Cory Cornelius

Education

Ph.D. in Computer Science @ Dartmouth College, Hanover, NH (2008–2013)
Ph.D. in Computer Science interested in pervasive computing, security and privacy, and, in particular, the intersection of these two fields. My thesis, "Usable security for wireless body-area networks", describes usable security mechanisms for wearable devices.
A.B. in Computer Science & Native American Studies @ Dartmouth College, Hanover, NH (2003–2007)
A.B. in Computer Science & Native American Studies with citations in Design & Implementation of a Rock Climbing Robot, Computer Architecture, Artificial Intelligence.

Research Experience

My thesis, "Usable security for wireless body-area networks," investigates the security of a wireless network of pervasive wearable devices. As wearable devices become more ubiquitous in our lives, manufacturers will realize the value of interoperability. This, in turn, will pose many security problems. I am motivated by the use of these devices in mobile health scenarios where these wearable devices might help individuals diagnose (e.g., fitness or activity tracking), prevent (e.g., monitoring chronic health conditions like diabetes), and even treat (e.g, administering insulin based on blood glucose levels) their health conditions.

In my thesis, I identified three such security problems and investigated solutions to them. First, I examined mechanisms for recognizing who is wearing these devices. Second, I developed a method for verifying whether two of these devices are on the same body. Finally, I explored methods for cryptographically pairing these devices as a means to bootstrap secure and private communications between them. As an added caveat to these problems, I specifically designed these solutions so that the user should not have to do anything but attach the sensor to their body and have them just work.

Over the course of my research, I have applied many types of machine learning and signal processing algorithms to these problems, including: speaker recognition systems, bioimpedance as a biometrics, activity recognition algorithms, privacy-preserving cryptographic protocols, and other problems.

Most recently, I have an interest in adversarial machine learning. Our attack, ShapeShifter, demonstrates a state-of-the-art physical attack on object detectors. I also found the first collision in Apple's Neural Perceptual Hash model (Register, TechCrunch, The Verge).

Projects

indigeni.us
A small menagerie of projects that try to understand how machine learning can be useful or interesting to me and my communities.

Professional Experience

Research Scientist @ Intel (2013–Present)
I work on Security & Privacy Research at Intel Labs in the Security Solutions Lab. I secure machine learning systems from attacks at the systems level and algorithmic level. I wrote the technical abstract and proposal that was selected for DARPA's Gauranteeing Artificial Intelligence Robustness against Deception (GARD) program. Previously, I researched and developed next-generation biometric authentication sensors and systems that was demoed at Intel Developer Forum 2015 Keynote.
Software Engineering Intern @ Google (2012)
Improved the design of Paco, a personal analytics companion.
Research Engineer @ BAE Systems (2008)
Extensive work with rootkit/anti-rootkit technology.
Research Programmer @ Institute for Security Technology Studies (2007–2008)
Developed AnonySense, a system for privacy-aware people-centric sensing in Ruby & C.
Developed Nymble, a system for anonymous ip-address blocking in Ruby & C.
Programmer @ Dartmouth College Campus Security Initiative (2006–2008)
Developed Achilles, a web client for managing Nessus scans in Ruby on Rails.
Programmer @ Institute for Security Technology Studies (2007)
Developed Baffle, a framework for behavioral based fingerprinting of 802.11 wireless devices in Ruby & C.
Intern @ BAE Systems (2006)
Some work with Windows Kernel Drivers. Extensive work with rootkit/anti-rootkit technology.
Intern @ Institute for Security Technology Studies (2005–2006)
Developed TreeView, a tree-based log viewer in Java.
Developed system to parse, organize, and present linux tty (console) data collected from Honeypots using Java and MySQL.
Developed system to automatically analyze and archive phishing websites/malware received via email using Python.
Project Specialist @ United American Indian Involvement (2003–2005)
Designed and developed the organization’s website and intranet using a customized MediaWiki.

Journal Publications

Location Privacy for Mobile Crowd Sensing through Population Mapping
Minho Shin, Cory Cornelius, Apu Kapadia, Nikos Triandopoulos, David Kotz
In Sensors
Volume 15, Issue 7, June 2015
A Survey of Biometrics for Wearable Devices
Cory Cornelius, Christopher N Gutierrez
Intel Technology Journal
Volume 18, Issue 4, November 2014
Hide-n-Sense: preserving privacy efficiently in wireless mHealth
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
In Mobile Networks and Applications (MONET)
Pages 1–14, June 2013
Recognizing whether sensors are on the same body
Cory Cornelius, David Kotz
In Journal of Pervasive and Mobile Computing (PMC)
Volume 8, Issue 6, Pages 822–836, December 2012
Nymble: Blocking Misbehaving Users in Anonymizing Networks
Patrick Tsang, Apu Kapadia, Cory Cornelius, Sean Smith
In IEEE Transactions on Dependable and Secure Computing (TDSC)
Volume 8, Number 2, Pages 256–269, March–April 2011
AnonySense: A System for Anonymous Opportunistic Sensing
Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos
In Journal of Pervasive and Mobile Computing (PMC)
Volume 7, Issue 1, Pages 16–30, February 2011

Conference & Workshop Publications

Synthetic Dataset Generation for Adversarial Machine Learning Research
Xiruo Liu, Shibani Singh, Cory Cornelius, Colin Busho, Mike Tan, Anindya Paul, Jason Martin
In Proceedings of New Frontiers in Adversarial Machine Learning (AdvML FRONTIERS @ ICML 2022)
Baltimore, MD (July 22nd, 2022)
Toward Few-step Adversarial Training from a Frequency Perspective
Hans Shih-Han Wang, Cory Cornelius, Brandon Edwards, Jason Martin
In Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligence (SPAI)
Taipei, Taiwan (October 5th, 2020)
Towards the Realistic Evaluation of Evasion Attacks using CARLA
2nd International Workshop on Dependable and Secure Machine Learning (HealthSec)
Portland, OR (June 24th, 2019)
ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector
Shang-Tse Chen, Cory Cornelius, Jason Martin, Duen Horng (Polo) Chau
In Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases (ECML-PKDD)
Dublin, Ireland (September 10–14, 2018)
Vocal resonance: Using internal body voice for wearable authentication
Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ronald Peterson, David Kotz
In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp)
Volume 2 Issue 1 (March 2018)
A wearable system that knows who wears it
Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz
In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)
Bretton Woods, New Hampshire (June 16–19, 2014)
ZEBRA: Zero-Effort Bilateral Recurring Authentication
Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz
In the Proceedings of the 35th IEEE Symposium on Security & Privacy
San Jose, California (May 18–21, 2014)
Who wears me? Bioimpedance as a passive biometric
Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, David Kotz
In the Proceedings of the 3rd USENIX Workshop on Health Security and Privacy (HealthSec)
Bellevue, Washington (August 6–7, 2012)
An Amulet for trustworthy wearable mHealth
Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma Smithayer, David Kotz
In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)
San Diego, California (February 28–29, 2012)
Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
In Proceedings of the Workshop on Privacy in the Electronic Society (WPES)
Chicago, Illinois, (October 17, 2011)
Adaptive security and privacy for mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
In 2nd USENIX Workshop on Health Security and Privacy (HealthSec)
San Francisco, California (August 9, 2011)
Recognizing whether sensors are on the same body
Cory Cornelius, David Kotz
In Proceedings of the Ninth International Conference on Pervasive Computing (PERVASIVE)
San Francisco, California (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks
Cory Cornelius, David Kotz
In 1st USENIX Workshop on Health Security and Privacy (HealthSec)
Washington, District of Columbia (August 10, 2010)
Darwin Phones: The Evolution of Sensing and Inference on Mobile Phones
Emiliano Miluzzo, Cory Cornelius, Ashwin Ramaswamy, Tanzeem Choudhury, Andrew Campbell, Zhigang Liu
In Proceedings of the 2010 International Conference on Mobile Systems, Applications, and Services (MobiSys)
San Francisco, California (June 15–18 2010)
DEAMON: Energy-efficient sensor monitoring
Minho Shin, Patrick Tsang, David Kotz, Cory Cornelius
In Proceedings of the IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)
Rome, Italy (June 22–26, 2009)
AnonySense: Privacy-Aware People-Centric Sensing
Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Nikos Triandopoulos
In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys)
Breckenridge, Colorado (June 17–20, 2008)
AnonySense: Opportunistic and Privacy-Preserving Context Collection
Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Daniel Peebles, David Kotz
In Proceedings of the Sixth International Conference on Pervasive Computing (PERVASIVE)
Sydney, Australia (May 19–22, 2008)
Active Behavioral Fingerprinting of Wireless Devices
Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles
In Proceedings of the First ACM Conference on Wireless Network Security (WiSec)
Alexandria, Virginia (March 30–April 2, 2008)

Preprints & Technical Reports

The Efficacy of SHIELD under Different Threat Models
Cory Cornelius
arXiv preprint arXiv:1902.00541 (February 2018)
ZEBRA: Zero-Effort Bilateral Recurring Authentication (Companion Report)
Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, David Kotz
Dartmouth Computer Science Technical Report TF2014-748 (May 2014)
Vocal resonance as a biometric for pervasive wearable devices
Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz
Dartmouth Computer Science Technical Report TR2014-747 (February 2014)
Usable Security for Wireless Body-Area Networks
Cory Cornelius
Dartmouth Computer Science Technical Report TR2013-741 (September 2013)
Hide-n-Sense: Privacy-aware secure mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
Dartmouth Computer Science Technical Report TR2011-702 (September 2011)
AnonyTL Specification
Daniel Peebles, Cory Cornelius, Apu Kapadia, David Kotz, Minho Shin, Nikos Triandopoulos
Dartmouth Computer Science Technical Report TR2010-660 (January 2010)
Nymble: Blocking Misbehaving Users in Anonymizing Networks
Patrick P. Tsang, Apu Kapadia, Cory Cornelius, Sean W. Smith
Dartmouth Computer Science Technical Report TR2008-637 (December 2008)
Active Behavioral Fingerprinting of Wireless Devices
Sergey Bratus, Cory Cornelius, Daniel Peebles, David Kotz
Dartmouth Computer Science Technical Report TR2008-610 (March 2008)

Talks

Towards the Realistic Evaluation of Evasion Attacks using CARLA
2nd International Workshop on Dependable and Secure Machine Learning (HealthSec)
Portland, OR (June 24th, 2019)
Who wears me? Bioimpedance as a passive biometric
3rd USENIX Workshop on Health Security and Privacy (HealthSec)
Bellevue, WA (August 6–7, 2012)
Press
Recognizing whether sensors are on the same body
The Ninth International Conference on Pervasive Computing (PERVASIVE)
San Francisco, CA (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks
1st USENIX Workshop on Health Security and Privacy (HealthSec)
Washington, District of Columbia (August 10, 2010)
DEAMON: Energy-efficient sensor monitoring
IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)
Rome, Italy (June 22–26, 2009)
Active 802.11 fingerprinting
ToorCon 2008
San Diego, California (September 26–28, 2008)
Active 802.11 fingerprinting
Black Hat USA 2008 Briefings and Training
Las Vegas, Nevada (August 2–7, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration
12th Annual Colloquium for Information Systems Security Education (CISSE)
Dallas, Texas (June 2–4, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration
EDUCAUSE Security Professionals Conference
Arlington, Virginia (May 4–6, 2008)
Active 802.11 fingerprinting: gibberish and 'secret handshakes' to know your AP
ShmooCon 2008
Washington, District of Columbia (February 15–18, 2008)

Posters

Physical Adversarial Attack on Object Detectors (Extended Abstract)
Shang-Tse Chen, Cory Cornelius, Jason Martin, Duen Horng (Polo) Chau
In Proceedings of 24th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)
London, England (August 19–23, 2018)
Poster: Vocal Resonance as a Passive Biometric (Best Poster Runner-up)
Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, David Kotz
In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)
Niagara Falls, New York (June 19–23, 2017)
Passive Biometrics for Pervasive Wearable Devices
Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz
In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)
San Diego, California (February 28–29, 2012)
Reliable People-Centric Sensing with Unreliable Voluntary Carriers
Minho Shin, Cory Cornelius, Daniel Peebles, Apu Kapadia, Patrick Tsang, David Kotz
In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys)
Breckenridge, Colorado (June 17–20, 2008)

Awards

Intel Labs Gordon Moore Award, Excellence in Collaboration & Smart Reuse (2015)
Intel Division Recognition Award, Security and Privacy Research (2014)
Google American Indian Science & Engineering Society Scholar (2008–2009)
John G. Kemeny Computing Prize (2006–2007)
Winner in the Team Design category for Achilles
John G. Kemeny Computing Prize (2005–2006)
Winner in the Team Innovation category for BlitzChat: a DND-authenticated, location-aware instant messenger

Memberships

Professional Member American Indian Science and Engineering Society (2013–Present)
Student Member American Indian Science and Engineering Society (2003–2013)
Board of Directors United American Indian Involvement (2002–2003)
Advisory Board Circles of Care (2002–2003)

Service

Thesis Committee Shang-tse Chen, Georgia Tech (2019)
Reviewer ACM Transactions on Computing for Healthcare (2019)
Reviewer International Joint Conferences on Artificial Intelligence (IJCAI) (2019)
Volunteer & Organizer Flathead Tech4Good Summer Native Tech Camp (Press) (2019)
Reviewer Intel Design & Test Technology Conference (DTTC) (2019)
Volunteer & Organizer Flathead Tech4Good Summer Native Tech Camp (Press, Press, Press) (2018)
Reviewer ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (2017)
Reviewer International Symposium on Wearable Computers (ISWC) (2017)
Volunteer Flathead Tech4Good Summer Native Tech Camp (Press) (2017)
Reviewer ACM Conference on Human Factors in Computing Systems (CHI) (2015)
Reviewer ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp) (2015)
Reviewer ACM Symposium on User Interface Software and Technology (UIST) (2015)
Reviewer 1st Workshop on Wearable Security and Privacy (Wearable S&P) (2015)
Reviewer ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp) (2014)

Patents

Adversarial Training Of Neural Networks Using Information About Activation Path Differentials
Filed 2018; Published 2019
Techniques To Detect Perturbation Attacks With An Actor-Critic Framework
Filed 2018; Published 2019
Methods And Apparatus For Distributed Use Of A Machine Learning Model
Filed 2018; Published 2019
Methods And Apparatus For Federated Training Of A Neural Network Using Trusted Edge Devices
Filed 2018; Published 2019
Technologies For Performing Orientation-Independent Bioimpedance-Based User Authentication
Filed 2017; Granted 2018
System, Apparatus And Method For Providing Contextual Data In A Biometric Authentication System
Filed 2017; Published 2018
Technologies For Analyzing Uniform Resource Locators
Filed 2016; Published 2018; Granted 2019
Maintaining User Authentications With Common Trusted Devices
Filed 2015; Published 2017; Granted 2018
Performing User Seamless Authentications
Filed 2015; Published 2016
Wearable computing device for secure control of physiological sensors and medical devices, with secure storage of medical records, and bioimpedance biometric
Filed 2014; Published 2014; Granted 2017