RISCS Seminar on Practical Security: Tandhy Simanjuntak and Sashank Narain

12:00 pm on Monday, August 18, 2014
1:00 pm on Monday, August 18, 2014
PHO 339
Talk 1
Title: Securing the Healthcare Industry : Implantable Medical Devices (IMD)

Speaker/Bio: I'm a master student of Computer Science at Boston University Metropolitan College. Currently I’m involve in android security research, specifically in permissions. My interest is in mobile security and cyber security.

Abstract: Nowadays, healthcare Industry is growing, from networks-isolated to networks-connected, which makes protection has become a major concern. I will talk about Implantable Medical Devices, a device inserted into human body for medical purposes, to help medical entities address specific diseases and help patients to recover. Protecting implantable medical devices against attack without compromising patient health requires balancing security and privacy goals with traditional goals such as safety and utility.
Talk 2
Title: Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning

Speaker/Bio:Sashank is a second year PhD student in Information Assurance at Northeastern University. He focuses on mobile security specifically on the impact of smartphone sensors on user privacy.

Abstract: Mobile phones are equipped with an increasingly large number of precise and sophisticated sensors. This raises the risk of direct and indirect privacy breaches. We investigated the feasibility of keystroke inference of user taps on a soft keyboard using the stereoscopic microphones on an Android smartphone. We developed algorithms for sensor-signals processing and domain specific machine learning to infer key taps using a combination of stereo-microphones and gyroscopes. While previous studies focused on larger key sizes and repetitive attempts, we showed that by focusing on the specifics of the keyboard and creating machine learning models and algorithms based on keyboard areas combined with adequate filtering, it is possible to achieve an accuracy of 90% - 94% for much smaller key sizes in a single attempt. In this talk, I will present our approach and findings along with some techniques to mitigate this kind of attack.