The abstract used to advertise the job talk inside departments.
With the Internet-of-Things (IoT) devices becoming smaller and lacking traditional input methods, the IoT paradigm is offering newer interaction mechanisms that do not require physical proximity. Now, the users interact with their devices through voice commands or indirectly through wireless communications, such as Bluetooth Low Energy. Unfortunately, these state-of-the-art interaction mechanisms accompany unprecedented security and privacy risks to the users. An adversary can infer and access sensitive information about the user and the environment, as well as inflict physical harm on them. Further, these non-traditional interaction methods diminish the device's ability to provide the users with privacy notice and choice, leaving them in the dark about how their personal information is managed.
In this talk, I will present how to address the security and privacy issues resulting from those evolving user-device interaction mechanisms. I will first present BLE-Guardian, a device-agnostic system that addresses the security and privacy threats of Bluetooth Low Energy, a widely deployed wireless communication protocol in IoT. It enables the users to control those who discover, scan and connect to their devices. BLE-Guardian allows for securing BLE devices post-deployment. Then, I will discuss VAuth, a system that provides continuous and usable authentication for voice assistants and voice-activated devices. VAuth guarantees that the device executes only the commands that originate from the voice of the owner. Finally, I will present Pribot, a question-answering system for privacy policies. Pribot allows the users to inquire about the privacy practices employed by their devices in the settings where providing traditional privacy notices is nearly impossible.