Learn More
Secret keys can be generated and shared between two wireless nodes by measuring and encoding radio channel characteristics without ever revealing the secret key to an eavesdropper at a third location. This paper addresses bit extraction, i.e., the extraction of secret key bits from noisy radio channel measurements at two nodes such that the two secret keys(More)
We evaluate the effectiveness of secret key extraction, for private communication between two wireless devices, from the received signal strength (RSS) variations on the wireless channel between the two devices. We use real world measurements of RSS in a variety of environments and settings. Our experimental results show that (i) in certain environments,(More)
SSL (Secure Sockets Layer) is the de facto standard for secure Internet communications. Security of SSL connections against an active network attacker depends on correctly validating public-key certificates presented when the connection is established. We demonstrate that SSL certificate validation is completely broken in many security-critical(More)
We describe a new side-channel attack. By tracking changes in the application's memory footprint, a concurrent process belonging to a different user can learn its secrets. Using Web browsers as the target, we show how an unprivileged, local attack process - for example, a malicious Android app - can infer which page the user is browsing, as well as(More)
We explore the use of clock skew of a wireless local area network access point (AP) as its fingerprint to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutions - the inability to effectively detect Medium Access Control (MAC) address spoofing. We calculate the(More)
During the last decade, there has been a significant advancement in imaging of urologic diseases. Transrectal ultrasound (TRUS), computerized tomography (CT), magnetic resonance imaging (MRI), magnetic resonance spectroscopy (MRS), and positron emission tomography (PET) are still experiencing new developments in urology. Despite these many technological(More)
Fluorine-18 fluorodeoxyglucose positron emission tomography (FDG-PET) may differentiate benign from malignant adrenal lesions. In this study, standardized uptake values (SUVs), visual interpretation, and computed tomography (CT) data were correlated with the final diagnosis to determine the contribution of adrenal FDG-PET in patients with known non-adrenal(More)
Modern network security rests on the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Distributed systems, mobile and desktop applications, embedded devices, and all of secure Web rely on SSL/TLS for protection against network attacks. This protection critically depends on whether SSL/TLS clients correctly validate X.509 certificates(More)
Perceptual, "context-aware" applications that observe their environment and interact with users via cameras and other sensors are becoming ubiquitous on personal computers, mobile phones, gaming platforms, household robots, and augmented-reality devices. This raises new privacy risks. We describe the design and implementation of DARKLY, a practical privacy(More)
Augmented reality (AR) applications sense the environment , then render virtual objects on human senses. Examples include smartphone applications that annotate storefronts with reviews and XBox Kinect games that show " avatars " mimicking human movements. No current OS has special support for such applications. As a result, permissions for AR applications(More)