Nasir Memon Discusses the challenges that face biometric authentication in the areas of privacy and network security. The use of biometric data — an individual’s measurable physical and behavioral characteristics — isn’t new. Government and law enforcement agencies have long used it. The Federal Bureau of Investigation (FBI) has been building a biometric recognition database;...
Author: Emerald Knox (Emerald Knox)
Post
IllusionPIN: Shoulder-Surfing Resistant Authentication Using Hybrid Images
Athanasios Papadopoulos, Toan Nguyen, Emre Durmus and Nasir Memon. We address the problem of shoulder-surfing attacks on authentication schemes by proposing IllusionPIN (IPIN), a PIN-based authentication method that operates on touchscreen devices. IPIN uses the technique of hybrid images to blend two keypads with different digit orderings in such a way, that the user who...
Post
Hackers Have Been Stealing Credit Card Numbers from Trump’s Hotels for Months
Guests at 14 Trump properties, including hotels in Washington, New York and Vancouver, have had their credit card information exposed, marking the third time in as many years that a months-long security breach has affected customers of the chain of luxury hotels. … “It seems very negligent that this could happen a number of times,”...
Post
Proactive Defense Against Physical Denial of Service Attacks using Poisson Signaling Games
Jeffrey Pawlick and Quanyan Zhu While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, distributed denial-of-service (DDoS) attacks overload the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be...
Post
Malcolm Turnbull faces Silicon Valley fight on encryption
If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism — by unlocking secret encrypted messages and data belonging to suspected violent plotters — the Prime Minister can expect a heated tussle with America’s powerful Silicon Valley.
Post
Guide to the top college and university cyber security degree programs
The shortage of cybersecurity professionals is well documented, and this lack of expertise can keep organizations from bolstering their security programs…NYU Tandon School of Engineering offers a master’s degree in cyber security, and the program is rooted in the belief that theory and research must translate into real-world solutions, says Nasir Memon, professor of computer...
Post
The NotPetya Attack Was About Disruption, Not Ransom (Video)
Justin Cappos, assistant professor of computer science and engineering at the NYU Tandon School of Engineering, comments on the NotPetya “wiper” attack that hit countless computer systems across 64 countries last week. “There seems to be increasing evidence that the people who carried out this attack did not do so for monetary gain, which is...
Post
A Factored MDP Approach to Optimal Mechanism Design for Resilient Large-Scale Interdependent Critical Infrastructures
Linan Huang, Juntao Chen and Quanyan Zhu Enhancing the security and resilience of interdependent infrastructures is crucial. In this paper, we establish a theoretical framework based on Markov decision processes(MDPs) to design optimal resiliency mechanisms for interdependent infrastructures. We use MDPs to capture the dynamics of the failure of constituent components of an infrastructure and...
Post
Justin Cappos on Why Cars Are Not Like Computers When It Comes to Cybersecurity
Justin Cappos is a professor in the Computer Science and Engineering department at New York University [Tandon School of Engineering], where his research addresses problems in security, systems, software update systems, and virtualization…In this interview, he explores how updates and other security processes are unique to the automotive world.
Post
Efficient Detection for Malicious and Random Errors in Additive Encrypted Computation
Nektarios Georgios Tsoutsos and Michail Maniatakos Although data confidentiality is the primary security objective in additive encrypted computation applications, such as the aggregation of encrypted votes in electronic elections, ensuring the trustworthiness of data is equally important. And yet, integrity protections are generally orthogonal to additive homomorphic encryption, which enables efficient encrypted computation, due to the...