My current research aims to improve user experience and protect user privacy. I build systems to detect, analyze, and measure security/privacy issues at scale. I also conduct user studies to understand users' privacy perceptions and preferences. I am fortunate to have the opportunities to work with great collaborators from other institutions such as CMU, Princeton, UC Berkeley, UCLA, etc.
A complete list can be found on my Google Scholar profile.
* indicates equal contribution.
Tu Le, Danny Yuxing Huang, Noah Apthorpe, Yuan Tian
Preprint on arXiv, 2021.
Abstract: Many households include children who use voice personal assistants (VPA) such as Amazon Alexa. Children benefit from the rich functionalities of VPAs and third-party apps but are also exposed to new risks in the VPA ecosystem (e.g., inappropriate content or information collection). To study the risks VPAs pose to children, we build a Natural Language Processing (NLP)-based system to automatically interact with VPA apps and analyze the resulting conversations to identify contents risky to children. We identify 28 child-directed apps with risky contents and maintain a growing dataset of 31,966 non-overlapping app behaviors collected from 3,434 Alexa apps. Our findings suggest that although voice apps designed for children are subject to more policy requirements and intensive vetting, children are still vulnerable to risky content. We then conduct a user study showing that parents are more concerned about VPA apps with inappropriate content than those that ask for personal information, but many parents are not aware that risky apps of either type exist. Finally, we identify a new threat to users of VPA apps: confounding utterances, or voice commands shared by multiple apps that may cause a user to invoke or interact with a different app than intended. We identify 4,487 confounding utterances, including 581 shared by child-directed and non-child-directed apps.
Wasi Uddin Ahmad*, Jianfeng Chi*, Tu Le, Thomas Norton, Yuan Tian, Kai-Wei Chang
Preprint on arXiv, 2021.
Tu Le, Ingy Elsayed-Aly, Weizhao Jin, Seunghan Ryu, Guy Verrier, Tamjid Al Rahat, B Brian Park, Yuan Tian
In Proceedings of the 6th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS, 37-44, 2020.
Abstract: According to the National Highway Traffic Safety Administration, there are more than 5 million road crashes every year in the U.S. More than 90 people die in car crashes every day. Even though the number of people surviving crashes has increased significantly thanks to safety features, such as airbags and anti-lock brakes, many people experience permanent injuries. The U.S. Department of Transportation introduced connected vehicle technologies, which enables vehicles to “talk” to each other and exchange important data on the roads, with the goal of preventing crashes from happening in the first place. With the rapid development of autonomous driving technology, vehicles in the near future will be able to operate completely without human drivers, increasing the need of reliable connected vehicle technologies. Due to the safety-critical characteristics of autonomous vehicles, it is important to evaluate the technologies extensively prior to deployment to ensure the safety of drivers, pa ssengers, and pedestrians. In this paper, we evaluate the safety of Dedicated Short-Range Communication (DSRC), which is a popular low-latency wireless communication technology specifically designed for connected vehicles. We present three real-world network security attacks and conduct experiments on real DSRC-supported modules. Our results show that DSRC is vulnerable to these dangerous attacks and such attacks can be easily implemented by adversaries without significant resources. Based on our evaluation, we also discuss potential countermeasures to better improve the security and safety of DSRC and connected vehicles.
John A. Stankovic, Tu Le, Abdeltawab Hendawi, Yuan Tian
Preprint on arXiv, 2019.