Web Security + Biometrics

Research groups/keywords: 

Web Security

Chrome is as of today the most used web browser in the world. Chrome, as well as many other browser vendors like Opera, Brave or Vivaldi are based on Chromium, an open-sourced web browser developed by Google. Recently, Microsoft moved to adopt Chromium as the basis for Edge Chromium, the future of its web browser still under development. Brave, on the contrary is a browser created in 2016 to fight against privacy and more concretely against user tracking on Internet. Given its widespread use, around 75\% of the desktop users on Internet, the security of Chromium is paramount. 

Browser extensions are third party applications, usually developed by software developers who do not have any link with Chrome, and they are a very powerful way of enriching the browser experience of the user. The way the extensions are distributed is by using the Chrome Web Store, which is a central repository managed by Google. As some "googlers" recently claimed, approximately 10% of the browser extensions stored between 2012 and 2015 in the Web Store were classified as malware and deleted from the repository. Despite the many attempts done to improve the security and privacy of browser extensions, vulnerabilities still abound. Actually, despite Google's effort to improve its security and privacy, the installation of browser extensions might also be done by using external repositories, or installed through other methods such as visiting sites with capabilities to execute code in the user's machine, by clicking some banners or just by installing desktop applications. 

Different projects can be offered on this line so do not hesitate to contact me for further details. 


In the last years, a new way of generating and distributing secret tokens based on the heart signal has gained more and more popularity among security researchers. It can be seen how since the first paper appeared in 2004, proposing that the heart signal might be applied to cryptography, several proposals have been published in the literature. 

In brief, the heart signal---which is a continuous signal---is gathered by some sensors, and it is transformed into a discrete signal. This process is known as "quantization". While the first algorithm was introduced by Bao et al. and later improved by Xu et al. in 2011, the most common one was proposed by Rostami et al. two years later based on the previous ones. After then, many authors have used such quantization algorithm or a slight modification of it to extract a subset of the LSB from each IPI (ie, time interval between two R-peaks or heartbeats) due to its claimed entropy property.

Different projects can be offered on this line so do not hesitate to contact me for further details. 


Date range: 
October, 2019 to October, 2024