Cybersecurity Awareness Month Lasts All Year Long at Tandon
According to the calendar, it’s time to honor National Cybersecurity Awareness Month, but here at New York University Tandon School of Engineering, we focus on cybersecurity every single day of the year. By developing ways to make automotive software and hardware more resistant to hacking, keep banking PINs reliably private, and a host of other important research, Tandon is always working towards a safer, more secure world. Read on to learn about what our cybersecurity experts have accomplished recently.
A protocol for protecting automotive software updates from hackers was named one of the top 100 technologies of the year — the Best of What’s New — by Popular Science magazine. Uptane, developed in part by Professor Justin Cappos and colleagues from the University of Michigan Transportation Research Institute and the Southwest Research Institute, is an open-source framework that aims to safeguard the more than 100 million lines of code in modern automobiles — code that experience and experiments show is as vulnerable to hacking as the personal data more commonly targeted by cybercriminals.
Popular Science magazine named Siddharth Garg to its 15th annual Brilliant 10 list, a roundup of young scientists and engineers doing world-changing work. Garg, an assistant professor in NYU Tandon’s Department of Electrical and Computer Engineering, was recognized for his work in the field of hardware security, which focuses on outsmarting criminals’ attempts to build vulnerabilities into the chips that power everything from computers and smartphones to the systems that run cars, major utilities, public transportation, and nuclear facilities.
Every ATM or smartphone user can attest to the discomfort of having a stranger standing close enough to observe a financial transaction — and potentially note a PIN or account number. Now Professor Nasir Memon has led a team that developed the first-of-its-kind application to combat such “shoulder-surfing,” whether in person or via a building’s video camera. The technology, called “IllusionPIN,” deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater.
Researchers Discover that Partial Fingerprints May Be Sufficient to Trick Biometric Security Systems on Smartphones
No two people are believed to have identical fingerprints, but researchers at the NYU Tandon have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.
Cyber-attacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them. But a team of NYU researchers has challenged that notion by disclosing a vulnerability in a component that combined with publicly available information provides sufficient information to model an advanced, persistent threat to the electrical grid. (The vulnerability allows an attacker with local or remote access to extract and reverse-engineer the weakly encrypted and easily accessed passwords used to reprogram the component’s protective set points.) Researchers worked quickly and closely with manufacturers to develop a patch to secure the vulnerability.
Additive manufacturing (AM), also called 3D printing, is rapidly expanding. The rapid prototyping market alone is expected to reach $5 billion by 2020. But since the global supply chain for AM requires companies to share computer aided design (CAD) files within the organization or with outside parties via email or cloud, intellectual-property thieves and malefactors have many opportunities to filch a manufacturer’s design files to produce counterfeit parts. A group of researchers at NYU Tandon School of Engineering has discovered ways for manufacturers to turn the tables on thieves by deliberately embedding hidden flaws in CAD files to thwart intellectual property theft, and NYU Tandon Mechanical and Aerospace Engineering Professor Nikhil Gupta is building a company to offer the protection.
The eighth event in a series of open lectures on cybersecurity and privacy at Tandon convened in April 2017 with an exploration of the hardware security challenges posed by interconnected devices and cloud computing. “Convergence of IoT, Cloud, Security: A Perfect Storm” featured Walden (Wally) C. Rhines, president and chief executive officer of Mentor Graphics, who discussed the growing threat posed by hardware hackers and malicious modifications to the integrated circuits that power today’s computers, smartphones, and other Internet-connected devices. Watch for the next lecture, featuring Distinguished Research Professor Edward Amoroso on the challenges that cybersecurity poses to democracy, on November 16.
Tandon researchers are helping to build a sophisticated suite of tools to provide pro bono to law enforcement officials seeking to identify and rescue children in exploitive and pornographic online material. In consultation with the U.S. Department of Homeland Security Child Exploitation Investigations Unit, they are helping to automate the process by which officials comb through the one to three terabytes (TB) of data, representing 1 million to 10 million images and thousands of hours of video material, which a typical case contains.
Researchers Develop Automated Techniques to Identify Ads Potentially Tied to Human Trafficking Rings
Human trafficking is a widespread social problem, with an estimated 4.5 million people forced into sexual exploitation, according to the International Labor Organization. The Internet has enabled and emboldened human traffickers to advertise sexual services. Law enforcement efforts to trace and disband human trafficking rings are often confounded by the pseudonymous nature of adult ads and the tendency of ringleaders to employ multiple phone numbers and email addresses to avoid detection. Now, Tandon researchers are helping devise the first automated techniques to identify ads potentially tied to human trafficking rings and link them to public information from Bitcoin — the primary payment method for online sex ads. This is the first step toward developing a suite of freely available tools to help police and nonprofit institutions identify victims of sexual exploitation.
CSAW, the world’s largest student-run set of cyber security games, was founded 14 years ago by the New York University Tandon School of Engineering, and this year marks the first time finals will be held in four global locations in addition to Brooklyn: Israel, France, Abu Dhabi, and India. Also new this year, The NYU Arthur L. Carter Journalism Institute will join Tandon in honoring excellence in cybersecurity reporting.
Tandon and One of India’s Top Tech Schools Agree to Joint Education and Research Initiatives to Defend against Cyber Warfare
Tandon and the Indian Institute of Technology, Kanpur, recently signed a seven-year agreement to deepen their exchange in information security research and academics. The agreement commits NYU Tandon — one of America’s first institutions of higher education with a cybersecurity program — and IIT Kanpur — one of India’s leading computer science universities — to exchanges that will defend critical infrastructure from cyber-attacks and electronic warfare. The agreement calls for cooperative research, teaching projects, faculty and student exchanges, and scholarly seminars and workshops.
At Tandon, the country’s first university research team for hardware security is probing the growing threat to the world’s microchips and devising ways to protect them. Under the aegis of the NYU Center for Cyber Security, faculty and student researchers from Brooklyn and from NYU Abu Dhabi are being recognized as leaders in research on secure chip design and production, microchip camouflaging, encryption, crowdsourcing and sharing of attack and defense strategies, and improving the trustworthiness of the supply chain.
Job growth in computer science, data informatics and especially cybersecurity is running at a blistering pace. According to the U.S. Bureau of Labor Statistics, demand for those with computer science backgrounds will rise 12 percent over the next decade, double the average growth rate for jobs in general. Employers are struggling to fill 200,000 other jobs requiring cybersecurity skills. The shortfall is expected to reach 1.8 million globally by 2022. But while positions in these fields yield among the highest return on investment with six-figure salary potential, those with bachelor’s degrees in non-STEM disciplines are locked out unless they are willing to spend upwards of $20,000 on undergraduate courses to prepare for graduate study in these areas. To address that issue, Tandon has expanded their novel distance-learning initiative called “A Bridge to NYU Tandon,” aimed at giving those with college degrees but little background in science or engineering the tools they need to apply for graduate study in cybersecurity and other tech fields.
When the International Consortium of Minority Cybersecurity Professionals, in partnership with IBM, hosted an all-day forum on women and minorities in the field of cybersecurity recently, Professor of Computer Science and Engineering Nasir Memon, a seminal member of NYU’s multidisciplinary Center for Cybersecurity (CCS) participated. He represented Tandon on a panel entitled “Cracking the Diversity Code,” informing the audience about the school’s efforts towards diversity and inclusiveness.