Skip to Main Content

Sashank Narain

Narain-Sashank-800
Sashank Narain, PhD Assistant Professor

Research Interests

User Privacy, Mobile Security, Network Security, IoT Security and Cyber-physical Systems Security

Sashank Narain's primary research focus is on the implication of smartphone sensors like GPS, Wi-Fi, Camera, Microphones, Accelerometers, Gyroscopes and Magnetometers on User Privacy. These sensors are embedded in all modern smartphones. He studies how novel attacks can be designed and implemented that can exploit these sensors to infer sensitive information (e.g., passwords and locations) about billions of smartphone users worldwide. The focus is specifically on smartphone motion sensors (i.e., Accelerometers, Gyroscopes, and Magnetometers) as modern mobile Operating Systems like Android and iOS do not consider them to be invasive to user privacy. As such, all apps installed on these smartphones have free access to these sensors. Meanwhile, the user currently has no means of knowing about such accesses. In a way, these sensors can be thought of as stealthy spying devices that billions of users carry with them everywhere they go, every single day. In addition to the primary research focus described above, Sashank is also involved in other domains of cybersecurity such as Wireless, Network, IoT and Cyber-physical Systems security. He is very interested in designing and implementing systems to enhance the security and privacy protections of smart devices. For example, he is actively involved in the design and implementation of robust frameworks and libraries to detect privacy breaches on Android devices arising from access to sensitive resources like GPS, Wi-Fi, Bluetooth, BLE, cellular, Camera, Microphones, and motion sensors. Current protections in Android do not suffice in protecting user privacy, and his research seeks to boost those existing protections. The long-term goal is to extend the frameworks to drones and other smart devices like vacuum cleaners, refrigerators, etc. Such devices are ubiquitous and will constitute a large percentage of devices in typical homes in the near future. As such, they can have significant privacy impact which Sashank is pro-actively trying to mitigate. Sashank's other ongoing research works aim at mitigating traditional wireless, network and systemic threats plaguing billions of smart devices worldwide. For example, one project aims at analyzing various Contact Tracing protocols for security and privacy vulnerabilities such as those that arise due to fundamental problems in wireless technologies like Bluetooth Classic and BLE and also those that arise due to mis-configured or mis-understood network protocol design. Another project focuses on systems that can be implemented to detect and mitigate GPS spoofing attacks, while another focuses on designing and implementation of systems to protect Android developers and users from traditional attacks (e.g., Clickfraud and Clickjacking) that have plagued modern mobile devices. Such attacks have been known to impact developers and users worldwide costing them billions of dollars every year.

Education

  • Ph D: Information Assurance, (2018), Northeastern University - Boston
    Supporting Area: User Privacy, Mobile Security, Side-Channel Attacks, Network Security
    Dissertation/Thesis Title: Sensor Side-Channel Attacks on User Privacy: Analysis and Mitigation
  • MS: Information Assurance, (2012), Northeastern University - Boston
  • BS: Information Technology, (2007), University of Mumbai - India

Selected Publications

  • Stute, M., Narain, S., Mariotto, A., Heinrich, A., Kreitschmann, D., Noubir, G., Hollick, M. (2019). A billion open interfaces for Eve and Mallory: MitM, DoS, and tracking attacks on iOS and macOS through Apple Wireless Direct Link.
  • Narain, S., Noubir, G. (2019). Mitigating Location Privacy Attacks on Mobile Devices using Dynamic App Sandboxing.
  • Narain, S., Ranganathan, A., Noubir, G. (2019). Security of GPS/INS based On-road Location Tracking Systems.
  • Narain, S. (2018). Sensor Side-Channel Attacks on User Privacy: Analysis and Mitigation. Northeastern University, Boston
  • Block, K., Narain, S., Noubir, G. (2017). An autonomic and permissionless android covert channel.
  • Narain, S., Vo-Huu, T.D., Block, K., Noubir, G. (2017). The Perils of User Tracking using Zero-Permission Mobile Apps.
  • Narain, S., Vo-Huu, T.D., Block, K., Noubir, G. (2016). Inferring User Routes and Locations using Zero-Permission Mobile Sensors.
  • Narain, S., Sanatinia, A., Noubir, G. (2014). Poster: Single-stroke Language-Agnostic Keylogging using Stereo-Microphones and Domain Specific Machine Learning.
  • Sanatinia, A., Narain, S., Noubir, G. (2014). Poster: WiFi AP Infection Spread.
  • Narain, S., Sanatinia, A., Noubir, G. (2014). Single-stroke language-agnostic keylogging using stereo-microphones and domain specific machine learning.
  • Sanatinia, A., Narain, S., Noubir, G. (2013). Poster: WiFi AP Infection Spread.
  • Sanatinia, A., Narain, S., Noubir, G. (2013). Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study.

Research Currently in Progress

  • Analysis and Mitigation of Privacy Breaches arising from Android Ad Libraries
    Narain, S. (Co-Investigator) (University of Massachusetts Lowell)
  • Effects of Privacy Laws (GDPR and CCPA) on Android App Privacy Practices
    Narain, S. (Co-Investigator) (University of Massachusetts Lowell)
  • Security and Privacy Analysis of Contact Tracing Protocols
    Narain, S. (Co-Investigator) (University of Massachusetts Lowell)
  • System and Apparatus for Detecting Copycat Apps in Google Play Store
    Narain, S. (Co-Investigator) (University of Massachusetts Lowell)
  • System for On-device Detection of Clickfraud attacks on Mobile Devices
    Narain, S. (Co-Investigator) (University of Massachusetts Lowell)