Security and Privacy Research Lab

For the sixth year in a row, the University of Washington has won the Pacific Rim Collegiate Cyber Defense Competition. Next month the team will head to San Antonio in an attempt to win their third consecutive National Collegiate Cyber Defense Competition crown.

Amazonians got an opportunity to play Control-Alt-Hack after a day of internal training. Control-Alt-Hack is a computer security-themed card game that is designed to be both fun and educational.

Batman’s Kitchen, an interdisciplinary team involving students from CSE, the iSchool, EE, and pre-engineering, won the Hawaiian “Big Splash” Cyber Defense Competition held 8-10 March 2013. See the UW CSE News site for more information.

CSE professor Yoshi Kohno is profiled in the March issue of Columns, UW’s alumni magazine.

“Kohno’s experiments are the stuff of science fiction movies: using a kid’s Erector Set to spy on its owner, tracking a runner using his mileage monitor or even hackers taking over a car while it’s driving and forcing it to brake to a stop. The only difference between Hollywood make-believe and reality is that this white hat hacker doesn’t need special effects to make them reality.”

Read the full article here.

Since its inception, UW CSE researchers have raised concerns regarding the security and privacy aspects of Seattle’s ORCA (“One Regional Card for All”) regional transit smartcard.

Now “there’s an app for that” — FareBot, which enables any NFC-equipped Android phone to extract the data from ORCA (and similar transit smartcards in San Francisco, Singapore, and Japan).

FareBot, created by Seattle software developer Eric Butler, builds upon work by UW CSE’s Karl Koscher.

Crosscut reports on the app today in two articles.

“The Geeks Who Cracked the ORCA Card” ; “Smart card: What your ORCA never forgets” ; FareBot

Listen to Security Lab member Franzi Roesner discuss automotive computer security on a German radio station here (between 12:10 and 15:50). Franzi and colleagues at UW and UCSD experimentally discovered exploitable security vulnerabilities in a modern automobile.

The rapid growth of sensors and algorithmic reasoning are creating an important challenge to find balance between user privacy and functionality in smart applications. To address this problem Miro Enev and collaborators have developed a quantitative framework called SensorSift which we recently published and have now made available as open source!

http://homes.cs.washington.edu/~miro/sensorsift/.

At the heart of our contribution is an algorithm which transforms raw sensor data into a ‘sifted’ representation which minimizes exposure of user defined private attributes while maximally exposing application-requested public attributes. We envision multiple applications using the same platform, and requesting access to public attributes explicitly not known at the time of the platform creation. Support for future-defined public attributes, while still preserving the defined privacy of the private attributes, is a central challenge that we tackle.

Security Lab’s Tammy Denning presented a keynote talk and lead a play session of Control-Alt-Hack at an NSF meeting. Thanks Zachary Peterson for the photo! Control-Alt-Hack is a computer security-themed card game that is designed to be both fun and educational.

GeekWire picked the UW CSE Security Lab’s Control-Alt-Hack card game as one of “13 great local gifts for geeks”. Read the article here.

Season 2, Episode 10 of Showtime’s “Homeland,” titled “Broken Hearts,” was inspired by the Security Lab’s research on the computer security properties of modern pacemakers and defibrillators.

Read all about it here.