I'm an engineer at Stripe.
Before that, I co-founded the first medical device security company, …
Before that, I was a postdoc at the University of Washington, …
Before that, I was a Ph.D. student in computer science at UMass Amherst …
Before that, I worked at D. E. Shaw & Co., L.P., bootstrapped several unsuccessful but deeply educational small companies (a speech-applications engine, a niche search engine), and helped build a local ISP on a shoestring budget. I've also consulted on threat modeling, cryptographic protocols, regulatory compliance, ultra wideband communications, and RFID.
I'm the proud
adoptive parent of ſ, the Unicode character U+017F
Latin small letter long s
.
Publications
Generated from my BibTeX file with bibble; most recent first. Also see my Google Scholar profile.
2017
June |
Cybersecurity and medical devices: A Practical guide for cardiac electrophysiologists.
Pacing and Clinical Electrophysiology. paper |
March |
Powering the Next Billion Devices with Wi-Fi.
Communications of the ACM 60(3). paper journal |
2016
April |
Noninvasive Postmarket Security Monitoring for Medical Devices.
Design of Medical Devices. paper poster |
2015
December |
Powering the Next Billion Devices with Wi-Fi.
ACM CoNEXT. Best Paper nominee; Popular Science Best of What's New 2015 Winner. paper conference bbc popsci techreview wired |
October |
SAP: an Architecture for Selectively Approximate Wireless Communication.
arXiv:1510.03955 [cs.NI]. paper |
July |
Detecting Anomalous Behavior in Infusion Pumps from the AC Power Line.
White paper. paper |
June |
A Simpler, Safer Programming and Execution Model for Intermittent Systems.
36th annual ACM SIGPLAN conference on Programming Language Design and Implementation (PLDI). paper conference |
May |
Powering the Next Billion Devices with Wi-Fi.
arXiv:1505.06815 [cs.NI]. paper |
April |
WISPCam: A Battery-Free RFID Camera.
IEEE RFID. Best Paper nominee. paper conference |
January |
ACCEPT: A Programmer-Guided Compiler Framework for Practical Approximate Computing.
Technical Report UW-CSE-15-01-01, Computer Science and Engineering, University of Washington. paper |
2014
June |
Nonvolatile Memory is a Broken Time Machine.
ACM SIGPLAN Workshop on Memory Systems Performance and Correctness. paper workshop |
March |
Approximate Semantics for Networked Applications.
Workshop on Approximate Computing Across the System Stack. paper workshop |
2013
September |
Current Events: Identifying Webpages by Tapping the Electrical Outlet.
Proceedings of the 18th European Symposium on Research in Computer Security (ESORICS). paper conference abstract...
Computers plugged into power outlets leak identifiable information by drawing variable amounts of power when performing different tasks. This work examines the extent to which this side channel leaks private information about web browsing to an observer taking measurements at the power outlet. Using direct measurements of AC power consumption with an instrumented outlet, we construct a classifier that correctly identifies unlabeled power traces of webpage activity from a set of 51 candidates with 99% precision and 99% recall. The classifier rejects samples of $441$ pages outside the corpus with a false-positive rate of less than 2%. It is also robust to a number of variations in webpage loading conditions, including encryption. When trained on power traces from two computers loading the same webpage, the classifier correctly labels further traces of that webpage from either computer. We identify several reasons for this consistently recognizable power consumption, including system calls, and propose countermeasures to limit the leakage of private information. Characterizing the AC power side channel may help lead to practical countermeasures that protect user privacy from an untrustworthy power infrastructure.
|
August |
WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices.
USENIX Workshop on Health Information Technologies. paper workshop abstract...
Embedded systems are ubiquitous, connect to networks, and increasingly use off-the-shelf operating systems vulnerable to malware. Yet, strict validation processes make it difficult or too costly to use anti-virus software or automated operating system updates in embedded systems such as medical devices. Our WattsUpDoc system uses a traditionally undesirable side channel of power consumption to enable run-time malware detection. Our measurements show that WattsUpDoc can detect previously known malware with at least 94% accuracy and previously unknown malware with at least 85% accuracy on the devices we tested. While the detection rates are similar to that of conventional malware-detection systems, WattsUpDoc requires no hardware or software modification or network communication.
|
January |
Transiently Powered Computers.
Ph.D. thesis, University of Massachusetts Amherst . paper |
BAT: Backscatter Anything-to-Tag Communication.
Chapter in Wirelessly Powered Sensor Networks and Computational RFID. paper book abstract...
Computational RFID prototypes are limited by networking abstractions that impose narrow preconceptions about topologies and applications. These prototypes support programmability and integrate a wide array of sensors, which open the door to more varied applications. Implementing these on constrained platforms will need primitives that seamlessly support communication among tags and also with other devices. While overlays on top of existing protocols are possible, they introduce inefficiency because of packet formats designed explicitly for the tag inventory paradigm. This paper presents BAT, a networked system designed from the ground up to enable non-supply-chain RFID applications while carefully considering the unique constraints under which these platforms operate.
|
|
Design Challenges for Secure Implantable Medical Devices.
Chapter in Security and Privacy for Implantable Medical Devices. paper book |
|
2012
August |
Potentia est Scientia: Security and Privacy Implications of Energy-Proportional Computing.
Proceedings of the 7th USENIX Workshop on Hot Topics in Security (HotSec '12). paper workshop abstract...
The trend toward energy-proportional computing, in which power consumption scales closely with workload, is making computers increasingly vulnerable to information leakage via whole-system power analysis. Saving energy is an unqualified boon for computer operators, but this trend has produced an unintentional side effect: it is becoming easier to identify computing activities in power traces because idle-power reduction has lowered the effective noise floor. This paper offers preliminary evidence that the analysis of AC power traces can be both harmful to privacy and beneficial for malware detection, the latter of which may benefit embedded (e.g., medical) devices.
|
July |
Current Events: Identifying Webpages by Tapping the Electrical Outlet.
Technical Report UM-CS-2011-030, Department of Computer Science, University of Massachusetts Amherst. paper |
July |
Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance.
PLoS ONE 7(7). paper |
June |
Design Challenges for Secure Implantable Medical Devices.
Proceedings of the 49th Design Automation Conference (DAC '12). Invited paper. paper slides conference |
2011
August |
They Can Hear Your Heartbeats: Non-Invasive Security for Implanted Medical Devices.
Proceedings of ACM SIGCOMM. Best Paper award. paper conference details |
June |
Moo: A Batteryless Computational RFID and Sensing Platform.
Technical Report UM-CS-2011-020, Department of Computer Science, University of Massachusetts Amherst. paper |
March |
Mementos: System Support for Long-Running Computation on RFID-Scale Devices.
Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '11). paper conference slides abstract...
Transiently powered computing devices such as RFID tags, kinetic energy harvesters, and smart cards typically rely on programs that complete a task under tight time constraints before energy starvation leads to complete loss of volatile memory. Mementos is a software system that transforms general-purpose programs into interruptible computations that are protected from frequent power losses by automatic, energy-aware state checkpointing. Mementos comprises a collection of optimization passes for the LLVM compiler infrastructure and a linkable library that exercises hardware support for energy measurement while managing state checkpoints stored in nonvolatile memory. We evaluate Mementos against diverse test cases in a trace-driven simulator of transiently powered RFID-scale devices. Although Mementos's energy checks increase run time when energy is plentiful, they allow Mementos to safely suspend execution when energy dwindles, effectively spreading computation across zero or more power failures. This paper's contributions are: a study of the runtime environment for programs on RFID-scale devices; an energy-aware state checkpointing system for these devices that is implemented for the MSP430 family of microcontrollers; and a trace-driven simulator of transiently powered RFID-scale devices.
|
2010
October |
Mementos: System Support for Long-Running Computation on RFID-Scale Devices (Technical Report).
Technical Report UM-CS-2010-060, Department of Computer Science, University of Massachusetts Amherst. paper |
April |
A Rudimentary Bootloader for Computational RFIDs.
Technical Report UM-CS-2010-061, Department of Computer Science, University of Massachusetts Amherst. paper |
2009
October |
Clinically Significant Magnetic Interference of Implanted Cardiac Devices by Portable Headphones.
Heart Rhythm Journal 6(10). paper abstract journal npr |
August |
CCCP: Secure Remote Storage for Computational RFIDs.
Proceedings of the 18th USENIX Security Symposium. paper conference new scientist abstract...
Passive RFID tags harvest their operating energy from an interrogating reader, but constant energy shortfalls severely limit their computational and storage capabilities. We propose Cryptographic Computational Continuation Passing (CCCP), a mechanism that amplifies programmable passive RFID tags' capabilities by exploiting an often overlooked, plentiful resource: low-power radio communication. While radio communication is more energy intensive than flash memory writes in many embedded devices, we show that the reverse is true for passive RFID tags. A tag can use CCCP to checkpoint its computational state to an untrusted reader using less energy than an equivalent flash write, thereby allowing it to devote a greater share of its energy to computation. Security is the major challenge in such remote checkpointing. Using scant and fleeting energy, a tag must enforce confidentiality, authenticity, integrity, and data freshness while communicating with potentially untrustworthy infrastructure. Our contribution synthesizes well-known cryptographic and low-power techniques with a novel flash memory storage strategy, resulting in a secure remote storage facility for an emerging class of devices. Our evaluation of CCCP consists of energy measurements of a prototype implementation on the batteryless, MSP430-based WISP platform. Our experiments show that---despite cryptographic overhead---remote checkpointing consumes less energy than checkpointing to flash for data sizes above roughly 64 bytes. CCCP enables secure and flexible remote storage that would otherwise outstrip batteryless RFID tags' resources.
|
2008
December |
Getting Things Done on Computational RFIDs with Energy-Aware Checkpointing and Voltage-Aware Scheduling.
USENIX Workshop on Power Aware Computing and Systems (HotPower). paper ieee spectrum slides workshop |
November |
Electromagnetic Interference (EMI) of Implanted Cardiac Devices by MP3 Player Headphones.
Circulation 118(18 Supplement). Abstract 662, 2008 American Heart Association Annual Scientific Sessions. abstract ap medgadget reuters us news world report video |
May |
Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses.
Proceedings of the 29th Annual IEEE Symposium on Security and Privacy. Outstanding Paper award. Test of Time award (2019). paper boston globe details medgadget nytimes risks schneier slashdot wsj |
Software
Research Resources
- A pdfLaTeX Makefile that understands version control and distills nice PDFs.
- OmniGraffle tools for computer science with Daniel Halperin.