Research & Projects

Video Source Camera Identification & Falsification 

Multimedia forensics gained attention due to the wide usage of various recording sources and IoT devices. At the same time, the rapid technological developments caused the escalation of forgeries and data tampering of media files. Therefore, the integrity and origin of video and image data coming from cameras which may be on drones or smartphones became one of the key challenges in digital forensics. The lenses’ defects introduced during the manufacturing process produce unique patterns, namely fingerprints, that can be used for source camera identification. 

This project focuses on enhancing the accuracy of CNN applications for video source camera identification. Moreover, we analyze the network’s resistance against the source camera falsification attacks, to further strengthen the proposed framework. To improve the network, we conduct an interpretability analysis of the designed video source identification network. As a result, we identify how CNN “makes its decisions” and make it more robust and lightweight. 

This work is supported in part by grants from the US National Science Foundation and the Army Research Office.

Publications

Understanding Device Identity and Security Posture in Smart Settings

The emerging proliferation of unmanned aerial vehicles (UAV) combined with their autonomous capabilities established the solid incorporation of UAVs for military applications.

However, seamless deployment of drones into the adversarial environment and on the battlefield requires a robust and secure network stack, protected from adversarial intrusion.

As LoRa became a low-cost solution for the long-distance control channel, it solved the challenge of long-range connectivity and prolonged lifespan present in UAV applications. However, the existing implementations lack protection mechanisms against unauthorized access. In this project, we present LoFin, the first fingerprinting framework used to identify telemetry transceivers that communicate over the LoRa channel. LoFin exploits information leaked due to the differences in hardware structure, which results in processing time variations. Passively collecting network traffic, LoFin extracts unique signatures for UAV authentication while maintaining network integrity and data privacy. 

Publications

Triage Tool for Tracing Crytocurrency Wallets

When the user performs transactions from the crypto wallet or browses the Internet for crypto then it generates artifacts such as mnemonics phrases, transactions history, images related to crypto, web cookies, and so on. These artifacts are very important for investigators, so the detection and extraction of the artifacts are needed. This project aims to build a triage tool for the automatic extraction of the artifacts from Android phones to present to the investigator. Mainly this tool focuses on three major components – Crypto wallet application, Images, and Web history.   

It integrates contemporary approaches from machine learning, natural language processing, and pattern recognition to be able to detect any artifact that may potentially come from the recently launched crypto wallet apps. For the images, the tool automatically detects and extracts cryptocurrency information. We analyzed all the web browsers from the phone and searched for the relevant artifacts as well. These findings which can come from apps, images, or browsing history are displayed separately with an option to check further details. We also explore the analysis of SMS, and different language support for the tool. 

Publications

Understanding Covert and Sensory Side Channels in Drone Communications in Smart Settings for Anticipatory Intelligence

A UAV system generally consists of the Unmanned Aircraft, the Ground Control Station (GCS), and the Communication Link. The inner hardware architecture of a UAV device includes: a Flight Controller, rechargeable batteries, actuators, a set of sensors and a wireless communication module. UAVs possess a wide range of sensors to accomplish their flight missions. These sensors represent critical components for the functionality of the UAV system, and they are designed to measure physical quantities of the surrounding environment such as altitude, speed, and GPS location. The software architecture of the UAV operates in a layered system. The integration between these layers constitutes the flight stack, and consists of three main layers: the Firmware, the Middleware, and the Operating System (e.g., RTOS). For the communication, the UAVs utilize different wireless communication technologies such as Wi-Fi, Zigbee, Bluetooth, and LoRa protocols, while MAVLink is a de facto standard application protocol.

 

Due to the complex architecture, consisting of a lot of different components, drones/UAVs pose easy targets for the adversary to aim the attack directed toward specific modules. In this project we investigate storage- and timing-based covert channels in MAVLink protocol for drone communications that can be used by an adversary to leak sensitive drone data. 

Analysis of Drone's sensor security and data injection attacks using generative adversarial networks (GANs)

Drones, embodying the spirit of innovation, have become dynamic game-changers, redefining industries through their unparalleled adaptability and budget-friendly solutions. However, compromised drone sensors pose serious safety risks. Therefore, multiple studies have been dedicated to analyzing various drone sensor attacks and developing efficient anomaly detectors.

In this project we investigate new threats to drone sensors' that appear due to the widespread of generative adversarial networks (GANs)