Search for: All records

Protocol reverse engineering (ProtocolREing) consists of taking streams of network data and inferring the communication protocol. ProtocolREing is critical task in malware and system security analysis. Several ProtocolREing automation tools have been developed, however, in practice, they are not used because they offer limited interaction. Instead, reverse engineers (ProtocolREs) perform this task manually or use less complex visualization tools. To give ProtocolREs the power of more complex automation, we must first understand ProtocolREs processes and information and interaction needs to design better interfaces. We interviewed 16 ProtocolREs, presenting a paper prototype ProtocolREing automation interface, and ask them to discuss their approach to ProtocolREing while using the tool and suggest missing information and interactions. We designed our prototype based on existing ProtocolREing tool features and prior reverse engineering research’s usability guidelines. We found ProtocolREs follow a flexible, hypothesis-driven process and identified multiple information and interaction needs when validating the automation’s inferences. We provide suggestions for future interaction design. 

Over the years, researchers have explored various approaches for capturing and monitoring the eating activity, one among which is via Wi-Fi channel state information (CSI). CSI-based approaches commonly rely on multi-antenna systems for the capturing and monitoring tasks. With the advent of low-cost, single-antenna IoT devices with CSI measuring capabilities, a question that arises is whether these inexpensive devices can monitor human activities? In this paper we present the SandDune system that demonstrates the possibility of monitoring one human activity–eating–using only inexpensive single-antenna Wi-Fi devices. SandDune is an infrastructure-based system that continuously monitors CSI information to detect the eating activity occurring in its vicinity. When it detects an eating activity, it scrutinizes the signals further to identify all hand-to-mouth eating gestures in the eating episode. We tested SandDune and observed that SandDune can distinguish eating from other activities with an F1-score of 85.54%. Furthermore, it can detect the number of hand-to-mouth gestures that occurred in the eating episode with an error of ±3 gestures. Overall, we believe that a SandDune-like system can enable low cost, unobtrusive eating activity detection and monitoring with potential use-cases in several health and well-being applications. 

The persistent under-representation of students from groups historically underrepresented in Computer Science and Engineering (CS&E) programs presents a significant challenge to achieving diversity within the field. A workforce with diverse experiences and perspectives is essential for creating innovations that serve all mem- bers of society. Existing documented eorts to broaden diversity in CS&E are time-intensive (multi-week programs) and do not quan- tify attraction to graduate studies. This paper aims to bridge that gap by presenting and evaluating a detailed design for a one-day workshop that includes presentations from research professors, hands-on cybersecurity demos, a panel discussion with current and recent graduate students in CS&E, and a participation survey. By engaging students historically under- represented in CS&E in the topic of graduate school, we aim to increase the diversity of students who apply to and attend graduate school, and ultimately enter the workforce through industry or through the professoriate, thus making the field more diverse and representative of varied perspectives. We held the aforementioned workshop at a Hispanic-Serving Institution in April 2024. The event successfully attracted members of historically under-represented groups. Our survey results show that 78% of the participants agreed or strongly agreed that the event increased their interest in graduate school, 72% were more likely to seek further information about attending graduate school, and 67% of the participants had an increased interest in CS&E research. Our experience shows that one-day events focused on engaging students in the topic of graduate school in CS&E can positively impact attendee’s interest in graduate school and provide valuable information about the application process and graduate school experience. 

This paper analyzes Google Home, Apple HomeKit, Samsung SmartThings, and Amazon Alexa platforms, focusing on their integration with the Matter protocol. Matter is a connectivity standard developed by the Connectivity Standards Alliance (CSA) for the smart-home industry. By examining key features and qualitative metrics, this study aims to provide valuable insights for consumers and industry professionals in making informed decisions about smart-home devices. We conducted (from May to August 2024) a comparative analysis to explore how Google Home Nest, Apple HomePod Mini, Samsung SmartThings station, and Amazon Echo Dot platforms leverage the power of Matter to provide seamless and integrated smart-home experiences. 

Smart-home technology is now pervasive, demanding increased attention to the security of the devices and the privacy of the home's residents. To assist residents in making security and privacy decisions - e.g., whether to allow a new device to connect to the network, or whether to be alarmed when an unknown device is discovered - it helps to know whether the device is inside the home, or outside. In this paper we present MOAT, a system that leverages Wi-Fi sniffers to analyze the physical properties of a device's wireless transmissions to infer whether that device is located inside or outside of a home. MOAT can adaptively self-update to accommodate changes in the home indoor environment to ensure robust long-term performance. Notably, MOAT does not require prior knowledge of the home's layout or cooperation from target devices, and is easy to install and configure. We evaluated MOAT in four different homes with 21 diverse commercial smart devices and achieved an overall balanced accuracy rate of up to 95.6%. Our novel periodic adaptation technique allowed our approach to maintain high accuracy even after rearranging furniture in the home. MOAT is a practical and efficient first step for monitoring and managing devices in a smart home. 

The increased use of smart home devices (SHDs) on short- term rental (STR) properties raises privacy concerns for guests. While previous literature identifies guests’ privacy concerns and the need to negotiate guests’ privacy prefer- ences with hosts, there is a lack of research from the hosts’ perspectives. This paper investigates if and how hosts con- sider guests’ privacy when using their SHDs on their STRs, to understand hosts’ willingness to accommodate guests’ pri- vacy concerns, a starting point for negotiation. We conducted online interviews with 15 STR hosts (e.g., Airbnb/Vrbo), find- ing that they generally use, manage, and disclose their SHDs in ways that protect guests’ privacy. However, hosts’ prac- tices fell short of their intentions because of competing needs and goals (i.e., protecting their property versus protecting guests’ privacy). Findings also highlight that hosts do not have proper support from the platforms on how to navigate these competing goals. Therefore, we discuss how to improve platforms’ guidelines/policies to prevent and resolve conflicts with guests and measures to increase engagement from both sides to set ground for negotiation. 

Many systems are built around the assumption that one ac- count corresponds to one user. Likewise, password creation and management is often studied in the context of single-user accounts. However, account and credential sharing is com- monplace, and password generation has not been thoroughly investigated in accounts shared among multiple users. We examine account sharing behaviors, as well as strategies and motivations for creating shared passwords, through a census- representative survey of U.S. users (n = 300). We found that password creation for shared accounts tends to be an individ- ual, rather than collaborative, process. While users tend to have broadly similar password creation strategies and goals for both their personal and shared accounts, they sometimes make security concessions in order to improve password us- ability and account accessibility in shared accounts. Password reuse is common among accounts collectively shared within a group, and almost a third of our participants either directly reuse or reuse a variant of a personal account password on a shared account. Based on our findings, we make recommen- dations for developers to facilitate safe sharing practices. 

In this article, we outline the challenges associated with the widespread adoption of smart devices in homes. These challenges are primarily driven by scale and device heterogeneity: a home may soon include dozens or hundreds of devices, across many device types, and may include multiple residents and other stakeholders. We develop a framework for reasoning about these challenges based on the deployment, operation, and decommissioning life cycle stages of smart devices within a smart home. We evaluate the challenges in each stage using the well- known CIA triad—Confidentiality, Integrity, and Availability. In addition, we highlight open research questions at each stage. Further, we evaluate solutions from Apple and Google using our framework and find notable shortcomings in these products. Finally, we sketch some preliminary thoughts on a solution for the smart home of the near future. 

Harmonic radar systems have been shown to be an effective method for detecting the presence of electronic devices, even if the devices are powered off. Prior work has focused on detecting specific non-linear electrical components (such as transistors and diodes) that are present in any electronic device. In this paper we show that harmonic radar is also capable of detecting the presence of batteries. We tested a proof-of-concept system on Alkaline, NiMH, Li-ion, and Li-metal batteries. With the exception of Li-metal coin cells, the prototype harmonic radar detected the presence of batteries in our experiments with 100% accuracy.