Information Systems and Internet Security (ISIS) Lab Some Recent

advertisement
Information Systems and Internet Security (ISIS) Lab
Research overview and some recent projects
Nasir Memon
Polytechnic Institute of NYU
ISIS - Highlights
 8 faculty members in program
 More than a dozen Ph.D. students
 More than a dozen specialized courses in security
 More than over $10 million in funding over the last 3 years
 Host of NSA/NSF Cyber Corps Program (SFS)
Cyber Corps Group - 2006
 NSA Center of Excellence in IA Education, NSA Center of Excellence in IA research
 One of the premier cyber security programs in US
ISIS - Research Areas
 Hardware for Secure Systems
 Trusted hardware, hardware obfuscation, Gigabit IDS/IPS, DDoS defense.
 Multimedia Security
 Image forensics, digital watermarking, steganography and steganalysis
 Software Security
 Static analysis, software obfuscation
 Host Security
 Disk forensics, secure virtualization
 Network Security
 Infection detection, Ad-hoc networks, network forensics.
Cyber Corps Group - 2005
Secure Device Pairing
Faculty: NiteshSaxena; Funded by NSF
Out-Of-Band (OOB): Audio,
Visual or Tactile
Fundamental SecuritySolution
Objective:
How to bootstrap secure
Examples:
Idea:
communication between Alice’s and Bob’s devices when
make
use of
a physical
channel
between
devices
 Pairing
a bluetooth
cell
phone
with
a
headset
they have
 with
least
involvement
froman
Alice
and point
Bob
Pairing
a WiFi
with
access
 nolaptop
prior context
 no common trusted CA or TTP
Research Challenges
 OOB channels are low-bandwidth
 Devices may be constrained in terms of interfaces, e.g.,
 access points, headsets
 implanted wireless devices
 User is constrained - Usability
 Multiple devices
 Sensor network initialization
 Group formation
Ohh! I cannot
even pair my
socks!
Other Ongoing Projects
 RFID Security and Privacy
 Mobile Phone Assisted Usable Password Authentication
 Fault-Tolerant User-Centric Security Services (with Yevgeniy Dodis)
 Privacy of Web Search
 Inference of Private Attributes on Facebook (with Keith Ross)
More info: http://cis.poly.edu/~nsaxena/research.html
Media Forensics
Many aspects to the problem
Media
Forensics
Media Source
Identification
Identification of
Synthetic media
SourceModel
Identification
CameraModel
ScannerModel
Individual
Source
Identification
Media Forgery
Detection
Camera
Scanner
Contributions
Developed novel techniques to collect, attribute and authenticate
image (video) evidence.
Funded by NSA, NIJ, AFOSR
Lens
CFA
Filters
Detector
Processing
Color Interpolation
Gamma Correction
White Point Correction
Color Conversion
Compression
Camera Imaging
Pipeline
Trusted and Secure Hardware (towards building hardware root of
trust)
RameshKarri (rkarri@poly.edu) ECE Department
Ph. D. students

A. Kanuparthi and R. Guo: Trusted Platform Modules

J. Rajendran: Hardware Trojans

J. Li: Circuit Obfuscation

K. Rosenfeld: Secure Testing

J. Quan: Hardware Sidechannels
Supported by: Air Force Research Labs, NSF, Army, Cisco Systems
Embedded Devices – Trust?
Approach – Trusted Platform Modules (TPM)
Crypto Processor
Non-volatile memory
Endorsement key
RNG
Storage root key
RSA key gen.
SHA-1
Signature engine
Volatile memory
PCRs
Attestation keys
Storage keys
 Supports: Remote attestation, data sealing, and binding
 Remote Attestation Proving to you (the challenger) that I (the
attester)
 run legitimate programs
TPM: ongoing research
 High performance vs Low cost vs Low Power vs Application Specific
 Prototypes successfully tested on different application scenarios
 Redesign smart grid elements (smart meters, grid sensor platforms and
grid control elements)
 Deployment in pilot studies will uncover practical kinks…
memon@poly.edu
Download