Junia Valente

Junia Valente

Junia Valente

University of Texas at Dallas

Postdoctoral Research Associate

Junia Valente is a postdoctoral research associate at The University of Texas at Dallas. She holds a Ph.D. degree in Software Engineering and a M.S. degree in Computer Science from The University of Texas at Dallas. Her research interests include Internet of Things (IoT) security, and cyber-physical systems (CPS) security. She has reported several security vulnerabilities in IoT devices,including CVE-2015-8287 and CVE-2017-3209 on surveillance systems and consumer drones. She has received a Google Internet of Things technology research award, and won best paper awards, research competitions, and hackathons. Her work in IoT has garnered attention from media outlets including Forbes and Threatpost Security News.

Research Abstract:

Vulnerability Trends in IoT Devices and New Sensor-Assisted Security Protections

My research has focused on (1) attacks against consumer Internet of Things (IoT) devices and new unanticipated threats that cyberattacks on IoT devices can pose to users; and (2) new defenses using unique properties of sensing devices.

First, I developed a systematic methodology to evaluate generic IoT devices and applied my approach to a study of more than 30 devices. My work identified trends in security practices in IoT systems; new risks that are unique to IoT, such as a malevolent adult having the ability to talk with children through online connected toys, or the ability to stealthily turn on a neighbor’s drone camera to spy on them; and new vulnerabilities (e.g., hard-coded passwords on NVRs) that I disclosed to vendors, and were subsequently published at the U.S. National Vulnerability Database (NVD). This work was recently accepted to the IEEE Security & Privacy Magazine.

My second line of work focuses on proposing a new type of attestation protocol as a defense-in-depth mechanism to verify the trustworthiness of sensing devices interacting with the physical world against attacks of increasing severity. The novel aspect of my approach is that we do not send “digital” challenges to the authenticating device, instead we send a physical challenge to the physical area the device is monitoring, and then we verify whether the desired changes reflect in the IoT sensor. This independent channel for verification detects integrity violation even when an attacker compromises roots-of-trusts on the device. This work won a Google IoT technology research award, and was recently accepted to the ACM Transactions on Cyber-Physical Systems.