My research focuses on cellular and telecommunications network security,
critical infrastructure protection, systems challenges for applied
cryptography, wireless networks and the securing the Internet. More
information on my work in these areas can be found at the following
My major research thrusts are:
Mobile Network and Device Security
The recent and rapid expansion of cellular
capabilities has created tremendous opportunities for new
applications and services. From mobile banking and location-based
services to the real-time streaming of music and video, cellular
networks and advanced mobile devices now provide advanced voice and
data services to more than 4.5 billion subscribers around the
world. When compared to the approximately one billion users who
access the Internet each day through traditional means, cellular
networks represent the only communication system available to a
significant portion of the world's population and the next
significant expansion in high-speed Internet connectivity.
This research seeks to formally and experimentally investigate
vulnerabilities and defensive infrastructure addressing
vulnerabilities in open cellular operating systems and
telecommunications networks. This includes the development of
infrastructure for the analysis, configuration, and enforcement of
security in mobile phones and the networks on which they
PI, Mitigating Attacks on Mobile Devices and Critical Cellular
Infrastructure, Defense University Research Instrumentation Program
(DURIP), $210,081, (8/1/11 - 7/31/12).
PI, CAREER: Protecting User Data on Lost Stolen and Damaged
Mobile Phones, NSF (CNS), $400,000, (7/1/10 - 6/30/15).
PI, TC: Small: Characterizing and Mitigating Device-Based
Attacks in Cellular Telecommunications Networks, NSF (CNS),
$450,000, (8/01/09 - 7/31/12)
Co-PI, Federal Cyber Service Scholarships at Georgia Tech,
NSF (SFS), $1,250,682 (8/1/09 - 7/31/14)
Chaz Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, and
Wenke Lee. The Core of the Matter: Analyzing Malicious Traffic in
Cellular Carriers. In Proceedings of the ISOC Network & Distributed
System Security Symposium (NDSS), 2013.
Chaitrali Amrutkar, Patrick Traynor and Paul van Oorschot,
Measuring SSL Indicators on Mobile Browsers: Extended Life, or End
of the Road?, In Proceedings of the Information Security Conference
(ISC), 2012. (best student paper)
Yacin Nadji, Jon Giffin and Pand Traynor, Automated Remote
Repair for Mobile Malware, Proceedings of the Annual Computer
Security Applications Conference (ACSAC), December, 2011.
Philip Marquardt, Arunabh Verma, Henry Carter and Patrick
Traynor, (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using
Mobile Phone Accelerometers, Proceedings of the ACM Conference on
Computer and Communications Security (CCS), October, 2011.
Patrick Traynor, Characterizing the Security Implications of
Third-Party EAS Over Cellular Text Messaging Services,
IEEE Transactions on Mobile Computing (TMC), To appear 2011.
Patrick Traynor, Chaitrali Amrutkar, Vikhyath Rao, Trent
Jaeger, Patrick McDaniel, and Thomas La Porta, From Mobile Phones
to Responsible Devices. Journal of Security and Communication
Networks (SCN), 2010. to appear.
Frank Park, Chinmay Gangakhedkar and Patrick Traynor,
Leveraging Cellular Infrastructure to Improve Fraud Prevention,
Proceedings of the Annual Computer Security Applications Conference
(ACSAC), December 2009.
Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao,
Trent Jaeger, Thomas La Porta and Patrick McDaniel, On Cellular
Botnets: Measuring the Impact of Malicious Devices on a Cellular
Network Core, Proceedings of the ACM Conference on Computer and
Communications Security (CCS), November 2009.
Patrick Traynor, William Enck, Patrick McDaniel and Thomas La
Porta, Mitigating Attacks on Open Functionality in SMS-Capable
Cellular Networks, IEEE/ACM Transactions on Networking (TON),
Patrick Traynor, William Enck, Patrick McDaniel, and Thomas
La Porta, Exploiting Open Functionality in SMS-Capable Cellular
Networks. Journal of Computer Security, 16(6):713-742, Febraury,
Patrick Traynor, Patrick McDaniel, and Thomas La Porta. On
Attack Causality in Internet-Connected Cellular Networks.
Proceedings of the 16th USENIX Security Symposium, August 2007.
Telephony Provenance and Authentication
The recent and vast diversification of
telephony infrastructure eliminates much of the integrity
associated with traditional authentication mechanisms (e.g.,
Caller-ID). Specifically, the loss of centralized control and the
increasing access to hardware and software capable of interacting
with such networks allows asserted but not verifiable call metadata
to be forged by virtually any desktop computer capable of initiating
phone calls. This research focuses on improving both the quality
and performance of telephony authentication and provenance
infrastructure, allowing researchers to understand not only where
calls come from, but also the paths they traverse between source
PI, Security for Converged IMS Networks, DoD, $242,401,
(8/1/10 - 7/31/11).
Co-PI, Security for IMS-Enabled Converged Applications, DoD,
$146,121 (8/1/08 - 7/29/09)
Vijay Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad,
Michael Hunter and Patrick Traynor, PinDr0p: Using Single-Ended
Audio Features to Determine Call Provenance, Proceedings of the ACM
Conference on Computer and Communications Security (CCS), November
Italo Dacosta and Patrick Traynor, Proxychain: Developing a
Robust and Efficient Authentication Infrastructure for Carrier-Scale
VoIP Networks, Proceedings of the USENIX Annual Technical Conference
Italo Dacosta, Vijay Balasubramaniyan, Mustaque Ahamad and
Patrick Traynor, Improving Authentication Performance of
Distributed SIP Proxies, IEEE Transactions on Parallel and
Distributed Systems (TPDS), To appear 2010.
Applied Cryptography and Privacy
Emerging cryptographic primitives offer the
potential to serve as the foundation for a range of provably secure
systems. Unfortunately, few of these emerging primitives ever become
more than theoretical curiosities, and those that do generally are
not performant. This research focuses on the systems issues
associated with applied cryptography and privacy and seeks to
make systems built on sound first-principles possible. Our work
specifically investigates topics in areas including attribute-based
encryption, secure function evaluation and homomorphic encryption
for a range of applications including satellite radio,
social networking, anonymous shopping and private communications.
PI, Characterizing and Implementing Efficient Primitives for
Privacy-Preserving Computation, DARPA PROgramming Computation on
EncryptEd Data(PROCEED), $537,000 (6/1/11 - 5/31/14).
PI, TC:Small:Provably Anonymous Networking Through Secure
Function Evaluation, NSF (CCF), $200,000 (8/1/09 - 7/31/11)
Nilesh Nipane, Italo Dacosta and Patrick Traynor,
"Mix-In-Place" Anonymous Networking Using Secure Function
Evaluation. In Proceedings of the Annual Computer Security
Applications Conference (ACSAC), 2011.
Philip Marquardt, David Dagon and Patrick Traynor, Impeding
Individual User Profiling in Shopper Loyalty Programs, Proceedings
of the International Conference on Financial Cryptography and
Data Security (FC), 2011.
Matthew Pirretti, Patrick Traynor, Patrick McDaniel and Brent
Waters, Secure Attribute-Based Systems, Journal of Computer
Security (JCS), 18(5):799-837, 2010.
Patrick Traynor, Privacy and Security Concerns for Personal
and Mobile Health Devices, Proceedings of the Workshop to Set A
Research Agenda for Privacy and Security of Healthcare Technologies,
Patrick Traynor, Kevin Butler, William Enck and Patrick
McDaniel, Realizing Massive-Scale Conditional Access Systems
Through Attribute-Based Cryptosystems, ISOC Network & Distributed
System Security Symposium (NDSS), February, 2008.
The exploitation of vulnerabilities in software
systems is commonplace. Such incidents are responsible for billions
of dollars and millions of hours of lost productivity annual. This
research focuses on how systems are designed, constructed and
broken in the hopes of developing both robust defenses and
abstractions for the creation of fundamentally more resilient
Co-PI, Dynamic-attribute-based Disclosure of Health
Information in Emergency Care Scenarios, Health Systems
Institute (HSI), $50,000 (8/1/09 - 7/31/10)
- David Dewey and Patrick Traynor, No Loitering: Exploiting
Lingering Vulnerabilities in Default COM Objects, Proceedings of
the ISOC Network & Distributed Systems Security (NDSS)
Symposium, February, 2011.
Brendan Dolan-Gavitt, Abhinav Srivastava, Patrick Traynor and
Jon Giffin, Robust Signatures for Kernel Data Structures,
Proceedings of the ACM Conference on Computer and Communications
Security (CCS), November, 2009.
Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin,
Patrick Traynor and Patrick McDaniel, Systemic Issues in the Hart
InterCivic and Premier Voting System: Reflections Following Project
EVEREST, Proceedings of the USENIX/ACCURATE Electronic Voting
Technology (EVT) Workshop, July, 2008.
Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks,
Patrick McDaniel, Non-Invasive Methods for Host Certification, ACM
Transactions on Information and System Security (TISSEC),
I am currently looking for strong students with an interest
in network security. Students should have a strong technical
background, be comfortable with systems work and be dedicated
to doing work of consequence.
If you are not a student at Georgia Tech and are interested in my
research, please apply
to the program.
Current Ph.D Students
Chaitrali Amrutkar, Georgia Institute of Technology, expected
- Hank Carter,
Georgia Institute of Technology, expected Spring 2016.
- David Dewey, Georgia
Institute of Technology, expected Spring 2015.
- Chaz Lever, Georgia
Institute of Technology, expected Spring 2017.
Brad Reaves, Georgia Institute of Technology, expected
Past Ph.D Students
Current Masters Students
Past Masters Students
- Young Seuk Kim, Georgia Institute of Technology, expected
- Saurabh Chakradeo, Georgia Institute of Technology, Spring
- Nigel Lawrence, Georgia Institute of Technology,
Summer 2012: Solute.
- Arunabh Verma (co-advised with Mustaque Ahamad), Georgia
Institute of Technology, Fall 2011: Microsoft.
- Philip Marquardt, Georgia Institute of Technology, Fall 2010:
MIT Lincoln Labs.
- Rishikesh Naik, Georgia Institute of Technology, Spring 2010:
- Nilesh Nipane, Georgia Institute of Technology, Spring 2010:
The laboratory is actively seeking sponsorship for its activities. We
are receiving or have received support from the following agencies and