Stelly's Security Symposium

To content | To menu | To search

Sunday 26 October 2014

End-to-end Privacy Guard

In the morning to all,

There has been a lot of fuss from recently released reports about free Android apps (notably, flashlight apps) "stealing" your data. Well, firstly, wake up. Advertisers thrive off of your information. How does Google generate a $380 BILLION market cap without charging a toll for each search? They turn around and sell your information to advertisers. Period. You agree to it. Either get off these "free" services, or, as I propose, take control of YOUR devices and services.

I have finished a proof of concept app which will combine my thesis research with everyday practicality. This is an end-to-end privacy guard which you can use to protect yourself from prying applications. There is no rooting of your Android for this to work -- it relies on bytecode instrumentation to restrict the application to what it needs access to. You can selectively grant and deny permissions to a given application after you install it, allowing granular control of YOUR devices. The technical term is "dynamic aspect oriented bytecode instrumentation", but let's just call it Apphacking. See the video below:

Do not be fooled by recent claims of protection from the marketing firm, SnoopWall. They simply reported on old news which anyone with common sense already suspects. They've developed a "protection" app, but it does nothing except report on the trustworthiness of an app.... the Google Play store implements that exact functionality with the ratings and reviews system.

Wednesday 26 February 2014

Cajun Satellite

As part of my graduate research, I worked on writing the operating system for a CubeSat. Dubbed Cajun Advanced Pico-satellite Experiment (CAPE, for short), myself and one other student wrote the "CDH" system which was responsible for command and control of all other subsystems. The project took place over several years, with a plethora of students continuously working on the different components. It finally launched in November 2013, and it's current flightpath can be found here.

HAM radio operators can talk to the satellite on 145.820 (doppler shift can bring it up to .825). TNC comms can command the satellite to broadcast specific messages, enable the software defined radio, send emails, texts, and a few other little things. Email me if you're interested in sending it commands.. we could use more radio operators around the world.

Anyways, very proud of our team for getting a working satellite in orbit. Not something many people get to say.. take a listen to our satellite! Excerpt from a previous pass here:

Gladiator2

As a senior project, we built a first person shooter style multiplayer game. We built it with the Unreal engine. I've got to say, that engine is beautiful. Once we got the networking just right, it was actually pretty fun.

The unique twist to our game is that you essentially controlled two characters, but you could only control one at a time. Your "uncontrolled" character would simply be made invisible, but still liable to damage.

Here is a demo from very early in our process:

Tuesday 25 February 2014

Social Ants

This was a pretty cool project. It was written in Objective-C, and used Apple's Quartz technology for the simplified GUI. The aim was to learn a little about artificial intelligence, and to model the AI after something in nature.

A colony of ants is dynamically and randomly generated in an empty environment. When the colony runs low on food supplies, they send out scouts to locate sources of nutrition. They have to seek out the lone source (again, randomly placed in the environment), and relay the location of the food to their brethren. Pheromones are how most social insects do this in the real world, and that's how I made these virtual ants share information. (Side note: I had no idea how accurate these trails are in real life... bees do orchestrated dances which can be deconstructed). When a food source is found, the ant will lay down plenty of pheromone, and make a b-line for the colony, laying down the informative notes along the way.

Many nifty optimizations to this semiochemical interaction exist. For instance, ants can lay down both a "hot" and "cold" trail. Succeeding ants will smell the cold trail and know that this area had been searched to no avail, while a hot trail can be used to indicate that an ant had successfully found food and the source is extant. Upon finding a cold trail, they will immediately turn around and start looking in another area. It's interesting to consider that the "hot" trail represents an optimal path between the colony and the food, as over time more and more ants who follow the trail lay down more "hot" knowledge. I mimicked this behavior here.

Anyways, the project turned out much better than expected - you could actually witness the ants work together without ever directly sharing knowledge. I built in a few cool things too, such as attacking grasshoppers (which ants had to work together to defeat), and a way to erase parts of the pheromone trail (it was strangely hilarious and fulfilling to watch them scramble around looking for a path they were just following).

Unfortunately, the only media I have remaining from the project (my laptop was stolen and backups lost), is with a sample video I made halfway through the project's completion. Still, you can see where it was going: