Search for: All records

If a web service is so secure that it does not even know---and does not want to know---the identity and contact info of its users, can it still offer account recovery if a user forgets their password? This paper is the culmination of the authors' work to design a cryptographic protocol for account recovery for use by a prominent secure matching system: a web-based service that allows survivors of sexual misconduct to become aware of other survivors harmed by the same perpetrator. In such a system, the list of account-holders must be safeguarded, even against the service provider itself. In this work, we design an account recovery system that, on the surface, appears to follow the typical workflow: the user types in their email address, receives an email containing a one-time link, and answers some security questions. Behind the scenes, the defining feature of our recovery system is that the service provider can perform email-based account validation without knowing, or being able to learn, a list of users' email addresses. Our construction uses standardized cryptography for most components, and it has been deployed in production at the secure matching system. As a building block toward our main construction, we design a new cryptographic primitive that may be of independent interest: an oblivious pseudorandom function that can either have a fully-private input or a partially-public input, and that reaches the same output either way. This primitive allows us to perform online rate limiting for account recovery attempts, without imposing a bound on the creation of new accounts. We provide an open-source implementation of this primitive and provide evaluation results showing that the end-to-end interaction time takes 8.4-60.4 ms in fully-private input mode and 3.1-41.2 ms in partially-public input mode. 

Foot drop is the inability to dorsiflex the ankle (raise the toes) due to neuromuscular impairment, and this common condition can cause trips and falls. Current treatments for chronic foot drop provide dorsiflexion support, but they either impede ankle push off or are not suitable for all patients. Powered ankle-foot orthosis (AFO) can counteract foot drop without these drawbacks, but they are heavy and bulky and have short battery life. To counteract foot drop without the drawbacks of current treatments or powered AFO, we designed and built an AFO powered by dielectric elastomer actuators (DEAs), a type of artificial muscle technology. This paper presents our design and the results of benchtop testing. We found that the DEA AFO can provide 49 % of the dorsiflexion support necessary to raise the foot. Further, charging the DEAs reduced the effort that would be required for plantarflexion compared to that with passive DEA behavior, and this operation could be powered for 7000 steps or more in actual operation. DEAs are a promising approach for building an AFO that counteracts foot drop without impeding plantarflexion, and they may prove useful for other powered prosthesis and orthosis designs.