Research Opportunities

In order to develop and deploy DFS tech solutions, the DFSRG’s approach to research involves a three-stage process. The first is the Formative stage, which involves identifying and assessing problems of interest (such as SMS-driven fraud), and developing proof of concept solutions. The second stage is the Development stage. This involves building prototype solutions and evaluating them in controlled settings (such as the mobile money security validation tool). The third stage is the Translation stage. This is when we scale our prototype solutions for deployment, and transfer technology to partner organizations in developing countries.

UW CSE students play a major role in the DFSRG research process. While our faculty advise students and provide general guidance, each project is assigned one graduate student as a project lead, with several other students collaborating on each individual project as well. The project lead takes ownership of the project, and is responsible for ensuring timely completion of each milestone. This involves delegating work on project milestones to other students.

We have a number of research opportunities for interested students, including:

• Mobile App Security: In our formative research, we conducted a large-scale analysis of 197 Android mobile money apps and interviewed seven Android developers from Africa and South America to identify mobile app security problems of interest. Our next step is to leverage existing security tools by creating a security validation framework. Many of the existing tools are effective, but in very specific ways. The idea for our security validation framework is to direct developers to appropriate security tools by allowing them to conduct a self-assessment. Research opportunities for this project include: 1) Help build a prototype of the security validation framework. 2) Compile resources for best practices. 3) Compile automated Android analysis. 4) Assist with a large interview study of app developers to evaluate the prototype.
• UW Pesa: UW-Pesa is a test bed to experiment with various DFS technologies and security protocols. Research opportunities for UW-Pesa include: 1) Develop a web interface for USSD 2) Develop a mobile app interface for USSD 3) Integrate Point of Sale (PoS) and Know Your Customer (KYC) using biometrics.
• Proximity Payments: The goal in this project is to ensure security of transactions, while making products easy enough to use that they are adopted. Research opportunities for this project include: 1) Document current payment methods and protocols at Point of Sale (PoS) through field visits and interviews with customers and merchants in these countries. 2) Develop a sonic proximity payment prototype. 3) Develop a NFC app prototype. 4) Conduct a thorough usability and security evaluation of these protocols in the context of developing regions.
• SMS-driven Fraud: Fraud can happen in a number of ways including SMS transactions, payments and dues, one-time pin numbers, and account recovery via SMS. In a SMS-fraud, an attacker exploits a customer’s poor understanding of mobile phones and DFS services, and uses SMS phishing to defraud the customer. Research opportunities for this project include: 1) In collaboration with Caribou Digital, students will develop a SMS data collection platform. We will release as an Android app, initially to a few hundred volunteers. 2) Along with the SMSs, students will collect data on users’ interactions with the phishing SMSs 3) Students will perform analysis of the data collected, in order to help us understand how users respond to phishing SMSs.
• Android Devices for DFS: Research opportunities for this project include: 1) Develop a use case catalog of Android devices 2) Identify hardware requirements of different DFS applications 3) Investigate the teardowns of different classes of Android phones ($50 phone, $100 phone, $400 phone) 4) Evaluate which phones are suitable for particular use cases. Some cases could entail running the same software on both phones (for example, fingerprint recognition) and then compare accuracy and results.
• Mobile Money App Library: Create a searchable library of screenshots and screen captures of mobile money applications from around the world.

Interested UW CSE students should contact Prof. Richard Anderson.