Cory Cornelius

Education

Ph.D. in Computer Science @ Dartmouth College, Hanover, NH (2008–2013)
Ph.D. in Computer Science interested in pervasive computing, security and privacy, and, in particular, the intersection of these two fields. My thesis, "Usable security for wireless body-area networks", describes usable security mechanisms for wearable devices.
A.B. in Computer Science & Native American Studies @ Dartmouth College, Hanover, NH (2003–2007)
A.B. in Computer Science & Native American Studies with citations in Design & Implementation of a Rock Climbing Robot, Computer Architecture, Artificial Intelligence.

Professional Experience

Research Scientist @ Intel (2013–Present)
I work on Security & Privacy Research in Intel Labs in the Security Solutions Lab. Our team is working to secure machine learning from attacks from an algorithmic and systems perspective. Previously, we research next-generation authentication and everything that goes into authentication systems. My particular expertise is in biometric authentication which includes sensors, signal processing, and machine learning.
Software Engineering Intern @ Google (2012)
Improved the design of Paco, a personal analytics companion.
Research Engineer @ BAE Systems (2008)
Extensive work with rootkit/anti-rootkit technology.
Research Programmer @ Institute for Security Technology Studies (2007–2008)
Developed AnonySense, a system for privacy-aware people-centric sensing in Ruby & C.
Developed Nymble, a system for anonymous ip-address blocking in Ruby & C.
Programmer @ Dartmouth College Campus Security Initiative (2006–2008)
Developed Achilles, a web client for managing Nessus scans in Ruby on Rails.
Programmer @ Institute for Security Technology Studies (2007)
Developed Baffle, a framework for behavioral based fingerprinting of 802.11 wireless devices in Ruby & C.
Intern @ BAE Systems (2006)
Some work with Windows Kernel Drivers. Extensive work with rootkit/anti-rootkit technology.
Intern @ Institute for Security Technology Studies (2005–2006)
Developed TreeView, a tree-based log viewer in Java.
Developed system to parse, organize, and present linux tty (console) data collected from Honeypots using Java and MySQL.
Developed system to automatically analyze and archive phishing websites/malware received via email using Python.
Project Specialist @ United American Indian Involvement (2003–2005)
Designed and developed the organization’s website and intranet using a customized MediaWiki.

Research Experience

My thesis, "Usable security for wireless body-area networks," investigates the security of a wireless network of pervasive wearable devices. As wearable devices become more ubiquitous in our lives, manufacturers will realize the value of interoperability. This, in turn, will pose many security problems. I am motivated by the use of these devices in mobile health scenarios where these wearable devices might help individuals diagnose (e.g., fitness or activity tracking), prevent (e.g., monitoring chronic health conditions like diabetes), and even treat (e.g, administering insulin based on blood glucose levels) their health conditions.

In my thesis, I identified three such security problems and investigated solutions to them. First, I examined mechanisms for recognizing who is wearing these devices. Second, I developed a method for verifying whether two of these devices are on the same body. Finally, I explored methods for cryptographically pairing these devices as a means to bootstrap secure and private communications between them. As an added caveat to these problems, I specifically designed these solutions so that the user should not have to do anything but attach the sensor to their body and have them just work.

Over the course of my research, I have applied many types of machine learning and signal processing algorithms to these problems, including: speaker recognition systems, bioimpedance as a biometrics, activity recognition algorithms, privacy-preserving cryptographic protocols, and other problems.

Most recently, I have an interest in adversarial machine learning. Our attack, ShapeShifter, demonstrates a state-of-the-art physical attack on object detectors.

Journal Publications

Location Privacy for Mobile Crowd Sensing through Population Mapping
Minho Shin, Cory Cornelius, Apu Kapadia, Nikos Triandopoulos, David Kotz
In Sensors
Volume 15, Issue 7, June 2015
A Survey of Biometrics for Wearable Devices
Cory Cornelius, Christopher N Gutierrez
Intel Technology Journal
Volume 18, Issue 4, November 2014
Hide-n-Sense: preserving privacy efficiently in wireless mHealth
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
In Mobile Networks and Applications (MONET)
Pages 1–14, June 2013
Recognizing whether sensors are on the same body
Cory Cornelius, David Kotz
In Journal of Pervasive and Mobile Computing (PMC)
Volume 8, Issue 6, Pages 822–836, December 2012
Nymble: Blocking Misbehaving Users in Anonymizing Networks
Patrick Tsang, Apu Kapadia, Cory Cornelius, Sean Smith
In IEEE Transactions on Dependable and Secure Computing (TDSC)
Volume 8, Number 2, Pages 256–269, March–April 2011
AnonySense: A System for Anonymous Opportunistic Sensing
Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos
In Journal of Pervasive and Mobile Computing (PMC)
Volume 7, Issue 1, Pages 16–30, February 2011

Conference & Workshop Publications

ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector
Shang-Tse Chen, Cory Cornelius, Jason Martin, Duen Horng (Polo) Chau
In Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases (ECML-PKDD)
Dublin, Ireland (September 10–14, 2018)
Vocal resonance: Using internal body voice for wearable authentication
Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ronald Peterson, David Kotz
In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp)
Volume 2 Issue 1 (March 2018)
A wearable system that knows who wears it
Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz
In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys)
Bretton Woods, New Hampshire (June 16–19, 2014)
ZEBRA: Zero-Effort Bilateral Recurring Authentication
Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz
In the Proceedings of the 35th IEEE Symposium on Security & Privacy
San Jose, California (May 18–21, 2014)
Who wears me? Bioimpedance as a passive biometric
Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, David Kotz
In the Proceedings of the 3rd USENIX Workshop on Health Security and Privacy (HealthSec)
Bellevue, Washington (August 6–7, 2012)
An Amulet for trustworthy wearable mHealth
Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma Smithayer, David Kotz
In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)
San Diego, California (February 28–29, 2012)
Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
In Proceedings of the Workshop on Privacy in the Electronic Society (WPES)
Chicago, Illinois, (October 17, 2011)
Adaptive security and privacy for mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
In 2nd USENIX Workshop on Health Security and Privacy (HealthSec)
San Francisco, California (August 9, 2011)
Recognizing whether sensors are on the same body
Cory Cornelius, David Kotz
In Proceedings of the Ninth International Conference on Pervasive Computing (PERVASIVE)
San Francisco, California (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks
Cory Cornelius, David Kotz
In 1st USENIX Workshop on Health Security and Privacy (HealthSec)
Washington, District of Columbia (August 10, 2010)
Darwin Phones: The Evolution of Sensing and Inference on Mobile Phones
Emiliano Miluzzo, Cory Cornelius, Ashwin Ramaswamy, Tanzeem Choudhury, Andrew Campbell, Zhigang Liu
In Proceedings of the 2010 International Conference on Mobile Systems, Applications, and Services (MobiSys)
San Francisco, California (June 15–18 2010)
DEAMON: Energy-efficient sensor monitoring
Minho Shin, Patrick Tsang, David Kotz, Cory Cornelius
In Proceedings of the IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)
Rome, Italy (June 22–26, 2009)
AnonySense: Privacy-Aware People-Centric Sensing
Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Nikos Triandopoulos
In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys)
Breckenridge, Colorado (June 17–20, 2008)
AnonySense: Opportunistic and Privacy-Preserving Context Collection
Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Daniel Peebles, David Kotz
In Proceedings of the Sixth International Conference on Pervasive Computing (PERVASIVE)
Sydney, Australia (May 19–22, 2008)
Active Behavioral Fingerprinting of Wireless Devices
Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles
In Proceedings of the First ACM Conference on Wireless Network Security (WiSec)
Alexandria, Virginia (March 30–April 2, 2008)

Preprints & Technical Reports

The Efficacy of SHIELD under Different Threat Models
Cory Cornelius
arXiv preprint arXiv:1902.00541 (February 2018)
ZEBRA: Zero-Effort Bilateral Recurring Authentication (Companion Report)
Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, David Kotz
Dartmouth Computer Science Technical Report TF2014-748 (May 2014)
Vocal resonance as a biometric for pervasive wearable devices
Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz
Dartmouth Computer Science Technical Report TR2014-747 (February 2014)
Usable Security for Wireless Body-Area Networks
Cory Cornelius
Dartmouth Computer Science Technical Report TR2013-741 (September 2013)
Hide-n-Sense: Privacy-aware secure mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
Dartmouth Computer Science Technical Report TR2011-702 (September 2011)
AnonyTL Specification
Daniel Peebles, Cory Cornelius, Apu Kapadia, David Kotz, Minho Shin, Nikos Triandopoulos
Dartmouth Computer Science Technical Report TR2010-660 (January 2010)
Nymble: Blocking Misbehaving Users in Anonymizing Networks
Patrick P. Tsang, Apu Kapadia, Cory Cornelius, Sean W. Smith
Dartmouth Computer Science Technical Report TR2008-637 (December 2008)
Active Behavioral Fingerprinting of Wireless Devices
Sergey Bratus, Cory Cornelius, Daniel Peebles, David Kotz
Dartmouth Computer Science Technical Report TR2008-610 (March 2008)

Talks

Who wears me? Bioimpedance as a passive biometric
3rd USENIX Workshop on Health Security and Privacy (HealthSec)
Bellevue, WA (August 6–7, 2012)
Recognizing whether sensors are on the same body
The Ninth International Conference on Pervasive Computing (PERVASIVE)
San Francisco, CA (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks
1st USENIX Workshop on Health Security and Privacy (HealthSec)
Washington, District of Columbia (August 10, 2010)
DEAMON: Energy-efficient sensor monitoring
IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)
Rome, Italy (June 22–26, 2009)
Active 802.11 fingerprinting
ToorCon 2008
San Diego, California (September 26–28, 2008)
Active 802.11 fingerprinting
Black Hat USA 2008 Briefings and Training
Las Vegas, Nevada (August 2–7, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration
12th Annual Colloquium for Information Systems Security Education (CISSE)
Dallas, Texas (June 2–4, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration
EDUCAUSE Security Professionals Conference
Arlington, Virginia (May 4–6, 2008)
Active 802.11 fingerprinting: gibberish and 'secret handshakes' to know your AP
ShmooCon 2008
Washington, District of Columbia (February 15–18, 2008)

Posters

Physical Adversarial Attack on Object Detectors (Extended Abstract)
Shang-Tse Chen, Cory Cornelius, Jason Martin, Duen Horng (Polo) Chau
In Proceedings of 24th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)
London, England (August 19–23, 2018)
Poster: Vocal Resonance as a Passive Biometric (Best Poster Runner-up)
Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, David Kotz
In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys)
Niagara Falls, New York (June 19–23, 2017)
Passive Biometrics for Pervasive Wearable Devices
Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz
In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)
San Diego, California (February 28–29, 2012)
Reliable People-Centric Sensing with Unreliable Voluntary Carriers
Minho Shin, Cory Cornelius, Daniel Peebles, Apu Kapadia, Patrick Tsang, David Kotz
In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys)
Breckenridge, Colorado (June 17–20, 2008)

Awards

Google American Indian Science & Engineering Society Scholar (2008–2009)
John G. Kemeny Computing Prize (2006–2007)
Winner in the Team Design category for Achilles
John G. Kemeny Computing Prize (2005–2006)
Winner in the Team Innovation category for BlitzChat: a DND-authenticated, location-aware instant messenger

Memberships

Student Member American Indian Science and Engineering Society (2003–Present)
Board of Directors United American Indian Involvement (2002–2003)
Advisory Board Circles of Care (2002–2003)