The 2013 revelations about government surveillance sparked an intellectual fire in Hans Hanley, who knew coming into his first year at Princeton that he was interested in cybersecurity.
What he didn’t know is that before his graduation in June 2018, he would find himself at the cutting edge of online privacy. Working with Prateek Mittal, Hanley identified a new method for improving security within the Tor browser, which is designed to provide anonym¬≠ity to users. His approach essentially creates a layer of digital noise that strengthens the protections offered by Tor while obscuring any information leaks from the defense mecha¬≠nisms themselves.
“Everything you do online, every ad you hover over, every video you watch is recorded,” he said. “It’s worrying on a personal level, sure, but on a large-scale level too.”
Mittal, an assistant professor of electrical engineering, focuses much of his research on protecting digital privacy. In recent work, his team and colleagues have identified a method by which someone could track a mobile phone even when the user has turned off the phone’s Global Positioning System (GPS). The method uses a series of algorithms that process infor¬≠mation such as a phone’s IP address and time zone, along with data from its sensors. Among other information, phone sensors collect com¬≠pass details from a gyroscope, air pressure readings from a barometer, and accelerometer data. The researchers found the system could be virtually undetectable on a phone.
In another project, with undergraduate Henry Birge-Lee, Mittal’s team found vulner¬≠abilities in the system that provides the digital certificates that ensure website authenticity (See story, page 12). By spoofing the system, someone could trick users into sharing sensi¬≠tive information. The researchers identified a new and harder-to-detect form of this subter¬≠fuge – and then they unveiled new counter¬≠measures to protect against it.
In a series of other projects, Mittal and his colleagues have recommended tools and strategies to improve Tor’s ability to protect the anonymity of users and defend against attackers. They include ways to make Tor harder to attack and quicker to detect attacks when they occur.
Mittal emphasized that in the rush for convenience, it is important not to overlook privacy. Computers have opened new worlds, he said, but it is critical that we do not lose what Supreme Court Justice Louis Brandeis called “the right to be let alone.”
“With careful system design and engineer¬≠ing, it’s possible to balance privacy and conve¬≠nience,” he said.