The appeal of automatic biometric verification and recognition is growing as such methods become more accurate and widely available. Towards my Ph.D., I studied different security and privacy aspects of biometrics-based systems.
Privacy-Preserving Surveillance: Advances in deep learning (DL) have made possible real-time identification of persons in footage collected by surveillance equipment. While tracking “persons of interest” may be warranted, but tracking everybody else in the process is often unacceptable due to privacy concerns. I studied various DL algorithms and cryptographic schemes, e.g., fully homomorphic encryption, secure multi-party computation and private set intersection, to design a privacy-preserving biometric surveillance system. Details
Privacy-Preserving Authentication: Biometric authentication is getting increasingly popular because of its appealing usability and improvements in biometric sensors. At the same time, it raises serious privacy concerns since the common deployment involves storing bio-templates in remote servers. Current solutions propose to keep these templates on the client’s device, outside the server’s reach. This binds the client to the initial device. A more attractive solution is to have the server authenticate the client, thereby decoupling them from the device. I studied on building a zero-knowledge protocol that enables the server to authenticate the client without revealing client’s biometric data. I also designed a black-box security assessment technique for biometric authentication systems. Details
Breaking MLaaS and Building Live Biometric Verification: Users can now authenticate themselves to online services by using their mobile phone to show themselves performing simple tasks like blinking or smiling in front of its built-in camera. In this work, I showed many of the enterprise facial/voice recognition services (e.g. Microsoft Cognitive Services or Amazon Rekognition) are vulnerable to even the most primitive attacks. Then, I studied on building a robust liveness detection system, the Real Time Captcha, which slows down such an attack by turning the adversary’s task from creating authentic video/audio of the target victim performing known authentication tasks (e.g., smile, blink) to figuring out what is the authentication task, which is encoded as a Captcha. Details
Multimedia analysis plays a crucial role in forensic investigations, especially considering today’s sensor-rich environment. Before joining Georgia Tech, I focused on solving different digital forensic problems, e.g., recovering and assembling orphaned JPEG fragments, encoded audio/image classification, image metadata analysis, audio tamper and compression history analysis, acoustic/video sensor fingerprinting. I developed and open-sourced different tools for these works.
Image Forensics: In the context of forensic investigations, carving for deleted files and salvaging of data from damaged and faulty media are common procedures. By offering the ability to perform data recovery on a block basis, orphaned file carving approaches effectively increase the amount of recoverable evidence from devices. Orphaned file fragment carving is concerned with recovering contents of encoded data in the absence of any coding metadata. Constructing an orphaned file carver requires addressing different challenges: a specialized decoder to interpret partial file data; the ability to discriminate a specific type of encoded data from all other types of data; and comprehensive prior knowledge on possible encoding settings. Throughout this project, I studied on designing and building following tools.
- Crawler: A social media (e.g. Flickr) crawler that collects and analyzes millions of public JPEG files.
- Discriminator: An encoded-JPEG data discriminator against hundreds of different data types.
- Decoder: An error-tolerant partial JPEG fragment decoder.
- Assembler: A partial JPEG fragment assembler, which is leveraging PRNU sensor noise. Details
Audio Forensics: The advances in the digital audio processing technology and the increasing number of audio applications have led to a need for novel approaches in audio forensics. Throughout my M.Sc., I first studied discriminating speech data (in encoded or raw formats) from other type of data over a given forensic evidence (e.g., hard drive, mobile device, network stream etc.). Then, I worked on validating authenticity of gathered speech evidence. Hence, I designed and developed tools for audio compression history detection and tampered audio detection. Details
Sensor Fingerprinting: Device identification could be an essential part of some applications, e.g., device tracking, authorization, blacklisting. Hence, generating strong identifiers is necessary since others, e.g., Android Device ID, International Mobile Equipment Identity or Unique Device Identifier may not be stable or spoof resistant. On the other hand, a mobile device includes several sensor arrays, such as speaker, microphone, camera, accelerometer, gyroscope, or light sensors etc., which provide spoof-resistant identifiers due to their manufacturing variations. Throughout this project, I studied on ultrasonic cross device tracking, acoustic and camera sensor fingerprinting, and developed a new mobile device authentication protocol based on device hardware artifacts. Details
Wireless Sensor Networks (WSNs) are widely used in border security, military applications, power grids, critical infrastructures and smart spaces, and thus, they are naturally attractive to the adversaries and vulnerable to challenging environmental conditions. In general, after constructing a sensor network, its maintenance may not be feasible due to their harsh topologies. Hence, a WSN should be designed by considering many different factors, which impact the network’s lifetime. Throughout my B.Sc. and M.Sc., I analyzed many of these factors, and studied on the design. More specifically, I implemented and open-sourced various models in (mixed-) integer programming frameworks for measuring the impact of following factors and scenarios on the lifetime of WSNs.
- Sensor specs: Transmission power control strategies between sensor nodes.
- Attack scenarios: Elimination of the most critical node on the network.
- Routing and topology: Scalable routing scenarios for different network topologies. Details