CAREER: A Holistic Context-based Approach for Security and Privacy in the Era of Ubiquitous Sensing and Computing

职业：无处不在的传感和计算时代的基于上下文的整体安全和隐私方法

• 批准号: 1943351
• 负责人: Murtuza Jadliwala
• 金额: $ 49.95万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-06-01 至 2025-05-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1943351&HistoricalAwards=false
• 关键词: CAREER; Holistic; Context; based; Approach

The phenomenal growth of ubiquitous sensing and computing devices such as smartphones, wearables and Internet-of-Things (IoT) enable exciting new applications that significantly improve the health, wellness, security and quality of life of our citizens. Sensors and actuators on-board these devices, however, can also be exploited to infer sensitive information about users or to compromise their safety and cyber security. Continued progress in sensor hardware, cloud and software (including, machine learning) technologies have caused new threats to emerge which current access control models and protection mechanisms are unable to address. One critical shortcoming of existing protection mechanisms is that they do not work across different types of sensors, applications and autonomous devices housing these sensors and applications. As applications on these devices operate in an isolated fashion, they are generally unaware of the holistic contextual information about users, often resulting in grave privacy threats. This project develops a new approach to expose and harness user context at multiple operational levels to protect against uncoordinated and unregulated sensing and actuation in mobile and IoT applications. The project's educational agenda is to develop a well-integrated and hands-on curriculum in mobile and IoT security and through community-focused educational summer camps, courses and training initiatives expose the curriculum to a diverse set of students and practitioners with varying skill-levels and backgrounds including San Antonio, TX area high school students, teachers, soldiers and veteransThe project plans to uncover new security and privacy risks in modern ubiquitous sensing and computing environments comprising of functionally heterogeneous and isolated sensors and applications and evaluate their feasibility in practical settings. To enable secure and privacy-preserving sensor access by applications, the project will design a novel framework that exposes and harnesses contextual information about users both at the device and network levels for achieving fine-grained and user-approved access control. The first design, called ConWare, will harness the exposed user context at the device level by defining user-approved access bindings between these contexts and the set of allowable sensing actions on that device within those contexts. The second design, called ConWareNet, will harness the exposed user context at the communication network level to regulate applications across an autonomous set of devices using similar user-approved bindings or policies. The project will also address the issue of preventing misuse of the exposed context and will design adaptation mechanisms for these frameworks to self-adjust in a dynamic sensing and actuation environment.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

无处不在的感应和计算设备（例如智能手机，可穿戴设备和物联网（IoT））的惊人新应用程序可显着改善我们公民的健康，健康，安全和生活质量，从而实现了惊人的感应和计算设备的惊人增长。但是，传感器和执行器也可以利用这些设备来推断有关用户的敏感信息或损害其安全性和网络安全性。传感器硬件，云和软件（包括机器学习）技术的持续进展导致新的威胁出现，目前的访问控制模型和保护机制无法解决。现有保护机制的一个关键缺点是，它们不在包含这些传感器和应用的不同类型的传感器，应用和自动驾驶设备上工作。随着这些设备上的应用程序以孤立的方式运行，它们通常不知道有关用户的整体上下文信息，通常会导致严重的隐私威胁。该项目开发了一种新的方法，可以在多个操作层面上揭露和利用用户环境，以防止移动和物联网应用程序中的不协调和不受管制的感应和驱动。 The project's educational agenda is to develop a well-integrated and hands-on curriculum in mobile and IoT security and through community-focused educational summer camps, courses and training initiatives expose the curriculum to a diverse set of students and practitioners with varying skill-levels and backgrounds including San Antonio, TX area high school students, teachers, soldiers and veteransThe project plans to uncover new security and privacy risks in modern无处不在的传感和计算环境包括功能异质和孤立的传感器和应用，并评估其在实际环境中的可行性。为了通过应用程序启用安全和隐私的传感器访问，该项目将设计一个新颖的框架，以揭示和利用有关用户在设备和网络级别上的上下文信息，以实现精细粒度和用户批准的访问控制。第一个设计称为conware，将通过在这些上下文之间定义用户批准的访问绑定以及在这些上下文中该设备上对该设备上的允许感应操作的集合来利用设备级别的曝光用户上下文。第二种称为conwarenet的设计将利用与用户批准的绑定或策略相似的自主设备的应用程序，以在通信网络级别上利用暴露的用户上下文来调节应用程序。该项目还将解决防止滥用暴露环境的问题，并将为这些框架设计适应机制，以在动态的感应和驱动环境中进行自我调整。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛影响的审查标准来通过评估来通过评估来支持的。

项目成果

SkinSense: Efficient vibration-based communications over human body using motion sensors

SkinSense：使用运动传感器在人体上进行基于振动的高效通信

• DOI: 10.1016/j.iot.2023.100835
• 发表时间: 2023
• 期刊: Internet of Things
• 影响因子: 5.9
• 作者: Wijewickrama, Raveen;Dohadwalla, Sameer Anis;Maiti, Anindya;Jadliwala, Murtuza;Narain, Sashank
• 通讯作者: Narain, Sashank

Zoom on the Keystrokes: Exploiting Video Calls for Keystroke Inference Attacks

• DOI: 10.14722/ndss.2021.23063
• 发表时间: 2020-10
• 期刊: ArXiv
• 作者: Mohd Sabra;Anindya Maiti;Murtuza Jadliwala

An Investigative Study on the Privacy Implications of Mobile E-scooter Rental Apps

• DOI: 10.1145/3507657.3528551
• 发表时间: 2022-05
• 期刊: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks
• 作者: Nisha Vinayaga-Sureshkanth;Raveen Wijewickrama;Anindya Maiti;Murtuza Jadliwala

Background Buster: Peeking through Virtual Backgrounds in Online Video Calls

背景破坏者：浏览在线视频通话中的虚拟背景

• DOI: 10.1109/dsn53405.2022.00058
• 发表时间: 2022
• 期刊: 2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN
• 作者: Sabra, Mohd;Maiti, Anindya;Jadliwala, Murtuza
• 通讯作者: Jadliwala, Murtuza

Light ears: information leakage via smart lights

• DOI: 10.1145/3351256
• 发表时间: 2019-09-01
• 期刊: Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies
• 作者: Maiti, Anindya;Jadliwala, Murtuza
• 通讯作者: Jadliwala, Murtuza