presence was incredibly fulfilling. I aspire to be a supportive figure for others in the industry, even as I continue to develop my skills across various fields.”
Blasio credited Camp for selecting her to the security lab, and praised Abbott, Johnson and Ferro for helping to make this research and opportunity possible.