6 minute read
CCS EVENTS
by NYUTandon
THREE CCS-AFFILIATED PROJECTS SPOTLIGHTED AS RESEARCH EXCELLENCE EXHIBIT RETURNS TO TANDON
The 2022 Research Excellence Exhibit returned to the Brooklyn Commons on April 29th, marking another step towards the school’s return to in-person, oncampus events. From 1 to 4 p.m. the exhibit showcased 36 student projects that represent work in the school’s seven areas of research excellence: Communications/IT, Cybersecurity, Data Science/AI/Robotics, Emerging Media, Health, Sustainability, and all things Urban.
The three projects representing cybersecurity were:
Supply Chain Security Risk Analysis and Mitigation in IT/OT and IoT Systems, presented by then Masters student Yunfan
Xu (Advisor: Dr. Quanyan Zhu). Yunfan showcased ISCRAM, a tool for Supply Chain Risk Analysis and Mitigation. It provides analysis and decision support to reduce systemic risk from suppliers in complex IoT systems.
Exposing Encrypted Wireless Data Transfer in Wearable IoT Devices, presented by Masters students Sumish Pal Singh Ajmani and Karan Parikh (Advisor: Dr. Danny Huang)
This presentation reported on the very real risk of data, such as personal health data, financial information, and live locations, being inadvertently shared via wearable IoT devices, particularly when connected to home WiFi or a phone’s bluetooth.
“What makes our research unique is not just the tangible thing you might build as a result, but the ability to make people think differently,” Sumish Pal Singh Ajmani told a writer for NYU Tandon News covering the event. “We wanted to spread awareness by showing how easy it is for a user to get fooled by new cyber security tools in the market. The interest from the crowd took us by surprise since we were competing for attention with AI bots and other admittedly compelling things. But it was great to see attendees starting to think about the cybersecurity of their smart devices.”
AI-Driven Interactive Safe Autonomous Driving, presented by Ph.D. students Tao Li (on the left in photo below) Haozhe Lei (right) and Dhairya Upadhyay (Advisor: Dr. Quanyan Zhu)
As explained by Tao Li, the project “presents a safe autonomous driving technology powered by artificial intelligence. The autonomous vehicle learns an online adaptation strategy accommodating different traffic participants and environmental conditions based on its prediction of future traffic conditions. This project demonstrates that AD has the potential to reduce automobile accidents, save thousands of lives, and roughly $190 billion in health care costs every year.”
LIVE FROM NEW YORK: CSAW IS BACK, NOVEMBER 9-12
After two years as a virtual event, CSAW’22 returns to NYU Tandon’s Brooklyn campus, live and in person. The 19th edition of the world’s most comprehensive student-run cybersecurity event will kick off its schedule of seven competitions, panel discussions, poster sessions, and more on November 9.
In a preview of CSAW events to come, the final presentations of the Hack 3D Summer Challenge were held on July 15 as the centerpiece of a day of talks on security issues in digital manufacturing. The competition winners, who received cash prizes and are now eligible to compete in November’s finals, are:
First Place ($750 cash prize): Neo, Indian Institute of Technology, Tirupati, India Sneja M S, Sirish Sekhar, Prabhat Reddy
Second Place ($500 cash prize): Hack3rm3n Kevin Jun, Lehigh University; Aryan Rastogi, Indian Institute of Technology, Indore, India; Abhishek Sridharan, National Institute of Technology, Tiruchirappalli, India
Third Place ($250 cash prize): Missile Pav Aakar Jain, Purdue University; Diksha Sharma, Symbiosis International University, India; Vishnu Bansal, Birla Institute of Technology and Science, Pilani, India; Sumiran Maiskar, VIT University
Other events were still in the planning stages at the time this issue went to press. Go to https://www.csaw.io/ for the latest news and announcements. CyberByte will publish a wrap-up of CSAW 2022 in its spring issue.
Tandon Hosts Visiting Delegation Of Cybersecurity Faculty From Eastern Europe
This spring, the Center for Cybersecurity played host to two different groups of academics from eight Eastern EU countries seeking to learn more about cybersecurity education and practice in the U.S. As part of a program sponsored by World Learning, with funding from the Polish-American Fulbright Commission, 30 cybersecurity professors traveled to Tandon during a New York City between March 21 and April 4, 2022.
The overall goal of the program is to facilitate an “understanding of the US academic and practical landscape of cybersecurity” for faculty from Lithuania, Latvia, Poland, Hungary, Bulgaria, Estonia, Slovakia and Romania. In particular, the professors were interested in:
• Curriculum examples
• Preparing students for competitions
• Research and research collaboration
• Collaboration between academia and industry.
During their time at NYU Tandon, the group learned more about the history of cyber research at Tandon, the role of OSIRIS in CCS programs, an overview of cybersecurity educational programs at Tandon, and the Center’s partnerships with industry. They also toured the 10th floor, attended lectures by Dr. Hammond Pearce, research assistant professor with NYU’s Center for Cybersecurity, and Dr. Damon McCoy, associate professor of computer science and engineering; and received a virtual welcome from Dean Jelena Kovačević.
After the visit, Matt Brown, director of global programming for World Learning, observed that, “the visits to your Brooklyn site were perfect. The sessions were right on target, exactly what our participants were looking for, and with wonderful speakers all around. All of us at World Learning, Fulbright Poland, and the participants, appreciate the time you and your NYU colleagues took to prepare and deliver your talks, and to show us around your premises.”
KEEPING THE TRUTH INTACT: TAF HARNESSES TUF TO CREATE SECURE LEGAL ARCHIVES
The Update Framework (TUF) (https://theupdateframework.io/), which has secured software updates on automobiles, cloud applications, and for community and commercial software repositories, has ventured out in a new direction: secure archiving of legal documentation. Earlier this year, Dr. Justin Cappos, whose Secure Systems Laboratory at NYU Tandon is home base for TUF, announced a new initiative with the Open Law Library called The Archive Framework (TAF), a system designed to protect any git repository, particularly those on which important digital documents, such as legal records or legislation, are created.
In an interview conducted late last year with David Greisen, Founder and CEO of OpenLaw Library, and Renata Vaderna, a software engineer at the company that did the programming on TAF, Greisen noted that TAF was designed to address a very specific security issue. While version control systems like GitHub can give the user control over multiple versions of a document, it has potentially serious liabilities in protecting both the content and the sequence of changes made within a document. By building on Git but integrating TUF to address the security issue, Greisen explains, users have a way to check the validity of documents and verify the authenticity of pull requests and other changes to the document. According to Cappos, who is an associate professor of computer science and engineering at NYU Tandon, TAF uses the delegation, role, and key management structures of TUF in order to provide long term security and resilience to attack.
The Open Law platform (https://openlawlib.org/) was initially created at the request of the city of Washington, DC, which wanted to use it to publish their legal code. What Open Law was able to do was “take all the tools of computer science and apply it to the codification process.“
Recently, OpenLaw received a grant from the Institute of Museum and Library Services (http://www.imls.gov) that will help them improve the storage of metadata and enhance the signing process on their platform. One particular issue they will be addressing is how to ensure the continuing authentication of data. As Greisen points out, “Law does not fit the space/time continuum of other security systems” largely because the “shelf-life” of legal documents “encompass not years, but decades and centuries.” If, for example, a jurisdiction ceases to exist, TAF is designed to enable other authorities to attest to the authenticity of the original publisher. “In a sense, it protects by leveraging the built in trust in institutions,” Greisein says.
Perhaps most importantly, in an era of deepfakes and disinformation, TAF offers a way to make sure legal records for a government entity or complex transactions in corporate law reflect the truth over time. “The demand for nonfungible-tokens (NFTs) shows the hunger for this type of service,” Greisen observes. Cappos concurs, noting that, “We’re proud to work on projects like these that ensure that history itself cannot be rewritten.”
Traps Project To Secure Power Systems Receives Doe Grant
U.S. power systems represent an increasingly desirable target for cyber hackers. An IBM report, cited in The New York Times in May, 2021, noted that “the energy industry was the third most targeted sector for such attacks in 2020, behind only finance and manufacturing.”
To address this issue, the U.S. Department of Energy announced on April 21, 2022, that it was committing $12 million in grants to fund initiatives to better secure the U.S. energy infrastructure. The grant program named six university-based programs as grant recipients, including NYU Tandon School of Engineering.
Tandon will use its three-year, $1,939,416 grant to develop a new program for identifying and addressing vulnerabilities in power grids. Dubbed “Tracking Real Time Anomalies in Power Systems” or TRAPS, the NYU initiative will be a collaborative effort with researchers at SRI International, the New York Power Authority, and Consolidated Edison.
NYU’s efforts will be overseen by Dr. Farshad Khorrami, a professor of electrical and computer engineering (ECE) at NYU. Dr Ramesh Karri and Dr. Prashanth Krishnamurthy, both from the ECE Department at Tandon, serve as coinvestigators.
In announcing the awards, U.S. Secretary of Energy Jennifer Granholm notes that, “investing in cutting-edge cyber security technology keeps us at the forefront of global innovation and protects America’s power grid in the face of increasing cyber threats from abroad.” She adds, “This funding will bolster our commitment to a secure and resilient clean energy future by fortifying American electricity systems and building a stronger grid.”
