Email: ajnicholson # gmail.com Voice: +1 312 929 8107 Post: Google, Inc. 20 West Kinzie St. Chicago IL 60610 USA

Research

Publications

There are many situations in which an additional network interface---or two---can provide benefits to a mobile user. Additional interfaces can support parallelism in network flows, improve handoff times, and provide sideband communication with nearby peers. Unfortunately, such benefits are outweighed by the added costs of an additional physical interface. Instead, virtual interfaces have been proposed as the solution, multiplexing a single physical interface across more than one communication endpoint. However, the switching time of existing implementations is too high for some potential applications, and the benefits of this approach to real applications are not yet clear. This paper directly addresses these two shortcomings. It describes an implementation of a virtual 802.11 networking layer, called Juggler, that achieves switching times of approximately 3 ms, and less than 400 us in certain conditions. We demonstrate the performance of this implementation on three application scenarios. By devoting 10% of the duty cycle to background tasks, Juggler can provide nearly instantaneous handoff between base stations or support a modest sideband channel with peer nodes, without adversely affecting foreground throughput. Furthermore, when the client issues concurrent network flows, Juggler is able to assign these flows across more than one AP, providing significant speedup when wired-side bandwidth from the AP constrains end-to-end performance.

As mobile devices continue to shrink, users are no longer merely nomads, but truly mobile, employing devices on the move. At the same time, these users no longer rely on a single managed network, but exploit a wide variety of connectivity options as they spend their day. Together, these trends argue that systems must consider the derivative of connectivity ---the changes inherent in movement between separately managed networks, with widely varying capabilities.

To manage the derivative of connectivity, we exploit the fact that people are creatures of habit; they take similar paths every day. Our system, BreadCrumbs, tracks the movement of the devices owner, and customizes a predictive mobility model for that specific user. Rather than rely on a synthetic model or aggregate observations, this custom-tailored model can be used together with past observations of wireless network capabilities to generate connectivity forecasts. Applications can in turn use these forecasts to plan future network use with confidence. We have built a BreadCrumbs prototype, and evaluated it with several weeks of real-world usage. Our results show that these forecasts are sufficiently accurate, even with as little as one week of training, to provide improved performance with reduced power consumption for several applications.

This paper presents Virgil, an automatic access point discovery and selection system. Unlike existing systems that select access points based entirely on received signal strength, Virgil scans for all available APs at a location, quickly associates to each, and runs a battery of tests to estimate the quality of AP's connection to the Internet. Virgil also probes for blocked or redirected ports, to guide AP selection in favor of preserving application services that are currently in use. Results of our evaluation across five neighborhoods in three cities show Virgil finds a usable connection from 22% to 100% more often than selecting based on signal strength alone. By caching AP test results, Virgil both improves performance and success rate. Our overhead is acceptable and is shown to be faster than manually selecting an AP with Windows XP.

People increasingly depend on the digital world to communicate with one another, but such communication is rarely secure. Users typically have no common administrative control to provide mutual authentication, and sales of certified public keys to individuals have made few inroads. The only remaining mechanism is key exchange. Because they are not authenticated, users must verify the exchanged keys through some out-of-band mechanism. Unfortunately, users appear willing to accept any key at face value, leaving communication vulnerable. This paper describes LoKey, a system that leverages the Short Message Service (SMS) to verify keys on users' behalf. SMS messages are small, expensive, and slow, but they utilize a closed network, between devices---phones---that are nearly ubiquitous and authenticate with the network operator. Our evaluation shows LoKey can establish and verify a shared key in approximately 30 seconds, provided only that one correspondent knows the other's phone number. By verifying keys asynchronously, two example applications---an instant messaging client and a secure email service---can provide assurances of message privacy, integrity, and source authentication while requiring only that users know the phone number of their correspondent.

Despite years of research on security and cryptography, the vast majority of Internet communications are still unencrypted. We argue the blame lies not with users but with the tools they have available to them. Securing a communication channel with encryption is easy---the hard part is distributing keys in the first place. Current solutions rely ultimately on user actions---verification of encryption keys by inspecting either fingerprints or certificates.

Instead, we present a model in which keys are established insecurely and automatically confirmed by exchanging cryptographic hashes of the key. To thwart an active attacker, hashes must travel over some path the attacker does not control. To do so, we exploit users' everyday mobility, plus the capabilities of an overlay network, to resend hashes from diverse access points. Initial simulation and field results support our claim that this generates routes sufficiently diverse to foil all but the most powerful attackers, without requiring explicit action on the part of users.

Mobile devices are vulnerable to theft and loss due to their small size and the characteristics of their common usage environment. Since they allow users to work while away from their desk, they are most useful in public locations and while traveling. Unfortunately, this is also where they are most at risk. Existing schemes for securing data either do not protect the device after it is stolen or require bothersome reauthentication. Transient Authentication lifts the burden of authentication from the user by use of a wearable token that constantly attests to the user's presence. When the user departs, the token and device lose contact and the device secures itself. We show how to leverage this authentication framework to secure all the memory and storage locations on a device into which secrets may creep. Our evaluation shows this is done without inconveniencing the user, while imposing a minimal performance overhead.

Teaching

Personal