WordCloud representation of paper abstracts.

Today, with the rapid adoption of the Internet of Things (IoT), we face a new world, where we are never alone. At all times, a plethora of connected devices, from smartphones to home assistants to motion detectors, sense and monitor our activities. While these devices provide us convenience, they are often backed by powerful analytics to sift through large volume of personal data, at times collected without our awareness or consent. Such personal data can reveal a lot about ourselves like our habits and lifestyles, which not only has great commercial value to advertisers to serve targeted ads, but can also be misused by repressive governments and cybercriminals. In my research, I look at developing novel frameworks to help identify and mitigate the security and privacy risks that arise from emerging IoT systems.

Relevant publications:

When we interact with the Internet, we leave behind traces of our interactions, called digital footprints. These footprints reveal a lot about ourselves; our identity, our personal habits, and our desires. Such intensely personal information has great commercial value to advertisers in the form of serving targeted ads, but at the same time it can also be misused by employers and repressive governments. To protect users, privacy tools such as ad- and tracker-blocking extensions have been developed. In turn advertisers have begun leveraging more advanced tracking techniques that reduce the effectiveness of these approaches. In my research, I have developed novel techniques to uniquely fingerprint smartphones by exploiting manufacturing imperfections of their embedded sensors. I have also designed countermeasures that are simple yet effective, and can attain acceptable tradeoffs between privacy and utility.

Relevant publications:

Today’s Internet services rely heavily on text-based passwords for user authentication. The pervasiveness of these services coupled with the difficulty of remembering large numbers of secure passwords tempts users to reuse or modify existing passwords at multiple sites. My research looks at analyzing and identifying different ways in how users reuse or modify passwords using real-world large-scale leaked data sets.

Relevant publications:

Many people use anonymity networks like Tor to hide their digital footprints on the Internet. Tor is a distributed overlay network comprised of volunteer relays (also known as routers). To anonymize TCP connections, a Tor user constructs a circuit comprised typically of three Tor relays: any individual relay cannot reconstruct the whole circuit and link the source to the destination. However, users’ anonymity can be compromised by active and passive attackers in the network. My research looked at analyzing the security guarantees provided by Tor in the presence of active and passive attackers.

Relevant publications: