Professor Christo Wilson (right) sits in a lab with a group of students seated on a sofa and stools in a Khoury research lab. In the background, there are several smart devices sitting on bookshelves.

Cybersecurity and Privacy at Khoury College of Computer Sciences

Making the digital world safer — and training the next generation of cybersecurity professionals and researchers

Today’s connected world brings digital risks at every level. Network threats target data from personal to global — everything from bank accounts and the world’s satellites are vulnerable. The Cybersecurity and Privacy research area at Khoury College brings together one of the largest and most interdisciplinary groups of faculty experts in the academic world. Faculty in this area are experts in a broad range of cybersecurity topics including cryptography, systems and network security, wireless security, AI security, hardware risks in chips, online privacy, and psychology of disinformation.

Khoury College’s research strength spans the range of cybersecurity and privacy domains, encompassing theoretical computer science, security of software, hardware, and networked systems, and is fueled by a collaborative focus on understanding how human behaviors and technology interact.

Meet our faculty

Designing secure systems for all

Research from Khoury College faculty and graduate students is making browsers safer, identifying risks in GPS systems, and finding out how to make the internet-connected gadgets that fill our lives safe from hackers who could hijack them or steal personal data.

Khoury cybersecurity and privacy research is also helping address social engineering and cognitive hacks, such as misinformation campaigns, scams, and frauds.

Research on trustworthy AI identified new vulnerabilities in generative AI systems and new privacy risks in Large Language Models (LLMs), helping make AI more secure. 

Research on human-centered security and privacy is dedicated to making security and privacy easy and accessible for everyday users, increasing their agency and trust in digital systems.

Sample research areas

  • Mobile system security
  • Wireless and distributed systems
  • Security and privacy of cloud computing
  • Systems security
  • Software security
  • Online privacy, including on web, mobile, and Internet of Things (IoT)
  • Network and distributed systems security, including blockchains
  • Cryptography
  • Trustworthy AI, including generative AI
  • Cyber-physical security
  • Algorithm auditing
  • Human-centered security and privacy, including sociotechnical
    equity and agency
  • Deceptive “dark pattern” user interfaces
  • Trust and safety

Domains of interest

  • Cybersecurity and privacy
  • Information assurance
  • Internet of Things (IoT) privacy and security
  • Network and distributed systems security
  • Sociotechnical equity and agency
  • Secure systems
A Khoury faculty members sits to the left of a table speaking with a student sitting to the right of the table. An open laptop sits on the desk in front of them.

Khoury researchers: At the forefront

In researching internet-connected systems, David Choffnes aims to “help effect change that will improve things for consumers.”
Jonathan Ullman discusses his goals of designing effective data systems that don’t compromise individuals’ privacy.
Christo Wilson discusses his work in digital consumer protection, and the role of algorithm auditing in uncovering “what’s going on behind the curtain.”
Alan Mislove discusses the impact of large-scale platforms and how algorithmic auditing can help broaden understanding.
Daniel Wichs’ research is a novel approach to authenticating data in the cloud with digital signatures while ensuring it’s secure.

Current project highlights

The Khoury Security and Privacy faculty is researching how to build tools that prevent leaks of personal identifying information (PII) across mobile networks, which can still happen even when an individual app is secure.  

Learn more

The Mon(IoT)r Lab at Northeastern University is a unique facility dedicated to understanding the security and privacy risks posed by internet-connected devices, or IoT. By replicating a typical home environment filled with smart gadgets, researchers can study how these devices behave in the real world. Unlike traditional computers, IoT devices often lack essential security features and are difficult to update, making them prime targets for hackers. The lab’s work is crucial for identifying vulnerabilities and developing strategies to protect our increasingly connected lives. 

Learn more

The Sociotechnical Equity and Agency Lab at Northeastern explores the complex interplay between technology and society. By combining computer science and social science perspectives, the lab investigates how technical systems shape human behavior, create inequities, and pose risks to privacy and well-being. Through participant-centered research, the lab identifies and addresses friction, harm, and power imbalances within these systems, working toward a more equitable and empowering technological landscape.

Learn more

Recent research publications

Tracking, Profiling, and Ad Targeting in the Alexa Echo Smart Speaker Ecosystem
Authors: Umar Iqbal, Pouneh Nikkhah Bahrami, Rahmadi Trimananda, Hao Cui, Alexander Gamero-Garrido, Daniel J. Dubois, David Choffnes, Athina Markopoulou, Franziska Roesner, Zubair Shafiq

Amazon Echo Smart Speakers collect user data and share it with third-party vendors for targeted advertising and other purposes, often without disclosing this to users. Khoury researchers have developed a framework to measure this data collection, usage, and third-party sharing  by Amazon. This work has the potential to increase transparency about what these platforms are doing with customer data and raise awareness of the risks.

Understanding Dark Patterns in Home IoT Devices

Authors: Monica Kowalcyzk, Johanna Gunawan, David Choffnes, Daniel J. Dubois, Woodrow Hartzog, Christo Wilson

Dark patterns (misleading or predatory design features) are part of many websites and unfortunately are also present in smart devices such as doorbells, speakers, and cameras. Khoury researchers investigated 57 popular smart home devices and found dark pattern features in many, such as default settings on sharing data that are hard to change or automatic subscriptions for premium service. This study highlights the need for better regulation and design practices to protect consumers from being misled by their smart home devices.

Phantom: General Trigger Attacks on Retrieval Augmented Language Generation
Authors: Harsh Chaudhari, Giorgio Severi, John Abascal, Matthew Jagielski, Christopher A Choquette-Choo, Milad Nasr, Cristina Nita-Rotaru, Alina Oprea

General trigger attacks are computer hacks that lead the computers to do something unintended based on a malicious input. Retrieval Augmented Language Generation (RAG) are used in chatbots by tapping relevant documents from a database, thereby improving their response. Khoury researchers have shown that these bots are vulnerable to trigger attacks: hackers can inject a single poisoned document into the database with results including denial of service, reputation damage, privacy violations, and other harmful behaviors. 

Related labs and groups

Faculty members

  • David Choffnes

    David Choffnes is an associate professor at Khoury College and the executive director of the Cybersecurity and Privacy Institute. He works to improve the privacy, security, performance, and reliability of internet systems, and designs new models to measure these systems.

    Read bio

  • Christo Wilson

    Christo Wilson is an associate professor and associate dean of undergraduate programs at Khoury College. His research, which draws on computational, political, and economic methods, delves into the data, security, and privacy issues at the heart of our internet use.

    Read bio

  • Michael Ann DeVito

    Michael Ann DeVito is an assistant professor at Khoury College, jointly appointed with the College of Arts, Media and Design. Her AI and machine learning research aims to address inequalities and unfairness toward marginalized populations through inclusive, equitable design.

    Read bio

  • Kevin Fu

    Kevin Fu is a professor at Khoury College and the College of Engineering, and founder and director of the Archimedes Center for Health Care and Medical Device Cybersecurity. He strives to understand and improve the security of embedded systems and devices, particularly in health care.

    Read bio

  • Joshua Gancher

    Joshua Gancher is an assistant professor at Khoury College. His research into cryptographic software and formal methods seeks to mathematically verify the security of foundational software, and to create tools to do that process at scale.

    Read bio

  • Zhengzhong Jin

    Zhengzhong Jin is an assistant professor at Khoury College. He is interested in cryptography, teaching courses on the subject, and researching a proof system to delegate heavy computation to an untrusted server while ensuring the computation is correct.

    Read bio

  • Cristina Nita-Rotaru

    Cristina Nita-Rotaru is a professor at Khoury College and a founding member of the Cybersecurity and Privacy Institute. In her research, she designs and builds secure, resilient distributed systems and network protocols.

    Read bio

  • Alina Oprea

    Alina Oprea is a professor at Khoury College specializing in cloud security, applied cryptography, and security analytics. Over many years in industry and academia, she has researched and designed machine learning techniques to predict and protect against hacker behavior.

    Read bio

  • Cheng Tan

    Cheng Tan is an assistant professor at Khoury College. His systems and security research focuses on building verifiable outsourced services and certified neural networks.

    Read bio

  • Ziming Zhao

    Ziming Zhao is an associate professor at Khoury College. His passion for hacking informs his research into systems and software security, network security, and web security, as well as his use of capture the flag (CTF) cybersecurity competitions as a teaching tool.

    Read bio