Mobile, Embedded, & Wireless Security

Research

(show all) Fog Computing IoT Sensing Mobile Jamming
Our research includes various aspects of security and privacy in wireless and mobile systems. Domains of particular interest include wireless ad hoc and mesh networks, sensor networks and cyber-physical systems, the Internet of Things, communications for the smart grid, mobile computing platforms like smartphones and tablets, and M2M systems. The following are specific research projects that we have worked on, with most recent projects first. Project details and related publications can be found under each project link.

HiveGuard: A Distributed System for Monitoring the Security of Zigbee Networks

We develop a network security monitoring system for Zigbee networks that interacts with a set of wireless intrusion detection system sensors, a database server, and a notification server to provide archiving, aggregation, inspection, visualization, and alert services.

Zigator: Security Analysis Tool for Zigbee Networks

We study the security of Zigbee networks by developing software tools for the analysis of captured Zigbee packets and modifying the firmware of an IEEE 802.15.4 USB adapter to launch selective jamming and spoofing attacks against them that we analyze with a software-defined radio.

Large-Scale Realistic Network Data Generation on a Budget

We develop the eMews framework to provide realistic, large-scale network trace data generation within a single physical host. Our approach also replaces human-in-the-loop protocols with abstracted behavioral models.

PitchIn: Eavesdropping via Intelligible Speech Reconstruction using Non-Acoustic Sensor Fusion

We investigate the feasibility of combining signals from non-acoustic sensors embedded in a network of IoT devices to reconstruct intelligible speech signals, enabling an attacker to eavesdrop on conversations in the sensed area without needing access to a microphone.

Proximal Domains: Mediated Fog Computing Model for Security in the Internet of Everything

We explore a new IoT security model that leverages edge computing resources to logically isolate and protect constrained devices and resources from the public Internet, effectively mediating trust relationships between the cloud and IoT devices.

Fog Mediated Data Sharing: Trustworthy Data Sharing in the Internet of Everything

We show how the concepts of proximal domains and fog mediation enable stronger privacy and data ownership protections without sacrificing application quality based on machine learning and other data-driven services.

Security and Privacy in Sensor-Actuator Networks

We study how the cyber-physical implications of sensing and actuation affect a variety of security and privacy applications in sensing and IoT systems, including the many constraints and challenges inherent in embedded systems.

Cheating and Anti-Cheating in Mobile Games

We investigate cheating vulnerabilities in mobile game and investigate the use of anti-cheating mechanisms, including protecting memory, local files, network traffic, source code, and game state integrity.

OAuth Implementation Flaws in the Wild

We study the OAuth protocol specification and perform a field-study of hundreds of mobile applications to identify authentication and authorization vulnerabilities in real mobile applications.

Modeling Interactions between Attackers and Defenders

We model multi-player adaptation to understand stability and convergence properties when both attacking and defending players are adapting in response to their respective observations.

Security and Privacy in Mobile Devices, Apps, and Services

We investigate a number of aspects of mobile security and privacy that do not align with existing definitions for telecommunications, computing, or sensing and instead focus on the unique system-of-systems nature of modern smartphones.

Telecommunication System Security

We demonstrate a variety of ways that service providers have overlooked security threats in their system designs and developd practical defense mechanisms as well as deeper redesign of telecommunications infrastructure.

Cross-Layer Self-Organization for Survivable Wireless Networking

We study the ability for distributed networks to self-organize, -heal, and -reconfigure to manage and heal themselves in a variety of scenarios involving critical wireless and cyber-physical infrastructure.

Understanding Next-Generation Jamming Attacks

We develop a variety of extended models for intentional interference and jamming using modern software-defined radio capabilities, including the ability to leverage higher-level protocol details and context information.

Secure and Resilient Networking and Data Transport

We show how the resilience of mesh networks in terms of path redundancy and diversity can be leveraged for protection against network failure or denial-of-service attack.

Efficient Defense and Mitigation of Jamming Attacks

We demonstrate several ways that anti-jamming techniques can leverage cross-layer information and software-defined signal processing communication, and networking capabilities to detect or mitigate jamming attacks.