TRUST in the News

TRUST researcher Deirde Mulligan receives IAPP Privacy Leadership Award

noreply@blogger.com (Carolyn Winter) — Thu, 21 Apr 2016 21:26:00 +0000

TRUST researcher Deirdre Mulligan has been awarded the prestigious IAPP Privacy Leadership Award for 2016, along with Professor Kenneth Bamberger, also at Berkeley. The two received the honor from the International Association of Privacy Professionals in recognition for their groundbreaking research on the unwritten laws of privacy — the way privacy professionals steer the internal governance of privacy within companies — and their book Privacy on the Ground.

The award recognizes global leaders in the field of privacy and data protection who have demonstrated an ongoing commitment to furthering privacy policy, promoting recognition of privacy issues, and advancing the growth and visibility of the privacy profession.

Former TRUST REU Student Wins Silver Award in ACM Research Competition for Undergrads

noreply@blogger.com (Carolyn Winter) — Wed, 25 Nov 2015 18:49:00 +0000

Luther Martin, a NERSC Student Assistant via the UC Berkeley TRUST-REU program, won the silver award in the ACM Student Research Competition for undergraduates for his poster on “Optimization Strategies for Materials Science Applications on CORI: An Intel Knights Landing, Many Integrated Core Architecture.” The competition provides support to help undergraduates experience the research world and gain recognition from ACM and the greater computing community. Martin, who currently attends Jackson State University in Jackson, Mississippi, spent the summer interning at NERSC. He was one of 25 students selected to present their posters at SC15 out of 64 submissions.

Former TRUST REU Student to Participate in FTC conference on Privacy and Technology

noreply@blogger.com (Carolyn Winter) — Tue, 24 Nov 2015 20:00:00 +0000

Ibrahim Altaweel, a participant in the TRUST Center’s 2014REU program, has been selected to present research at PrivacyCon, a conference organized by the Federal Trade Commission (FTC) to discuss the latest research and trends related to consumer privacy and data security. Altaweel worked with Berkeley Professor Nathan Good at the School of Information to develop his research, which provided an update to ongoing work to “web privacy census.” The census measures online tracking and provides a framework for policymakers to advocate for more privacy rights for consumers.

Altaweel will be one of just 20 researchers presenting at the event.

Stanford to Offer Course in CryptoCurrency

noreply@blogger.com (Carolyn Winter) — Tue, 25 Aug 2015 21:57:00 +0000

As part of its new graduate certificate program in cybersecurity, Stanford University is offering a course titled, “Crypto Currencies: Bitcoin and Friends,” taught by TRUST researcher and Stanford Professor of Computer Science Dan Boneh and launching in September 2015. Boneh will also be extending the course online to professionals enrolled in the program.

Boneh and others in the field feel the time is right to develop on online course to help others learn about the opportunities and challenges created by virtual currencies, including Bitcoin. The course will explore ways to ensure that new payment technologies are designed to secure privacy while also protecting digital assets.

Summer Camp for Cybersecurity

noreply@blogger.com (Carolyn Winter) — Wed, 12 Aug 2015 19:14:00 +0000

High school students in the San Francisco Bay Area had a special opportunity to learn more about cybersecurity this summer, thanks to CYBEAR, a summer camp funded by the NSA and the National Science Foundation and hosted by the TRUST Center. The camp is part of a system of 43 camps nationwide that seeks to address an extreme shortage of cybersecurity workers needed in both government and industry. In addition to including a number of UC Berkeley faculty and students as instructors, the program also collaborated with the International Computer Science Institute (ICSI), and the Lawrence Berkeley National Laboratory to develop curriculum.

Participants in CYBEAR were introduced to basic concepts about conducting research, learned about secure programming and principles of privacy, and were provided with information to help them define a path to careers in cyber security and privacy. The camp was successful in attracting significant numbers of underrepresented minorities (camp population was 55% female and 64% underrepresented minorities) and in reaching schools that do not offer any teacher-led computer science program.
The program was featured in a number of media outlets.

TRUST Researcher Dan Boneh to Receive 2014 ACM-Infosys Foundation Award

noreply@blogger.com (Carolyn Winter) — Tue, 31 Mar 2015 17:23:00 +0000

The Association for Computing Machinery (ACM) has named TRUST researcher Dan Boneh the recipient of the 2014 ACM-Infosys FoundationAward in the Computing Sciences for ground-breaking contributions to the development of pairing-based cryptography and its application in identity-based encryption. The award recognizes the finest recent innovations by young scientists and system developers in the computing field. Boneh's work helped establish the field of pairing-based cryptography, a dominant area in cryptography for the last decade, by demonstrating the use of pairing functions to solve a wide variety of problems in cryptography. Boneh, with Matt Franklin, showed how pairings could be used to develop a fully functional identity-based encryption scheme (IBE).

Dan Boneh is professor of Computer Science and Electrical Engineering at Stanford University, and leads the applied cryptography group there. He will be honored at ACM's annual awards banquet on June 20, 2015 in San Francisco.

Have You Read Your Privacy Policy?

noreply@blogger.com (Carolyn Winter) — Fri, 06 Feb 2015 00:33:00 +0000

If you’re like most people, you probably haven’t read a word of the many privacy policies encountered online. And, as TRUST researcher Alessandro Acquisti argues, that’s not a good thing if you want to protect your personal data. Acquisti and other researchers at Carnegie Mellon are using their research on privacy and technology as evidence to recommend implementation of a federal consumer privacy bill of rights.

Researchers found that current technological advances are outpacing written privacy policies, leading to inadequate protection against the latest threats. Privacy "approaches that rely exclusively on informing or 'empowering' the individual are unlikely to provide adequate protection against the risks posed by recent information technologies," CMU’s Alessandro Acquisti, Laura Brandimarte and George Loewenstein wrote.

San Jose State Designated Cyber Security Center of Excellence

noreply@blogger.com (Larry Rohrbough) — Thu, 04 Dec 2014 19:04:00 +0000

TRUST Center partner institution San Jose State University was recently designated a National Center of Academic Excellence in Information Assurance/Cybersecurity Education by the U.S. Department of Homeland Security and the National Security Agency's U.S. Cyber Command.

SJSU is the first Bay Area institution to receive such a CoE designation. Covering 2014-2019, the designation builds on more than a decade of research and education at SJSU in information assurance and related fields, including close collaboration with the TRUST Center.

Congratulations to Prof. Sigurd Meldal and his colleagues for this recognition! A full press release from the university can be read here.

Best Paper Award for TRUST Medical Informatics Research

noreply@blogger.com (Larry Rohrbough) — Wed, 26 Nov 2014 04:58:00 +0000

The work of TRUST researchers at Vanderbilt University and their colleagues was recognized at the American Medical Informatics Association Annual Symposium, winning the Homer Warner Award for best paper. The paper, titled "SOEMPI: A Secure Open Enterprise Master Patient Index Software Toolkit for Private Record Linkage,” describes a software tool based on OpenEMPI for privacy preserving record linkage that is engineered to be extensible and support the PRL lifecycle, including the distribution of cryptographic keys and the communication between the participating organizations. This project was initiated, and is currently maintained, by the Health Information Privacy Laboratory at Vanderbilt University.

The paper authors are Csaba Toth (Vanderbilt University), Elizabeth Durham (Vanderbilt University), Murat Kantarcioglu (University of Texas at Dallas), Yuan Xue (Vanderbilt University), and Bradley Malin (Vanderbilt University). More information on SOEMPI is available here.

Password Managers Pose Security Risk

noreply@blogger.com (Carolyn Winter) — Wed, 24 Sep 2014 22:49:00 +0000

Password managers may not be as effective as you think. While these tools provide convenience and (ostensibly) peace of mind, a recently released report from UC Berkeley researchers, including TRUST researcher Dawn Song, found that the five popular password managers tested all had critical vulnerabilities. In fact, the researchers found that for four of the five companies studied an attacker would be able steal arbitrary credentials, at the time of the report.

Researchers reported their findings to the companies reviewed, and most responded to the disclosures and fixed the vulnerabilities. However, their research points to the importance of always considering possible weaknesses and not taking security for granted.

Privacy Can Be Good for Business

noreply@blogger.com (Carolyn Winter) — Thu, 17 Jul 2014 00:13:00 +0000

These days, most consumers are not surprised to learn that their online browsing habits or personal cell phone usage are mined by companies for targeted marketing practices. However, as TRUST researcher Steve Wicker at Cornell University argues, privacy can be good for business too.

Dr. Wicker is just one of many experts urging firms to offer consumers options which do not leave them vulnerable to the hacking or misuse of databases. A service which promises to keep users’ data for a day instead of a year or more is, he believes, something that people would be willing to pay extra for.

Although change is slow, trust in how a business protects personal privacy increasingly translates to customer loyalty, opening up the potential for a big market in privacy products.

Is the Internet Our Friend?

noreply@blogger.com (Carolyn Winter) — Tue, 15 Apr 2014 19:07:00 +0000

Just how safe is the Internet? TRUST researcher Nicolas Christin was one of the participants who explored this question in a debate and panel discussion at Carnegie Mellon University.

The discussion, supported by the Ford Foundation, highlighted concerns that arise as governments around the world attempt to deal with the increasing free flow of information in a world where Twitter posts can ignite revolution.

From online shopping to managing energy grids, our society is dependent on secure Internet connections. However, as one panelist pointed out, the challenge is to maintain security while allowing for transparency and ease of communication.

Few clues found in collapse of Mt. Gox bitcoin exchange

noreply@blogger.com (Carolyn Winter) — Fri, 14 Mar 2014 23:53:00 +0000

Despite online sleuthing and crowdsourcing, it is unlikely that those who suffered losses when bitcoin exchange Mt. Gox was hacked will be able to trace the path of their investments, comments TRUST researcher Emin Gun Sirer of Cornell University.

The problem, Gun Sirer and others say, is two-fold: users of such forums are not always methodical or disciplined in their research on one hand, and on the other, bitcoin's combination of transparency and complexity invites the unwary to draw false conclusions. The collapse of the world's biggest bitcoin exchange highlights the need for enhanced infrastructure in developing digital currency.

SJSU Establishes Center for Cyber Security and Big Data Studies

noreply@blogger.com (Larry Rohrbough) — Wed, 18 Dec 2013 01:05:00 +0000

TRUST partner institution San Jose State announced the establishment of a new Center for Cyber Security and Big Data Studies, to be led by TRUST researcher Professor Sigurd Meldal.

The university will hire nine new faculty members who will work with their colleagues to develop and deliver curricula and research that will enable industry and other partners to design, build, and operate trustworthy information systems for the region's and the nation's critical infrastructure. This cohort will represent diverse areas of expertise and interests, not limiting the focus to technical competencies but reaching out to and including business and the humanities.

Studying Wiretaps to Big Data - Cornell moves into the MOOC world

noreply@blogger.com (Carolyn Winter) — Thu, 14 Nov 2013 23:44:00 +0000

TRUST researcher Prof. Steve Wicker of Cornell University will be teaching one of Cornell's first Massive Open Online Courses (MOOC) beginning in March 2014. The course, titled "Wiretaps to Big Data: Privacy and Surveillance in the Age of Complete Interconnection" is one of four selected for Cornell's first MOOC offering. The course will explain how cellular technology makes surveillance possible, how surveillance affects how we use cellular and other technologies, cellular user’s rights and how this system affects our democratic institutions. It is scheduled to begin in March 2014. Cornell will be partnering with edX, a MOOC platform founded by the Massachusetts Institute of Technology and Harvard University to offer online, university-level courses in a wide range of disciplines to a worldwide audience free of charge.

Online Hackers Beware: GOTCHA!

noreply@blogger.com (Larry Rohrbough) — Thu, 17 Oct 2013 18:59:00 +0000

Worried about the robustness of the ubiquitous CAPTCHA in preventing online attacks? TRUST researchers Jeremiah Blocki, Manuel Blum, and Anupam Datta at Carnegie Mellon University think they have the solution: GOTCHAs, or Generating panOptic Turing Tests to Tell Computers and Humans Apart. GOTCHAs introduce a new twist on the use of human-only solvable puzzles (such as CAPTCHAs) by having the interaction between humans and computers use Inkblot images and associated phrases used to describe the images. A user is presented with an image and asked to describe that image with a short phrase. Later, when logging in online the user is shown the same image and challenged to provide the matching phrase that describes it. For a human, successfully completing both steps is easy. For a computer, not so much. Hence GOTCHA's effectiveness.

See MIT Technology Review and Gizmodo Australia for coverage of this research. The full research paper is available here.

"Fingerprinting" of Mobile Devices

noreply@blogger.com (Larry Rohrbough) — Sat, 12 Oct 2013 09:35:00 +0000

A team led by TRUST researcher and Stanford computer science Professor Dan Boneh has identified a method of effectively "fingerprinting" mobile devices. By exploiting tiny errors in each device's sensors, including the accelerometer and microphone, the team showed how their results could be used to uniquely identify a mobile device.

A more in-depth article on the research is available at the SFGate Tech Chronicles.

Online privacy concerns growing

noreply@blogger.com (Mary Stewart) — Thu, 03 Oct 2013 14:18:00 +0000

There's a privacy arms race under way online, a continuing struggle among consumers, Internet companies, advocates and policymakers to assert greater control over personal data.

Following recent NSA spying regulations, many people disabled browser cookies or took other steps to protect their privacy. Cookies are still popular with online advertisers, but they have been developing and using more refined methods for some time, including authenticated tracking, browser fingerprinting, cross-device tracking and more.

"Google knows exactly who you are because there is so much authentication built into Google's services," Chris Hoofnagle, director of the information privacy programs at the Berkeley Center for Law & Technology, said in an e-mail. "We are moving to an authenticated Web where one is always signed in, and that authentication, even if on the surface (it's) pseudonymous, typically indicates the user's identity."

See full article at SFGATE.

Your Digital Trail: Private Company Access

noreply@blogger.com (Mary Stewart) — Thu, 03 Oct 2013 00:53:00 +0000

As the second story in a four-part series examining one's digital trail and who potentially has access to it, NPR broadcast this episode of All Things Considered on October 1st.

Though news reports have focused on the National Security Administration's efforts to monitor people's phone calls and online activities, private companies are also tracking what we are doing, nearly everywhere we leave a digital footprint.

This story looks at how data-tracking companies are monitoring online behavior.

Researchers explore underground market of Twitter spam and abuse

noreply@blogger.com (Mary Stewart) — Wed, 02 Oct 2013 23:10:00 +0000

Data presented at the 22nd USENIX Security Symposium by researchers at ICSI (International Computer Science Institute)from a project exploring the underground market of spam and abuse on Twitter. Vern Paxson of ICSI and Chris Grier of UC Berkeley led a group that tracked the criminal market on Twitter, which sells access to accounts that are later used to push spam, malicious links (including Phishing and malware) as well as inflation of follower accounts. The research of 10 months was limited to Twitter because the researchers were unable to get permission from Facebook, Google, and Yahoo, social networks the reserachers observed as being actively abused by merchants responsible for several million fraudulent accounts. See complete article at CSO - Security and Risk.

Wiretap Extension Will Help Crooks & Terrorists

noreply@blogger.com (Mary Stewart) — Wed, 02 Oct 2013 22:35:00 +0000

By extending the existing US wiretap laws to give federal agencies easier backdoor access to Internet Communications, the country's enemies and cyberthieves also receive aid and technical assistance for their own nefarious objectives.

This ominous warning is set forth in a compelling paper signed by 20 academic and private sector security experts, including heavy hitters like BT's Bruce Schneier and Professor David Wagner of EECS Berkeley.

The core issue is that the government is expected to mandate either centralized wiretap access to the Internet communications that continue to elude the FBI's grasp, or access at user endpoints.

More information: internet evolution.

2013 Summer Program Applications Now Open

noreply@blogger.com (Anonymous) — Tue, 18 Dec 2012 00:10:00 +0000

The TRUST REU is a nine-week summer residential program that offers rising juniors and seniors in computer science or electrical engineering programs the opportunity to conduct research in Cybersecurity, Privacy and Trustworthy Systems. Participants of this program undertake cutting edge research projects. They also have access to enrichment activities including seminars, field trips, one-on-one advice regarding graduate school, and a subsidized GRE prep course. More information can be found on the TRUST REU Website: www.truststc.org/education/reu/index.html
Application Deadline: 2/15/2013

STAR is a nine-week summer residential program for California Community College Students. STAR aims to increase the number of eligible transfer students to four-year programs in computer science and electrical engineering. Participants of this program undertake cutting edge computer science and electrical engineering research projects. They have access to enrichment activities including seminars, field trips, and one-on-one advising sessions. Upon completion of this program students will be better prepared to apply for transfer to a four-year program in computer science or engineering. More information can be found on the STAR Website: www.truststc.org/education/star/index.html
Application Deadline: 2/15/2013

SECuR-IT, the Summer Experience, Colloquium and Research in Information Technology is a ten-week paid internship program for M.S. and Ph.D. students in computer science and electrical engineering. The topic for the intern experience is Cybersecurity, Privacy and Trustworthy Systems. The internship experience includes leading Silicon Valley network security companies, such as eBay, PayPal, Juniper Networks, SalesForce, Symantec and others. More information can be found on the SECuR-IT Website: www.truststc.org/education/securit/index.html
Application Deadline: 3/1/2013

NSF Awards $10 Million Grant to ICSI and Collaborators to Study Human Element of Cybercrime

noreply@blogger.com (Mary Stewart) — Wed, 26 Sep 2012 18:43:00 +0000

The International Computer Science Institute (ICSI), along with the University of California, San Diego and George Mason University have received $10 million in a 5-year grant from the National Science Foundation to examine the roles played by economics and social interactions in Internet security. While security research has focused primarily on those technologies that defend against Internet attacks, the new project led by ICSI Project Leader and UC Berkeley Professor Vern Paxson and Stefan Savage of UC San Diego concentrates on the profit motive in most Internet attacks along with the complex marketplaces supporting them and the relational interdependence of cybercriminals involved in such attacks.

“During our earlier work on analyzing the factors that go into making spam a profitable form of cybercrime, we were deeply struck by the significance of the human side of the equation,” said Paxson, “Non-technical considerations span business concerns, issues of trust-amongst-thieves, and the rise of social media as both a new domain that cybercrime is expanding into, and a way to track interactions amongst the criminals themselves.”

This large multi-institutional award comes in the form of a "Frontier" project, titled Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives as proposed by Prof. Paxson and TRUST investigators Chris Hoofnagle and Deirdre Mulligan among others.

See NSF award announcement and ICSI press release for more information.

Johannes Gerke of Cornell University wins IEEE Award

noreply@blogger.com (Mary Stewart) — Tue, 12 Jun 2012 16:20:00 +0000

Johannes Gerke, computer science professor at Cornell University, is one of 14 prominent technologists to be honored at the IEEE Computer Society's annual awards dinner in Seattle. Professor Gerke will receive the 2011 Technical Achievement Award for his pioneering contributions to data mining and distributed query processing techniques.

"For the IEEE Computer Society, the awards ceremony represents an opportunity to acknowledge these innovators for their sizable contributions to the field of computing,” said David A. Bader, chair of the IEEE Computer Society Awards Committee and professor in the School of Computational Science and Engineering at Georgia Institute of Technology. “This year’s honorees come from diverse backgrounds, and include pioneers in parallel processing, data-mining, database theory, Web applications, computer standards, and many other specialties that are central to the further advancement of computing technology. On behalf of the IEEE Computer Society, I applaud them for their accomplishments."

See seattle pi for more information.

How Al Qaeda Hid Secrets in a Video

noreply@blogger.com (Christopher Brooks) — Thu, 03 May 2012 22:55:00 +0000

A May 1, 2012 Discovery News article, "How Al Qaeda Hid Secrets In a Porn Video" discusses using steganography to hide documents within a video. UC Berkeley Professor and TRUST participant David Wagner was used as a source in the article. The article states:

"Wagner said that human rights workers have been using steganography to hide testimony by exploited workers or political prisoners from government security forces. The testimony is encrypted onto a file on a cellphone, which can then be scanned at a customs checkpoint without revealing the hidden documents."

See also the Slashdot discussion and the original CNN article