Our research group has been developing data-driven approaches to security and privacy, with a focus on applying machine learning to Internet-based attacks. The group has developed technology that was the basis for many breakthrough innovations in Internet security and privacy, including:
Our research has resulted in transition to practice, through startup companies, integration into existing products, collaborations with industry through joint intellectual property agreements, and advisories to regulatory and other government agencies (e.g., the Federal Trade Commission).
Recently, we have been applying machine learning to detect outliers and anomalies in smart home Internet of Things (IoT) traffic, and applying machine learning to automatically learn normal (and outlier) behavior of IoT traffic, with applications to smart homes, smart cities, and smart infrastructure.
We are also performing research in the area of DNS privacy, designing protocols and systems to improve the privacy properties of DNS.
The Internet Of Things (IoT) market is predicted to grow at $520B in valuation by 2021, more than double the $235B spent in 2017, according to Forbes. The increasing popularity of these "smart" IoT consumer devices raises many interesting research questions. We have replicated a residential broadband Internet network inside an experimental laboratory to study security, privacy, and network performance. By hosting several IoT devices (powered by CableLabs), we provide a unique opportunity for you to experiment with new and existing datasets, apply data science and machine learning techniques to uncover new insights and valuable information, or build your new application or research project.
The Internet of Things (IoT) lab at the Center for Data and Computing at the University of Chicago is a unique resource that allows us to explore the security and privacy behaviors of a wide variety of devices. For example, some of our recent work has explored the tracking behavior of Smart TVs.
DNS reveals information that an Internet user may want to keep private, such as websites, user identifiers, MAC addresses, and IP subnets. This information can be visible to a third party or even between a recursive resolver and an authoritative server. Yet, even existing solutions such as DNS Query Name Minimization, DNS-over-HTTPS (DoH), and DNS-over-TLS (DoT) do not completely protect Specifically, prevent DNS operators from learning information which domains specific users are interested in. We are developing various technologies that work in conjunction with encrypted DNS solutions to further protect user privacy in these settings.
Distributed DNS (DDNS) revisit the trend towards centralized DNS and explores re-decentralizing the DNS such that clients might use multiple DNS resolvers when resolving domain names. We propose and evaluate several candidate decentralized architectures, laying the groundwork for future research to explore decentralized, encrypted DNS architectures that strike a balance between privacy and performance.
Oblivious DNS (ODNS) aims to protect user privacy against a powerful adversary that has the capabilities to: 1) eavesdrop on communications between clients and recursive resolvers, and between recursive resolvers and authoritative name servers, 2) request data (via subpoena/warrant) from any number of DNS operators, 3) maliciously access data at any DNS server.