Left Accent
UAB CIS Header

SPIES Research Group

Updated on Tue, 08/28/2012 - 8:27pm

Prof. Saxena is looking for several strong Ph.D. students as well as M.S. and undergraduate students to join his research group SPIES (Security and Privacy In Emerging computing and networking Systems). In general, Prof. Saxena works in the broad areas of computer and network security/privacy, and applied cryptography. His main research focus recently has been on security of mobile/wireless devices, and on usable security (aka HCI security). He is interested in hands-on and experimental work which has theoretical underpinnings. His current research has been funded by NSF, NYU, Google, Intel, Nokia and Research in Motion. Outlined below are some of Prof. Saxena's ongoing research projects. Many of these projects have their own websites accessible here: http://spies.cis.uab.edu/research/. If you are interested, please contact Prof. Saxena directly with your CV using this contact form.

Secure Association of Wireless Devices
The burgeoning popularity of wireless devices and gadgets brought new services and possibilities to users. There are many current everyday usage scenarios where two or more devices need to "work together." Other emerging scenarios that involve sensors and personal RFID tags are expected to become commonplace in the near future. Since wireless communication is easy to eavesdrop upon and manipulate, before they can work together, devices must be securely associated or "paired." Our research addresses this fundamental problem of securing wireless communication in a variety of settings. To this end, we have been utilizing out-of-band human-perceptible communication (such as audio, visual or tactile) channels, which offer some unique security properties.

RFID and Medical Devices Security and Privacy
Many RFID tags and medical implants store valuable information privy to their users that can easily be subject to unauthorized reading, leading to owner tracking and cloning or impersonation. RFID tags are also susceptible to different forms of relay attacks. Preventing these attacks, however, presents a unique and formidable set of challenges, mainly due to the constraints of these tags in terms of computation, memory, and power resources. The problem is exacerbated by the very strict requirements of RFID applications (originally geared for automation) in terms of usability. In this project, we are developing novel lightweight cryptographic techniques and sensing-enabled defenses to unauthorized reading and relay attacks against RFID systems without necessitating any changes to the traditional RFID usage model. 

Fault-Tolerant and Secure Systems
Security of computer systems is based on the assumption that underlying secrets and cryptographic keys are readily available and remain secret. However, in practice, this assumption is often invalid. Threshold/distributed cryptography is a tool that allows for distribution of secrets, keys and cryptographic operations among multiple nodes, providing improved availability and secrecy. Our research focuses on design, development and evaluation of efficient distributed cryptographic protocols with an emphasis on building fault-tolerant online security services (e.g., certification), user-centric services exploiting social networks and cloud services, and decentralized key management in mobile ad hoc networks (MANETs).

Usable Security
It is a well-accepted fact that human users tend to be the weakest link in the security of a computer system. For example, users choose weak and short passwords, re-use the same passwords across multiple sites, fall prey to various social engineering attacks and ignore security warnings. Our research aims at studying the weaknesses and strengths of human users, and incorporating the latter into secure system design. Currently, we are developing novel ways of strong user authentication (e.g., graphical passwords, mobile-phone assisted authentication) and user-aided device authentication. We are also exploring how fun and entertainment (such as computer games) can be embedded into security tasks to improve their usability and security.

Accent Right