I am a Ph.D. student at the University of Washington in the Allen School of Computer Science and Engineering and am a member of the Security and Privacy Lab where I am advised by Professor Tadayoshi Kohno. My research is focused on understanding computer security risks in emerging technologies like DNA synthesis and sequencing and on developing technologies to detect and measure cell phone surveillance. I am also fascinated by the intersection between technology, policy, and law and am a member of the UW Tech Policy Lab. Before arriving at UW, I obtained my bachelor's at the University of Wisconsin-Madison where I studied Computer Science, Molecular Biology, and Mathematics and researched the evolution of development in the Carroll Lab.
The rapid improvement in DNA sequencing has sparked a big data revolution in genomic sciences, which has in turn led to a proliferation of bioinformatics tools. To date, these tools have encountered little adversarial pressure. This paper evaluates the robustness of such tools if (or when) adversarial attacks manifest. We demonstrate, for the first time, the synthesis of DNA which — when sequenced and processed — gives an attacker arbitrary remote code execution. To study the feasibility of creating and synthesizing a DNA-based exploit, we performed our attack on a modified downstream sequencing utility with a deliberately introduced vulnerability. After sequencing, we observed information leakage in our data due to sample bleeding. While this phenomena is known to the sequencing community, we provide the first discussion of how this leakage channel could be used adversarially to inject data or reveal sensitive information. We then evaluate the general security hygiene of common DNA processing programs, and unfortunately, find concrete evidence of poor security practices used throughout the field. Informed by our experiments and results, we develop a broad framework and guidelines to safeguard security and privacy in DNA synthesis, sequencing, and processing.Project Page
Cell-site simulators are cell phone surveillance devices that are used around the world by governments and criminals. These powerful devices are capable of precisely locating phones, evesdroping on conversations, and sending spam or malware. However, our primary source of information about their use comes from journalists and anonymous leaks. To gain a better technical understanding of how often, when, and where cell-site simulators are used, we built and deployed SeaGlass, a city-wide cell-site simulator detection system. SeaGlass cellular sensors are designed to be robust, low-maintenance, and deployable in vehicles for long durations. The data they generate is used to learn a city's network properties to find anomalies consistent with cell-site simulators. We installed SeaGlass sensors into 15 ridesharing vehicles across two cities, collecting two months of data in each city. Using this data, we evaluated the system and show how SeaGlass can be used to detect portable cell-site simulators.