Consider the following scenario: while strolling across campus, you pop into Starbucks and pull out your smartphone to search for nearby restaurants.
While an everyday occurrence for many people, that scene presents a host of privacy- and security-related concerns. Computing advances such as wireless technology and cloud-based computing enable people to perform a range of Internet-enabled tasks from smartphones, but that convenience often comes with a cost — privacy.
Ming Li, an assistant professor of computer science and engineering, is researching ways to make mobile computing more secure. But unlike solutions geared toward helping consumers turn off invasive functions or avoid transmitting personal data online, Li is interested in developing technological innovations that maintain the convenience of mobile computing but with more privacy and security built in.
"This is kind of a dilemma," said Li, who joined the department this year. "On the one hand, you want the cloud to help you and on the other hand, you don't want to reveal your data to the cloud. So I think there are research challenges in this balance."
Li's work involves combining traditional cryptography technology with techniques from other computing fields to develop new ways to preserve privacy in mobile and cloud computing.
Safeguarding privacy with respect to location is of particular interest to Li. According to her, most consumers don't realize just how vulnerable their location data is. For example, iPhones record users' location histories by default, including specific addresses and visit frequency. In addition, any number of popular mobile applications make use of location data, whether it is to provide more relevant search results, coupons for nearby retailers or data for social networks.
Li wants to maintain the benefits of that location-based data without allowing service providers to link that location data to specific individuals. One strand of Li's research involves exploring ways to mask or convert location information before it is sent to a server, preventing it from being associated with any particular user.
Li is also interested in wireless security, and in particular the problem of identifying and preventing rogue access points from breaching secure wireless networks.
In a traditional seven-layer model of a network, Li is particular interested in security challenges at both the very bottom layers - the physical specifications that govern wireless access - and the very top layer, where users interface with software.
"Because there are more wireless technologies, there are more security threats so we need to pay more attention to the physical layer," said Li. "This is the same for the application layer, because currently we have more and more applications. Since we have more software, there are more vulnerabilities."
Li was hired as one member of a cluster hire in cyber security, a targeted effort by the University to expand faculty in growing research and education areas. Other cyber security hires have been made or will be made in political science and information systems. The new faculty will join existing faculty as members of the University's Cyber Security Center, which was launched in January 2014 to provide interdisciplinary expertise to industry.
The Cyber Security Center is also planning to launch a cyber security minor, which will initially focus on technical aspects of cyber security but will expand to include social and business aspects as additional courses are developed.