Cory Cornelius

Education

Ph.D. in Computer Science @ Dartmouth College, Hanover, NH (2008–2013)
Ph.D. in Computer Science interested in pervasive computing, security and privacy, and, in particular, the intersection of these two fields. My thesis, "Usable security for wireless body-Area networks", describes usable security mechnanisms for wearable devices.
A.B. in Computer Science & Native American Studies @ Dartmouth College, Hanover, NH (2003–2007)
A.B. in Computer Science & Native American Studies with citations in Design & Implementation of a Rock Climbing Robot, Computer Architecture, Artificial Intelligence.

Professional Experience

Research Scientist @ Intel (2013–Present)
I work on Security & Privacy Research in Intel Labs in the Security Solutions Lab. We research next-generation authentication and everything that goes into authentication systems. My particular expertise is in biometric authentication which includes sensors, signal processing, and machine learning.
Software Engineering Intern @ Google (2012)
Improved the design of Paco, a personal analytics companion.
Research Engineer @ BAE Systems (2008)
Extensive work with rootkit/anti-rootkit technology.
Research Programmer @ Institute for Security Technology Studies (2007–2008)
Developed AnonySense, a system for privacy-aware people-centric sensing in Ruby & C.
Developed Nymble, a system for anonymous ip-address blocking in Ruby & C.
Programmer @ Dartmouth College Campus Security Initiative (2006–2008)
Developed Achilles, a web client for managing Nessus scans in Ruby on Rails.
Programmer @ Institute for Security Technology Studies (2007)
Developed Baffle, a framework for behavioral based fingerprinting of 802.11 wireless devices in Ruby & C.
Intern @ BAE Systems (2006)
Some work with Windows Kernel Drivers. Extensive work with rootkit/anti-rootkit technology.
Intern @ Institute for Security Technology Studies (2005–2006)
Developed TreeView, a tree-based log viewer in Java.
Developed system to parse, organize, and present linux tty (console) data collected from Honeypots using Java and MySQL.
Developed system to automatically analyze and archive phishing websites/malware received via email using Python.
Project Specialist @ United American Indian Involvement (2003–2005)
Designed and developed the organization’s website and intranet using a customized MediaWiki.

Research Experience

My thesis, "Usable security for wireless body-area networks," investigates the security of a wireless network of pervasive wearable devices. As wearable devices become more ubiquitous in our lives, manufacturers will realize the value of interoperability. This, in turn, will pose many security problems. I am motivated by the use of these devices in mobile health scenarios where these wearable devices might help individuals diagnose (e.g., fitness or activity tracking), prevent (e.g., monitoring chronic health conditions like diabetes), and even treat (e.g, administering insulin based on blood glucose levels) their health conditions.

In my thesis, I identified three such security problems and investigated solutions to them. First, I examined mechanisms for recognizing who is wearing these devices. Second, I developed a method for verifying whether two of these devices are on the same body. Finally, I explored methods for cryptographically pairing these devices as a means to bootstrap secure and private communications between them. As an added caveat to these problems, I specifically designed these solutions so that the user should not have to do anything but attach the sensor to their body and have them just work.

Over the course of my research, I have applied many types of machine learning and signal processing algorithms to these problems, including: speaker recognition systems, bioimpedance as a biometrics, activity recognition algorithms, privacy-preserving cryptographic protocols, and other problems.

Journal Publications

Hide-n-Sense: preserving privacy efficiently in wireless mHealth
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz
In Mobile Networks and Applications (MONET)
Pages 1–14, June 2013
Recognizing whether sensors are on the same body
Cory Cornelius, David Kotz
In Journal of Pervasive and Mobile Computing (PMC)
Volume 8, Issue 6, Pages 822–836, December 2012
Nymble: Blocking Misbehaving Users in Anonymizing Networks
Patrick Tsang, Apu Kapadia, Cory Cornelius, Sean Smith
In IEEE Transactions on Dependable and Secure Computing (TDSC)
Volume 8, Number 2, Pages 256–269, March–April 2011
AnonySense: A System for Anonymous Opportunistic Sensing
Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos
In Journal of Pervasive and Mobile Computing (PMC)
Volume 7, Issue 1, Pages 16–30, February 2011

Conference & Workshop Publications

Who wears me? Bioimpedance as a passive biometric
Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, David Kotz
In the Proceedings of the 3rd USENIX Workshop on Health Security and Privacy (HealthSec)
Bellevue, Washington (August 6–7, 2012)
An Amulet for trustworthy wearable mHealth
Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma Smithayer, David Kotz
In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)
San Diego, California (February 28–29, 2012)
Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
In Proceedings of the Workshop on Privacy in the Electronic Society (WPES)
Chicago, Illinois, (October 17, 2011)
Adaptive security and privacy for mHealth sensing
Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz
In 2nd USENIX Workshop on Health Security and Privacy (HealthSec)
San Francisco, California (August 9, 2011)
Recognizing whether sensors are on the same body
Cory Cornelius, David Kotz
In Proceedings of the Ninth International Conference on Pervasive Computing (PERVASIVE)
San Francisco, California (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks
Cory Cornelius, David Kotz
In 1st USENIX Workshop on Health Security and Privacy (HealthSec)
Washington, District of Columbia (August 10, 2010)
Darwin Phones: The Evolution of Sensing and Inference on Mobile Phones
Emiliano Miluzzo, Cory Cornelius, Ashwin Ramaswamy, Tanzeem Choudhury, Andrew Campbell, Zhigang Liu
In Proceedings of the 2010 International Conference on Mobile Systems, Applications, and Services (MobiSys)
San Francisco, California (June 15–18 2010)
DEAMON: Energy-efficient sensor monitoring
Minho Shin, Patrick Tsang, David Kotz, Cory Cornelius
In Proceedings of the IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)
Rome, Italy (June 22–26, 2009)
AnonySense: Privacy-Aware People-Centric Sensing
Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Nikos Triandopoulos
In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys)
Breckenridge, Colorado (June 17–20, 2008)
AnonySense: Opportunistic and Privacy-Preserving Context Collection
Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Daniel Peebles, David Kotz
In Proceedings of the Sixth International Conference on Pervasive Computing (PERVASIVE)
Sydney, Australia (May 19–22, 2008)
Active Behavioral Fingerprinting of Wireless Devices
Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles
In Proceedings of the First ACM Conference on Wireless Network Security (WiSec)
Alexandria, Virginia (March 30–April 2, 2008)

Talks

Who wears me? Bioimpedance as a passive biometric
3rd USENIX Workshop on Health Security and Privacy (HealthSec)
Bellevue, WA (August 6–7, 2012)
Recognizing whether sensors are on the same body
The Ninth International Conference on Pervasive Computing (PERVASIVE)
San Francisco, CA (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks
1st USENIX Workshop on Health Security and Privacy (HealthSec)
Washington, District of Columbia (August 10, 2010)
DEAMON: Energy-efficient sensor monitoring
IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON)
Rome, Italy (June 22–26, 2009)
Active 802.11 fingerprinting
ToorCon 2008
San Diego, California (September 26–28, 2008)
Active 802.11 fingerprinting
Black Hat USA 2008 Briefings and Training
Las Vegas, Nevada (August 2–7, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration
12th Annual Colloquium for Information Systems Security Education (CISSE)
Dallas, Texas (June 2–4, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration
EDUCAUSE Security Professionals Conference
Arlington, Virginia (May 4–6, 2008)
Active 802.11 fingerprinting: gibberish and 'secret handshakes' to know your AP
ShmooCon 2008
Washington, District of Columbia (February 15–18, 2008)

Posters

Passive Biometrics for Pervasive Wearable Devices
Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz
In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile)
San Diego, California (February 28–29, 2012)
Reliable People-Centric Sensing with Unreliable Voluntary Carriers
Minho Shin, Cory Cornelius, Daniel Peebles, Apu Kapadia, Patrick Tsang, David Kotz
In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys)
Breckenridge, Colorado (June 17–20, 2008)

Awards

Google American Indian Science & Engineering Society Scholar (2008–2009)
John G. Kemeny Computing Prize (2006–2007)
Winner in the Team Design category for Achilles
John G. Kemeny Computing Prize (2005–2006)
Winner in the Team Innovation category for BlitzChat: a DND-authenticated, location-aware instant messenger

Memberships

Student Member American Indian Science and Engineering Society (2003–Present)
Board of Directors United American Indian Involvement (2002–2003)
Advisory Board Circles of Care (2002–2003)