• Proof of randomness for stronger future digital security

    Nearly all secure online traffic — from shopping to banking to communications — relies on a technique of randomly generating a number that serves as a key to unlock encrypted communication. The problem is that small programming errors can make these systems vulnerable, and those vulnerabilities can often be very difficult to detect. In an effort to block emerging threats to online security, researchers have developed a method to verify the strength of random number generators that form the basis of most encryption systems.

  • Helping secure first responder apps from cyberattacks

    In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time, which enhances the delivery of life-saving services. As reliance on mobile technology grows, it is important that mobile apps used by public safety are free of malware or vulnerabilities.

  • “Hacking for Defense” class an example of Stanford’s relationship with the U.S. military

    Alongside all the tech companies and consulting firms present at career fairs, Stanford students looking for employment are likely to encounter another major industry when talking to recruiters: the defense sector. Although anti-war activism in the Vietnam era severed many of the university’s ties with the U.S. military, the relationship between the two has seen a revival over the years, and national security and defense institutions are more visible on campus now than they were just a decade ago. A relatively new class, MS&E 297, adds yet another wrinkle to that ongoing narrative – and one that not everyone is happy about.

  • Simple tool tells whether websites suffered a data breach

    Computer scientists have built and successfully tested a tool designed to detect when websites are hacked by monitoring the activity of email accounts associated with them. The researchers were surprised to find that almost 1 percent of the websites they tested had suffered a data breach during their 18-month study period, regardless of how big the companies’ reach and audience are. “No one is above this—companies or nation states— it’s going to happen; it’s just a question of when,” said the senior researcher.

  • Harnessing game theory for cybersecurity of large-scale nets

    Researchers have laid the groundwork for a method to improve cybersecurity for large-scale systems like the power grid and autonomous military defense networks by harnessing game theory and creating new intelligent algorithms. The project harnesses the Nash equilibrium, developed by Nobel laureate John Nash, whose life was chronicled in the film “A Beautiful Mind.” The work also applies “prospect theory,” which describes how people make decisions when there is uncertainty and risk, decisions that are often “only partly rational.”

  • An armed robber’s Supreme Court case could affect all Americans’ digital privacy for decades to come

    A man named Timothy Carpenter planned and participated in several armed robberies at Radio Shack and T-Mobile stores in Michigan and Ohio between 2010 and 2012. He was caught, convicted and sentenced to 116 years in federal prison. His appeal, which was heard by the U.S. Supreme Court on 29 November, will shape the life of every American for years to come – no matter which way it’s decided. The FBI found Timothy Carpenter because one of his accomplices told them about him. I believe the FBI could have obtained a search warrant to track Carpenter, if agents had applied for one. Instead, federal agents got cellphone location data not just for Carpenter, but for fifteen other people, most of whom were not charged with any crime. One of them could be you, and you’d likely never know it. The more people rely on external devices whose basic functions record and transmit important data about their lives, the more critical it becomes for everyone to have real protection for their private data stored on and communicated by these devices.

  • The challenge of authenticating real humans in a digital world

    There are three main ways of proving an identity. One involves something you know – like a password or your mother’s maiden name. A second method of authentication is with something you have – such as a key to your home’s front door or a smart card to swipe at work. A third way is by digitally authenticating the individual human being – who you are – with some aspect of your biology. This increasing dependence on digital authentication may actually result in less security. While cameras, sensors and other devices can make authentication easier for people to accomplish, they carry their own weaknesses. It may be more convenient, and even more secure, than a magnetic strip on a plastic card in your wallet. But the potential dangers will require much higher security for private information, particularly biometric data. A real identity still comes down to flesh and blood.

  • “Instant replay” quickly pinpoints cyberattack details

    Until now, assessing the extent and impact of network or computer system attacks has been largely a time-consuming manual process. A new software system being developed by cybersecurity researchers will largely automate that process, allowing investigators to quickly and accurately pinpoint how intruders entered the network, what data they took, and which computer systems were compromised.

  • Software “containers” increase computer security

    ONR has awarded the University of Wisconsin–Madison $6.1 million to research what are known as containers. While not a household word for average computer users, containers are increasingly popular in the tech world. Containers help software run reliably when moved from one computing environment to another, such as from an individual’s laptop to the cloud. These complex programs pull together everything an application needs to work so those elements stay together when the application migrates.

  • ONR awards GrammaTech $9 million for cyber-hardening security research

    Ithaca-based GrammaTech has been awarded a $9 million, three-year contract from the Office of Naval Research (ONR), a division of the United States Department of the Navy, to perform research and development into cutting-edge techniques for protecting software from cyber-attacks. The goal is for end users to be able to transform their critical applications to shrink the attack surface, improve performance, lower memory consumption, and reduce complexity—all without breaking the application or disrupting operations.

  • “Cardiac password” project uses the wave of the heart motion for authentication

    One of the unique features for the upcoming iPhone X is facial recognition security, where users can simply unlock their phones by holding it up to their face and allowing the phone’s security measures to identify the correct user. However, it seems just as soon as new means of authentication are developed and put into use, hackers find a way around them, from hacking passwords to faking fingerprints to fool biometric security systems. But there may be one authentication method that cannot be hacked: Cardiac password.

  • Stanford Cyber Initiative addresses cybersecurity, governance, and the future of work

    Daily headlines emphasize the down side of technology: cyberattacks, election hacking and the threat of fake news. In response, government organizations are scrambling to understand how policy should shape technology’s role in governance, security and jobs. The Stanford Cyber Initiative is bringing together scholars from all over campus to confront the challenges technology presents.

  • Bolstering web security without compromising performance

    Chances are, you are reading this article on a web browser that uses HTTPS, the protocol over which data is sent between a web browser and the website users are connected to. In fact, nearly half of all web traffic passes through HTTPS. Despite the “S” for security in “HTTPS,” this protocol is far from perfectly secure.

  • S&T awards $8.6 million for enhancing security of mobile apps for the government

    DHS S&T has awarded funding to five R&D projects that will enhance the secure use of mobile applications for the federal government. These Mobile Application Security (MAS) R&D projects focus on continuous validation and threat protection for mobile apps and integrating security throughout the mobile app lifecycle.

  • U.S. government’s cybersecurity readiness lagging compared to almost every other industry

    SecurityScorecard the other day released its annual U.S. State and Federal Government Cybersecurity Report. The study paints a grim picture of the overall cyber health of the U.S. government entities. In the midst of investigations into a potential 2016 election hacking, regular major malware events, and an overall increase in the number of sophisticated cyberattacks, the report highlights that the government sector is lagging compared to almost every other industry. The state of U.S. government cyber health places mission-critical services and infrastructure at risk.