• Home
  • About
    • Patrick G Traynor photo

      Patrick G Traynor

      Security Research for Cellular, Mobile and the Internet

    • Email
    • Twitter
  • Research
  • Publications
  • Teaching
  • Vita

Research

Telephony Authentication Cellular and Mobile Applied Cryptography Systems Security

Telephony Authentication

Phones have become the ultimate security fallback. We rely on phone numbers and Caller-ID to validate high-value bank transactions, and our mobile devices to support two-factor authentication for enhanced login. However, our trust in these systems are based on poor assumptions. Our work in this space demonstrates not only the ways in which attackers are exploiting such assumptions, but also provides strong mitigations via improved notions of identity.

Recent Publications

  • B. Reaves, L. Blue and P. Traynor, AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels, In Proceedings of the USENIX Security Symposium (SECURITY), 2016.

  • B. Reaves, N. Scaife, D. Tian, L. Blue, P. Traynor and K. Butler, Sending out an SMS: Characterizing the Security of the SMS Ecosystem with Public Gateways, Proceedings of the IEEE Symposium on Security and Privacy (S&P), 2016

  • B. Reaves, E. Shernan, A. Bates, H. Carter and P. Traynor, Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge Proceedings of the USENIX Security Symposium (SECURITY), 2015.

Cellular and Mobile Networks

Cellular networks are by far the most widerly deployed digital systems on the planet, serving over five billion users. Mobile phones now serve as the preferred platform for banking for the world’s poor, the most popular system for gaming and the device with greatest access to our most sensitive data. Our work has discovered significant vulnerabilities in these systems, and offers principled techniques to provide stronger protections.

Recent Publications

  • B. Reaves, D. Tian, L. Blue, P. Traynor and K. Butler. Detecting SMS Spam in the Age of Legitimate Bulk Messaging, In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2016.

  • B. Reaves, N. Scaife, A. Bates, P. Traynor and K. Butler, Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World, Proceedings of the USENIX Security Symposium (SECURITY), 2015.

  • S. Chakradeo, B. Reaves, P. Traynor and W. Enck, MAST: Triage for Market-scale Mobile Malware Analysis, In Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2013.

Applied Cryptography

Emerging cryptographic primitives offer the potential to serve as the foundation for a range of provably secure systems. Unfortunately, few of these emerging primitives ever become more than theoretical curiosities, and those that do generally are not performant. This research focuses on the systems issues associated with secure multiparty computation and seeks to make systems built on sound first-principles possible.

Recent Publications

  • B. Mood, D. Gupta, H. Carter, K. Butler and P. Traynor, Frigate: A Validated, Extensible, and Efficient Compiler and Interpreter for Secure Computation, Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P), 2016

  • H. Carter, C. Lever, P. Traynor, Whitewash: Outsourcing Garbled Circuit Generation for Mobile Devices, Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2014.

  • H. Carter, B. Mood, P. Traynor and K. Butler. Secure Outsourced Garbled Circuit Evaluation for Mobile Devices, In Proceedings of the USENIX Security Symposium (SECURITY), 2013.

Network and Systems Security

The exploitation of vulnerabilities in software systems is commonplace. Such incidents are responsible for billions of dollars and millions of hours of lost productivity annually. Our research in this space covers a wide array of challenges, from combatting ransomware to measuring infection in real enterprises.

Recent Publications

  • D. Tian, N. Scaife, A. Bates, K. Butler and P. Traynor, Making USB Great Again with USBFILTER, In Proceedings of the USENIX Security Symposium (SECURITY), 2016.

  • N. Scaife, H. Carter, P. Traynor and K. Butler, CryptoLock (and Drop It): Stopping Ransomware Attacks on User Data, In IEEE International Conference on Distributed Computing Systems (ICDCS), 2016.

  • C. Amrutkar, P. Traynor and P. van Oorschot, An Empirical Evaluation of Security Indicators in Mobile Web Browsers, IEEE Transactions on Mobile Computing (TMC), 14(5):889-903, 2015.