Saxena wins Google award for mobile security research

Written by 

Nitesh Saxena, Ph.D., director of the UAB Security and Privacy in Emerging computing and networking Systems (SPIES) research group, has received a $50,000 Google Faculty Research Award to develop his work on contextual security, improving mobile-device security using contextual information gathered by device sensors.

Nitesh Saxena fThis is a joint award with N. Asokan of the University of Aalto, Finland. Of 550 proposals from around the world, 105 projects were funded in this round of awards.

With the rampant use of mobile devices including for electronic payments – using near-field communication (NFC) phones, or mobile card readers – Saxena’s research aims to make mobile interactions and transactions more simple and secure.

Google Research Awards are one-year, unrestricted gifts to universities to support cutting-edge research in computer science, engineering and related fields. Saxena, associate professor in the Department of Computer and Information Sciences and a core member of the Center for Information Assurance and Joint Forensics Research (CIA|JFR), previously won a Google research award in 2011 for his work centered on “playful security.”

“We are trying to improve the usability of security – making security procedures user-friendly,” Saxena said. “We are thankful to Google for supporting our work for the second time.”

To keep the information on mobile devices secure, users are often required to enter passwords to unlock the device and access information within applications. Security schemes that require no user interaction, such as remote keyless systems that can unlock a car when the user’s sensor is nearby, or tap-and-go payment options using radio frequency identification, are vulnerable to relay attacks. The project will work to make such “zero-interaction authentication” schemes more secure against attacks by allowing a device to sense ambient clues without user interaction.

“In general, we are looking at how we can elicit some form of contextual information about the device, the user or the environment that the user is in,” Saxena said. “There are sensors that already come with devices like smartphones, or that could be easily connected to other devices, which could be used to make informed security decisions.”

Read more about Saxena's research on mobile malware.

Clues could include gauging noise and light, WiFi data or GPS readings and other environmental characteristics.

If a user wanted to use a mobile device to make a payment at a coffee shop, the mobile device could gather audio and light clues to determine if the payment mechanism to which it is connecting is an “honest setting” – inside the coffee shop – and not being illicitly connected elsewhere.

“As much as possible, we are trying to remove the user from the loop with respect to device security,” Saxena said.