Intelligent voice assistants and the microphone-equipped Internet of Things devices that support them are very convenient but carry significant privacy risks. Newer and future devices extend these risks by listening all the time — beyond a few specific keywords. The goal of our research is to develop privacy controls for…
As mobile health (mHealth) interventions have the potential to acquire a dominant role in safety-net healthcare settings, there are many challenges to data privacy that need to be considered. Users with marginalized backgrounds have a greater risk of experiencing more detrimental consequences of privacy and security breaches to mHealth apps…
Trusted execution environments (TEEs) are found in a range of devices — from embedded sensors to cloud servers — and encompass a range of cost, power constraints, and security threat model choices. On the other hand, each of the current vendor-specific TEEs makes a fixed set of trade-offs, with little…
During criminal investigations, U.S. law enforcement agencies often seek evidence held by third-party businesses. Many of these companies have established policies on how to respond to law enforcement requests for information. How do government agencies navigate these policies? This project studies this question through semi-structured interviews with investigators and prosecutors…
Targeted nation-state hacking against dissidents’ devices and online accounts is a growing problem with significant real-world consequences for targets, including physical harm. While initial research efforts have mapped out part of the ecosystem of these attacks, attackers are increasingly “going dark” by adapting their tools and techniques to compromise target…
Although deep neural networks (DNNs) have achieved impressive performance in several applications, they also exhibit several well-known sensitivities and security concerns that can emerge for a variety of reasons, including adversarial attacks, backdoor attacks, and lack of fairness in classification. Hence, it is important to better understand these risks in…
The continual improvement of models for author attribution—the task of inferring the author of an anonymized document—indicates potential benefits but also substantial risks in the context of privacy and cybersecurity. Such improvements pose particular threats to whistleblowers and other individuals who might have strong political or security-related reasons for wanting…
We will study how to harden machine learning classifiers against adversarial attack. We will explore general mechanisms for making deep-learning classifiers more robust against attack, with a special focus on security for autonomous vehicles. Current schemes fail badly in the presence of an attacker who is trying to fool or…
Bitcoin and blockchain systems brought us to the brink of a technological revolution: these systems allow us to bypass the need for centralized trusted entities to run protocols on a large scale. However, the decentralized nature of these systems brings unique challenges, including user authentication. While cryptography provides strong solutions…
Many mobile apps and online services use “third-party trackers,” which send data about specific user behaviors to various other companies. The purposes of these transmissions can include profiling individual users to target them with specific ads, amassing personal information to sell to data brokers, or monitoring activities to identify how…