Florida International University School of Computing and Information Sciences
Mahmudur Rahman works in the Cyber Security and Privacy Lab (CaSPR) at FIU, led by Dr. Bogdan Carbunar. He received his Bachelor’s degree in Computer Science and Engineering from Bangladesh University of Engineering and Technology (BUET) in 2007 and received his master’s degree from the School of Computing and Information Sciences at FIU in 2012. His research interests include privacy and security issues in online (geo)social networks (e.g., fake review detection, private location-centric aggregates, location verification), distributed computing systems, mobile networking, mobile applications and health centric applications. He has won several best paper awards and his research works have received significant media coverage. He will join IBM after his doctoral graduation.
Social networks are popular platforms that simplify user interaction and encourage collaboration. They collect large amounts of media from their users, often reported from mobile devices. The value and impact of social media makes it however an attractive attack target. In this thesis, we focus on the following social media vulnerabilities. First, review centered social networks such as Yelp and Google Play have been shown to be the targets of significant search rank and malware proliferation attacks. Detecting fraudulent behaviors is thus paramount to prevent not only public opinion bias, but also to curb the distribution of malware. Second, the increasing use of mobile visual data in news networks, authentication and banking applications, raises questions of its integrity and credibility. Third, through proof-of-concept implementations, we show that data reported from wearable personal trackers is vulnerable to a wide range of security and privacy attacks, while off-the-shelves security solutions do not port gracefully to the constraints introduced by trackers.
In this thesis we propose novel solutions to address these problems. First, we introduce Marco, a system that leverages the wealth of spatial, temporal and network information gleaned from Yelp, to detect venues whose ratings are impacted by fraudulent reviews. Second, we propose FairPlay, a system that correlates review activities, linguistic and behavioral signals gleaned from longitudinal app data, to identify not only search rank fraud but also malware in Google Play, the most popular Android app market. Third, we describe Movee, a motion sensor based video liveness verification system, that analyzes the consistency between the motion inferred from the simultaneously and independently captured camera and inertial sensor streams. Finally, we devise SensCrypt, an efficient and secure data storage and communication protocol for affordable and lightweight personal trackers. We prove the correctness and efficacy of our solutions through a detailed theoretic and experimental analysis.