.

News

March 26, 2014: I have officially accepted a position as an Associate Professor of Computer and Information Science and Engineering at the University of Florida. I will be building a brand new security program, and look forward to performing bleeding-edge research with our academic, corporate and government partners long into the future!

March 12, 2014: I have officially been granted tenure and promotion at Georgia Tech, and am now an Associate Professor of Computer Science. Great thanks to my students, colleagues, and most importantly my family and friends for their support over the last six years.

February 18, 2014: I have been named a 2014 Sloan Fellow. The Sloan Fellowship is one of the top honors bestowed upon young faculty across all of science and engineering. I am grateful to the Alfred P. Sloan Foundation for this tremendous honor.

January 27, 2014: An extended version of our paper, "Accountable Wiretapping -or- I Know They Can Hear You Now", has been accepted for publication in the Journal of Computer Security (JCS). This work, which provides the first secure auditing methods for legal wiretapping and helps prevent abuses of such systems, is the result of the partnership between four universities and experts in the fields of cellular networks, telephony, systems and cryptography.

December 3, 2013: Congratulations to my Ph.D. student, Chaitrali Amrutkar, who successfully defended her dissertation entitled "Towards Secure Web Browsing on Mobile Devices". Her work discovered a number of vulnerabilities in mobile browsers, problems with security indicators and new techniques to detect malicious mobile web pages. She will join Oracle in the spring.

October 22, 2013: Worried about mobile malware? Your worries may be misplaced! A study by Google confirms the results of our paper, The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers, which shows that infection rates for mobile devices are extremely low. Read our paper to learn more about the reality mobile threats. See the articles here!

October 21, 2013: The ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) has just posted its Call for Papers. As one of the Program Chairs, I strongly urge you to submit your top research!

October 9, 2013: I will be giving a talk entitled "Chasing Telephony Security: Where the Wild Things... Are?" at The University of Waterloo in Waterloo, Ontario as part of the CrySP Speaker Series on Privacy. Come hear about the reality of threats and solutions in this space if you are nearby.

July 25, 2013: I will be giving a talk entitled "Analyzing Malicious Traffic in Cellular Networks" at the GSM Association's Mobile Malware Community Workshop in Mountain View, CA.

June 4, 2013: I will be an invited speaker at the Federal Trade Commission's (FTC) panel entitled "Mobile Security: Potential Threats and Solutions". Come join us in Washington D.C., or tune in via the webcast!

April 29, 2013: Our paper, Secure Outsourced Garbled Circuit Evaluation for Mobile Devices, has been accepted for publication at the 2013 USENIX Security Symposium.

April 17, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, received the Best Paper Award at the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), which is being held in Budapest, Hungary.

March 21, 2013: Interested in learning about the state of the art for security in mobile systems and telephony networks? I will be giving a talk entitled "Chasing Telephony Security: Where the Wild Things... Are?" at The University of Wisconsin - Madison on March 21st in Madison, WI. Come hear about the reality of threats and solutions in this space if you are nearby.

March 15, 2013: I was an invited speaker at Queen's University in Belfast, Northern Ireland, where I gave a talk entitled "The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers" as part of the World Cyber Security Technology Research Summit 2013. A copy of this paper can be found here.

March 6,7, 2013: Interested in learning about the state of the art for security in mobile systems and telephony networks? I will be giving a talk entitled "Chasing Telephony Security: Where the Wild Things... Are?" at UC Berkeley and Stanford University on March 6th in Berkeley, CA and March 7th in Stanford, CA. Come hear about the reality of threats and solutions in this space if you are nearby.

February 27, 2013: Our company, Pindrop Security, is SC Magazine's Best Rookie Security Company of 2013 and a finalist for the Best Emerging Technology. Learn more about how we are stopping phone fraud!

February 25, 2013: Our paper, Why is My Smartphone Slow? On The Fly Diagnosis of Poor Performance on the Mobile Internet, has been accepted for publication at the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

February 4, 2013: Interested in learning about the state of the art for security in mobile systems and telephony networks? I will be giving a talk entitled "Chasing Telephony Security: Where the Wild Things... Are?" at Carnegie Mellon University on February 4th in Pittsburgh, PA. Come hear about the reality of threats and solutions in this space if you are nearby.

January 22, 2013: Our paper, MAST: Triage for Market-scale Mobile Malware Analysis, which discusses efficient methods for finding malware in massive-scale mobile applications markets, has been accepted to the 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) in Budapest, Hungary.

December 11, 2012: Ever wonder about the security of your mobile browser? Our recent study, "Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road?", indicates that even expert users are vulnerable to attack. See some of our media coverage here (NPR, NBC News, Network World, InformationWeek, Consumer Affairs, UPI)

November 8, 2012: Interested in learning about the state of the art for security in mobile systems and telephony networks? I will be giving a talk entitled "Chasing Telephony Security: Where the Wild Things... Are?" at The University of Washington and The University of Oregon on 11/8 and 11/9. Come hear about the reality of threats and solutions in this space if you are nearby.

October 20, 2012: Our paper, The Core of the Matter: Analyzing Malicious Traffic in Cellular Carriers, has been accepted for publication at the 2013 ISOC/USENIX Network & Distributed System Security Symposium (NDSS).

September 21, 2012: Our paper, Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road?, was recognized as the Best Student Paper at this year's Information Security Conference (ISC) in Passau, Germany.

August 15, 2012: The Annual Computer Security Applications Conference, for which I am the Program Co-Chair, has announced its program for 2012. Be sure to join us in Orlando in December!

August 3, 2012: Congratulations to Italo Dacosta, who was hooded today as a graduate of Georgia Tech and my first graduating Ph.D. student!

June 17, 2012: A great week for our lab. First, our paper, Trust No One Else: Detecting MITM Attacks Against SSL/TLS Without Third-Parties, has been accepted for publication at the European Symposium on Research in Computer Security (ESORICS). Second, our paper, Under New Management: Practical Attacks on SNMPv3, has also been accepted to the USENIX Workshop on Offensive Technologies (WOOT '12). Finally, our paper "Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road?" has been accepted to the Information Security Conference (ISC).

June 7, 2012: I gave an invited talk, "Needles and Haystacks: Digging for Ground Truth on Mobile Malware", at the ZISC Workshop on Secure Mobile and Cloud Computing at ETH Zurich in Zurich, Switzerland.

April 9, 2012: I have been honored with the "Lockheed Inspirational Young Faculty Award".

March 16, 2012: Our startup, Pindrop Security, talks about the rising problems of phone fraud and Caller-ID spoofing on the front page of today's edition of USA Today.

February 28, 2012: Our startup, Pindrop Security, was named one of the Top 10 most innovative companies by the RSA Conference. Press coverage of the event is available here. Pindrop Security is a direct result of our 2010 research paper at ACM CCS.

February 27, 2012: I will be a member of the "Advice from Early Career Faculty" Panel as part of the 2012 CRA Career Mentoring Workshop in Washington, D.C.

December 9, 2011: I have been named the Co-Chair of the Program Committee for the Annual Computer Security Applications Conference (ACSAC) for 2012 and 2013.

October 18, 2011: Our paper, (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers, is being presented at the ACM Conference on Computer and Communications Security (CCS). This work, covered in a number of news outlets, demonstrates that a mobile device located near a keyboard can record information typed by a victim using only the phone's accelerometer.

September 27, 2011: I took part in the US-China Software Workshop in Beijing, a bilateral effort to encourage collaboration between researchers in the two countries.

August 8, 2011: I have been named the Program Chair for the 2012 USENIX Workshop on Hot Topics in Security (HotSec).

July 26, 2011: I will be an invited speaker at the East African Workshop on Cyberspace Security in Nairobi, Kenya. I will be discussing issues regarding cellular infrastructure security at this joint effort between the US Department of State and the governments of Burundi, Kenya, Rwanda, Tanzania and Uganda.

May 27, 2011: Our company, PinDrop Security, won the Georgia Research Alliance/Technology Association of Georgia Business Launch Competition and received over $200k in services. This company builds directly on our call provenance research results.

March 16, 2011: I was an invited speaker at Queen's University in Belfast, Northern Ireland, where I gave a talk entitled "Tomorrows Issues: Solving the Mobile Security Threat" as part of the World Cyber Security Technology Research Summit.

February 15, 2011: I was an invited panelist at the Mobile Security Symposium in the "Voice Security -- Now Just a False Sense of Security and Privacy" session. I was also an invited speaker at the RSA Conference and presented a talk entitled "Understanding the Disruptive Potential of Malware in Cellular Networks".

November 15, 2010: Our paper, Impeding Individual User Profiling in Shopper Loyalty Programs, has been accepted for publication at the International Conference on Financial Cryptography and Data Security (FC).

October 10, 2010: Our paper, No Loitering: Exploiting Lingering Vulnerabilities in Default COM Objects, has been accepted for publication at the ISOC Network & Distributed System Security Symposium (NDSS).

September 14, 2010: Nextgov.com is running an article in which I talk about the obstacles facing the large-scale use of text messaging during emergencies.

September 7, 2010: Our paper, Improving Authentication Performance of Distributed SIP Proxies, has been accepted for publicaiton in the journal IEEE Transactions on Parallel and Distributed Systems (TPDS).

July 12, 2010: I have received a National Science Foundation CAREER Award for my proposal "Protecting User Data on Lost, Stolen and Damaged Mobile Phones". The CAREER Award is the NSF's most prestigious award for junior faculty.

June 21, 2010: Our paper, "PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance", has been accepted for publication at the ACM Conference on Computer and Communications Security (CCS).

June 10, 2010: Our paper, "Characterizing the Security Implications of Third-Party Emergency Alert Systems Over Cellular Text Messaging Services", has been accepted for publication at the IEEE International Conference on Security and Privacy in Communication Networks (SecureComm).

May 4, 2010: I will be giving an invited talk entitled "Understanding the Disruptive Potential of Malware in Cellular Networks" at Concodia University in Montreal, Canada.

April 6, 2010: Our paper, "Evaluating Bluetooth as a Medium for Botnet Command and Control", has been accepted for publication at the Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).

April 1, 2010: Our paper, "From Mobile Phones to Responsible Devices", has been accepted for publication in the Journal of Security and Communication Networks (SCN).

March 19, 2010: Our paper, "Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks" has been accepted for publication at the USENIX Annual Technical Conference (USENIX ATC).

December 16, 2009: ABC News is running a story about "Operation Chokehold", a planned Denial of Service attack against AT&T's cellular Network. Read the article and my comments here.

November 11, 2009: Our papers, "Robust Signatures for Kernel Data Structures" and "On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core", were presented at the 2009 ACM CCS. The second paper was also discussed in NewScientist Magazine.

November 10, 2009: Our work on building defenses against malware for cellular networks, which was recently funded by the National Science Foundation (NSF), is being covered by a number of news sources: Network World, SC Magazine, Atlanta Business Chronicle, Slashdot and more.

October 26, 2009: I will be presenting our paper, "Privacy and Security Concerns for Personal and Mobile Health Devices" at the Workshop to Set A Research Agenda for Privacy and Security of Healthcare Technologies hosted by CACR in Indianapolis, IN.

August 26, 2009: Our paper, "Leveraging Cellular Infrastructure to Improve Fraud Prevention", has been accepted to the 2009 Annual Computer Security Applications Conference (ACSAC).

July 23, 2009: I will be presenting our work on the use of text messaging in emergency scenarios as a Webinar sponsored by 3G Americas. Tune in and listen to this pressing issue for free.

July 10, 2009: Two of our papers, "On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core" and "Robust Signatures for Kernel Data Structures" have been accepted to the 2009 ACM Conference on Computer and Communications Security (CCS).

July 7, 2009: I will be a member of a panel on University Telephony Research at IPTComm in Atlanta, GA.

June 24, 2009: Our paper, "Secure Attribute-Based Systems, has been accepted for publication in the Journal of Computer Security (JCS).

June 16, 2009: I am an invited speaker for SC Magazine's Mobile Security eConference entitled "The Evolving Mobile Landscape: Emerging Security Threats". Tune in here.

May 12, 2009: Our paper, "Improving Authentication Performance of Distributed SIP Proxies" has been accepted at IPTComm 2009.

March 25, 2009: I have been asked to serve as an Associate Editor for the Encyclopedia of Cryptography and Security.

January 23, 2009: National Public Radio is running a story in which I discuss the security of President Obama's cellular phone (Press "Listen Now").

December 8, 2008: I have been invited to be a Program Committee Member for both SecureComm 2009 and IEEE MASS 2009 .

November 7, 2008: Our paper, "Leveraging Identity-based Cryptography for Node ID Assignment in Structured P2P Systems", has been accepted for publication in IEEE Transactions on Parallel and Distributed Systems (TPDS).

October 23, 2008: I will be moderating a panel entitled "Embedded Systems and their Increasing Impact on Infrastructure Security" at the Workshop on Embedded Systems Security ( WESS) in Atlanta, GA.

October 15, 2008: The Associated Press is running an interview discussing the GTISC Emerging Threats Report, in which they highlight my upcoming work on cellular botnets.

October 9, 2008 I have asked to serve as a member of the program committee for the 2009 ACM Conference on Computer and Communications Security (CCS).

September 16, 2008: "Characterizing the Limitations of Third-Party EAS Over Cellular Text Messaging Services", a study of the issues facing campus text messaging systems, is now available from the 3G Americas Website. A press release is also available here.

August 15, 2008: "Security for Telecommunications Networks", the book I co-wrote with Patrick McDaniel and Thomas La Porta, is now available. This book is designed to help researchers interested in networking and security get involved in securing telecommunications systems.

August 1, 2008: I have officially started as an Assistant Professor at Georgia Tech. Students interested in working with me should take my class - CS 8803 - Destructive Research.

July 21, 2008: I will be serving as a member of the Program Committee for the 2009 USENIX Security Symposium (SECURITY).

July 15, 2008: I have been asked to serve as a member of the 2009 IEEE Symposium on Security and Privacy (OAKLAND) program committee.

June 12, 2008 - I have been asked to serve as a member of the Program Committee for the 2009 ACM Conference on Wireless Network Security (WiSec).