Our research includes various aspects of security and privacy in wireless and mobile systems. Domains of particular
interest include wireless ad hoc and mesh networks, sensor networks and cyber-physical systems, the Internet of
Things, communications for the smart grid, mobile computing platforms like smartphones and tablets, and M2M systems.
The following are specific research projects that we have worked on, with most recent projects first. Project details
and related publications can be found under each project link.
We develop a network security monitoring system for Zigbee networks that interacts with a set of wireless intrusion detection system sensors, a database server, and a notification server to provide archiving, aggregation, inspection, visualization, and alert services.
We study the security of Zigbee networks by developing software tools for the analysis of captured Zigbee packets and modifying the firmware of an IEEE 802.15.4 USB adapter to launch selective jamming and spoofing attacks against them that we analyze with a software-defined radio.
We develop the eMews framework to provide realistic, large-scale network trace data generation within a single physical host. Our approach also replaces human-in-the-loop protocols with abstracted behavioral models.
We investigate the feasibility of combining signals from non-acoustic sensors embedded in a network of IoT devices to reconstruct intelligible speech signals, enabling an attacker to eavesdrop on conversations in the sensed area without needing access to a microphone.
We explore a new IoT security model that leverages edge computing resources to logically isolate and protect constrained devices and resources from the public Internet, effectively mediating trust relationships between the cloud and IoT devices.
We show how the concepts of proximal domains and fog mediation enable stronger privacy and data ownership protections without sacrificing application quality based on machine learning and other data-driven services.
We study how the cyber-physical implications of sensing and actuation affect a variety of security and privacy applications in sensing and IoT systems, including the many constraints and challenges inherent in embedded systems.
We investigate cheating vulnerabilities in mobile game and investigate the use of anti-cheating mechanisms, including protecting memory, local files, network traffic, source code, and game state integrity.
We study the OAuth protocol specification and perform a field-study of hundreds of mobile applications to identify authentication and authorization vulnerabilities in real mobile applications.
We model multi-player adaptation to understand stability and convergence properties when both attacking and defending players are adapting in response to their respective observations.
We investigate a number of aspects of mobile security and privacy that do not align with existing definitions for telecommunications, computing, or sensing and instead focus on the unique system-of-systems nature of modern smartphones.
We demonstrate a variety of ways that service providers have overlooked security threats in their system designs and developd practical defense mechanisms as well as deeper redesign of telecommunications infrastructure.
We study the ability for distributed networks to self-organize, -heal, and -reconfigure to manage and heal themselves in a variety of scenarios involving critical wireless and cyber-physical infrastructure.
We develop a variety of extended models for intentional interference and jamming using modern software-defined radio capabilities, including the ability to leverage higher-level protocol details and context information.
We show how the resilience of mesh networks in terms of path redundancy and diversity can be leveraged for protection against network failure or denial-of-service attack.
We demonstrate several ways that anti-jamming techniques can leverage cross-layer information and software-defined signal processing communication, and networking capabilities to detect or mitigate jamming attacks.