Shwetak N. Patel

Experimental Security Analysis of a Modern Automobile

Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input\dash including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our cars two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a cars telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.

Whole-home gesture recognition using wireless signals

This paper presents WiSee, a novel gesture recognition system that leverages wireless signals (e.g., Wi-Fi) to enable whole-home sensing and recognition of human gestures. Since wireless signals do not require line-of-sight and can traverse through walls, WiSee can enable whole-home gesture recognition using few wireless sources. Further, it achieves this goal without requiring instrumentation of the human body with sensing devices. We implement a proof-of-concept prototype of WiSee using USRP-N210s and evaluate it in both an office environment and a two- bedroom apartment. Our results show that WiSee can identify and classify a set of nine gestures with an average accuracy of 94%.

ElectriSense: single-point sensing using EMI for electrical event detection and classification in the home

This paper presents ElectriSense, a new solution for automatically detecting and classifying the use of electronic devices in a home from a single point of sensing. ElectriSense relies on the fact that most modern consumer electronics and fluorescent lighting employ switch mode power supplies (SMPS) to achieve high efficiency. These power supplies continuously generate high frequency electromagnetic interference (EMI) during operation that propagates throughout a homes power wiring. We show both analytically and by in-home experimentation that EMI signals are stable and predictable based on the devices switching frequency characteristics. Unlike past transient noise-based solutions, this new approach provides the ability for EMI signatures to be applicable across homes while still being able to differentiate between similar devices in a home. We have evaluated our solution in seven homes, including one six-month deployment. Our results show that ElectriSense can identify and classify the usage of individual devices with a mean accuracy of 93.82%.

Disaggregated End-Use Energy Sensing for the Smart Grid

This article surveys existing and emerging disaggregation techniques for energy-consumption data and highlights signal features that might be used to sense disaggregated data in an easily installed and cost-effective manner.

The Georgia Tech aware home

The Aware Home Research Initiative (AHRI) at Georgia Tech is devoted to the multidisciplinary exploration of emerging technologies and services based in the home. Starting in 1998, our collection of faculty and students has created a unique research facility that allows us to simulate and evaluate user experiences with off-the-shelf and state-of-the-art technologies. With specific expertise in health, education, entertainment and usable security, we are able to apply our research to problems of significant social and economic impact.

PowerLine positioning: a practical sub-room-level indoor location system for domestic use

Using existing communications infrastructure, such as 802.11 and GSM, researchers have demonstrated effective indoor localization. Inspired by these previous approaches, and recognizing some limitations of relying on infrastructure users do not control, we present an indoor location system that uses an even more ubiquitous domestic infrastructure-the residential powerline. PowerLine Positioning (PLP) is an inexpensive technique that uses fingerprinting of multiple tones transmitted along the powerline to achieve sub-room-level localization. We describe the basics behind PLP and demonstrate how it compares favorably to other fingerprinting techniques.

SoundWave: using the doppler effect to sense gestures

Gesture is becoming an increasingly popular means of interacting with computers. However, it is still relatively costly to deploy robust gesture recognition sensors in existing mobile platforms. We present SoundWave, a technique that leverages the speaker and microphone already embedded in most commodity devices to sense in-air gestures around the device. To do this, we generate an inaudible tone, which gets frequency-shifted when it reflects off moving objects like the hand. We measure this shift with the microphone to infer various gestures. In this note, we describe the phenomena and detection algorithm, demonstrate a variety of gestures, and present an informal evaluation on the robustness of this approach across different devices and people.

HydroSense: infrastructure-mediated single-point sensing of whole-home water activity

Recent work has examined infrastructure-mediated sensing as a practical, low-cost, and unobtrusive approach to sensing human activity in the physical world. This approach is based on the idea that human activities (e.g., running a dishwasher, turning on a reading light, or walking through a doorway) can be sensed by their manifestations in an environments existing infrastructures (e.g., a homes water, electrical, and HVAC infrastructures). This paper presents HydroSense, a low-cost and easily-installed single-point sensor of pressure within a homes water infrastructure. HydroSense supports both identification of activity at individual water fixtures within a home (e.g., a particular toilet, a kitchen sink, a particular shower) as well as estimation of the amount of water being used at each fixture. We evaluate our approach using data collected in ten homes. Our algorithms successfully identify fixture events with 97.9% aggregate accuracy and can estimate water usage with error rates that are comparable to empirical studies of traditional utility-supplied water meters. Our results both validate our approach and provide a basis for future improvements.

Farther than you may think: an empirical investigation of the proximity of users to their mobile phones

Implicit in much research and application development for mobile phones is the assumption that the mobile phone is a suitable proxy for its owners location. We report an in-depth empirical investigation of this assumption in which we measured proximity of the phone to its owner over several weeks of continual observation. Our findings, summarizing results over 16 different subjects of a variety of ages and occupations, establish baseline statistics for the proximity relationship in a typical US metropolitan market. Supplemental interviews help us to establish reasons why the phone and owner are separated, leading to guidelines for developing mobile phone applications that can be smart with respect to the proximity assumption. We show it is possible to predict the proximity relationship with 86% confidence using simple parameters of the phone, such as current cell ID, current date and time, signal status, charger status and ring/vibrate mode.

A gesture-based authentication scheme for untrusted public terminals

Powerful mobile devices with minimal I/O capabilities increase the likelihood that we will want to annex these devices to I/O resources we encounter in the local environment. This opportunistic annexing will require authentication. We present a sensor-based authentication mechanism for mobile devices that relies on physical possession instead of knowledge to setup the initial connection to a public terminal. Our solution provides a simple mechanism for shaking a device to authenticate with the public infrastructure, making few assumptions about the surrounding infrastructure while also maintaining a reasonable level of security.