TRUST in the News

How Al Qaeda Hid Secrets in a Video

2012-05-03T15:55:00.000-07:00

A May 1, 2012 Discovery News article, "How Al Qaeda Hid Secrets In a Porn Video" discusses using steganography to hide documents within a video. UC Berkeley Professor and TRUST participant David Wagner was used as a source in the article. The article states:

"Wagner said that human rights workers have been using steganography to hide testimony by exploited workers or political prisoners from government security forces. The testimony is encrypted onto a file on a cellphone, which can then be scanned at a customs checkpoint without revealing the hidden documents."

See also the Slashdot discussion and the original CNN article

Secretary Of Homeland Security Speaks At San Jose State

2012-04-18T08:59:00.002-07:00

On April 16th, Professor and TRUST campus Principal Investigator at San Jose State University Sigurd Meldal participated in hosting a visit by Secretary of Homeland Security Janet Napolitano to the University.

Napolitano spoke to students about cybersecurity and students' future in this field. As students' lives become more involved with the internet, Napolitano said students may find themselves with opportunities in areas of the nation's online defenses.

“To minimize the risks of a successful cyberattack we need everyone,” Napolitano said. “The cyberdomain has become inseparable from our daily lives.”

See article in the Spartan Daily and video coverage of Napolitano's appearance at SJSU on Monday, April 14th.

Web Firms to Adopt 'No Track' Button.

2012-02-25T07:30:00.005-08:00

Support for a do-not-track button by a coalition of Internet giants, including Google, has emerged as part of the White House's call for Congress to pass a "privacy bill of rights" giving people more control over personal data collected about them.

Google and others had been working around the privacy settings of millions of people that use Apple's Safari web browser on their iPhones and computers. The code Google was using to bypass the privacy settings was noticed by Stanford researcher Jonathan Mayer, CS/law student with Professor John Mitchell.

Google disabled its code after being contacted by the Wall Street Journal. A Google spokesman said that

Our updated Privacy Policy will make our privacy practices easier to understand, and it reflects our desire to create a seamless experience for our signed-in users.

See the Wall Street Journal Technology articles on Google's iPhone tracking and No-Track Button for details.

Internet is still vulnerable to cyber-criminals

2012-01-21T11:38:00.000-08:00

A January 21, 2012 San Francisco Chronicle article "Internet is still vulnerable to cyber-criminals" by James Temple discusses Mark Bowden's book "Worm: The First Digital World War," which describes the October 21, 2002 attack on the Internet Domain Name Servers.

The SF Chronicle article states:

Internet Protocol version 6, will create more root name servers and add other security protections.

"But the general consensus today is that it's still pretty fragile," said Doug Tygar, professor of computer science at UC Berkeley.

See also the October 3, 2011 review of 'Worm'.

Android apps and advertising: A bit too cozy

2011-12-13T10:09:00.001-08:00

A Tech Republic blog entry "Android apps and advertising: A bit too cozy" features the research of TRUST Ph.D. student Adrienne Porter Felt.

Adrienne asked non-computer scientists: “Do you think the advertiser can use the app’s permissions?” Twelve people answered with:

Yes: 5
No: 2
I don’t know: 5

It turns out that the answer is not that simple.

Adrienne's blog entry "Advertising and Android Permissions" states:

"Can an advertiser use an app’s permissions?"

"When you see an advertisement in an application, there are three parties. First, there’s the application itself, which asks the user for permissions. Second, there’s the advertising library, which is shoved into the application and therefore gains access to all of the app’s permissions. Third, the advertising library displays the advertisement itself. The advertisement can’t directly use any of the permissions, but the advertising library might share information with the company that is running the ad. So if you see an REI ad while playing a game, you should know that the invisible ad library gets all of the game’s permissions, and it might share information like your location with REI."

Adrienne is a student of Berkeley Professor David Wagner.

Carrier IQ cell phone monitor software is a nightmare

2011-12-05T07:46:00.000-08:00

TRUST Professor Stephen Wicker was quoted in a NetworkWorld article, "Cornell Prof: Carrier IQ affair 'my worst nightmare'". Carrier IQ is software present on various cell phones that provides call quality and other feedback to cell phone companies.

The article quotes Professor Wicker:

"This is my worst nightmare," says Stephen Wicker, a professor of electrical and computer engineering at Cornell. "As a professor who studies electronic security, this is everything that I have been working against for the last 10 years. It is an utterly appalling invasion of privacy with immense potential for manipulation and privacy theft that requires immediate federal intervention.

"Carrier IQ claims that the collected data is 'anonymized.' Let's give this a moment's thought -- about all that it deserves. How hard would it be to 'de-anonymize' a pile of text messages between me and my wife? My mother? My children? Banking IDs with passwords?"

The article was also picked picked in a Slashdot article.

White House Honors Cornell's Salman Avestimehr with PECASE

2011-10-05T16:31:00.000-07:00

TRUST investigator and Cornell Professor Salman Avestimehr was named a recipient of the Presidential Early Career Award for Scientists and Engineers, the highest honor bestowed by the United States government on science and engineering professionals in the early stages of their research careers.

Nominated by the National Science Foundation, Prof. Avestimehr was recognized as one of the Nation's "most meritorious scientists and engineers whose early accomplishments show the greatest promise for assuring America's preeminence in science and engineering and contributing to the awarding agencies' missions." The award includes a multi-year research grant.

The press release from the White House, which includes the full list of recipients, is available here. A press release from the Cornell University School of Electrical and Computer Engineering is available here.

"The Science of Cyber Security"

2011-08-09T16:12:00.000-07:00

US News and World Report's article, "The Science of Cyber Security" by Marlene Cimons gives an overview of the Team for Research in Ubiquitous Secure Technology (TRUST). Dean Shankar Sastry is quoted:

"“We no longer can afford to be reactive in our attitudes about cyber security,” ...

“Our current approach is bolt-on, rather than built-in patches, bolted on, like an afterthought. We need to be proactive.”

Erika Chin: "Seven ways to hang yourself with Google Android"

2011-08-09T16:03:00.000-07:00

The research work of Erika Chin, an EECS graduate student studying smartphone security was featured in a Consumer Reports online magazine article titled "Def Con 19: Android apps ask for too much power". Erika and principal researcher Yekaterina Tsipenyuk O’Neil reported that after studying dozens of Android apps, 30 percent of them were over privileged and creates a larger security risk to your personal information and phone.
(Based on text by Miyoko Tsubamoto)

Stanford's Dan Boneh Receives Dean's Award for Industry Education Innovation

2011-06-13T22:56:00.000-07:00

TRUST researcher and Stanford University Professor Dan Boneh was awarded the School of Engineering Dean's Award for Industry Education Innovation. The award is given for "outstanding teaching and exemplary leadership in industry education" and Dan was recognized for his leadership of the Stanford Advanced Computer Security Certificate program as well as teaching courses on computer systems security and cryptography. These courses are offered by the Stanford Center for Professional Development which focuses on connecting working professionals worldwide to the research and teaching of Stanford University faculty in the School of Engineering and related academic departments.

TRUST Researchers to Lead Intel Security Center

2011-06-10T16:45:00.000-07:00

Intel Labs announced the creation of the Intel Science and Technology Center for Secure Computing (ISTCSC) to be led by UC Berkeley with partner institutions Carnegie Mellon, Drexel, Duke, and Illinois.

The center's work will focus on making personal computers safer from malware, securing mobile devices, and protecting personal data when it is distributed across the Internet by giving people more control over it. The center is the second announced by Intel as part of their 5-year, $100 million ISTC program that will increase university research, accelerate innovation, and encourage tighter collaboration between university thought leaders and Intel. The ISTCSC will be funded at a level of $2.5 million per year for five years.

The center will be co-led by TRUST investigator and UC Berkeley Professor David Wagner and Intel Senior Principal Engineer John Manferdelli. Among the faculty researchers participating in the center are TRUST investigators Anthony Joseph, Vern Paxson, Dawn Song, and Doug Tygar from UC Berkeley and Adrian Perrig from Carnegie Mellon.

Intel released a press statement announcing the creation of the center and the center’s website contains a white paper describing the center’s research agenda.

Audio Captchas defeated

2011-06-03T10:07:00.000-07:00

Stanford Professor John Mitchell, postdoctoral research Elie Bursztein and their colleagues have developed a way to defeat the audio version of Captchas. See The Register and the Stanford News coverage.

Stephen Wicker on iOS user privacy

2011-04-22T10:40:00.000-07:00

Professor Stephen Wicker was quoted in Network World's article "Cornell prof warns iPhone, iPad users: "We're selling our privacy" about the recently reported location logging by the iPhone and iPad. The Network World article quotes Professor Wicker:

"It is vitally important to recognize that cellular telephony is a surveillance technology, and that unless we openly discuss this surveillance capability and craft appropriate legal and technological limits to that capability, we may lose some or all of the social benefits of this technology, as well as a significant piece of ourselves," says Stephen Wicker, Cornell professor of electrical and computer engineering. "Most people don't understand that we're selling our privacy to have these devices."

Doug Tygar on the LinkedIn outage in China

2011-02-26T16:36:00.000-08:00

Bloomberg's February 25, 2011 article
"LinkedIn Service Is Restored in Beijing After `Jasmine' 24-Hour Disruption" discusses how LinkedIn was blocked in China after a user posted comments about how "Tunisia’s Jasmine Revolution should spread to the Asian nation that’s been ruled by the Communist Party since 1949." The article quotes TRUST's Doug Tygar:

“Often, this is done as a sort of a warning signal -- sort of a shot across the bow,” said Doug Tygar, professor of computer science at the University of California at Berkeley. “A portion of that is symbolic.”

The quote was also printed on page D-1 of the San Francisco Chronicle, "Business Report - The Chronicle with Bloomberg."

Cornell's Hakim Weatherspoon Awarded Sloan Fellowship

2011-02-23T16:33:00.000-08:00

TRUST investigator and Cornell University Prof. Hakim Weatherspoon was named a recipient of the 2011 Sloan Research Fellowship of the Alfred P. Sloan Foundation.

Sloan Research Fellowships seek to stimulate fundamental research by early-career scientists and scholars of outstanding promise and are awarded yearly to researchers in recognition of distinguished performance and a unique potential to make substantial contributions to their field.

A press release of the 2011 fellowship awards is available here.

Car Theft by Antenna

2011-01-18T07:08:00.000-08:00

According to new research to be presented at the Network and Distributed System Security Symposium next month in San Diego, California, car thieves of the future might be able to get into a car and drive away without forced entry and without needing a physical key.

Researchers successfully attacked eight car manufacturers' passive keyless entry and start systems—wireless key fobs that open a car's doors and start the engine by proximity alone. Because a car won't open or start if the signal from its key takes too long to arrive, the researchers devised a way to speed communication between their their antennas. They were able to keep the signals in analog format, which reduced their delay from microseconds to nanoseconds, making their attack more difficult to detect.

David Wagner,professor of computer science at the University of California at Berkeley who has studied the cryptographic systems used in keyless entry systems, says the research "should help car manufacturers improve auto security systems in the future." Wagner doesn't think the research ought to make car owners anxious. "There are probably easier ways to steal cars," he says. But, he adds, a "nasty aspect of high-tech car theft" is that "it doesn't leave any sign of forced entry," so if a thief did use this method to steal a car, he says, it might be hard for police and insurance companies to get sufficient evidence of what happened. Wagner believes that manufacturers, police, and insurance companies all need to prepare for this eventuality.

See full article in Technology Review, published by MIT.

Commerce announces new shop to oversee online security

2011-01-07T16:34:00.000-08:00

NextGov.com's article "Commerce announces new shop to oversee online security" covers Commerce Secretary Gary Locke's announcement that

The Obama administration is creating an office that will coordinate with the private sector to establish a secure pathway for people, organizations and computer programs to execute online transactions...

Locke spoke at an industry forum sponsored by many groups, including TRUST.

White House Honors Vanderbilt's Bradley Malin

2010-11-16T11:47:00.000-08:00

TRUST investigator and Vanderbilt University Professor Bradley Malin was named a recipient of the Presidential Early Career Award for Scientists and Engineers, the highest honor bestowed by the United States government on science and engineering professionals in the early stages of their research careers.

Nominated by the National Institutes of Health and Department of Health and Human Services, Prof. Malin was recognized as one of the Nation's "most meritorious scientists and engineers whose early accomplishments show the greatest promise for assuring America's preeminence in science and engineering and contributing to the awarding agencies' missions." The award includes a multi-year research grant.

The press release from the Office of Science and Technology Policy (OSTP), which includes the full list of recipients, is available here.

"Fabric" To Weave Security into Code

2010-10-21T12:06:00.000-07:00

Cornell computer science faculty, Fred Schneider and Andrew Meyers are developing a new computer platform, dubbed Fabric, that offers a way to build security into computer systems from the start by incorporating security in the language used to write the programs.

Professor Schneider states that until now, computer security has been reactive; when hackers discover a way in, we patch it.

"Our defenses improve only after they have been successfully penetrated," he explained.

Fabric's programming language, an extension of the widely used Java language, builds in security as the program is written. Fabric is still a prototype, being tested on a database of Cornell computer science students.

Schneider and Myers plan to scale it up for very large distributed systems, provide for more complex security restrictions on objects and enable "mobile code" — programs that can reside on one node of a network and be run on another with assurance that they are safe and do what they claim to do. And perhaps most important (and perhaps hardest), they hope to provide formal mathematical proof that a system is really secure.

See article in
Dr. Dobb's, The World of Software Development.

UC Berkeley's Dawn Song Awarded MacArthur Fellowship

2010-09-29T01:23:00.000-07:00

TRUST researcher and UC Berkeley Professor Dawn Song was named a 2010 MacArthur Fellow by the John D. and Catherine T. MacArthur Foundation.

The so-called "genius award" is given to individuals "who have shown extraordinary originality and dedication in their creative pursuits and a marked capacity for self-direction" as well as "exceptional creativity, promise for important future advances based on a track record of significant accomplishment, and potential for the fellowship to facilitate subsequent creative work." Prof. Song, one of 23 recipients of this year's award, was cited for her work in applying "rigorous theoretical methods to understand the deep interactions of software, hardware, and networks that make computer systems vulnerable to attack or interference."

Details on Prof. Song's work and her award are available here.

TRUST Autumn 2010 Conference: Nov. 10-11, 2010

2010-09-21T09:22:00.000-07:00

The next TRUST Conference will be held November 10-11, 2010 at the Jen-Hsun Huang Engineering Center on the campus of Stanford University. The conference will run from approximately 8:00 AM to 5:00 PM both November 10 and 11.

This event will provide attendees with an opportunity to hear firsthand about the work of TRUST faculty and students-specifically activities that:

Advance a leading-edge research agenda to improve the state-of-the art in cyber security and critical infrastructure protection;
Develop robust education and diversity plans to teach the next generation of computer scientists, engineers, and social scientists; and
Pursue knowledge transfer opportunities to transition TRUST results to end users within industry and the government.

For more information, see the TRUST Autumn 2010 Conference Page.

WSJ: "J.P. Morgan Wrestles Web Snarl

2010-09-20T10:46:00.000-07:00

UC Berkeley Professor Doug Tygar was quoted in a September 15, 2010 Wall Street Journal website article, "J.P. Morgan Wrestles Web Snarl." The article discusses an outage at chase.com. Professor Tygar is quotes as stating, ""if they have so much trouble with a software failure, what happens with an actual attack?"

UC Berkeley's Pamela Samuelson wins IP3 Award

2010-08-18T10:07:00.000-07:00

UC Berkeley Law Professor and renowned scholar Pamela Samuelson is one of four winners of this year's IP3 Award from the Washington-based public interest group Public Knowledge.

As a director of the Berkeley Center for Law & Technology, Samuelson is being acknowledged for her work in information policy, particularly in such areas as privacy, copyright, freedom of expression, intellectual property and consumer protection.

"Public Knowledge has been the most important voice for public-spirited intellectual property and Internet policy,” says Samuelson. “I’m pleased that this organization believes I have made contributions to these same policies worthy of being named to this award."

See more in the Berkeley Law News Archive.

Web add-ons compromise 'private browsing'

2010-08-10T10:59:00.000-07:00

A study by Dan Boneh of Stanford University claims that many browser add-ons or website security measures stop the 'private browsing' mode from working correctly.

Boneh and team examined the private browsing functions on Mozilla's Firefox, Microsoft Internet Explorer, Google Chrome and Apple's Safari and discovered all four were affected. Moreover, they discovered that all browsers retained the generated key pair even after private browsing ends which could leak the site's identity to an attacker.

"We found that private browsing was more popular at adult web sites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boneh said in the report.

"This observation suggests that some browser vendors may be mischaracterising the primary use of the feature when they describe it as a tool for buying surprise gifts."

Boneh and his researchers say they believe they are the first to show that 'private browsing' can be compromised.

See full article at PC Advisor. Related articles appear at THIN!.co.uk and BBC NEWS.

Patents seen as low priority for software firms

2010-06-28T10:33:00.000-07:00

Tom Abate's San Francisco Chronicle article, "Patents seen as low priority for software firms" discusses the paper written by Stuart J. H. Graham, Robert P. Merges, Pamela Samuelson and Ted M. Sichelman, "High Technology Entrepreneurs and the Patent System: Results of the 2008 Berkeley Patent Survey."

The article quotes Pamela Samuelson:
"More than 80 percent of the biotech, medical device and hardware firms we surveyed have or have applied for patents. . . About two-thirds of software firms have no patents and have not applied for any."

The study is also discussed by Phyorg, Broadbandbreakfast and Canadaviews.