Categories
News Publication

New SPLICE Paper on Detecting Electronic Devices in Homes Using Harmonic Radar Technology

Phones, cameras, internet websites, and other devices constantly collect user data. The advent of so-called ‘Smart Things’ enables increasingly sensitive data to be collected inside the most private of spaces: the home. The first step in helping users regain control of their information that is collected inside their home is to alert them to the presence of potentially unwanted electronics.

In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars, sometimes called nonlinear junction detectors, which have also been used in applications ranging from explosives detection to insect tracking.

We adapt this radar technology to detect consumer electronics in a home setting and show that we can indeed accurately detect the presence of even ‘simple’ electronic devices like a smart lightbulb. We evaluate the performance of our radar in both wired and over-the-air transmission scenarios. Table 2 (below) presents the output of the experiments in the wireless testbed. We tested a set of 16 distinct devices (or objects) and showed that the electronic devices were detectable at distances ranging from 15 cm to 1 meter at different power levels. 

To read more, check out the full paper here. To see other SPLICE publications, check out our Zotero page here.

Beatrice Perez, Gregory Mazzaro, Timothy J. Pierson, and David Kotz. Detecting the Presence of Electronic Devices in Smart Homes Using Harmonic Radar TechnologyRemote Sens. 2022, 14, 327. https://doi.org/10.3390/rs14020327

Categories
News

We are recruiting master’s and doctoral students!

Are you interested in continuing your studies and contributing to the field of SmartHome security and privacy? If so, you’ve come to the right place! The SPLICE team is an interdisciplinary research team spanning seven institutions. Our researchers work in four main areas: Systems and networks; Internet of Things; Sociology, law and policy; and Human-Computer Interaction. Our goal is to continue building our team with a focus on inter-disciplinary collaborations. You can find more information about the teams that are recruiting below!


Professor Kevin Kornegay at Morgan State University

  • I am currently looking for two or three master’s students and one to two PhD students.
  • My research focus is on Privacy Enabled Security.
  • You can learn more about my lab and our research here.
  • If you are interested, apply here!

Professor Michel Kornegay at Morgan State University

  • I am currently looking for two master’s students and one PhD student.
  • Our research focuses on the development of device fingerprints based upon the RF wireless emissions from IoT devices found in a smart home. We develop the fingerprints by collecting I/Q data samples and extracting transient, channel or steady-state features unique to the device transmitter. We apply machine learning algorithms on the features to help create a device fingerprint. We are looking for students who are highly motivated, critical thinkers with exposure on the following topics: RF analog electronics, Matlab, communication theory, digital signal processing and machine learning. 
  • You can learn more about my lab and our work here.
  • To apply for graduate program admission, students can use this link. It is strongly recommended that students contact Dr. Michel Kornegay prior to submitting an application.

Professor David Kotz at Dartmouth College

  • I am currently seeking a PhD student to join my team beginning fall 2022. If you are interested, you need to apply to our PhD program by December 15, 2021. In our system of graduate admissions, faculty do not admit students directly.
  • You must have a Bachelor’s or Master’s degree in Computer Science or related field, with some experience in building software prototypes, conducting experimental research, analyzing experimental data, and writing scientific publications. The best candidates will have some experience in one of the above domains, or in pervasive computing, mobile computing, embedded systems, machine learning, security, privacy, or some combination.
  • In addition to collaborating with ten SPLICE professors and their students, you would have the opportunity to engage more broadly with the Department of Computer Science (CS) and with the cybersecurity community at Dartmouth via the Institute for Security, Technology, and Society (ISTS), providing extended opportunities for learning and collaboration. 

Categories
News

Khir Henderson featured in Diversity in Action Fall 2021 Magazine

Khir Henderson, doctoral student at Morgan State University whose work focuses on designing and developing sustainable and scalable architectures to help protect some of the major security vulnerabilities in our nation’s critical infrastructures, was recently featured in the Fall 2021 edition of Diversity in Action.

Khir’s work on the SPLICE team includes investigating hardware and software implementations of hardware-based security used to establish the ‘root of trust’ in IoT devices or systems. He has also lead the development of an IoT device testbed, housed at the CAP Center at Morgan State University, that uses an automated network-security architecture following the Manufacturer Usage Description (MUD) IETF model. Khir has collaborated with researchers at Johns Hopkins University on developing a smart home scanning apparatus that encompasses discovery, fingerprinting, and profiling.

You can find Khir’s feature in the Fall 2021 edition of Diversity in Action here. To stay up-to-date with SPLICE happenings, consider following the SPLICE blog by scrolling to the bottom of this page and entering your email address.

SPLICE Researcher and Doctoral Student, Khir Henderson
Categories
News People

Dr. Denise Anthony Confirmed as Health Management and Policy Department Chair at the University of Michigan

Dr. Denise Anthony, SPLICE PI at the University of Michigan whose work focuses on social dynamics of cooperation, trust, and privacy across social settings, has been approved by the University of Michigan Board of Regents as the next Health Management and Policy department chair.

Additional to her SPLICE work, Anthony has studied the effects of electronic health records (EHRs) on hospital quality, organizational dynamics affecting hospital compliance with HIPAA rules, and factors that influence patients’ use of online portals and tele-health. Anthony has previously served as the chair of the Department of Sociology at Dartmouth College.

In her new role, Anthony will work towards increasing the external visibility of the department and increasing collaborative opportunities across campus. While focusing on enhancing students’ experiences in the department and preparation for future roles, she will also support efforts to increase the diversity, equity, and inclusion of the department.

Join us in congratulating Dr. Denise Anthony!

Dr. Denise Anthony, Department Chair of Health Management and Policy at the University of Michigan
Categories
News Publication

New SPLICE paper on Engaging Underrepresented Students in Cybersecurity

To increase minority students’ participation, particularly African Americans in cyber fields, STEM engineering education requires a new approach to student learning. Students learn best when they are actively involved in the learning process. The concept of gamification is an emerging alternative approach that adds game elements to traditional instruction, engaging students in learning engineering concepts. In recent years, capture-the-flag competitions have emerged as a gamification approach to training and building students’ interest in cybersecurity. 

During the spring 2019 academic term, a team of students from the Electrical and Computer Engineering department of Morgan State University participated in an embedded capture-the-flag (eCTF) competition organized by MITRE. The eCTF was also offered as a graduate course in the department. This graduate course included a cohort of minority students who had been exposed to fundamental concepts regarding secure embedded systems. We found that the eCTF allowed students to work in teams, develop critical thinking skills, address complex technical issues associated with real-world applications, and motivated continued learning and increased research productivity after the course ended. This paper aims to describe the design and implementation of the eCTF competition in the graduate course and summarize the successes and the barriers that impact the engagement of minority students in cybersecurity.

To read more, check out the full paper here. To see other SPLICE publications, check out our Zotero page here.

Michel A. Kornegay, Md Tanvir Arafin, and Kevin Kornegay. Engaging Underrepresented Students in Cybersecurity using Capture-the-Flag(CTF) Competitions (Experience). 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference. July 2021. https://peer.asee.org/37048

Categories
News

Webinar on Communications Metadata and User Privacy

Join us for a Zoom webinar, by our very own Dr. Susan Landau, on the topic of Communications Metadata and User Privacy. The link to register and add the event to your calendar can be found on the bottom right corner of the flyer below and is copied here: https://tinyurl.com/52my6sh4

Categories
News Publication

New SPLICE paper on Security and Privacy Attitudes

Many studies of mobile security and privacy are, for simplicity, limited to either only Android users or only iOS users. However, it is not clear whether there are systematic differences in the privacy and security knowledge or preferences of users who select these two platforms. Understanding these differences could provide important context about the generalizability of research results. This paper reports on a survey (n=493) with a demographically diverse sample of U.S. Android and iOS users. We compare users of these platforms using validated privacy and security scales (IUIPC-8 and SA-6) as well as previously deployed attitudinal and knowledge questions from the Pew Research Center. As a secondary analysis, we also investigate potential differences among users of different smart-speaker platforms, including Amazon Echo and Google Home. We find no significant differences in privacy attitudes of different platform users, but we do find that Android users have more technology knowledge than iOS users. In addition, we find evidence (via comparison with Pew data) that Prolific participants have more technology knowledge than the general U.S. population.

To read more, check out the full paper and presentation from the Symposium on Usable Privacy and Security (SOUPS) 2021 here. To see other SPLICE publications, check out our Zotero page here.

Desiree Abrokwa, Shruti Das, Omer Akgul, and Michelle L. Mazurek. Comparing Security and Privacy Attitudes Among U.S. Users of Different Smartphone and Smart-Speaker Platforms. USENIX Symposium on Usable Privacy and Security (SOUPS) 2021, pages 139-158. USENIX Association, August 2021.

Categories
News Publication

New SPLICE Paper on Recurring Device Verification

The most common forms of authentication are passwords, potentially used in combination with a second factor such as a hardware token or mobile app (i.e., two-factor authentication). These approaches emphasize a one-time, initial authentication. Recent work has explored how to provide passive, continuous authentication and/or automatic de-authentication by correlating user movements and inputs with actions observed in an application (e.g., a web browser). The issue with indefinite trust goes beyond user authentication; consider devices that pair via Bluetooth.

The increased adoption of IoT devices and reports of inadequacy of their security makes indefinite trust of devices problematic. The reality of ubiquitous connectivity and frequent mobility gives rise to a myriad of opportunities for devices to be compromised. Thus, we argue that one-time, single-factor, device-to-device authentication (i.e., an initial pairing) is not enough, and that there must exist some mechanism to frequently (re-)verify the authenticity of devices and their connections.

In this paper we propose a device-to-device recurring authentication scheme – Verification of Interaction Authenticity (VIA) – that is based on evaluating characteristics of the communications (interactions) between devices. We adapt techniques from wireless traffic analysis and intrusion detection systems to develop behavioral models that capture typical, authentic device interactions (behavior); these models enable recurring verification of device behavior. 

To read more, check out the paper here.

Travis Peters, Timothy J. Pierson, Sougata Sen, José Camacho, and David Kotz. Recurring Verification of Interaction Authenticity Within Bluetooth Networks. Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2021), pages 192–203. ACM, June 2021. doi:10.1145/3448300.3468287. ©

Categories
News

Morgan State receives $3.1M NSF CyberCorps Scholarship

Morgan State University has been recognized for proposing “innovative approaches to cybersecurity education and professional development that […] will support students [and] increase the vitality of cybersecurity preparedness for the nation.” This recognition includes $3.1 million in funding from the National Science Foundation (NSF) through the CyberCorps Scholarship program to provide full scholarships and stipends to students who agree to work in cybersecurity jobs for federal, state, local or tribal governments after graduation.

The CyberCorps Scholarship funding will be used to provide students with a unique educational program in secure embedded systems through the Secure Embedded Systems Scholarship (SES2). The program begins with recruitment, and continues with mentorship and financial support for students pursuing BS, MS, and Ph.D. degrees. SES2 supports students holistically, by leveraging peer and professional mentorship, experimental learning activities, and a comprehensive curriculum in embedded systems.

Congratulations to Morgan State University, the Cybersecurity Assurance and Policy (CAP) Center, and SPLICE PIs Kevin and Michel Kornegay, who will be leading this effort. To learn more, check out NSF’s previous announcement about the CyberCorps Scholarship program here, and the CAP Center at Morgan State’s announcement here.

Categories
News

Kevin Kornegay on guiding automobile cybersecurity

Kevin Kornegay, SPLICE PI from Morgan State University, recently spoke with Tom Temin of the Federal News Network about the CAP Center‘s most recent collaboration with the NSA to ensure automobile cybersecurity. Kornegay describes that to find malicious code injected into the firmware of automobiles, he and his team first need to access the hardware and and then extract the firmware. They then use Ghidra to walk through the code and find malicious components. Kornegay and Temin go on to discuss the interplay between cybersecurity and industry motivations.

Kornegay and his team hope to provide cybersecurity best practices to industry through their governmental and nonprofit relationships. By working with the NSA, the CAP Center can provide technical solutions to the automotive industry to further protect car firmware and hardware. By working with Consumer Reports, the team’s findings can be made accessible to consumers who want safe and secure vehicles.

Check out Kevin Kornegay’s full interview with the Federal News Network here. To keep up to date with SPLICE news, subscribe to our blog at the bottom of this page.