User Privacy, Mobile Security, Network Security, IoT Security and Cyber-physical Systems Security
Sashank Narain's primary research focus is on the implication of smartphone sensors like GPS, Wi-Fi, Camera, Microphones, Accelerometers, Gyroscopes and Magnetometers on User Privacy. These sensors are embedded in all modern smartphones. He studies how novel attacks can be designed and implemented that can exploit these sensors to infer sensitive information (e.g., passwords and locations) about billions of smartphone users worldwide. The focus is specifically on smartphone motion sensors (i.e., Accelerometers, Gyroscopes, and Magnetometers) as modern mobile Operating Systems like Android and iOS do not consider them to be invasive to user privacy. As such, all apps installed on these smartphones have free access to these sensors. Meanwhile, the user currently has no means of knowing about such accesses. In a way, these sensors can be thought of as stealthy spying devices that billions of users carry with them everywhere they go, every single day. In addition to the primary research focus described above, Sashank is also involved in other domains of cybersecurity such as Wireless, Network, IoT and Cyber-physical Systems security. He is very interested in designing and implementing systems to enhance the security and privacy protections of smart devices. For example, he is actively involved in the design and implementation of robust frameworks and libraries to detect privacy breaches on Android devices arising from access to sensitive resources like GPS, Wi-Fi, Bluetooth, BLE, cellular, Camera, Microphones, and motion sensors. Current protections in Android do not suffice in protecting user privacy, and his research seeks to boost those existing protections. The long-term goal is to extend the frameworks to drones and other smart devices like vacuum cleaners, refrigerators, etc. Such devices are ubiquitous and will constitute a large percentage of devices in typical homes in the near future. As such, they can have significant privacy impact which Sashank is pro-actively trying to mitigate. Sashank's other ongoing research works aim at mitigating traditional wireless, network and systemic threats plaguing billions of smart devices worldwide. For example, one project aims at analyzing various Contact Tracing protocols for security and privacy vulnerabilities such as those that arise due to fundamental problems in wireless technologies like Bluetooth Classic and BLE and also those that arise due to mis-configured or mis-understood network protocol design. Another project focuses on systems that can be implemented to detect and mitigate GPS spoofing attacks, while another focuses on designing and implementation of systems to protect Android developers and users from traditional attacks (e.g., Clickfraud and Clickjacking) that have plagued modern mobile devices. Such attacks have been known to impact developers and users worldwide costing them billions of dollars every year.