Current Research Projects

Surviving Cybersecurity and Privacy Threats in Wearable Mobile Cyber-Physical Systems

Smart wearable devices, such as smart watches, are very popular and fast replacing their traditional non-smart counterparts. By means of various high-precision on-board sensors, these devices capture rich contextual information about the wearer and his environment to enable several new and useful applications. However, this diverse set of on-board sensors also provides an additional attack surface. Access to these sensors, if not controlled appropriately, can be used as a side-channel by an adversary keen on obtaining private and sensitive information belonging to the wearer. Moreover, active misuse detection and resistance of these wearable device sensors is not straightforward. There is currently a lack of understanding of the various side-channel security vulnerabilities that are possible due to wearable devices and there is an urgent need to study the means for continuously protecting against them. The research in this project addresses this very timely topic.

The goal of this research is twofold: first, to demonstrate that wearable devices enable novel side-channel security and privacy threats, and second, to design continuous authentication techniques and adaptive access control mechanisms to survive these threats. Specifically, this research will evaluate private data inference and wearer tracking threats in wearable devices that utilize unprotected sensors as side-channels. This will be accomplished by designing appropriate learning-based classification and prediction mechanisms that can be used by an adversary for inferring sensitive data. On the protection front, this project will develop a multi-sensor activity and identity classification framework. This framework will leverage rich contextual sensor data (e.g., fine-grained movements, application usage and critical body parameters) to enable continuous identification and authentication of legitimate wearers and their activities.

By studying security and privacy preferences of a diverse population of users, this research will develop usable activity-based access control tools for this new wearable device paradigm. A significant research thrust of this project is to develop adaptive data-sharing mechanisms for dynamically regulating access to sensor data based on the wearers' security preferences, current context and perceived threats. Such mechanisms will serve as a good middle-ground between giving full access (no security) and making manual decisions for each access (poor usability). This project involves industry collaborators to facilitate adoption of research outcomes into the future design and development of wearable devices. Research results, including proof-of-concept applications, will be publicly available to allow dissemination, early industry adoption and integration with curricula. More Information


Past Research Projects

EAGER: A Cloud-assisted Framework for Improving Pedestrian Safety in Urban Communities using Crowd-sourced Mobile and Wearable Device Data

Pedestrian safety continues to be a significant concern in urban communities. Several recent reports indicate that injuries and fatalities in pedestrian-related accidents are steadily rising and that pedestrian distraction is one of the leading causes in such accidents. Existing systems and techniques for improving pedestrian safety, which primarily operate on users' smartphones and mobile devices in a stand-alone fashion, have several design drawbacks and performance and usability concerns that have precluded their successful adoption and usage. The goal of this project is to improve pedestrian safety by designing accurate, efficient and usable tools and techniques, which can be easily adopted by urban users.

In order to accomplish this goal, this project plans to pursue a focused research agenda involving novel technologies and several exploratory and untested ideas. As part of the proposed pedestrian safety framework, accurate and energy-efficient on-device distraction detection techniques will be developed by employing multi-sensor and heterogeneous data available from upcoming mobile and wearable devices. In this direction, supervised and semi-supervised learning will be used to design efficient activity classification and distraction prediction techniques which will be empirically evaluated using proof-of-concept implementations. Unlike existing stand-alone approaches, the proposed framework employs a connected-community approach to accurately capture the impact of both a pedestrian's own actions, as well as the actions of others, on his/her safety. This involves the design and implementation of a privacy-preserving and cloud-assisted data-analytics engine to capture, analyze and notify pedestrians of impending hazardous situations from the crowd-sourced distraction data obtained from participating users. Finally, a comprehensive performance and usability evaluation will be conducted by deploying a large-scale testbed involving participants from Wichita State University's (WSU) campus community. The project outcomes, including the planned testbed, will have a significant impact on improving pedestrian safety within the WSU campus community. If successful, similar trials at an urban or city-wide scale can also be envisioned. In addition to improving pedestrian safety, this project will educate users and participants on the impact of technology on pedestrian safety and its role in improving the same. Project outcomes and results will be disseminated by means of peer-reviewed publications, white papers and open-source applications. Applications and anonymous data collected from the planned testbed will be appropriately disseminated to facilitate additional research and advances in the area of pedestrian safety technology. More Information


Towards a Privacy-Aware Information-Sharing Framework for Advanced Metering Infrastructures

Significant developments in the electric power industry are in the areas of advanced measurements, improved communication infrastructure, renewable energy sources, and electric vehicles. These changes are expected to influence the way energy is provided to and consumed by customers. Advanced Metering Infrastructure (AMI) initiatives are a popular tool to incorporate these changes for modernizing the electricity grid, reduce peak loads, and meet energy-efficiency targets; however, privacy concerns have limited customer acceptance of these initiatives. The research objective of this project is to design appropriate architectures for information collection and dissemination with security and privacy guarantees and to develop state-of-the-art algorithms and protocols for privacy-preserving communication and control that effectively exploit the AMI for improved system operations and active customer participation. More Information


Social Puzzle: Context-Based Access Control in Online Social Networks

The increasing popularity of Online Social Networks (OSNs) is spawning new security and privacy concerns. Currently, a majority of OSNs offer very naive access controls that are primarily based on static Access Control Lists (ACL) or policies. But as the number of social connections grow, a static ACL based approach slowly becomes ineffective and unappealing to OSN users. There is an increased need to control access to data based on the associated context, rather than solely on data ownership and social links. Surveillance by the OSN service provider is another critical concern for OSN users, as the service provider may further scrutinize data posted or shared by users for personal gains (e.g., targeted advertisements), for use by corporate partners or to comply with legal orders. In this project, we introduce a novel paradigm of context-based access control in OSNs, where users (in the sharer’s social network) are able to access the shared data only if they have knowledge of the context associated with it. More Information


Secure anchor-based localization using CDMA

Secure localization in the presence of cheating or non-trustworthy anchors is an important problem in wireless networks. Although many secure localization schemes have been proposed in the past, efficiently eliminating the cheating effect of malicious anchors in such localization schemes still remains an open problem. In this project, our goal is to address this open problem. One of the solutions that we propose employs a novel Code Division Multiple Access (CDMA) based communication protocol in order to overcome the problem of cheating anchors

Community Privacy in Pervasive Networks

Enhanced with novel peer-to-peer wireless communication capabilities, mobile devices can significantly increase the routing, forwarding performance and context awareness of pervasive networks, due to the structured and time-evolving interactions among mobile users and their communities. Meanwhile, network operators increasingly deploy low-power and low-range base stations, which allows them to track and infer accurate community information, at the expense of users' privacy.


In this project, we address the important issue of privacy in pervasive communities and evaluate the extent of private community information exposure vis-a-vis a practical (deployed) adversary. our experiments make use of data collected from a real-life deployment of around 80 smart-phone users on the EPFL campus. Our adversary comprises of a static wireless mesh network of 37 APs distributed across a 200 x 100 m target region on the campus.


Data Privacy in Context-based Mobile Applications

Due to the rapid proliferation of third-party data-sharing and context-based applications, available on most mobile devices and smart-phone platforms, the amount of private information that people share with each other and with the service providers is increasing. This presents obvious privacy-service trade-offs whereby users continue to want service but want to share as little personal data as possible.


In this project, we address privacy issues in time (or meeting) scheduling and common location determination applications. We design novel privacy-preserving protocols for these applications by using secure multi-party computation techniques based on state-of-the-art cryptosystems such as El-gamal, Paillier and BGN (Elliptic-curve) schemes.


Location Privacy

In an increasingly connected and highly pervasive network of mobile phone users, location privacy is a major concern. Users constantly access third-party location-based services from their mobile devices while on the move, thus losing their location privacy and making themselves susceptible to tracking or profiling by malicious eavesdroppers or curious third-party providers. Earlier research, by means of simulations, have shown how coordinated mixing of identifiers (mix-zones) can help towards efficiently maintaining a desired level of location privacy. But, there are no results from actual real-life experiments that support these claims.


In this project, we evaluated the effectiveness of standard mix-zone based privacy protection mechanisms against probabilistic tracking attacks in a real-life setting. Our results provide empirical evidence about the effectiveness of mix-zone based privacy-preserving mechanisms against practical adversaries in current wireless mobile systems. On the analytical side, we also studied the problem of effective mix-zone placement and proposed efficient solutions for the same.


Privacy-triggered Networking

Pervasive and peer-to-peer wireless networks are becoming extremely popular and privacy in such networks is extremely crucial. Any loss of privacy in such networks would mean that users, their locations, their preferences, their social circle, etc., can be tracked in real-time. Existing privacy-protection mechanisms that rely on users' context (time, location, activity, etc.) and their sensitivity to the shared data and context are not adaptive, i.e., they do not work well for regularly changing or dynamic user contexts and sensitivities.


In this project, we designed a novel scheme that dynamically regulates (or adjusts) users' communications based on his context and his privacy-sensitivity in that context.


Secure Localization and Time Synchronization in Wireless Networks

Advances in radio and processor technology has resulted in the widespread deployment of portable wireless devices and sensor networks for real-time information gathering and analysis tasks in adverse conditions and emergency scenarios such as riot control, natural disasters, terrorist attacks, military conflicts, etc. Post-deployment localization and time-synchronization is extremely crucial for the wireless devices in such applications. Without a common and accurate notion of time, it is extremely difficult to analyze the data originating from these devices. Centralized location/time synchronization in such applications may be difficult. Current distributed localization and time synchronization approaches are not designed for such highly hostile and dynamic network conditions.


This project studies the adverse effects of factors such as cheating beacons, node disablement and measurement inconsistencies on distributed localization/time synchronization protocols and attempts to provide efficient solutions, both in terms of computation and resource requirements, to these problems.