Security and Privacy Research Lab

CSE professor Yoshi Kohno is profiled in the March issue of Columns, UW’s alumni magazine.

“Kohno’s experiments are the stuff of science fiction movies: using a kid’s Erector Set to spy on its owner, tracking a runner using his mileage monitor or even hackers taking over a car while it’s driving and forcing it to brake to a stop. The only difference between Hollywood make-believe and reality is that this white hat hacker doesn’t need special effects to make them reality.”

Read the full article here.

Since its inception, UW CSE researchers have raised concerns regarding the security and privacy aspects of Seattle’s ORCA (“One Regional Card for All”) regional transit smartcard.

Now “there’s an app for that” — FareBot, which enables any NFC-equipped Android phone to extract the data from ORCA (and similar transit smartcards in San Francisco, Singapore, and Japan).

FareBot, created by Seattle software developer Eric Butler, builds upon work by UW CSE’s Karl Koscher.

Crosscut reports on the app today in two articles.

“The Geeks Who Cracked the ORCA Card” ; “Smart card: What your ORCA never forgets” ; FareBot

Listen to Security Lab member Franzi Roesner discuss automotive computer security on a German radio station here (between 12:10 and 15:50). Franzi and colleagues at UW and UCSD experimentally discovered exploitable security vulnerabilities in a modern automobile.

The rapid growth of sensors and algorithmic reasoning are creating an important challenge to find balance between user privacy and functionality in smart applications. To address this problem Miro Enev and collaborators have developed a quantitative framework called SensorSift which we recently published and have now made available as open source!

http://homes.cs.washington.edu/~miro/sensorsift/.

At the heart of our contribution is an algorithm which transforms raw sensor data into a ‘sifted’ representation which minimizes exposure of user defined private attributes while maximally exposing application-requested public attributes. We envision multiple applications using the same platform, and requesting access to public attributes explicitly not known at the time of the platform creation. Support for future-defined public attributes, while still preserving the defined privacy of the private attributes, is a central challenge that we tackle.

Security Lab’s Tammy Denning presented a keynote talk and lead a play session of Control-Alt-Hack at an NSF meeting. Thanks Zachary Peterson for the photo! Control-Alt-Hack is a computer security-themed card game that is designed to be both fun and educational.

GeekWire picked the UW CSE Security Lab’s Control-Alt-Hack card game as one of “13 great local gifts for geeks”. Read the article here.

Season 2, Episode 10 of Showtime’s “Homeland,” titled “Broken Hearts,” was inspired by the Security Lab’s research on the computer security properties of modern pacemakers and defibrillators.

Read all about it here.

Security Lab’s Franzi Roesner discusses automotive computer security on a German TV show. The segment starts around minute 5:20 of this video.

Control-Alt-Hack is a computer security-themed card game designed to be entertaining, give a glimpse into white hat hacking, and highlight some of the more surprising aspects of computer security. It targets kids age 14 and up. It’s fun, and also educational / awareness-building.

Read the UW C4C press release here.

Congratulations to Alexei Czeskis and Franzi Roesner for winning the People’s Choice Awards at the annual UW CSE Industry Affiliates Meeting! Alexei presented a poster titled “Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web”. Franzi presented a poster titled “User Interface Toolkit Mechanisms for Securing Interface Elements”.