Research Projects

Following is a list of our active projects, broadly scoped and focusing on systems-oriented as well as theoretical aspects:

1. Authentication
   • Voice Authentication: All Your Voices are Belong to Us
   • Multi-Factor Authentication
     • Listening Watch: Wearable Two-Factor Authentication using Speech Signals Resilient to Near-Far Attacks
     • Mix Bandwidth TFA
     • DE-PAKE: Device-Enhanced Password Protocols with Optimal Online-Offline Protection
     • Sound-Danger: Dangers of Second-Factor Login based on Ambient Audio
   • Behavioral Biometrics
     • ZEBRA Attack: Pitfalls in Designing Zero-Effort Deauthentication
     • Gametrics: Towards Attack-Resilient Behavioral Authentication with Simple Cognitive Games
     • Tap Biometrics: Transparently Authenticating NFC Users with Tapping Gesture Biometrics
     • VibWrite: Towards Finger-input Authentication on Ubiquitous Surfaces via Physical Vibration
     • YELP: Masking Sound-based Opportunistic Attacks in Zero-Effort Deauthentication
   • Password Management
     • SPHINX: A Password Store that Perfectly Hides Passwords from Itself
   • Security of Wearable Computing
     • Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity
     • The Comprehensive Survey on the Security of Wearable Computing
   • Contextual Security
2. End-to-End Encryption
   • Wiretapping via Mimicry
   • Cyrpto Phones Security and Usability
   • E2E App Study
   • CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through
3. Side Channels, Information Leakage, Privacy
   • Speechless: Analyzing the Threat to Speech Privacy from Smartphone Motion Sensors
   • Keystroke Emanations
   • Vibrational Emanations
   • YELP: Masking Sound-based Opportunistic Attacks in Zero-Effort Deauthentication
   • Slogger: Defense against Smartphone Keyloggers
   • The Comprehensive Survey on the Security of Wearable Computing
4. Neuro Security and Brainwave Privacy
   • fMRI Study of Phishing and Malware Warnings
   • EEG + Eye Tracking Study of Phishing and Malware Warnings
   • fNIRS Study of Phishing
   • PEEP: Learning Passwords from Brainwaves
5. Next Generation CAPTCHAs
   • DCG: Investigation of Dynamic Cognitive Game CAPTCHAs
   • EI-DCG: Emerging Image Game CAPTCHAs for Resisting Automated and Human-Solver Relay Attacks
   • EI-Nu: Emerging-Image Motion CAPTCHAs: Vulnerabilities of Existing Designs, and Countermeasures

*Current research has been externally supported by NSF (multiple grants and multiple programs), DoJ/NIJ, Google (2 Faculty Research Awards), Comcast, Cisco, Microsoft, Intel, Nokia, and Research in Motion. Thanks to all of our sponsors!