Ben Ransford, Ph.D.

I'm an engineer at Stripe.

Before that, I co-founded the first medical device security company,

Before that, I was a postdoc at the University of Washington,

Before that, I was a Ph.D. student in computer science at UMass Amherst

Before that, I worked at D. E. Shaw & Co., L.P., bootstrapped several unsuccessful but deeply educational small companies (a speech-applications engine, a niche search engine), and helped build a local ISP on a shoestring budget. I've also consulted on threat modeling, cryptographic protocols, regulatory compliance, ultra wideband communications, and RFID.

I'm the proud adoptive parent of ſ, the Unicode character U+017F Latin small letter long s.

Publications

Generated from my BibTeX file with bibble; most recent first. Also see my Google Scholar profile.

2017
June
Cybersecurity and medical devices: A Practical guide for cardiac electrophysiologists.
Benjamin Ransford, Daniel B. Kramer, Denis Foo Kune, Julio Medeiros, Chen Yan, Wenyuan Xu, Thomas Crawford, and Kevin Fu.
Pacing and Clinical Electrophysiology.
  paper
March Powering the Next Billion Devices with Wi-Fi.
Vamsi Talla, Bryce Kellogg, Benjamin Ransford, Saman Naderiparizi, Joshua R. Smith, and Shyamnath Gollakota.
Communications of the ACM 60(3).
  paper journal
2016
April
Noninvasive Postmarket Security Monitoring for Medical Devices.
Benjamin Ransford, Denis Foo Kune, Ann Gookin, and Andrew DeOrio.
Design of Medical Devices.
  paper poster
2015
December
Powering the Next Billion Devices with Wi-Fi.
Vamsi Talla, Bryce Kellogg, Benjamin Ransford, Saman Naderiparizi, Shyamnath Gollakota, and Joshua R. Smith.
ACM CoNEXT. Best Paper nominee; Popular Science Best of What's New 2015 Winner.
  paper conference bbc popsci techreview wired
October SAP: an Architecture for Selectively Approximate Wireless Communication.
Benjamin Ransford and Luis Ceze.
arXiv:1510.03955 [cs.NI].
  paper
July Detecting Anomalous Behavior in Infusion Pumps from the AC Power Line.
Andrew DeOrio, Benjamin Ransford, Denis Foo Kune, and Kevin Fu.
White paper.
  paper
June A Simpler, Safer Programming and Execution Model for Intermittent Systems.
Brandon Lucia and Benjamin Ransford.
36th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI).
  paper conference
May Powering the Next Billion Devices with Wi-Fi.
Vamsi Talla, Bryce Kellogg, Benjamin Ransford, Saman Naderiparizi, Shyamnath Gollakota, and Joshua R. Smith.
arXiv:1505.06815 [cs.NI].
  paper
April WISPCam: A Battery-Free RFID Camera.
Saman Naderiparizi, Aaron N. Parks, Zerina Kapetanovic, Benjamin Ransford, and Joshua R. Smith.
IEEE RFID. Best Paper nominee.
  paper conference
January ACCEPT: A Programmer-Guided Compiler Framework for Practical Approximate Computing.
Adrian Sampson, Andre Baixo, Benjamin Ransford, Thierry Moreau, Joshua Yip, Luis Ceze, and Mark Oskin.
Technical Report UW-CSE-15-01-01, Computer Science and Engineering, University of Washington.
  paper
2014
June
Nonvolatile Memory is a Broken Time Machine.
Benjamin Ransford and Brandon Lucia.
ACM SIGPLAN Workshop on Memory Systems Performance and Correctness.
  paper workshop
March Approximate Semantics for Networked Applications.
Benjamin Ransford, Adrian Sampson, and Luis Ceze.
Workshop on Approximate Computing Across the System Stack.
  paper workshop
2013
September
Current Events: Identifying Webpages by Tapping the Electrical Outlet.
Shane S. Clark, Hossen Mustafa, Benjamin Ransford, Jacob Sorber, Kevin Fu, and Wenyuan Xu.
Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS).
  paper conference abstract...
Computers plugged into power outlets leak identifiable information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing to an observer taking measurements at the power outlet. Using direct measurements of AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall. The classifier rejects samples of $441$ pages outside the corpus with a false-positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. When trained on power traces from two computers loading the same webpage, the classifier correctly labels further traces of that webpage from either computer. We identify several reasons for this consistently recognizable power consumption, including system calls, and propose countermeasures to limit the leakage of private information. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from an untrustworthy power infrastructure.
August WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices.
Shane S. Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, and Kevin Fu.
USENIX Workshop on Health Information Technologies.
  paper workshop abstract...
Embedded systems are ubiquitous, connect to networks, and increasingly use off-the-shelf operating systems vulnerable to malware. Yet, strict validation processes make it difficult or too costly to use anti-virus software or automated operating system updates in embedded systems such as medical devices. Our WattsUpDoc system uses a traditionally undesirable side channel of power consumption to enable run-time malware detection. Our measurements show that WattsUpDoc can detect previously known malware with at least 94% accuracy and previously unknown malware with at least 85% accuracy on the devices we tested. While the detection rates are similar to that of conventional malware-detection systems, WattsUpDoc requires no hardware or software modification or network communication.
January Transiently Powered Computers.
Benjamin Ransford.
Ph.D. thesis, University of Massachusetts Amherst .
  paper
BAT: Backscatter Anything-to-Tag Communication.
Andres Molina-Markham, Shane S. Clark, Benjamin Ransford, and Kevin Fu.
Chapter in Wirelessly Powered Sensor Networks and Computational RFID.
  paper book abstract...
Computational RFID prototypes are limited by networking abstractions that impose narrow preconceptions about topologies and applications. These prototypes support programmability and integrate a wide array of sensors, which open the door to more varied applications. Implementing these on constrained platforms will need primitives that seamlessly support communication among tags and also with other devices. While overlays on top of existing protocols are possible, they introduce inefficiency because of packet formats designed explicitly for the tag inventory paradigm. This paper presents BAT, a networked system designed from the ground up to enable non-supply-chain RFID applications while carefully considering the unique constraints under which these platforms operate.
Design Challenges for Secure Implantable Medical Devices.
Benjamin Ransford, Shane S. Clark, Denis Foo Kune, Kevin Fu, and Wayne P. Burleson.
Chapter in Security and Privacy for Implantable Medical Devices.
  paper book
2012
August
Potentia est Scientia: Security and Privacy Implications of Energy-Proportional Computing.
Shane S. Clark, Benjamin Ransford, and Kevin Fu.
Proceedings of the 7th USENIX Workshop on Hot Topics in Security (HotSec '12).
  paper workshop abstract...
The trend toward energy-proportional computing, in which power consumption scales closely with workload, is making computers increasingly vulnerable to information leakage via whole-system power analysis. Saving energy is an unqualified boon for computer operators, but this trend has produced an unintentional side effect: it is becoming easier to identify computing activities in power traces because idle-power reduction has lowered the effective noise floor. This paper offers preliminary evidence that the analysis of AC power traces can be both harmful to privacy and beneficial for malware detection, the latter of which may benefit embedded (e.g., medical) devices.
July Current Events: Identifying Webpages by Tapping the Electrical Outlet.
Shane S. Clark, Benjamin Ransford, Jacob Sorber, Wenyuan Xu, Erik Learned-Miller, and Kevin Fu.
Technical Report UM-CS-2011-030, Department of Computer Science, University of Massachusetts Amherst.
  paper
July Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance.
Daniel B. Kramer, Matthew Baker, Benjamin Ransford, Andres Molina-Markham, Quinn Stewart, Kevin Fu, and Matthew R. Reynolds.
PLoS ONE 7(7).
  paper
June Design Challenges for Secure Implantable Medical Devices.
Wayne P. Burleson, Shane S. Clark, Benjamin Ransford, and Kevin Fu.
Proceedings of the 49th Design Automation Conference (DAC '12). Invited paper.
  paper slides conference
2011
August
  They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices.
Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi, and Kevin Fu.
Proceedings of ACM SIGCOMM. Best Paper award.
  paper conference details
June Moo: A Batteryless Computational RFID and Sensing Platform.
Hong Zhang, Jeremy Gummeson, Benjamin Ransford, and Kevin Fu.
Technical Report UM-CS-2011-020, Department of Computer Science, University of Massachusetts Amherst.
  paper
March Mementos: System Support for Long-Running Computation on RFID-Scale Devices.
Benjamin Ransford, Jacob Sorber, and Kevin Fu.
Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '11).
  paper conference slides abstract...
Transiently powered computing devices such as RFID tags, kinetic energy harvesters, and smart cards typically rely on programs that complete a task under tight time constraints before energy starvation leads to complete loss of volatile memory. Mementos is a software system that transforms general-purpose programs into interruptible computations that are protected from frequent power losses by automatic, energy-aware state checkpointing. Mementos comprises a collection of optimization passes for the LLVM compiler infrastructure and a linkable library that exercises hardware support for energy measurement while managing state checkpoints stored in nonvolatile memory. We evaluate Mementos against diverse test cases in a trace-driven simulator of transiently powered RFID-scale devices. Although Mementos's energy checks increase run time when energy is plentiful, they allow Mementos to safely suspend execution when energy dwindles, effectively spreading computation across zero or more power failures. This paper's contributions are: a study of the runtime environment for programs on RFID-scale devices; an energy-aware state checkpointing system for these devices that is implemented for the MSP430 family of microcontrollers; and a trace-driven simulator of transiently powered RFID-scale devices.
2010
October
Mementos: System Support for Long-Running Computation on RFID-Scale Devices (Technical Report).
Benjamin Ransford, Jacob Sorber, and Kevin Fu.
Technical Report UM-CS-2010-060, Department of Computer Science, University of Massachusetts Amherst.
  paper
April A Rudimentary Bootloader for Computational RFIDs.
Benjamin Ransford.
Technical Report UM-CS-2010-061, Department of Computer Science, University of Massachusetts Amherst.
  paper
2009
October
Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones.
Sinjin Lee, Kevin Fu, Tadayoshi Kohno, Benjamin Ransford, and William H. Maisel.
Heart Rhythm Journal 6(10).
  paper abstract journal npr
August CCCP: Secure Remote Storage for Computational RFIDs.
Mastooreh Salajegheh, Shane S. Clark, Benjamin Ransford, Kevin Fu, and Ari Juels.
Proceedings of the 18th USENIX Security Symposium.
  paper conference new scientist abstract...
Passive RFID tags harvest their operating energy from an interrogating reader, but constant energy shortfalls severely limit their computational and storage capabilities. We propose Cryptographic Computational Continuation Passing (CCCP), a mechanism that amplifies programmable passive RFID tags' capabilities by exploiting an often overlooked, plentiful resource: low-power radio communication. While radio communication is more energy intensive than flash memory writes in many embedded devices, we show that the reverse is true for passive RFID tags. A tag can use CCCP to checkpoint its computational state to an untrusted reader using less energy than an equivalent flash write, thereby allowing it to devote a greater share of its energy to computation. Security is the major challenge in such remote checkpointing. Using scant and fleeting energy, a tag must enforce confidentiality, authenticity, integrity, and data freshness while communicating with potentially untrustworthy infrastructure. Our contribution synthesizes well-known cryptographic and low-power techniques with a novel flash memory storage strategy, resulting in a secure remote storage facility for an emerging class of devices. Our evaluation of CCCP consists of energy measurements of a prototype implementation on the batteryless, MSP430-based WISP platform. Our experiments show that---despite cryptographic overhead---remote checkpointing consumes less energy than checkpointing to flash for data sizes above roughly 64 bytes. CCCP enables secure and flexible remote storage that would otherwise outstrip batteryless RFID tags' resources.
2008
December
Getting Things Done on Computational RFIDs with Energy-Aware Checkpointing and Voltage-Aware Scheduling.
Benjamin Ransford, Shane S. Clark, Mastooreh Salajegheh, and Kevin Fu.
USENIX Workshop on Power Aware Computing and Systems (HotPower).
  paper ieee spectrum slides workshop
November Electromagnetic Interference (EMI) of Implanted Cardiac Devices by MP3 Player Headphones.
Sinjin Lee, Benjamin Ransford, Kevin Fu, Tadayoshi Kohno, and William H. Maisel.
Circulation 118(18 Supplement). Abstract 662, 2008 American Heart Association Annual Scientific Sessions.
abstract ap medgadget reuters us news world report video
May   Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses.
Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, and William H. Maisel.
Proceedings of the 29th Annual IEEE Symposium on Security and Privacy. Outstanding Paper award. Test of Time award (2019).
  paper boston globe details medgadget nytimes risks schneier slashdot wsj
Software
  • sllurp (GitHub), a Python implementation of the Low Level Reader Protocol (LLRP) for controlling RFID readers
  • Abbot, an XMPP personal assistant
  • Other useful tools on GitHub
Research Resources
Games
Alphabet game for kiddos.