TRUST Center Activities
Stephen B. Wicker
Cornell University
TRUST 2nd Year Site Review, March 19th, 2007
Center Activities

Focus on creative, collaborative events designed to
stimulate and disseminate TRUST research
–
–
–
–
–
Faculty/Student Workshops

PhD Student Exchanges

Collaborative Publications
Collaboration with Government Agencies

AFOSR

Treasury

DHS
International Collaboration
Industrial Collaboration
Distinguished External Advisory Board (DEAB)
Center Activities
TRUST NSF Site Review, March 19th, 2007
2
Example Workshops


Participation from faculty, students, industry, and
government.
Sensor Networking
–
–
–

Electronic Medical Records
–
–

Technology
Security Issues
Privacy Issues
Secure/Privacy-Aware Transport
Multi-Level Access
Computer Security
–
–
Trustworthy Interfaces
Securing E-Commerce
Center Activities
TRUST NSF Site Review, March 19th, 2007
3
Sensor Networking Workshops

Secure Sensor Networks - CMU, May 9 - 10 , 2006
–
–
Sponsored by TRUST, NSF, ARO
Organizers:




–
Participants:

–
Adrian Perrig (TRUST/CMU)
Karl Levitt (NSF)
Radha Poovendran (University of Washington)
Cliff Wang (ARO)
Yongdae Kim (UMN), Richard Han (University of Colorado, Boulder),
Gene Tsudik (UC Irvine), Wade Trappe (Rutgers), Sencun Zhu (Penn
State), Jack Stankovic (University of Virginia), Wenliang (Kevin) Du
(SUNY Syracuse), Peng Ning (NC State), Steve Wicker (Cornell), Virgil
D. Gligor (University of Maryland, College Park), Kevin Fu (UMass
Amherst), Yanyong Zhang (Rutgers), Wesley Snyder (Cont, ARL/ARO)
Topics
–
Data Privacy in Ad hoc Networks
– WSN Architecture
– WSN Attacks and Security
– WSN Data Routing/Aggregation
Center Activities
TRUST NSF Site Review, March 19th, 2007
4
J
J

Cross Disciplinary Symposium at UC Berkeley, 3-4
November 2006
–
–
Sponsored by TRUST, Samuelson Law, Technology, and
Public Policy Clinic, Boalt School of Law, CITRIS
Participants include TRUST faculty; faculty in law,
engineering, literature, history, sociology, and geography;
ACLU
Center Activities
TRUST NSF Site Review, March 19th, 2007
5
Sample Talks









The Document People: Privacy, Identity, and Continuous Personal Experience
Capture
– Ian Kerr and Jane Bailey - University of Ottawa
Public Privacy: Surveillance of Public Places and the Right to Anonymity
– Christopher Slobogin - University of Florida
From Citizen to Subject: The Perils of Privacy
– Margaret Kohn - University of Florida, Gainesville
The Dover Ban: Wartime Control over Images of Public and Private Deaths
– Brian Gran - Case Western Reserve University
Privacy, Visibility, and Exposure
– Julie E. Cohen - Georgetown University Law Center
In Defense of Public Places
– Deirdre Mulligan - UC Berkeley
Visual Privacy in the Collaborative Cyber-infrastructure Environment
– Ruzena Bajcsy, UC Berkeley, Katherine Mezur, Mills College
Unblinking in Mobile Learning
– Alice M. Agogino - UC Berkeley
Comments, and Privacy Concerns in New Technologies
– Stephen Wicker, Cornell University
Center Activities
TRUST NSF Site Review, March 19th, 2007
6
Patient Monitoring Workshops

Vanderbilt Medical Center and ISIS, September 12,
2006, Nashville
–

Privacy and Confidentiality Workshop
Vanderbilt Center for Better Health, September 13-14,
2006, Nashville
–

TRUST Participants: Cornell, Stanford, Vanderbilt-ISIS,
Biweekly Modeling Working Group meetings
–

Participants: Vanderbilt Medical School, Cornell, Stanford,
Vanderbilt-ISIS,
Participants: ISIS, Vanderbilt Medical School, Vanderbilt
Medical Center
Weekly Stanford-Vanderbilt Telecon
Center Activities
TRUST NSF Site Review, March 19th, 2007
7
Patient Monitoring Working Meeting


Berkeley, Dec 15th, 2006
Participants
–
Berkeley, Cornell, Vanderbilt, Illinois


Faculty and PhD students
Discussion Items
–
–
–
Uniform and/or interoperable sensor platform
Integrated experiment scenario
Medical industry collaboration for system
deployment and experiment
Center Activities
TRUST NSF Site Review, March 19th, 2007
8
Patient Monitoring - Results


Medical sensor devices and platforms
– Berkeley: Several types of medical sensors including accelerometer, ECG,
etc.
– Vanderbilt: video sensors and Mica2 motes
– Cornell: sensors with various communication interfaces
Integrated experiment scenario
– Body movement sensor triggers the operation of video sensor based on
privacy policies



better situation awareness
policy-driven video delivery
Industry and medical center collaboration.
– System Deployment and Experiment in


Vanderbilt Home Care Services, Inc. - agreement now in place
McKendree Village

Research issues
– Privacy and security in video sensor networks (Berkeley, Cornell Vanderbilt,)
– Signal processing and pattern recognition in medical data (Berkeley)
– Communication interference between IEEE 802.15.4 and IEEE 802.11
(Cornell, Vanderbilt)

OUTCOME: 2007 CyberTRUST Proposal (Illinois, Berkeley, Cornell,
Vanderbilt)
Center Activities
TRUST NSF Site Review, March 19th, 2007
9
Electronic Medical Records Workshop

Berkeley April 28th, 2006:
–

TRUST with UCB School of Public Health, Cal
Regional Health Information Office (RHIO),
Cornell, and Vanderbilt Medical School
Program focii
–
–
–
–
–
EMR Implementation requirements
Privacy and Security in EMR
David Brailer, key note on Federal mandate
Legal and Policy Issues
Research Issues
Center Activities
TRUST NSF Site Review, March 19th, 2007
10
Computer Security Workshops


Trustworthy Interfaces for Passwords and Personal
Information II - Stanford University, June 19, 2006
Statement of Purpose
–
–
–
Users still typically provide personal information and
credentials such as passwords the same way they did 30
years ago: through a text interface that they assume they can
trust.
Purpose: Find an effective solution by bringing together the
designers of the cryptographic protocols with the
implementers of the user interfaces.
Workshop for industry and West Coast Electronic Crime
Taskforce
Center Activities
TRUST NSF Site Review, March 19th, 2007
11
TIPPI 2 Workshop

Sample Talks:
– Site to User Authentication - Real World End User Results Louie Gasparini,
RSA Security
– Evolution of The Threat and its Impact on Requirements David Jevans,
APWG
– Security Skins: The Design and Evaluation of Unspoofable, Embedded
Security Indicators Rachna Dhamija, Harvard University
– Context-Aware Phishing Attacks and Client-Side Defenses
Collin Jackson, Stanford University
– Web Wallet: Preventing Phishing Attacks by Revealing User Intention Rob
Miller, MIT
– Securing The Web Browser: Keeping The Phish In The Sea George
Staikos, Staikos
– Microsoft InfoCard: Design and Implementation Bill Barnes, Microsoft Corp.
– Google Safe Browsing Niels Provos, Google
– Outbound Authentication on the Users Terms Phillip Hallam-Baker, Verisign
–
A "Wholistic" View of Client-Side Anti-Phishing Technologies Zulfikar
Ramzan, Symantec Corp.
– Graphical Password with Integrated Trustworthy Interface Patricia Lareau,
Passfaces
– Bharosa Authenticator: Securing OTP Data Over a Compromised
Computer Arun Kothonath, Bharosa
Center Activities
TRUST NSF Site Review, March 19th, 2007
12
Collaboration with US Government
Agencies

TRUST/AFOSR
–
–
–
–
–
A new spinoff TRUST-related center focused on the needs of
Air Force and other military vendors as the GIG/NCES rollout
occurs
Operating as a PRET with funding of about $1M per year.
Emphasis is on mid-term to long-term opportunities,
collaboration
Includes about 10 TRUST researchers
Ongoing dialog with Air Force to help them develop research
agendas around the TRUST issues raised by the GIG and
NCES.
Active dialog in the OIM area; we expect to see them using
our technologies in a series of pilot projects in 2007
Center Activities
TRUST NSF Site Review, March 19th, 2007
13
Collaboration with US Government
Agencies

NSF
–

Helped NSF plan and articulate their need embedded and
real-time systems agenda
DHS
–
–
DHS has established a center of excellence at SRI which is
partnered with TRUST (the PI at SRI Lincoln is a former
student of John Mitchell’s).
DHS-Cybersecurity Center and TRUST participants have
held numerous tech transfer forums for the financial sector
including Schwab, Bank of America, Symmantec, Oracle,
Sun, … and numerous start ups (usually every 3-4 months).
Rodriguez (former USSS) has been the facilitator
Center Activities
TRUST NSF Site Review, March 19th, 2007
14
Further DHS TRUST Activities




Phishing, Spyware and Identity Theft work started
with initial seed funding from NSF (PM Maughan)
DETER testbed funded with joint NSF/DHS funding.
DHS is transitioning the research testbed into an
Operational Testbed named DECCOR starting July
2006.
Participation in DHS Identity Theft Technology Council
John Mitchell (TRUST Stanford) - Member US Secret
Service Electronic Crimes Task Force, organizing
committee for their quarterly meetings, speaker at last
meeting
Center Activities
TRUST NSF Site Review, March 19th, 2007
15
DHS and TRUST Education

TRUST education technology is transitioned
under the U.S. Department of Homeland
Security (DHS) Competitive Training Grant
Program (CTGP).
–
The Adaptive Cyber-Security Training (ACT) Online
will train information assurance personnel



–
to identify potential sources of threats,
to institute the most effective deterrents and
to respond and recover to attack .
Larry Howard, Vanderbilt-ISIS leads the Vanderbilt
team in the project including the University of
Memphis and Sparta Inc.
Center Activities
TRUST NSF Site Review, March 19th, 2007
16
International Collaboration

One of TRUST’s central goals: dissemination
–
–

Thrust: international collaboration
Focus: small number leading international groups
First major collaboration Taiwan
–
–
Authorized by Taiwan legislature
Personal attention from Taiwan Minister of State
Center Activities
TRUST NSF Site Review, March 19th, 2007
17
Taiwan Collaboration

About Taiwan
–
–
–
–
–
Internet users14.6 million
Broadband users 10.5 million
Population 22.7 million
In top three Asian software industry and web
services industry (with Japan & South Korea)
Has a high incident of security incidents

Large fraction appear to originate from China
Center Activities
TRUST NSF Site Review, March 19th, 2007
18
Taiwan groups


iCAST: Umbrella for International Collaboration in
Advanced Science and Technology
Major members
–
STAG: Science and Technology Advisory Group


–
–
NSC: National Science Council (Taiwan’s NSF)
III: Institute for Information Industry

–
–
Public/Private eloectronics industry coordinating group
TWISC: Taiwan Information Security Center

–
Public/Private software industry coordinating group
ITRI: Industrial Technology Research Institute

–
Executive Branch group
Personally directed by a Minister-level staff member
Modeled on TRUST
Major infrastructure groups (telecoms)
Government groups (law enforcement, public safety, etc)
Center Activities
TRUST NSF Site Review, March 19th, 2007
19
Main Thrusts at iCAST-CMU
Banks/Streets/etc.
Industry/
Government Software
Verification
Surveillance
Remote
Mobile
Authentication Phones
Intrusion
Detection
Computer Emergency Response Team
Coordination Center (CERT/CC)
Hackers
Strongly tied with Taiwan, and will remain dynamic…
Center Activities
TRUST NSF Site Review, March 19th, 2007
20
CMU/TRUST Involvement


Funded by Taiwan National Science Council
NSC) at $1M/year
Current Team Members
–
–
–

Adrian Perrig, Mike Reiter, Ed Clarke, Peter Lee,
Raj Rajkumar, Hui Zhang
CERT/CC, training courses
Don McGillen, logistics
Tsuhan Chen, Director
Center Activities
TRUST NSF Site Review, March 19th, 2007
21
Other International Efforts

Professor Ruth Breu, Dr. Michael Hafner,
University of Innsbruck, Austria
–
–
–

model-based methods for privacy and security in
service architectures;
Clinical Information Systems
Meetings: Sztipanovits, Breu, Hafner: February 5,
2007, Rome, IT; Ledeczi, Breu, Hafner: February
26, 2007, Innsbruck, Austria
Integrated Risk Reduction of Informationbased Infrastructure Systems (IRRIIS) EU
Integrative Project.
Center Activities
TRUST NSF Site Review, March 19th, 2007
22
Industrial Collaboration




TRUST Industrial Advisory Board, Berkeley, April 25th,
2006
Partners include IBM, HP, Symmantec, Microsoft,
Cisco, Intel,Telecom-Italia, Infineon, United
Technologies, BT.
Summer Computer Security Course at Stanford for
Industry professionals (profs: D. Boneh and J.
Mitchell) July 17-20th,2006
Stanford Security Forum for Industry affiliates
http://forum.stanford.edu/events/workshop/security
Center Activities
TRUST NSF Site Review, March 19th, 2007
23
Further Collaboration

Robert Wood Johnson Foundation awarded a
planning grant to industry and academic institutions
for new health design ideas.
–

Oak Ridge National Laboratory: project design for
secure sensor networks.
–

Vanderbilt-TRUST/ISIS is collaborating with the Vanderbilt
Medical School in one of these projects focusing on safe
medication of children.
Dr. Akos Ledeczi and ISIS-Vanderbilt graduate student
interns help in feasibility studies.
ESCHER companies (Boeing, Raytheon, General
Motors) receive updates on TRUST progress in the
area of embedded systems security.
Center Activities
TRUST NSF Site Review, March 19th, 2007
24
Further Collaboration (TRUST Faculty - Examples)






Collaboration with RSA on porting PwdHash to their
SecurID product
Collaboration with former PayPal employee on web
server timing attacks
Collaboration with Microsoft on Extended Validation
Certificate brower
Collaboration with Tata Consultancy Services (TCS)
on data privacy
Collaboration with VMWare on use of virtualization for
recovery from security attacks
Interaction with Coverity Inc; used their donated tools
for code analysisstudy of web server security
Center Activities
TRUST NSF Site Review, March 19th, 2007
25
Further Collaboration (TRUST Faculty - Examples)


Working with Cisco to help develop more stable,
scalable platform options for their large Internet routes
(the product division, not the research division).
Working with several companies to demonstrate
better technologies for building large datacenters,
mirror file systems over high-speed but high-latency
links, build highly responsive services.
–

Raytheon, Infosys, Apache consortium (both branches – Red
Hat and also WSO2), Intel, MSN (MSFT)
Consulted for “the largest Wall Street brokerage” on
redesign of an in-house stock market platform that
carries out trades for almost 1/3 of the domestic
market (their own traffic but also that of their clients,
who can trade through their system).
Center Activities
TRUST NSF Site Review, March 19th, 2007
26
Technology Transition Plans

PwdHash: RSA Security (www.pwdhash.com)
–
–

SpyBlock deployment:
–
–
–

Available at
http://getspyblock.com/
Relevant companies: Mocha5, VMWare
Dialog with companies concerned with transaction gen
SafeHistory: Microsoft, Mozilla.
–

Initial integration completed this quarter
Hope to convince IE team to embed natively in IE
Available at www.safehistory.com
Vanderbilt Home Care Services
–
Deployment of patient monitoring technologies
Center Activities
TRUST NSF Site Review, March 19th, 2007
27
Center Activities
TRUST NSF Site Review, March 19th, 2007
28
Events Associated with Outreach
(more in Prof. Bajcsy’s talk)





Information Assurance Capacity Building Program at
CMU July 5-21, 2006
TRUST Summer Institute for Women “Women’s
Institute for Summer Enrichment (WISE)”, July 5 – 11,
2006
TRUST-SUPERB and SIPHER run from June 21st to
August 5th for undergraduate research
CURIS projects at Stanford: summer work with
undergraduates on research related to TRUST
Cornell-Smith Research Exchange in Secure Sensor
Nets, Fall 2006, Spring 2007
Center Activities
TRUST NSF Site Review, March 19th, 2007
29