Kassem Fawaz has a photo of himself as a 1- or 2-year-old playing with a keyboard; not surprisingly, as a kid, he loved spending time on his family’s computer and as a high school student, he dabbled in computer programming.
He says it was only logical to enter the computer engineering program as an undergraduate student at the American University of Beirut, where he did research on web system change detection and vehicular networks. Now, after earning his PhD at the University of Michigan and studying the problems related to location privacy and user security, he joined the Department of Electrical and Computer Engineering as an assistant professor in fall 2017.
He’s focused on bringing security and privacy protection to users interacting with their personal devices.
“Our smartphones are always collecting data about us,” he says. “Our apps know where we live, where we work, where we eat, and our religious places of significance. All of this data is bought and sold and used to draw inferences about us. It’s really frightening.”
In other words, nothing is free. Not even “free” apps.
Fawaz says that one way to protect your privacy is to not use a smartphone—but these days, that’s not necessarily a realistic solution. That’s why some of his research is focused on ways to better protect smartphone users without compromising the usability of their apps.
Branching out from the location privacy issues associated with smartphones, he also explores how we can secure the interactions between users and their Bluetooth devices—things like smart appliances, fitness tracking devices, and a range of health monitoring devices. The average person interacts with up to 10 devices per day, all of which are constantly collecting data and are easy to access.
Bluetooth devices work by periodically sending wireless beacons. Anybody can scan for these wireless beacons and find your devices—even very personal devices as pacemakers or blood glucose monitors. To keep those devices secure, Fawaz designed a system to jam their signals so that others cannot scan for them or gain access to them.
Fawaz also seeks to improve the security of voice interfaces—think Siri or the Amazon Echo—with voice authentication technology. Because voice is currently an open channel, it’s easy to gain unauthorized access to voice-activated devices. “Anybody can talk to your phone,” says Fawaz. “Anybody can say, ‘Hey, Siri.’ In fact, I was able to imitate my sister’s voice after three tries and gain access to her phone. And if I hadn’t been able to imitate her voice, I could have just recorded it and played it back.”
Voice authentication technology takes advantage of the phone’s accelerometer. Currently, these accelerometers take 200 measurements per second to determine how quickly we accelerate. But if they took 12,000 measurements per second, they could measure the vibrations of a person’s voice, making it harder to imitate and, therefore, increasing the security of voice-controlled devices.
Another aspect of Fawaz’s research centers around privacy policy analysis. Because most people—Fawaz included—do not read privacy policies, he is developing a Q&A interface, or chat bot (like Siri), to automatically answer users’ questions about those policies. For example, users can ask the chat bot, “Does this app share my location?” or “Will this app share my information with third parties?”
Fawaz is most interested in developing systems that people can actually use. “I develop security and privacy systems that help people protect themselves,” he says. “Everything has to have the person—the user—in mind. If we don’t develop systems with the users in mind, then we’re not really protecting them.”