Cory Cornelius

Education

Ph.D. in Computer Science @ Dartmouth College, Hanover, NH (2008–2013): Ph.D. in Computer Science interested in pervasive computing, security and privacy, and, in particular, the intersection of these two fields. My thesis, "Usable security for wireless body-area networks", describes usable security mechanisms for wearable devices.
A.B. in Computer Science & Native American Studies @ Dartmouth College, Hanover, NH (2003–2007): A.B. in Computer Science & Native American Studies with citations in Design & Implementation of a Rock Climbing Robot, Computer Architecture, Artificial Intelligence.

Research Experience

My thesis, "Usable security for wireless body-area networks," investigates the security of a wireless network of pervasive wearable devices. As wearable devices become more ubiquitous in our lives, manufacturers will realize the value of interoperability. This, in turn, will pose many security problems. I am motivated by the use of these devices in mobile health scenarios where these wearable devices might help individuals diagnose (e.g., fitness or activity tracking), prevent (e.g., monitoring chronic health conditions like diabetes), and even treat (e.g, administering insulin based on blood glucose levels) their health conditions.

In my thesis, I identified three such security problems and investigated solutions to them. First, I examined mechanisms for recognizing who is wearing these devices. Second, I developed a method for verifying whether two of these devices are on the same body. Finally, I explored methods for cryptographically pairing these devices as a means to bootstrap secure and private communications between them. As an added caveat to these problems, I specifically designed these solutions so that the user should not have to do anything but attach the sensor to their body and have them just work.

Over the course of my research, I have applied many types of machine learning and signal processing algorithms to these problems, including: speaker recognition systems, bioimpedance as a biometrics, activity recognition algorithms, privacy-preserving cryptographic protocols, and other problems.

Most recently, I have an interest in adversarial machine learning. Our attack, ShapeShifter, demonstrates a state-of-the-art physical attack on object detectors. I also found the first collision in Apple's Neural Perceptual Hash model (Register, TechCrunch, The Verge).

Projects

indigeni.us: A small menagerie of projects that try to understand how machine learning can be useful or interesting to me and my communities.

Professional Experience

Research Scientist @ Intel (2013–Present): I work on Security & Privacy Research at Intel Labs in the Security Solutions Lab. I secure machine learning systems from attacks at the systems level and algorithmic level. I wrote the technical abstract and proposal that was selected for DARPA's Gauranteeing Artificial Intelligence Robustness against Deception (GARD) program. Previously, I researched and developed next-generation biometric authentication sensors and systems that was demoed at Intel Developer Forum 2015 Keynote.
Software Engineering Intern @ Google (2012): Improved the design of Paco, a personal analytics companion.
Research Engineer @ BAE Systems (2008): Extensive work with rootkit/anti-rootkit technology.
Research Programmer @ Institute for Security Technology Studies (2007–2008): Developed AnonySense, a system for privacy-aware people-centric sensing in Ruby & C.; Developed Nymble, a system for anonymous ip-address blocking in Ruby & C.
Programmer @ Dartmouth College Campus Security Initiative (2006–2008): Developed Achilles, a web client for managing Nessus scans in Ruby on Rails.
Programmer @ Institute for Security Technology Studies (2007): Developed Baffle, a framework for behavioral based fingerprinting of 802.11 wireless devices in Ruby & C.
Intern @ BAE Systems (2006): Some work with Windows Kernel Drivers. Extensive work with rootkit/anti-rootkit technology.
Intern @ Institute for Security Technology Studies (2005–2006): Developed TreeView, a tree-based log viewer in Java.; Developed system to parse, organize, and present linux tty (console) data collected from Honeypots using Java and MySQL.; Developed system to automatically analyze and archive phishing websites/malware received via email using Python.
Project Specialist @ United American Indian Involvement (2003–2005): Designed and developed the organization’s website and intranet using a customized MediaWiki.

Journal Publications

Location Privacy for Mobile Crowd Sensing through Population Mapping: Minho Shin, Cory Cornelius, Apu Kapadia, Nikos Triandopoulos, David Kotz; In Sensors; Volume 15, Issue 7, June 2015
A Survey of Biometrics for Wearable Devices: Cory Cornelius, Christopher N Gutierrez; Intel Technology Journal; Volume 18, Issue 4, November 2014
Hide-n-Sense: preserving privacy efficiently in wireless mHealth: Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, and David Kotz; In Mobile Networks and Applications (MONET); Pages 1–14, June 2013
Recognizing whether sensors are on the same body: Cory Cornelius, David Kotz; In Journal of Pervasive and Mobile Computing (PMC); Volume 8, Issue 6, Pages 822–836, December 2012
Nymble: Blocking Misbehaving Users in Anonymizing Networks: Patrick Tsang, Apu Kapadia, Cory Cornelius, Sean Smith; In IEEE Transactions on Dependable and Secure Computing (TDSC); Volume 8, Number 2, Pages 256–269, March–April 2011
AnonySense: A System for Anonymous Opportunistic Sensing: Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos; In Journal of Pervasive and Mobile Computing (PMC); Volume 7, Issue 1, Pages 16–30, February 2011

Conference & Workshop Publications

Synthetic Dataset Generation for Adversarial Machine Learning Research: Xiruo Liu, Shibani Singh, Cory Cornelius, Colin Busho, Mike Tan, Anindya Paul, Jason Martin; In Proceedings of New Frontiers in Adversarial Machine Learning (AdvML FRONTIERS @ ICML 2022); Baltimore, MD (July 22nd, 2022)
Toward Few-step Adversarial Training from a Frequency Perspective: Hans Shih-Han Wang, Cory Cornelius, Brandon Edwards, Jason Martin; In Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligence (SPAI); Taipei, Taiwan (October 5th, 2020)
Towards the Realistic Evaluation of Evasion Attacks using CARLA: 2nd International Workshop on Dependable and Secure Machine Learning (HealthSec); Portland, OR (June 24th, 2019)
ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector: Shang-Tse Chen, Cory Cornelius, Jason Martin, Duen Horng (Polo) Chau; In Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases (ECML-PKDD); Dublin, Ireland (September 10–14, 2018)
Vocal resonance: Using internal body voice for wearable authentication: Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ronald Peterson, David Kotz; In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp); Volume 2 Issue 1 (March 2018)
A wearable system that knows who wears it: Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, and David Kotz; In Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys); Bretton Woods, New Hampshire (June 16–19, 2014)
ZEBRA: Zero-Effort Bilateral Recurring Authentication: Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, and David Kotz; In the Proceedings of the 35th IEEE Symposium on Security & Privacy; San Jose, California (May 18–21, 2014)
Who wears me? Bioimpedance as a passive biometric: Cory Cornelius, Jacob Sorber, Ronald Peterson, Joe Skinner, Ryan Halter, David Kotz; In the Proceedings of the 3rd USENIX Workshop on Health Security and Privacy (HealthSec); Bellevue, Washington (August 6–7, 2012)
An Amulet for trustworthy wearable mHealth: Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma Smithayer, David Kotz; In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile); San Diego, California (February 28–29, 2012)
Adapt-lite: Privacy-aware, secure, and efficient mHealth sensing: Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz; In Proceedings of the Workshop on Privacy in the Electronic Society (WPES); Chicago, Illinois, (October 17, 2011)
Adaptive security and privacy for mHealth sensing: Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz; In 2nd USENIX Workshop on Health Security and Privacy (HealthSec); San Francisco, California (August 9, 2011)
Recognizing whether sensors are on the same body: Cory Cornelius, David Kotz; In Proceedings of the Ninth International Conference on Pervasive Computing (PERVASIVE); San Francisco, California (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks: Cory Cornelius, David Kotz; In 1st USENIX Workshop on Health Security and Privacy (HealthSec); Washington, District of Columbia (August 10, 2010)
Darwin Phones: The Evolution of Sensing and Inference on Mobile Phones: Emiliano Miluzzo, Cory Cornelius, Ashwin Ramaswamy, Tanzeem Choudhury, Andrew Campbell, Zhigang Liu; In Proceedings of the 2010 International Conference on Mobile Systems, Applications, and Services (MobiSys); San Francisco, California (June 15–18 2010)
DEAMON: Energy-efficient sensor monitoring: Minho Shin, Patrick Tsang, David Kotz, Cory Cornelius; In Proceedings of the IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON); Rome, Italy (June 22–26, 2009)
AnonySense: Privacy-Aware People-Centric Sensing: Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Nikos Triandopoulos; In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys); Breckenridge, Colorado (June 17–20, 2008)
AnonySense: Opportunistic and Privacy-Preserving Context Collection: Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Daniel Peebles, David Kotz; In Proceedings of the Sixth International Conference on Pervasive Computing (PERVASIVE); Sydney, Australia (May 19–22, 2008)
Active Behavioral Fingerprinting of Wireless Devices: Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles; In Proceedings of the First ACM Conference on Wireless Network Security (WiSec); Alexandria, Virginia (March 30–April 2, 2008)

Preprints & Technical Reports

The Efficacy of SHIELD under Different Threat Models: Cory Cornelius; arXiv preprint arXiv:1902.00541 (February 2018)
ZEBRA: Zero-Effort Bilateral Recurring Authentication (Companion Report): Shrirang Mare, Andrés Molina-Markham, Cory Cornelius, Ronald Peterson, David Kotz; Dartmouth Computer Science Technical Report TF2014-748 (May 2014)
Vocal resonance as a biometric for pervasive wearable devices: Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz; Dartmouth Computer Science Technical Report TR2014-747 (February 2014)
Usable Security for Wireless Body-Area Networks: Cory Cornelius; Dartmouth Computer Science Technical Report TR2013-741 (September 2013)
Hide-n-Sense: Privacy-aware secure mHealth sensing: Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz; Dartmouth Computer Science Technical Report TR2011-702 (September 2011)
AnonyTL Specification: Daniel Peebles, Cory Cornelius, Apu Kapadia, David Kotz, Minho Shin, Nikos Triandopoulos; Dartmouth Computer Science Technical Report TR2010-660 (January 2010)
Nymble: Blocking Misbehaving Users in Anonymizing Networks: Patrick P. Tsang, Apu Kapadia, Cory Cornelius, Sean W. Smith; Dartmouth Computer Science Technical Report TR2008-637 (December 2008)
Active Behavioral Fingerprinting of Wireless Devices: Sergey Bratus, Cory Cornelius, Daniel Peebles, David Kotz; Dartmouth Computer Science Technical Report TR2008-610 (March 2008)

Talks

Towards the Realistic Evaluation of Evasion Attacks using CARLA: 2nd International Workshop on Dependable and Secure Machine Learning (HealthSec); Portland, OR (June 24th, 2019)
Who wears me? Bioimpedance as a passive biometric: 3rd USENIX Workshop on Health Security and Privacy (HealthSec); Bellevue, WA (August 6–7, 2012); Press
Recognizing whether sensors are on the same body: The Ninth International Conference on Pervasive Computing (PERVASIVE); San Francisco, CA (June 12–15, 2011)
On Usable Authentication for Wireless Body Area Networks: 1st USENIX Workshop on Health Security and Privacy (HealthSec); Washington, District of Columbia (August 10, 2010)
DEAMON: Energy-efficient sensor monitoring: IEEE Communications Society Conference on Sensor, Mesh, and Ad Hoc Communications and Networks (SECON); Rome, Italy (June 22–26, 2009)
Active 802.11 fingerprinting: ToorCon 2008; San Diego, California (September 26–28, 2008)
Active 802.11 fingerprinting: Black Hat USA 2008 Briefings and Training; Las Vegas, Nevada (August 2–7, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration: 12th Annual Colloquium for Information Systems Security Education (CISSE); Dallas, Texas (June 2–4, 2008)
Dartmouth Cyber-Security Initiative and the New Achilles Vulnerability Assessment Console: A Case Study in Collaboration: EDUCAUSE Security Professionals Conference; Arlington, Virginia (May 4–6, 2008)
Active 802.11 fingerprinting: gibberish and 'secret handshakes' to know your AP: ShmooCon 2008; Washington, District of Columbia (February 15–18, 2008)

Posters

Physical Adversarial Attack on Object Detectors (Extended Abstract): Shang-Tse Chen, Cory Cornelius, Jason Martin, Duen Horng (Polo) Chau; In Proceedings of 24th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD); London, England (August 19–23, 2018)
Poster: Vocal Resonance as a Passive Biometric (Best Poster Runner-up): Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, David Kotz; In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys); Niagara Falls, New York (June 19–23, 2017)
Passive Biometrics for Pervasive Wearable Devices: Cory Cornelius, Zachary Marois, Jacob Sorber, Ron Peterson, Shrirang Mare, David Kotz; In Proceedings of the Workshop on Mobile Computing Systems and Applications (HotMobile); San Diego, California (February 28–29, 2012)
Reliable People-Centric Sensing with Unreliable Voluntary Carriers: Minho Shin, Cory Cornelius, Daniel Peebles, Apu Kapadia, Patrick Tsang, David Kotz; In Proceedings of the 2008 International Conference on Mobile Systems, Applications, and Services (MobiSys); Breckenridge, Colorado (June 17–20, 2008)

Awards

Intel Labs Gordon Moore Award, Excellence in Collaboration & Smart Reuse (2015)
Intel Division Recognition Award, Security and Privacy Research (2014)
Google American Indian Science & Engineering Society Scholar (2008–2009)
John G. Kemeny Computing Prize (2006–2007): Winner in the Team Design category for Achilles
John G. Kemeny Computing Prize (2005–2006): Winner in the Team Innovation category for BlitzChat: a DND-authenticated, location-aware instant messenger

Memberships

Professional Member American Indian Science and Engineering Society (2013–Present)
Student Member American Indian Science and Engineering Society (2003–2013)
Board of Directors United American Indian Involvement (2002–2003)
Advisory Board Circles of Care (2002–2003)

Service

Thesis Committee Shang-tse Chen, Georgia Tech (2019)
Reviewer ACM Transactions on Computing for Healthcare (2019)
Reviewer International Joint Conferences on Artificial Intelligence (IJCAI) (2019)
Volunteer & Organizer Flathead Tech4Good Summer Native Tech Camp (Press) (2019)
Reviewer Intel Design & Test Technology Conference (DTTC) (2019)
Volunteer & Organizer Flathead Tech4Good Summer Native Tech Camp (Press, Press, Press) (2018)
Reviewer ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (2017)
Reviewer International Symposium on Wearable Computers (ISWC) (2017)
Volunteer Flathead Tech4Good Summer Native Tech Camp (Press) (2017)
Reviewer ACM Conference on Human Factors in Computing Systems (CHI) (2015)
Reviewer ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp) (2015)
Reviewer ACM Symposium on User Interface Software and Technology (UIST) (2015)
Reviewer 1st Workshop on Wearable Security and Privacy (Wearable S&P) (2015)
Reviewer ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp) (2014)

Patents

Adversarial Training Of Neural Networks Using Information About Activation Path Differentials
: Filed 2018; Published 2019; Granted 2023
Techniques To Detect Perturbation Attacks With An Actor-Critic Framework: Filed 2018; Published 2019; Granted 2020
Methods And Apparatus For Distributed Use Of A Machine Learning Model: Filed 2018; Published 2019; Granted 2023
Methods And Apparatus For Federated Training Of A Neural Network Using Trusted Edge Devices: Filed 2018; Published 2019; Granted 2022
Technologies For Performing Orientation-Independent Bioimpedance-Based User Authentication: Filed 2017; Published 2018; Granted 2018
System, Apparatus And Method For Providing Contextual Data In A Biometric Authentication System: Filed 2017; Published 2018; Granted 2020
Technologies For Analyzing Uniform Resource Locators: Filed 2016; Published 2018; Granted 2019
Maintaining User Authentications With Common Trusted Devices: Filed 2015; Published 2017; Granted 2018
Performing User Seamless Authentications: Filed 2015; Published 2016
Wearable computing device for secure control of physiological sensors and medical devices, with secure storage of medical records, and bioimpedance biometric: Filed 2014; Published 2014; Granted 2017