Computer Laboratory

Kieron Ivy's Dissertation Project Ideas

Technology-Enabled Domestic Abuse ("Tech-abuse")

  • Online forums - either using CrimeBB / Other CCC Datasets or collecting own data for a project:
    • Analysis of online forum discussion about how to execute tech-abuse. Can broaden existing work looking at infidelity forums to get a wider range of opinions; existing paper on this to guide methodology if desired.
    • Analysis of escalation/deescalation of abuse discussions on online forums. It is suggested in prior research that most discussions help people be more abusive, so we can attempt to measure these discussions, or look into ways to deescalate abuse discussions with bots etc.

  • Emergency Safety - the most dangerous phase of an abusive relationship is when the victim/survivor attempts to leave. Additional safety tools during this time would be of great benefit, such as:
    • Tools for preventing remote access to the devices or accounts, or which help users to lock down their device, similar to iOS lockdown mode.
    • Emergency support tools, allowing covert access to helpful information (e.g. BrightSky) or allowing more secure communication with emergency services, such as this policing tool or a similar concept for domestic abuse charities, taking into account possible shared phone usage etc.

    • De-escalation tech - it may be possible to design an application that aids users in some way once an abuser has discovered their use of technological support mechanisms, such as evidence collection or abuse information apps. This could involve some way of hiding evidence from a user's phone (overlapping with Vault App projects) or otherwise providing aid to de-escalate abuse.
    • Detecting spyware/dual use apps. Spyware (or dual-use apps) can take various measures to hide themselves on a phone once installed. A project could design an app/system process that searches for these applications, which will likely overlap with traditional rootkit discovery.
    • IoT safety / abuse prevention. We recently completed a project understanding how people learn to use IoT for abuse (paper under review; can share upon request), and the natural follow-up is to take this, alongside Chatterjee et al. papers on IoT abuse [1][2][3], to design ways to impede the abusive use of these technologies. This could focus on a specific device, a controlling hub-like system for multiple devices, or a broader design with test implementation and a user study.

    • Any variants of existing projects or papers: I recommend reading research by Leonie Tanczer's Gender and Tech group at UCL, the IPV Tech Research group at Cornell/NYU, and Rahul Chatterjee's group at Wisconsin-Madison.
    • [Other project ideas currently taken for this year. Variants of previous years' projects are possible as long as they are distinct]

    Security & Hacking

    • Security analysis of IoT devices. I previously worked on Smart Locks for my MEng dissertation, and can help with analysing systems through various means including reverse engineering and black-box testing. In particular, I have experience with and would be happy to supervise projects which attack:
      • Anything with an Android mobile app, as it can be reverse-engineered to look for vulnerabilities
      • WiFi-based products
      • BLE products (or regular Bluetooth, though it is less common and more awkward to work with)
      • RFID cards and tags
      • Physical Security systems like locks or safes
    • MITM detection tool for known vulnerable systems (and possibly constructing defences against detected attacks). I'm primarily thinking of evil twin attacks on WiFi, MITM attacks on Bluetooth and BLE, or exploits on these technologies which allow for MITMs like the KRAck attack on WPA. Would likely involve traffic analysis or identifying signs of these attacks, like multiple systems announcing the same network to identify evil twin or a spam of Bluetooth device announcements used to initiate Bluetooth MITM attacks.
    • Lockpicking robot. It is easy to learn to pick lots of types of locks*, and it is theoretically possible to make a robot which intelligently picks them in the same manner as humans do. Current semi-automated unlocking tools include electric bump guns (which bounce pins repeatedly until the lock happens to open) or brute-force safecracking machines. Using sensors and a robot arm to control tension and pick the pins could allow for fully automated lock picking. Would need to be co-supervised (or primarily supervised) by a robotics expert.
      * I have plenty to learn on if you want to borrow any!
    • Any other hacking/security focused project; I am mostly experienced in cryptogaphy and reverse engineering, but have experience with web hacking, binary exploitation, and side channels too.