Research Overview

  • Differentially Private Access Patterns in Secure Computation [C6]:
    In this project, we explored a new security model for secure computation on large datasets and establish a new tradeoff between privacy and efficiency in secure computation by defining a security model in which the adversary is provided some leakage that is proven to preserve differential privacy. We showed that this leakage allows us to construct a more efficient protocol for a broad class of computations: those that can be computed in graph-parallel frameworks such as MapReduce. We then evaluated the impact of our relaxation by comparing the performance of our protocol with the best prior implementation of secure computation for graph-parallel frameworks. Our work demonstrates that differentially private leakage is useful, in that it provides opportunity for more efficient protocols. The protocol we present has broad applicability, but we leave open the very interesting question of determining, more precisely, for which class of computations this leakage might be helpful.
  • Security analysis on In-Vehicle Infotainment System (IVI) and Smartphone App Platform [C5]:
    This project aims to provide a comprehensive analysis on security of modern automobiles. Current automotive architectures are commonly designed with concentration on safety requirements and cost issues and less attention paid to the security aspect of the design, making them highly vulnerable to potential exploits. In particular, we are focused on infotainment systems that are specifically designed to enhance driver and passenger experience and they offer integration of portable devices such as smart phones or media players into the car’s head unit. Since infotainment system is a member of car’s internal communication network, the breach of privacy in that is equal to get the direct access to other crucial parts of the vehicle. We performed a comprehensive security analysis on an IVI system that is included in at least one 2015 model vehicle from a major automotive manufacturer. We documented and demonstrated insecurities in the MirrorLink protocol and IVI implementation that could potentially enable an attacker with control of a driver’s smartphone to send malicious messages on the vehicle’s internal network. This work was funded by General Motors and DHS.
  • Key Managment Framework for Homogenous Mobile and Static Wireless Sensor Networks, [C2], [C3], [C4]
  • Chaos-based Image Encryption, [J1], [C1]:
    During my research on employing chaotic systems in image encryption, I have proposed two novel image cryptosystems designed for color images that are based on chaotic sys- tems. One of them is using my proposed Coupled Nonlinear Chaotic Map for symmetric image encryption and the other one is using three chaotic systems to improve the secu- rity and increase the complexity of the designed cryptosystem. The results of several experiments demonstrate the satisfactory security and efficiency of the proposed image encryption schemes for color image encryption and transmission compared with the state of the art chaos based image cryptosystems.

Publications

Journal Papers

  • J1. Sahar Mazloom, Amir Masoud Eftekhari-Moghadam, "Color image encryption based on Coupled Nonlinear Chaotic Map", Journal of Chaos, Solitons & Fractals, Elsevier, vol. 42, Issue. 3, pp. 1745-1754, 2009.

Conference Papers

  • C6. Sahar Mazloom, S. Dov Gordon,"Differentially Private Access Patterns in Secure Computation," 25th ACM Conference on Computer and Communications Security (CCS) Toronto, Canada, October 2018.

  • C5. Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, Damon McCoy, "A Security Analysis of an In Vehicle Infotainment and App Platform," in 10th USENIX Workshop on Offensive Technologies (WOOT) , Austin, TX, USA, Aug 2016.
    Media: NYU, Dark Reading, Science Daily, Security Ledger, Green Car Congress, Stem Rules

  • C4. Mohammad Rezaeirad, Sahar Mazloom, Mahdi Orooji, Dmitri Perkins, Magdy Bayoumi,"A cluster-based key management framework for resource constraint networks," in 15th IEEE International Conference on Information Reuse and Integration (IRI), San Francisco, CA, USA, Aug 2014.

  • C3. Mohammad Rezaeirad, Sahar Mazloom, Muhammad Aamir Iqbal, Dmitri Perkins, Magdy Bayoumi, "Investigating the feasibility of LEAP+ in ZigBee specification," in 15th IEEE International Conference on Information Reuse and Integration (IRI), San Francisco, CA, USA, Aug 2014.

  • C2. Mohammad Rezaeirad, Mahdi Orooji, Sahar Mazloom, Dmitri Perkins, Magdy Bayoumi, "A novel clustering paradigm for key pre-distribution: Toward a better security in homogenous WSNs," in Proc. IEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, NV, USA, Jan 2013.

  • C1. Sahar Mazloom, Amir Masoud Eftekhari-Moghadam, "Color image cryptosystem using chaotic maps", in Proc. IEEE Symposium on Computational Intelligence for Multimedia, Signal and Vision Processing (CIMSIVP), Paris, France, April 2011.

Skills & Tools

  • Programming Languages & Libraries: C/C++, Python, JAVA, x86 Assembly, MIPS Assembly, MapReduce, GraphLab, HIPI
  • Operating Systems: Linux, OSX, Windows
  • Reverse Engineering: IDA-Pro, PE Explorer’s disassembler, OllyDbg, DDMS, WifiADB, Bytecode/Sourcecode Visualizer, Dependency Walker, Heap Walker, Immunity Debugger, ChopShop, Calamine, Cuckoo Sandbox, JEB, APKtool, Smali/baksmali, APKManager, androguard, JReversePro, Dex2jar
  • Penetration Testing: Scapy, Metasploit, Nessus, Wireshark, Nmap, Kismet
  • Internet Technologies: Amazon AWS, Hadoop, familiar with Cloudera, OpenStack, GreenPlum, Apache Spark

Inspiring Courses