First-year engineering graduate student Daniel Noyes one of two winners at Advanced Cyber Security Center annual cyber security conference
/filters:quality(90)/prod01/production-cdn-pxl/media/umassdartmouth/news/2015/t4_4848325568722480413.jpg)
榴莲视频 first-year electrical and computer engineering graduate student, Daniel Noyes, was named one of two winners at the Advanced Cyber Security Center鈥檚 (ACSC) New England cyber security conference held onNovember 5, at the Federal Reserve Bank of Boston. Daniel presented on USB security and its vulnerabilities to passive and active cyber-attacks. Daniel鈥檚 advisors on the presentation were Electrical and Computer Engineering (ECE) professors Hong Liu and Paul Fortier.
鈥淢y interest in USB security originated almost a year ago in Dr. Liu鈥檚 Network Security course,鈥 said Daniel, who earned his Bachelor of Science degree from 榴莲视频鈥檚 College of Engineering in May 2015. 鈥淭his course helped spark my interest in secure communication as well as embedded security. It dawned on me how a communication standard like the USB lacks security.鈥
Daniel was one of 15 students from a New England college or university selected to present at the conference. Overall five 榴莲视频 students took part in the competition. The other winner was a team of two students from Dartmouth College. Each of the winners received a $1,000 prize. The competition was judged by members of the cyber security community who attended the conference. Dr. Howard Shrobe, Principal Research Scientist at MIT鈥檚 Computer Science and Artificial Intelligence Laboratory, chaired the session.
Malicious gateways
One of the most commonly used devices in the computer industry today is the Universal Serial Bus (USB). Through the use of a common connection, USB allows numerous peripheral devices the ability to communicate with each other. The usage of this technology spans from printers and storage media to user input devices, such as distributed power sources for cell phones. Because these devices are abundant in our everyday lives, ensuring security is essential.
鈥淚 think consumers right now know little about how secure the products they use are,鈥 Daniel said. 鈥淏ut that is slowly changing and soon consumers will have adequate knowledge to protect themselves as well as the products they use. We see more and more companies offering protection for consumers. 鈥.鈥
USB devices have the potential to become gateways for malicious software according to Daniel. Due to these widespread insecurities, methods to protect critical devices are vital. The lack of security in current technology and lack of knowledge by consumers can lead to malicious software and/or individuals obtaining data via unsecure USB lines or other commonly used devices such as printers. Daniel鈥檚 project also outlined the ability of a malicious device to collect data simply through a user鈥檚 keyboard input.
/filters:quality(90)/prod01/production-cdn-pxl/media/umassdartmouth/news/2015/usb.jpg)
Sniffing out an attack
Daniel鈥檚 project aims to analyze the USB protocol regarding vulnerabilities in addition to experimenting with security measurements to protect the USB from both passive and active cyber-attacks. The project looks at various security scenarios and provides a basis to show the potential threat of any information communication using the USB.
Through two experiments, Daniel detailed how ever-expanding technology is creating new frontiers in the encryption security field. Daniel鈥檚 first experiment outlined a sniffer attack, a common cyber-attack of software or device that can read, monitor, and capture data. Without encryption, a 鈥渟niffer鈥 provides a full view of the data. Daniel鈥檚 second experiment demonstrated the benefits of additional security overlays through encryption of the USB device. If a user was able to utilize this additional layer of protection, even if an attack was attempted, the malicious software or individual would not be able to collect any sensitive data.
ACSC is a non-profit consortium launched and supported by Mass Insight Global Partnerships, which brings together industry, university, and government organizations to address the most advanced cyber threats. ACSC focuses on sharing cyber threat information, engaging in next-generation cybersecurity research and development, creating education programs that will address the shortfall in cyber talent, and advancing public policies that will enhance security.
榴莲视频 distinguishes itself as a vibrant public university actively engaged in personalized teaching and innovative research, and acting as an intellectual catalyst for regional economic, social, and cultural development. 榴莲视频's mandate to serve its community is realized through countless partnerships, programs, and other outreach efforts to engage the community, and apply its knowledge to help address local issues and empower others to facilitate change for all.