Professor Christo Wilson (right) sits in a lab with a group of students seated on a sofa and stools in a Khoury research lab. In the background, there are several smart devices sitting on bookshelves.

Cybersecurity and Privacy at Khoury College of Computer Sciences

Making the digital world safer — and training the next generation of cybersecurity professionals and researchers

Today’s connected world brings digital risks at every level. Network threats target data from personal to global — everything from bank accounts and the world’s satellites are vulnerable. The Cybersecurity and Privacy research area at Khoury College brings together one of the largest and most interdisciplinary groups of faculty experts in the academic world. Faculty in this area are experts in a broad range of cybersecurity topics including cryptography, systems and network security, wireless security, AI security, hardware risks in chips, online privacy, and psychology of disinformation.

Khoury College’s research strength spans the range of cybersecurity and privacy domains, encompassing theoretical computer science, security of software, hardware, and networked systems, and is fueled by a collaborative focus on understanding how human behaviors and technology interact.

Meet our faculty

Designing secure systems for all

Research from Khoury College faculty and graduate students is making browsers safer, identifying risks in GPS systems, and finding out how to make the internet-connected gadgets that fill our lives safe from hackers who could hijack them or steal personal data.

Khoury cybersecurity and privacy research is also helping address social engineering and cognitive hacks, such as misinformation campaigns, scams, and frauds.

Research on trustworthy AI identified new vulnerabilities in generative AI systems and new privacy risks in Large Language Models (LLMs), helping make AI more secure. 

Research on human-centered security and privacy is dedicated to making security and privacy easy and accessible for everyday users, increasing their agency and trust in digital systems.

Sample research areas

  • Mobile system security
  • Wireless and distributed systems
  • Security and privacy of cloud computing
  • Systems security
  • Software security
  • Online privacy, including on web, mobile, and Internet of Things (IoT)
  • Network and distributed systems security, including blockchains
  • Cryptography
  • Trustworthy AI, including generative AI
  • Cyber-physical security
  • Algorithm auditing
  • Human-centered security and privacy, including sociotechnical
    equity and agency
  • Deceptive “dark pattern” user interfaces
  • Trust and safety

Domains of interest

  • Cybersecurity and privacy
  • Information assurance
  • Internet of Things (IoT) privacy and security
  • Network and distributed systems security
  • Sociotechnical equity and agency
  • Secure systems
A Khoury faculty members sits to the left of a table speaking with a student sitting to the right of the table. An open laptop sits on the desk in front of them.

Khoury researchers: At the forefront

In researching internet-connected systems, David Choffnes aims to “help effect change that will improve things for consumers.”
Jonathan Ullman discusses his goals of designing effective data systems that don’t compromise individuals’ privacy.
Christo Wilson discusses his work in digital consumer protection, and the role of algorithm auditing in uncovering “what’s going on behind the curtain.”
Alan Mislove discusses the impact of large-scale platforms and how algorithmic auditing can help broaden understanding.
Daniel Wichs’ research is a novel approach to authenticating data in the cloud with digital signatures while ensuring it’s secure.

Current project highlights

The Khoury Security and Privacy faculty is researching how to build tools that prevent leaks of personal identifying information (PII) across mobile networks, which can still happen even when an individual app is secure.  

Learn more

The Mon(IoT)r Lab at Northeastern University is a unique facility dedicated to understanding the security and privacy risks posed by internet-connected devices, or IoT. By replicating a typical home environment filled with smart gadgets, researchers can study how these devices behave in the real world. Unlike traditional computers, IoT devices often lack essential security features and are difficult to update, making them prime targets for hackers. The lab’s work is crucial for identifying vulnerabilities and developing strategies to protect our increasingly connected lives. 

Learn more

The Sociotechnical Equity and Agency Lab at Northeastern explores the complex interplay between technology and society. By combining computer science and social science perspectives, the lab investigates how technical systems shape human behavior, create inequities, and pose risks to privacy and well-being. Through participant-centered research, the lab identifies and addresses friction, harm, and power imbalances within these systems, working toward a more equitable and empowering technological landscape.

Learn more

Recent research publications

Tracking, Profiling, and Ad Targeting in the Alexa Echo Smart Speaker Ecosystem
Authors: Umar Iqbal, Pouneh Nikkhah Bahrami, Rahmadi Trimananda, Hao Cui, Alexander Gamero-Garrido, Daniel J. Dubois, David Choffnes, Athina Markopoulou, Franziska Roesner, Zubair Shafiq

Amazon Echo Smart Speakers collect user data and share it with third-party vendors for targeted advertising and other purposes, often without disclosing this to users. Khoury researchers have developed a framework to measure this data collection, usage, and third-party sharing  by Amazon. This work has the potential to increase transparency about what these platforms are doing with customer data and raise awareness of the risks.

Understanding Dark Patterns in Home IoT Devices

Authors: Monica Kowalcyzk, Johanna Gunawan, David Choffnes, Daniel J. Dubois, Woodrow Hartzog, Christo Wilson

Dark patterns (misleading or predatory design features) are part of many websites and unfortunately are also present in smart devices such as doorbells, speakers, and cameras. Khoury researchers investigated 57 popular smart home devices and found dark pattern features in many, such as default settings on sharing data that are hard to change or automatic subscriptions for premium service. This study highlights the need for better regulation and design practices to protect consumers from being misled by their smart home devices.

Phantom: General Trigger Attacks on Retrieval Augmented Language Generation
Authors: Harsh Chaudhari, Giorgio Severi, John Abascal, Matthew Jagielski, Christopher A Choquette-Choo, Milad Nasr, Cristina Nita-Rotaru, Alina Oprea

General trigger attacks are computer hacks that lead the computers to do something unintended based on a malicious input. Retrieval Augmented Language Generation (RAG) are used in chatbots by tapping relevant documents from a database, thereby improving their response. Khoury researchers have shown that these bots are vulnerable to trigger attacks: hackers can inject a single poisoned document into the database with results including denial of service, reputation damage, privacy violations, and other harmful behaviors. 

Related labs and groups

Faculty members

  • Elettra Bietti

    Elettra Bietti is an assistant professor jointly appointed between Khoury College and the School of Law. She became interested in tech while working as an antitrust and intellectual property litigator representing tech and pharmaceutical clients, and now researches how technology overlps with data law, privacy, and antitrust laws in the digital economy.

    Read bio

  • David Choffnes

    David Choffnes is an associate professor at Khoury College and the executive director of the Cybersecurity and Privacy Institute. He works to improve the privacy, security, performance, and reliability of internet systems, and designs new models to measure these systems.

    Read bio

  • Michael Ann DeVito

    Michael Ann DeVito is an assistant professor at Khoury College, jointly appointed with the College of Arts, Media and Design. Her AI and machine learning research aims to address inequalities and unfairness toward marginalized populations through inclusive, equitable design.

    Read bio

  • Laura Edelson

    Laura Edelson is an assistant professor at Khoury College and former chief technologist for the US Department of Justice Antitrust Division. She studies the spread of harmful content through large online networks with the goal of making social media platforms safer and more beneficial for users.

    Read bio

  • Kevin Fu

    Kevin Fu is a professor at Khoury College and the College of Engineering, and founder and director of the Archimedes Center for Health Care and Medical Device Cybersecurity. He strives to understand and improve the security of embedded systems and devices, particularly in health care.

    Read bio

  • Joshua Gancher

    Joshua Gancher is an assistant professor at Khoury College. His research into cryptographic software and formal methods seeks to mathematically verify the security of foundational software, and to create tools to do that process at scale.

    Read bio

  • Zhengzhong Jin

    Zhengzhong Jin is an assistant professor at Khoury College. He is interested in cryptography, teaching courses on the subject, and researching a proof system to delegate heavy computation to an untrusted server while ensuring the computation is correct.

    Read bio

  • Engin Kirda

    Engin Kirda is a professor at Khoury College, co-founder of the multinational Secure Systems Lab, and co-founder of Lastline, Inc., which detects and prevents advanced targeted malware. He has published more than 100 papers on malware analysis and detection, web application security, and social networking security.

    Read bio

  • Ada Lerner

    Ada Lerner is an assistant professor and the director of the undergraduate cybersecurity program at Khoury College. She researches human–computer interaction, security, and privacy.

    Read bio

  • Tianshi Li

    Tianshi Li is an assistant professor at Khoury College. She has sought to assist developers — even those who don’t specialize in privacy and security — to build mobile apps with native privacy support; she has also helped companies to comply with privacy, accessibility, and fairness requirements.

    Read bio

  • Alan Mislove

    Alan Mislove is a professor and the senior associate dean for academic affairs at Khoury College, and a core faculty member of the Cybersecurity and Privacy Institute. His research deals with distributed systems and networks, with a focus on using social networks to enhance the security, privacy, and efficiency of emerging systems.

    Read bio

  • Cristina Nita-Rotaru

    Cristina Nita-Rotaru is a professor at Khoury College and a founding member of the Cybersecurity and Privacy Institute. In her research, she designs and builds secure, resilient distributed systems and network protocols.

    Read bio

  • Alina Oprea

    Alina Oprea is a professor at Khoury College specializing in cloud security, applied cryptography, and security analytics. Over many years in industry and academia, she has researched and designed machine learning techniques to predict and protect against hacker behavior.

    Read bio

  • William Robertson

    William Robertson is an associate professor at Khoury College, jointly appointed with the College of Engineering. Using techniques such as security by design, program analysis, and anomaly detection, he aims to enhance the security of operating systems, mobile devices, and the web.

    Read bio

  • Abhi Shelat

    Abhi Shelat is a professor at Khoury College specializing in cryptography and applied security. A recipient of awards from the NSF, Microsoft, Amazon, Google, and the ACM, he uses secure computation protocols to enable mutually distrusting parties, each with private inputs, to jointly compute functions while ensuring maximal privacy and correctness.

    Read bio

  • David Stein

    David Stein is an assistant professor, jointly appointed between Khoury College and the School of Law. He studies the interplay between emerging technologies and legal institutions, and holds seven patents for digital identity and database management technologies.

    Read bio

  • Jonathan Ullman

    Jonathan Ullman is an associate professor at Khoury College whose research centers on the foundations of privacy for machine learning and statistics. Ullman has been recognized with an NSF CAREER award and the Ruth and Joel Spira Outstanding Teacher Award.

    Read bio

  • Daniel Wichs

    Daniel Wichs is a professor at Khoury College. An expert in modern cryptography, Wichs researches all aspects of the field, including its theoretical foundations and its applications to information security. Wichs’ work was recognized in 2018 with the prestigious Sloan Research Fellowship, which honors early-career scholars whose achievements mark them among the top scientific minds.

    Read bio

  • Christo Wilson

    Christo Wilson is an associate professor and associate dean of undergraduate programs at Khoury College. His research, which draws on computational, political, and economic methods, delves into the data, security, and privacy issues at the heart of our internet use.

    Read bio

  • Cheng Tan

    Cheng Tan is an assistant professor at Khoury College. His systems and security research focuses on building verifiable outsourced services and certified neural networks.

    Read bio

  • Maryam Tanha

    Maryam Tanha is an assistant teaching professor in the Khoury College of Computer Sciences at Northeastern University, based in Vancouver. Tanha’s research interests are deeply rooted in detecting Android malware and designing resilient software-defined networks.

    Read bio

  • Ziming Zhao

    Ziming Zhao is an associate professor at Khoury College. His passion for hacking informs his research into systems and software security, network security, and web security, as well as his use of capture the flag (CTF) cybersecurity competitions as a teaching tool.

    Read bio