If you’re in the market for a new car, you’ve probably noticed two things recently. The first being that almost all new cars today have electronic components for even the most basic of functionalities. The second being that because cars have these functionalities that require semiconductors (small chips “that manage functions like data storage, graphic rendering, and power consumption in electrical devices”), the recent semiconductor shortage is keeping many new cars on the lots.
If you end up buying that new car (or a relatively new, used car), you will be buying both a transportation and data collection system. “The data collected and recorded is quite broad and includes vehicle speed, passenger count, GPS routes, images from backup cameras, and [personally identifiable information] from connected cell phones. This information stays locally on the vehicle forever and in most cases is uploaded to the [original equipment manufacturer]. Those systems also control critical safety items like brakes. If left unprotected both privacy and lives could be at risk,” says Brian Knighton from the National Security Agency.
That’s where Morgan State comes in. Morgan State University Professor and SPLICE PI, Kevin Kornegay, and his team at the Cybersecurity Assurance and Policy (CAP) Center are working with the NSA’s reverse-engineering tool, Ghidra, to mitigate privacy, cybersecurity, malware, and geolocation vulnerabilities. Their work ensures that the electronic systems are supported and protected throughout the lifetime of the vehicle. Follow the links to learn more about the CAP Center and to read about their partnership with the NSA.
Dartmouth College recently announced that David Kotz, SPLICE PI, will be interim provost starting July 1st. Along with leading the SPLICE project, Kotz will support and advance the teaching and scholarship of Dartmouth faculties and schools, as well as student-related programs.
The term “contact tracing” has recently grown in public prominence. Articles, news reports, and Google searches surrounding the phrase have sky-rocketed since the start of the pandemic. As Susan Landau explains in her recently published book People Count: Contact-Tracing Apps and Public Health, “Ending a plague requires more than medication; we need to stop spread.” And for that, contact tracing—test patients, trace their contacts, and have them isolate—is key. But how do you do so with a disease that spreads as quickly as Covid-19 does, with people contagious before they are even aware they are ill?
The pervasiveness of smart phones has led to the deployment of mobile applications designed to aid in the contact-tracing process. In her book, Landau explains how the technologies work, how they can be designed to protect privacy, and what the complex interplay between technology, social needs, and medicine looks like. Landau highlights the need for technical solutions to be created with the guidance of social scientists and public health experts.
To get a copy of Landau’s book, check out the MIT Press’s website. To learn about Landau’s work at the intersection of technology and society with regards to the SPLICE project, check out the rest of this website.
If you’ve ever wanted to learn more about your digital privacy and online security and didn’t know who to ask, this Science Cafe NH episode is the one to watch.
In a one-hour long webinar, questions run the gamut of topics, from “Is 1password a good service to use?” to “What should you do if you’re hacked?” and “What are the real risks of sharing family photos and information on Facebook?” Panelists Professor Kotz, Dr. Nora Draper, and Azeddine Jakib give you their straightforward answers to help keep yourself, your families, communities, and broader networks safer.
What’s one way you’ve integrated security and privacy practices in your technological habits to protect yourself and others?
Professor Kotz was recently named one of 95 new ACM Fellows. This prestigious award recognizes the top 1% of ACM Members for their outstanding accomplishments in computing and information technology and/or outstanding service to ACM and the larger computing community. Kotz is recognized “for contributions to the security, privacy, and usability of mobile systems.”
To learn more, check out the ACM website here, or check out Dartmouth’s article here.
This past week, professors Kevin Kornegay and Michel Kornegay spoke with the CEO of Shift5, Josh Lospinoso, about Morgan State University’s unique approach to cultivating an environment of success in cybersecurity. Professors Kevin and Michel Kornegay are the Director and Associate Director, respectively, of Morgan State’s Cybersecurity Assurance and Policy (CAP) Center, which is home to the CREAM Lab (Center for Reverse Engineering and Assured Microelectronics of the School of Engineering).
First, it’s important to understand the necessity of cybersecurity research and implementation. New technologies with increasing capabilities enabled by wireless transmissions, data collection, and data processing, have allowed analog devices to be replaced with digital devices on the consumer level. And with consumers’ desire for new functionalities and features driving industry decisions, security protocols often fall to the wayside. But it’s all too common to hear of hacked toys, water systems being tampered with, and even our government being put at risk because of a lack of cybersecurity.
The CAP Center at Morgan State is unique in its methodology to ensure that students are adequately prepared for and provided with options in the cybersecurity realm — whether it be continuing in academia or transitioning into industry. And partnerships are part of this success. The industry partnerships that the Center has fostered have been essential to the development of the students in its programs. On the one hand, they provide industry mentorship, so that students can have hands-on experience outside of the lab. On the other hand, working with industry partners allows for a constant flow of information which keeps the research, education, and work of the program up-to-date with emerging cybersecurity threats and skills needed to stay ahead of the curve.
But the key to the program’s success? Professors Michel and Kevin Kornegay’s devotion to their students and the learning process. The importance of a “pipeline” can not be understated when it comes to encouraging students from underrepresented groups into cybersecurity. Michel has extended that pipeline to start even earlier, with a summer program specifically designed to get middle school girls in the Baltimore area interested in cybersecurity. Both Kevin and Michel speak about the hands-on experimental activities and active-learning experiences that students are immediately a part of when they enter into PhD programs in the lab. Kevin speaks about a new PhD program at Morgan State – Secure Embedded Systems – focusing on a wide variety of competencies necessary to tackle multifaceted cybersecurity issues. The unique program enables students to work with architectures, protocols, AI, and cryptography, spanning the processor, communication, and application aspects of cybersecurity. This program is so unique that it’s the only one in the state of Maryland.
As the Kornegays say in their conversation with Josh from Shift5, opportunity and preparation are both necessary for the success of their students. By working with industry partners who are on-board with their mission, the professors keep a finger on the pulse of emerging technologies, and are able to provide internship experiences and industry mentorship to their students. And the Kornegays work with their students to meet them where they’re at – recognizing that students come from a wide variety of backgrounds, so a one-size-fits all approach cannot work. And the results, seen by the achievements of their students, the growth of the CAP Center and CREAM lab, and increasing partnerships, prove the success of the Kornegays’ methods.
To hear more from their conversation, check out the video below. To get involved with supporting students in exploring cybersecurity, check out the Gen Cyber program. To learn more about the Kornegays’ work with SPLICE, check out the rest of this website.
SPLICE in collaboration with Dartmouth’s Institute for Security, Technology, and Society (ISTS) recently hosted a panel discussion amongst security and privacy leaders currently at the forefront of cybersecurity industry and research.
Panelists discussed some of the most pressing privacy challenges related to the “Internet of Things” (IoT) devices, such as smart phones, smart watches, and other smart devices.
If you’ve ever wondered “Is my TV spying on me?,” or whether that firmware update really is safe to download, or you are interested in learning more about federated learning models vs the “Hoover” approach with respect to IoT devices, you can watch the recording of the panel at the bottom of this post.
Our panelists were April Doss, JD (Chair of Cybersecurity and Privacy Practice at Saul Ewing Arnstein & Lehr LLP); Hamed Haddadi, PhD (Professor in Human-Centered Systems at Imperial College London); Susan Landau, PhD (Bridge Professor in Cyber Security and Policy at Tufts University); and Avi Rubin, PhD (Technical Director of the Johns Hopkins University Information Security Institute). David Kotz, PhD (Professor of Computer Science at Dartmouth and SPLICE Principal Investigator) was the moderator.
Did you receive a smart device this holiday season, and leave it sitting in the box because you don’t know how to set it up? Or were you one of those savvy shoppers who bought a smart device on clearance after the holiday rush and already have the perfect place to put it in your home?
Either way, SPLICE PI David Kotz has some advice for keeping your information secure and private when using smart devices. Check it what he has to say in the video!
The SPLICE team is pleased to announce one new patent derived from research conducted by SPLICE Principal Investigator Kevin Kornegay and Professor Willie Thompson, both from Morgan State University. The patent describes a data traffic module supporting the attestation and secure boot operations of IoT devices and legacy computing devices, and providing tamper resistance to such devices.