Research

Our current research has been externally supported by NSF (multiple grants and multiple programs), NIJ, Google (2 Faculty Research Awards), Microsoft Research, Comcast, Cisco, Intel, Nokia, and Research in Motion. Thanks to all of our sponsors!

Following is a list of our active projects (with links), broadly scoped and focusing on systems-oriented as well as theoretical aspects:

1. Authentication

   • Voice Authentication: All Your Voices are Belong to Us

   • Multi-Factor Authentication

     • Mix Bandwidth TFA
     • DE-PAKE: Device-Enhanced Password Protocols with Optimal Online-Offline Protection
     • Sound-Danger: Dangers of Second-Factor Login based on Ambient Audio

• • Behavioral Biometrics

    • ZEBRA Attack: Pitfalls in Designing Zero-Effort Deauthentication
    • Gametrics: Towards Attack-Resilient Behavioral Authentication with Simple Cognitive Games
    • Tap Biometrics: Transparently Authenticating NFC Users with Tapping Gesture Biometrics
    • VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
    • YELP: Masking Sound-based Opportunistic Attacks in Zero-Effort Deauthentication

• • Password Management

    • SPHINX: A Password Store that Perfectly Hides Passwords from Itself

1. • The Comprehensive Survey on the Security of Wearable Computing

2. End-to-End Encryption

   • Wiretapping via Mimicry

   • Cyrpto Phones Security and Usability

   • E2E App Study

   • CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through

3. Side Channels, Information Leakage, Privacy

   • Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors

   • Keystroke Emanations

   • Vibrational Emanations

   • YELP: Masking Sound-based Opportunistic Attacks in Zero-Effort Deauthentication

   • Slogger: Defense against Smartphone Keyloggers

   • The Comprehensive Survey on the Security of Wearable Computing

4. Neuro Security and Brainwave Privacy

   • fMRI Study of Phishing and Malware Warnings

   • EEG + Eye Tracking Study of Phishing and Malware Warnings

   • fNIRS Study of Phishing

   • PEEP: Learning Passwords from Brainwaves

5. Next Generation CAPTCHAs

   • DCG: Investigation of Dynamic Cognitive Game CAPTCHAs

   • EI-DCG: Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks

   • EI-Nu: Emerging-Image Motion CAPTCHAs: Vulnerabilities of Existing Designs, and Countermeasures