Adam C. Champion

DiffUser: Differentiated user access control on smartphones

Smartphones have been widely used in recent years due to their capabilities of supporting many applications from simple Short Message Service messages to complicated Location-based services. It is challenging for smartphones to enable their end users to manage all applications in all possible use cases to protect privacy or sensitive data. However, the security model for smartphone users is still a two-state model in which they can do anything or absolutely nothing, and it is no longer suitable. In this paper, we propose DiffUser, a differentiated user access control model to enhance smartphone security and user privacy. DiffUser classifies smartphone users based on certain sets of user access privileges. We implement a prototype of DiffUser on real-world T-Mobile G1 smartphones. The evaluation results show that our system is lightweight and flexible.

Detecting worms via mining dynamic program execution

Worm attacks have been major security threats to the Internet. Detecting worms, especially new, unseen worms, is still a challenging problem. In this paper, we propose a new worm detection approach based on mining dynamic program executions. This approach captures dynamic program behavior to provide accurate and efficient detection against both seen and unseen worms. In particular, we execute a large number of real-world worms and benign programs (executables), and trace their system calls. We apply two classifier-learning algorithms (Naive Bayes and Support Vector Machine) to obtain classifiers from a large number of features extracted from the system call traces. The learned classifiers are further used to carry out rapid worm detection with low overhead on the end-host. Our experimental results clearly demonstrate the effectiveness of our approach to detect new worms in terms of a very high detection rate and a low false positive rate.

Crowd-ML: A Privacy-Preserving Learning Framework for a Crowd of Smart Devices

Smart devices with built-in sensors, computational capabilities, and network connectivity have become increasingly pervasive. Crowds of smart devices offer opportunities to collectively sense and perform computing tasks at an unprecedented scale. This paper presents Crowd-ML, a privacy-preserving machine learning framework for a crowd of smart devices, which can solve a wide range of learning problems for crowd sensing data with differential privacy guarantees. Crowd-ML endows a crowd sensing system with the ability to learn classifiers or predictors online from crowd sensing data privately with minimal computational overhead on devices and servers, suitable for practical large-scale use of the framework. We analyze the performance and scalability of Crowd-ML and implement the system with off-the-shelf smartphones as a proof of concept. We demonstrate the advantages of Crowd-ML with real and simulated experiments under various conditions.

Link-layer protection in 802.11i WLANS with dummy authentication

The current 802.11i standard can provide data confidentiality, integrity and mutual authentication in enterprise Wireless Local Area Networks (WLANs). However, secure communication can only be provided after successful authentication and a robust security network association is established. In general, the wireless link layer is not protected by the current standard in WLANs, which leads to many possible attacks, especially in public open-access wireless networks. We argue that regardless of the type of network under consideration, link-layer protection and data confidentiality are of great importance in wireless applications. In this paper, we first identify and analyze the security issues ignored by the current 802.11 security standard. Then we propose our solution to patch the current 802.11i standard and address all those issues with a new dummy authentication key-establishment algorithm. Dummy means no real authentication for a user. In dummy authentication, we apply public-key cryptographys key-establishment technique to the 802.11 MAC protocol. Our solution can provide link-layer data encryption in open-access wireless networks, separate session encryption keys for different users, and protection for important frames such as management and null data frames as well as Extensible Authentication Protocol (EAP) messages.

SurvSurf: human retrieval on large surveillance video data

The volume of surveillance videos is increasing rapidly, where humans are the major objects of interest. Rapid human retrieval in surveillance videos is therefore desirable and applicable to a broad spectrum of applications. Existing big data processing tools that mainly target textual data cannot be applied directly for timely processing of large video data due to three main challenges: videos are more data-intensive than textual data; visual operations have higher computational complexity than textual operations; and traditional segmentation may damage video data’s continuous semantics. In this paper, we design SurvSurf, a human retrieval system on large surveillance video data that exploits characteristics of these data and big data processing tools. We propose using motion information contained in videos for video data segmentation. The basic data unit after segmentation is called M-clip. M-clips help remove redundant video contents and reduce data volumes. We use the MapReduce framework to process M-clips in parallel for human detection and appearance/motion feature extraction. We further accelerate vision algorithms by processing only sub-areas with significant motion vectors rather than entire frames. In addition, we design a distributed data store called V-BigTable to structuralize M-clips’ semantic information. V-BigTable enables efficient retrieval on a huge amount of M-clips. We implement the system on Hadoop and HBase. Experimental results show that our system outperforms basic solutions by one order of magnitude in computational time with satisfactory human retrieval accuracy.

JSGuard: Shellcode Detection in JavaScript

JavaScript (JS) based shellcode injections are among the most dangerous attacks to computer systems. Existing approaches have various limitations in detecting such attacks. In this paper, we propose a new detection methodology that overcomes these limitations by fully using JS code execution environment information. We leverage this information and create a virtual execution environment where shellcodes’ real behavior can be precisely monitored and detection redundancy can be reduced. Following this methodology, we implement JSGuard, a prototype malicious JS code detection system in Debian Linux with kernel version 2.6.26. Our extensive experiments show that JSGuard reports very few false positives and false negatives with acceptable overhead.

D-Card: A distributed mobile phone based system for relaying verified friendships

Cyber-physical networking systems (CPNSs) closely bridge cyberspace and the physical world. Cyberspace includes not only the Internet, but also telephone networks and short-range communications. CPNSs arise in many application domains, including social networking. Social CPNSs connect people embodied in the physical world with cyber social networking services to facilitate social interactions, including friendship formation. These services can be characterized by their dependence on Internet connections to operate. An important class of social CPNSs are mobile phone based ones. However, there is a lack of friendship verification in mobile phone based social CPNSs that allow miscreants to masquerade as friends. In this paper, we present D-Card, a mobile phone based social CPNS that provides friendship verification. D-Card provides an electronic name card that encodes relationship information for a person with his contact information. The name card includes a public key and digital signature. Comparing this public key with one from a trusted source enables identity verification. D-Card leverages a Bluetooth SDP toolkit to exchange information without requiring connection establishment. D-Card is a purely distributed CPNS that requires no Internet access or infrastructure. We implement the D-Card CPNS in Java ME and Bluetooth. Our experiments with real-world mobile phones illustrate its potential for friendship verification in mobile phone based social CPNSs. To the best of our knowledge, D-Card is the first such CPNS designed for this purpose.

BridgeLoc: Bridging Vision-Based Localization for Robots

In this paper, we study vision-based localization for robots. We anticipate that numerous mobile robots will serve or interact with humans in indoor scenarios such as healthcare, entertainment, and public service. Such scenarios entail accurate and scalable indoor visual robot localization, the subject of this work. Most existing vision-based localization approaches suffer from low localization accuracy and scalability issues due to visual environmental features’ limited effective range and detection accuracy. In light of infrastructural cameras’ wide indoor deployment, this paper proposes BRIDGELOC, a novel vision-based indoor robot localization system that integrates both robots’ and infrastructural cameras. BRIDGELOC develops three key technologies: robot and infrastructural camera view bridging, rotation symmetric visual tag design, and continuous localization based on robots’ visual and motion sensing. Our system bridges robots’ and infrastructural cameras’ views to accurately localize robots. We use visual tags with rotation symmetric patterns to extend scalability greatly. Our continuous localization enables robot localization in areas without visual tags and infrastructural camera coverage. We implement our system and build a prototype robot using commercial off-the-shelf hardware. Our real-world evaluation validates BRIDGELOC’s promise for indoor robot localization.

R-Focus: A Rotating Platform for Human Detection and Verification Using Electronic and Visual Sensors

Prolific sensing devices like mobile phones and video cameras can sense electronic and visual information, respectively, which can help detect and verify a person. Accurate detection and verification of a persons identity from this sensed data is important for enabling applications such as surveillance and e-health. This is challenging due to sensed data heterogeneity, measurement noise, and the prohibitive cost of specialized equipment. This paper proposes R-Focus, a rotating platform with electronic and visual sensors that can detect and verify a person of interest in an area. R-Focus performs electronic and visual data collection and rotates based on the collected data. R-Focus uses the electronic identity information for a person to gather visual identity information for the person, who is verified and tracked. We implement R-Focus on commercial off-the-shelf hardware and software. Our experimental evaluation shows R-Focuss promise for detecting and verifying a person of interest.

Enclave: Promoting Unobtrusive and Secure Mobile Communications with a Ubiquitous Electronic World

Thanks to smartphones’ mass popularity in our society, our world is surrounded by ubiquitous electronic signals. These signals originate from static objects such as buildings and stores and mobile objects such as people or vehicles. Yet it is difficult to readily access electronic information. Current wireless communications focus on reliable transmission from sources to destinations, which entails tedious connection establishment and network configuration. This forms a virtual electronic barrier among people that makes unobtrusive communication difficult. In addition, there is concern about interacting with the electronic world due to such interactions’ insecurity. To safely remove the electronic barrier, we propose Enclave, a delegate wireless device that helps people’s smartphones communicate unobtrusively. We realize Enclave using two key supporting technologies, NameCast and PicComm. NameCast uses wireless device names to unobtrusively transmit short messages without connection establishment. PicComm uses the transfer of visual images to securely deliver electronic information to people’s smartphones. We implement Enclave on commercial off-the-shelf smartphones. Our experimental evaluation illustrates its potential for smartphone data protection and unobtrusive and secure communication.