.
My research focuses on cellular and telecommunications network security, critical infrastructure protection, systems challenges for applied cryptography, wireless networks and the securing the Internet. More information on my work in these areas can be found at the following locations:
My major research thrusts are:Mobile Network and Device Security
The recent and rapid expansion of cellular capabilities has created tremendous opportunities for new applications and services. From mobile banking and location-based services to the real-time streaming of music and video, cellular networks and advanced mobile devices now provide advanced voice and data services to more than 4.5 billion subscribers around the world. When compared to the approximately one billion users who access the Internet each day through traditional means, cellular networks represent the only communication system available to a significant portion of the world's population and the next significant expansion in high-speed Internet connectivity. This research seeks to formally and experimentally investigate vulnerabilities and defensive infrastructure addressing vulnerabilities in open cellular operating systems and telecommunications networks. This includes the development of infrastructure for the analysis, configuration, and enforcement of security in mobile phones and the networks on which they reside.
-
PI, Mitigating Attacks on Mobile Devices and Critical Cellular
Infrastructure, Defense University Research Instrumentation Program
(DURIP), $210,081, (8/1/11 - 7/31/12).
PI, CAREER: Protecting User Data on Lost Stolen and Damaged
Mobile Phones, NSF (CNS), $400,000, (7/1/10 - 6/30/15).
PI, TC: Small: Characterizing and Mitigating Device-Based
Attacks in Cellular Telecommunications Networks, NSF (CNS),
$450,000, (8/01/09 - 7/31/12)
Co-PI, Federal Cyber Service Scholarships at Georgia Tech,
NSF (SFS), $1,250,682 (8/1/09 - 7/31/14)
-
Chaz Lever, Manos Antonakakis, Brad Reaves, Patrick Traynor, and
Wenke Lee. The Core of the Matter: Analyzing Malicious Traffic in
Cellular Carriers. In Proceedings of the ISOC Network & Distributed
System Security Symposium (NDSS), 2013.
Chaitrali Amrutkar, Patrick Traynor and Paul van Oorschot,
Measuring SSL Indicators on Mobile Browsers: Extended Life, or End
of the Road?, In Proceedings of the Information Security Conference
(ISC), 2012. (best student paper)
Yacin Nadji, Jon Giffin and Pand Traynor, Automated Remote
Repair for Mobile Malware, Proceedings of the Annual Computer
Security Applications Conference (ACSAC), December, 2011.
Philip Marquardt, Arunabh Verma, Henry Carter and Patrick
Traynor, (sp)iPhone: Decoding Vibrations From Nearby Keyboards Using
Mobile Phone Accelerometers, Proceedings of the ACM Conference on
Computer and Communications Security (CCS), October, 2011.
Patrick Traynor, Characterizing the Security Implications of
Third-Party EAS Over Cellular Text Messaging Services,
IEEE Transactions on Mobile Computing (TMC), To appear 2011.
Patrick Traynor, Chaitrali Amrutkar, Vikhyath Rao, Trent
Jaeger, Patrick McDaniel, and Thomas La Porta, From Mobile Phones
to Responsible Devices. Journal of Security and Communication
Networks (SCN), 2010. to appear.
Frank Park, Chinmay Gangakhedkar and Patrick Traynor,
Leveraging Cellular Infrastructure to Improve Fraud Prevention,
Proceedings of the Annual Computer Security Applications Conference
(ACSAC), December 2009.
Patrick Traynor, Michael Lin, Machigar Ongtang, Vikhyath Rao,
Trent Jaeger, Thomas La Porta and Patrick McDaniel, On Cellular
Botnets: Measuring the Impact of Malicious Devices on a Cellular
Network Core, Proceedings of the ACM Conference on Computer and
Communications Security (CCS), November 2009.
Patrick Traynor, William Enck, Patrick McDaniel and Thomas La
Porta, Mitigating Attacks on Open Functionality in SMS-Capable
Cellular Networks, IEEE/ACM Transactions on Networking (TON),
17(1):40-53, 2009.
Patrick Traynor, William Enck, Patrick McDaniel, and Thomas
La Porta, Exploiting Open Functionality in SMS-Capable Cellular
Networks. Journal of Computer Security, 16(6):713-742, Febraury,
2009.
Patrick Traynor, Patrick McDaniel, and Thomas La Porta. On
Attack Causality in Internet-Connected Cellular Networks.
Proceedings of the 16th USENIX Security Symposium, August 2007.
Boston, MA.
Telephony Provenance and Authentication
The recent and vast diversification of telephony infrastructure eliminates much of the integrity associated with traditional authentication mechanisms (e.g., Caller-ID). Specifically, the loss of centralized control and the increasing access to hardware and software capable of interacting with such networks allows asserted but not verifiable call metadata to be forged by virtually any desktop computer capable of initiating phone calls. This research focuses on improving both the quality and performance of telephony authentication and provenance infrastructure, allowing researchers to understand not only where calls come from, but also the paths they traverse between source and destination.
-
PI, Security for Converged IMS Networks, DoD, $242,401,
(8/1/10 - 7/31/11).
Co-PI, Security for IMS-Enabled Converged Applications, DoD,
$146,121 (8/1/08 - 7/29/09)
-
Vijay Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad,
Michael Hunter and Patrick Traynor, PinDr0p: Using Single-Ended
Audio Features to Determine Call Provenance, Proceedings of the ACM
Conference on Computer and Communications Security (CCS), November
2010.
Italo Dacosta and Patrick Traynor, Proxychain: Developing a
Robust and Efficient Authentication Infrastructure for Carrier-Scale
VoIP Networks, Proceedings of the USENIX Annual Technical Conference
(ATC), 2010.
Italo Dacosta, Vijay Balasubramaniyan, Mustaque Ahamad and
Patrick Traynor, Improving Authentication Performance of
Distributed SIP Proxies, IEEE Transactions on Parallel and
Distributed Systems (TPDS), To appear 2010.
Applied Cryptography and Privacy
Emerging cryptographic primitives offer the potential to serve as the foundation for a range of provably secure systems. Unfortunately, few of these emerging primitives ever become more than theoretical curiosities, and those that do generally are not performant. This research focuses on the systems issues associated with applied cryptography and privacy and seeks to make systems built on sound first-principles possible. Our work specifically investigates topics in areas including attribute-based encryption, secure function evaluation and homomorphic encryption for a range of applications including satellite radio, social networking, anonymous shopping and private communications.
-
PI, Characterizing and Implementing Efficient Primitives for
Privacy-Preserving Computation, DARPA PROgramming Computation on
EncryptEd Data(PROCEED), $537,000 (6/1/11 - 5/31/14).
PI, TC:Small:Provably Anonymous Networking Through Secure
Function Evaluation, NSF (CCF), $200,000 (8/1/09 - 7/31/11)
-
Nilesh Nipane, Italo Dacosta and Patrick Traynor,
"Mix-In-Place" Anonymous Networking Using Secure Function
Evaluation. In Proceedings of the Annual Computer Security
Applications Conference (ACSAC), 2011.
Philip Marquardt, David Dagon and Patrick Traynor, Impeding
Individual User Profiling in Shopper Loyalty Programs, Proceedings
of the International Conference on Financial Cryptography and
Data Security (FC), 2011.
Matthew Pirretti, Patrick Traynor, Patrick McDaniel and Brent
Waters, Secure Attribute-Based Systems, Journal of Computer
Security (JCS), 18(5):799-837, 2010.
Patrick Traynor, Privacy and Security Concerns for Personal
and Mobile Health Devices, Proceedings of the Workshop to Set A
Research Agenda for Privacy and Security of Healthcare Technologies,
October, 2009.
Patrick Traynor, Kevin Butler, William Enck and Patrick
McDaniel, Realizing Massive-Scale Conditional Access Systems
Through Attribute-Based Cryptosystems, ISOC Network & Distributed
System Security Symposium (NDSS), February, 2008.
Systems Security
The exploitation of vulnerabilities in software systems is commonplace. Such incidents are responsible for billions of dollars and millions of hours of lost productivity annual. This research focuses on how systems are designed, constructed and broken in the hopes of developing both robust defenses and abstractions for the creation of fundamentally more resilient computing systems.
-
Co-PI, Dynamic-attribute-based Disclosure of Health
Information in Emergency Care Scenarios, Health Systems
Institute (HSI), $50,000 (8/1/09 - 7/31/10)
- David Dewey and Patrick Traynor, No Loitering: Exploiting Lingering Vulnerabilities in Default COM Objects, Proceedings of the ISOC Network & Distributed Systems Security (NDSS) Symposium, February, 2011. Brendan Dolan-Gavitt, Abhinav Srivastava, Patrick Traynor and Jon Giffin, Robust Signatures for Kernel Data Structures, Proceedings of the ACM Conference on Computer and Communications Security (CCS), November, 2009. Kevin Butler, William Enck, Harri Hursti, Stephen McLaughlin, Patrick Traynor and Patrick McDaniel, Systemic Issues in the Hart InterCivic and Premier Voting System: Reflections Following Project EVEREST, Proceedings of the USENIX/ACCURATE Electronic Voting Technology (EVT) Workshop, July, 2008. Patrick Traynor, Michael Chien, Scott Weaver, Boniface Hicks, Patrick McDaniel, Non-Invasive Methods for Host Certification, ACM Transactions on Information and System Security (TISSEC), 11(3):1-23, 2008.
Student Advising
I am currently looking for strong students with an interest in network security. Students should have a strong technical background, be comfortable with systems work and be dedicated to doing work of consequence.
If you are not a student at Georgia Tech and are interested in my research, please apply to the program.
Current Ph.D Students
- Chaitrali Amrutkar, Georgia Institute of Technology, expected Spring 2014.
- Hank Carter, Georgia Institute of Technology, expected Spring 2016.
- David Dewey, Georgia Institute of Technology, expected Spring 2015.
- Chaz Lever, Georgia Institute of Technology, expected Spring 2017.
- Brad Reaves, Georgia Institute of Technology, expected Spring 2017.
Past Ph.D Students
- Italo Dacosta, Post-Doc, KU Leuven, Graduated Summer 2012.
- Young Seuk Kim, Georgia Institute of Technology, expected Spring 2013.
- Saurabh Chakradeo, Georgia Institute of Technology, Spring 2013: Facebook.
- Nigel Lawrence, Georgia Institute of Technology, Summer 2012: Solute.
- Arunabh Verma (co-advised with Mustaque Ahamad), Georgia Institute of Technology, Fall 2011: Microsoft.
- Philip Marquardt, Georgia Institute of Technology, Fall 2010: MIT Lincoln Labs.
- Rishikesh Naik, Georgia Institute of Technology, Spring 2010: Cisco Systems.
- Nilesh Nipane, Georgia Institute of Technology, Spring 2010: VMWare.
Funding
The laboratory is actively seeking sponsorship for its activities. We are receiving or have received support from the following agencies and organizations:
|