Trusted CI has posted a new success story on its collaboration with FABRIC, a national-scale testbed that is providing a new research infrastructure enabling scientists to share massive amounts of data. As FABRIC was being built in 2021, project leaders turned to Trusted CI, the NSF Cybersecurity Center of Excellence, to ensure they designed security into the project from the beginning. FABRIC continues its involvement with Trusted CI as a member of the Research Infrastructure Security Community. The cohort offers an opportunity to share challenges and solutions with others in the same research space.
Showing posts with label success story. Show all posts
Showing posts with label success story. Show all posts
Wednesday, July 17, 2024
Wednesday, April 3, 2024
Tapis more secure following Trusted CI code-level review
Trusted CI has published a new success story on its collaboration with Tapis. In 2023, the Texas Advanced Computing Center engaged Trusted CI, the NSF Cybersecurity Center of Excellence, to assess the security of its Tapis software. Applying First Principles Vulnerability Assessment methodology, the Trusted CI team found four serious security vulnerabilities and one bug in the Tapis code and made several recommendations to improve Tapis’ security.
Tuesday, August 18, 2020
Transition to practice success story: Exploring Unconventional Analog Computing
Designing time-keeping devices that do not require any external power
Shantanu Chakrabartty, Ph.D., is the Clifford Murphy Professor in Electrical and Systems Engineering, Washington University in St. Louis, and the principal investigator and director of the Adaptive Integrated Microsystems (AIM) Laboratory. He is also a Trusted CI TTP Fellow.
From his website: Shantanu Chakrabartty's research explores new frontiers in unconventional analog computing techniques using silicon and hybrid substrates. His objective is to approach fundamental limits of energy efficiency, sensing, and resolution by exploiting computational and adaptation primitives inherent in the physics of devices, sensors, and the underlying noise processes. Professor Chakrabartty is using these novel techniques to design self-powered computing devices, analog processors, and instrumentation with applications in biomedical and structural engineering. One such example is the self-powered structural health monitoring technology which is currently being commercialized.
Our research explores new frontiers in non-conventional analog computing and sensing techniques using silicon, quantum, and biological circuits. We apply these fundamental principles for designing neuromorphic systems, machine learning processors, authentication systems, structural health monitoring sensors, and biomedical instrumentation.
Trusted CI spoke with Chakrabartty about his transition-to-practice journey. We were joined by Florence Hudson, founder and CEO at FDHint and special advisor leading Trusted CI’s Cybersecurity Transition To Practice (TTP) program.
Trusted CI: Tell us about your research interests and how that's translating into your transition to practice journey.
S.C. My research essentially focuses on different aspects of analog computing. When people think about analog, they envision this old clunky thing, not something cool as digital, but one doesn't realize that many naturally occurring processes and phenomena are inherently analog.
My research at a fundamental level tries to first find out these hidden computational gems and then try to exploit them, integrate them, or mimic them on silicon.
The computational models could vary from a very simple dynamical system using only one transistor and one capacitor. In fact, in an analog domain, even that very simple circuit can show a whole wide range of different dynamical behavior. Or it could be a very complex system.
For example, to mimic a part of a human brain, one needs to build a giant neural network with lots of silicon neurons which has billions of transistors. The common theme across all these different research topics is that you start with the fundamental research question first. We don't know if the principle that you think should work, will work, and how well it will work. Effectively, these fundamental questions become the basis for some of the thesis topics for my Ph.D. students.
Then out of those thesis topics, depending on the results we get, there are few which then become a candidate for a transition to practice, maybe further towards commercialization.
Some years back, we looked at a so-called analog phenomenon that exploited some interface physics between the transducers, piezoelectric transducers, and non-volatile memory. We were able to exploit that phenomena to create very energy efficient data loggers. Some of those are now being evaluated in real-world deployments, especially for structural health monitoring. But again, the idea here is that it all depends on the quality of results before we are ready for deployment.
Also, most importantly, it depends on the interest of the student, whether they want to take it to the next level. The platform that we work on uses integrated circuit technology. And that is an inherently mature technology. The challenge comes from doing things in analog rather than doing things digitally. So that's essentially the path that we follow towards transition to practice.
Trusted CI: What kinds of inventions does that translate into?
S.C. I can give an example relevant to the Trusted CI program. We are looking at a very simple chip-based solution that exploits analog computational primitives in quantum transport of electrons. We are using a phenomenon called Fowler-Nordheim quantum tunneling to design time-keeping devices that do not require any external power to operate. This sounds contradictory, but the idea here is that once we have initialized the device, to run it, it doesn't need any additional power from a battery.
We have been exploring the use of this timer technology for security applications. One example is your credit card which has static numbers on it that could easily be stolen. Applying our technology, one can create a credit card where the numbers keep changing with time and doesn’t require batteries. Hackers cannot probe into the chip without disturbing the property of these timers. So, you can create a secure asset using the technology.
And because it's a platform technology, there may be numerous applications that are possible with this. We are thinking about designing trusted modules for low-resource platforms like IoT devices, medical Fitbit-like devices, and even for secure high-end medical systems which require several layers of protection. In many of these systems, the biggest vulnerability comes from when you are downloading software upgrades. You need to be able to authenticate that module. During those high-value transaction processes, our technology can provide assurance. There are numerous applications.
This research was started in 2015 when we received an NSF grant (CNS1525476) to investigate the use of these time-keeping devices for authentication. Once we have validated the proof of concept, there are numerous applications that are possible, and so we're exploring that now. And that's also the reason why I was interested in this Trusted CI program to find where exactly and what are the different avenues we could use this fundamental device for.
Trusted CI: How were you introduced to Trusted CI?
S.C. Florence [Hudson] invited me a few years ago to be a speaker at one of the TTP workshops that she had organized. And since then, we have kept in touch. She has followed up repeatedly asking what progress we're making in terms of transitioning the technology or if we’ve made any improvements to it. Florence also introduced me and my Ph.D. students to several potential stakeholders during some of these workshops’ one-on-one meetings. And it was very interesting to see, at least for me, talking to some of the stakeholders what were the possible applications that might come out of this technology. Something that we hadn't previously thought of.
Also, from the student's point of view, which I think is also very important from an educational point of view, I could see my students see the value in the research that they are doing for a Ph.D. They also see that their research has value in the commercial space as well.
Trusted CI: What's coming up next?
S.C. The student we are helping to take the technology to the next level is interested in entrepreneurship. After he's done with his Ph.D., he wants to pursue this path where, depending on the feedback that he gets from the market, he can take it to the next level. I have another Ph.D. student working on this. He is working on improving the reliability of the timers. We are looking for some of the physics that we missed on the first iteration that we could exploit.
Our goal in participating in the Trusted CI cohort was to identify those low hanging fruit applications. As I mentioned before, there are numerous applications out there that would work on our platform. We have been approached by several commercial entities that want to evaluate the technology. We need to choose something that is doable, probably within a one- or two-year timeframe, at least two from a deployment point of view, so that we can get some real data.
Trusted CI: What is Trusted CI doing to help Shantanu and his students on their TTP journey?
F.H. The very experienced researchers like Shantanu want to keep on solving the problems. There's always more to do as the world changes, the applications change, and the device changes. And he can keep going down that path. And the students can enable the transition to a business, perhaps a transition to deployment or open source or whatever they decide to do. So, he's created this very nice complimentary model. We work with Shantanu the professor as our TTP fellow, and his student, Darshit Mehta, joins our calls. When they presented to the IEEE/UL Working Group P2933 on clinical IoT data and device interoperability with TIPPSS – Trust, Identity, Privacy, Protection, Safety and Security for which I am the working group chair, they both presented to a range of industry, government, and academic partners, and we are helping them continue down that path.
Since I've helped introduce a number of people to Shantanu, I try to keep the fires burning a little bit on both sides and find other opportunities for him to pursue potential deployment of the technology and get feedback from users as well.
Trusted CI: Shantanu, tell us a bit more about your journey.
S.C. The most important aspect for me has been the student. Without the student, if I had to invest my time, it would have been a lot of effort. And given that we have other responsibilities that we also must take care of in academia, students take a lot of the burden in this regard, and especially if they are entrepreneurship-minded students.
Trusted CI: Would you do it again?
S.C. Yes.
I see the benefits not just from a translation point of view, but even from my students’ maturity. Whereas before, if they gave a presentation, they would say, ‘I will do the bare minimum possible and be done with it.’ But now, they must be professional. They must put their best foot forward. So, I think for the students, I see a difference between pre-TTP and post-TTP type of experience.
Trusted CI: Anything else that would help your TTP journey?
S.C. Knowing whether the product fits a market. I want to know what the customer wants, whether they are going to use it. Where is that middle ground?
We can tweak our technology to meet their needs, but I need to know their needs. And I think that's where that matchmaking definitely helps us.
F.H. One of the things we've talked about in the Trusted CI TTP cohort calls is perhaps linking with the business schools and some of the universities. For example, I think Indiana University's Business School helps with things like that. What Shantanu brings up is the technical researchers are great with the technology. But he needs a partner that can help him do that translation and connect him to the potential client or users, so that he can then harden the asset for that use. And then deploy it through that channel that supports those target users.
I try to help with my business experience. How do we create a partnership for Shantanu? Who's going to do this with them? So we're starting to think through this: should we reach out to the business school and create a little team. Bring in three Ph.D. research students and an MBA student and partner them for the summer. They would work on a problem together and tell a business school: here's the potential market opportunity; here are the market needs; here are the client needs; here's the potential value proposition the research technology brings to the client; here’s the analysis we did. That's the piece that could really help. One of the things we're thinking about is how to create that, probably at the research host institution so there is a local teaming opportunity.
We can do that part-time with mentors like me, but it's not like being in the trenches helping them do it on a day-to-day basis. That's why we have this TTP Fellows program. We're trying to figure out how to make this repeatable and sustainable.
Tuesday, July 28, 2020
Trusted CI Webinar: Transitioning Cybersecurity Research to Practice - Aug. 11th at 11am (EDT)
 |
| Add caption |
Please register here. Be sure to check spam/junk folder for registration confirmation email.
"Transition to practice is really a passion of mine. It is wonderful to write papers and have great ideas. But it is even cooler to get a million people using it." – Professor Patrick Traynor.Speaker Bios:
Join us to hear exciting Cybersecurity Research success stories, and lessons learned along the way, from Professor Patrick Traynor from the University of Florida who has successfully transitioned his research to practice in a number of ways. One of his technologies, the Skim Reaper, is being used across multiple U.S. states to protect from credit card skimming. We will also share tools that Trusted CI has developed to help you take the Transition To Practice journey as a developer and researcher. Florence Hudson and Ryan Kiser will present the "Trusted CI TTP Playbook" available on the Trusted CI website, with TTP Tools you can use. This includes a TTP Canvas to enable the researcher and developer to clarify their target users, value proposition, and how they will TTP. We also include a TTP Technology Readiness Level (TRL) assessment tool to design your technical journey to mature and transition to practice your valuable research.
Florence D. Hudson is a Special Advisor at Trusted CI, the NSF Cybersecurity Center of Excellence, co-leading the Transition To Practice (TTP) program. She has led TTP at IBM, Internet2 and Trusted CI. She is a former IBM Vice President and Chief Technology Officer, Internet2 Senior Vice President and Chief Innovation Officer, and Aerospace and Mechanical Engineer at Northrop Grumman and NASA. She is Executive Director for the Northeast Big Data Innovation Hub at Columbia University, and Founder and CEO of Advanced Technology and Diversity & Inclusion Consulting Firm FDHint, LLC. She received her BSE in Mechanical and Aerospace Engineering from Princeton University, and completed Executive Education at Harvard Business School and Columbia University.
Ryan Kiser is a Senior Security Analyst at the Indiana University Center for Applied Cybersecurity Research. Ryan has worked on information security projects across a wide variety of domains including leading efforts to assess and improve the security of automotive engine systems, performing risk assessments for university central IT systems, and supporting researchers in efforts to adhere to regulated data requirements such as HIPAA, FISMA, and various CUI requirements. Ryan has been heavily involved in organizations serving information security needs for higher-ed and national research communities. Some of these include the Open Science Grid (OSG) as a member of the OSG Security Team and Trusted CI where he has led engagements to assist NSF-funded research projects in improving their security posture. His current interests involve novel applications of predictive modeling, machine learning, and brazilian jiu-jitsu.
Patrick Traynor is a professor of Computer and Information Science and
Engineering (CISE) at the University of Florida. Patrick's research
focuses on the security of mobile systems, with a concentration on
telecommunications infrastructure and mobile devices. His research has
uncovered critical vulnerabilities in cellular networks, developed
techniques to find credit card skimmers that have been adopted by law
enforcement and created robust approaches to detecting and combating
Caller-ID scams. He received a CAREER Award from the National Science
Foundation in 2010, was named a Sloan Fellow in 2014, a Fellow of the
Center for Financial Inclusion at Accion in 2016 and a Kavli Fellow in
2017. Professor Traynor earned his Ph.D and M.S. in Computer Science and
Engineering from the Pennsylvania State University in 2008 and 2004,
respectively, and his B.S. in Computer Science from the University of
Richmond in 2002. He is also a co-founder of Pindrop Security,
CryptoDrop, and Skim Reaper.
Dr. S. Jay Yang received his BS degree in Electronics Engineering from National Chaio-Tung University in Taiwan in 1995, and MS and Ph.D. degrees in Electrical and Computer Engineering from the University of Texas at Austin in 1998 and 2001, respectively. He is currently a Professor and the Department Head for the Department of Computer Engineering at Rochester Institute of Technology. He also serves as the Director of Global Outreach in the Center of Cybersecurity at RIT, and a Co-Director of the Networking and Information Processing (NetIP) Laboratory. His research group has developed several pioneering machine learning, attack modeling, and simulation systems to provide predictive analysis of cyberattacks, enabling anticipatory or proactive cyber defense. His earlier works included FuSIA, VTAC, ViSAw, F-VLMM, and attack obfuscation modeling. More recently, his team is developing a holistic body of work that encompasses ASSERT to provide timely separation and prediction of critical attack behaviors, CASCASE to simulate synthetic cyberattack scenarios that integrates data-driven and theoretically grounded understanding of adversary behaviors, and CAPTURE to forecast cyberattacks before they happen using unconventional signals in the public domain. Dr. Yang has published more than sixty papers and worked on eighteen sponsored research projects. He has served on organizing committees for several conferences and as a guest editor and a reviewer for a number of journals and textbooks. He was invited as a keynote or panel speaker for several venues. He was a recipient of Norman A. Miles Outstanding Teaching Awards, and a key contributor to the development of two Ph.D. programs at RIT and several global partnership programs.
Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."
Tuesday, July 21, 2020
Trusted CI Completes a Highly Successful Engagement with UC Berkeley
Handling regulated data is becoming a key requirement for supporting research, especially for high performance computing (HPC) service providers who have not previously been subject to rules and regulations. While the list of institutions with research cyberinfrastructure approved for critical data such as protected health information (PHI) or Controlled Unclassified Information (CUI) is growing, it still remains woefully short. Any major university effort to accommodate researchers with regulated data adds to the pool of research enablers, while simultaneously protecting sensitive research data.
For HPC service providers that support research sponsored by the NSF, pursuing compliance also diverts resources, potentially affecting this support. External help can be invaluable in reducing the impact, especially for providers tackling compliance for the first time.
Trusted CI recently concluded a highly successful engagement with UC Berkeley that both validated and bolstered UC Berkeley’s nascent regulated data effort, namely a “Secure Research Data and Compute” (SRDC) platform. The SRDC platform is expected to have a significant impact on UC Berkeley’s ability to enable and empower a wide range of researchers to conduct research with data subject to rules and regulations in scientific fields as diverse as biology, engineering, computer science, and a broad spectrum of social sciences and professional schools such as business, public health, and law.
According to Ken Lutz, Director of Research Information Technology at UC Berkeley:
“Our engagement with Trusted CI has been very successful and has been an important part of preparing for the launch of our SRDC Platform. While we had already obtained a commitment by senior leadership to develop the platform, the perspective and expertise provided by the Trusted CI team helped us build trust across our complex network of stakeholders. Our UC Berkeley team especially appreciated the broader higher education experience that the Trusted CI team brought to the engagement. Based on this engagement, we feel confident that we are developing a platform and service that will enable our research community to pursue high impact research involving highly sensitive data.”
Initial engagement objectives included a review of SRDC’s design, security and compliance goals and future vision, a comparison of SRDC security against best practices at peer institutions, gap identification, and recommendations on how to fill those gaps.
The engagement spanned eleven 1-hour meetings and an all-day virtual campus visit. The meetings, submitted artifacts, and other input from UC Berkeley enabled Trusted CI to assess the SRDC security architecture, workflows, and current policies and procedures, evaluate and validate the cybersecurity framework UC Berkeley is developing with help from a commercial third party, and gauge UC Berkeley’s approach to regulated data against what peer institutions are doing.
During the virtual campus visit, Trusted CI met many of the other SRDC stakeholders on campus (including the CISO) and did a presentation for a group of these stakeholders that detailed current regulated research data approaches nationally and how UC Berkeley’s effort fits in.
The final product of the engagement was a 21-page report containing specific, prioritized recommendations on how to address the security gaps identified during the engagement (including HIPAA gaps), adopt best practices, and avoid pitfalls while maintaining a healthy balance between usability and security. Trusted CI also provided policy templates and guidance on how best to leverage the cybersecurity framework recommended by the third party.
Trusted CI benefited from this engagement as well from working alongside a commercial third party and learning about their approach to compliance, and from the addition of another institution that Trusted CI can refer future seekers of compliance to for guidance and counsel.
The success of this engagement is noteworthy in light of the challenges COVID-19 introduced in the midst of the engagement, including the cancellation of a campus visit and face to face interaction, both of which are typically important to the success of highly collaborative projects.
Tuesday, June 23, 2020
Transition to practice success story: Using machine learning to aid in the fight against cyberattacks
Artificial intelligence and machine learning becoming key technologies in cybersecurity operations
S. Jay Yang, professor at the Rochester Institute of Technology, is a 2019 Trusted CI Fellow and the first 2020 Trusted CI Transition to Practice (TTP) Fellow. His research group has developed several pioneering machine learning, attack modeling, and simulation systems to provide predictive analytics and anticipatory cyber defense. His earlier works included FuSIA, VTAC, ViSAw, F-VLMM, and attack obfuscation modeling.
In 2019, the Center for Applied Cybersecurity Research (CACR) and OmniSOC, the security operations center for higher education, began working with Dr. Yang and his team at Rochester Institute of Technology to implement Dr. Yang’s ASSERT research prototype with the OmniSOC. ASSERT is a machine learning system that automatically categorizes attacker behaviors derived from alerts and other information into descriptive models to help a SOC operator more effectively identify related attacker behavior.
“SOC analysts are overwhelmed by intrusion alerts,” said Yang. “By providing a characteristic summary of different groups of alerts, ASSERT can bring SOC analysts’ attention to critical attacks quicker and help them make informed decisions.”
CACR staff are working with OmniSOC engineers and Yang’s team from Rochester Institute of Technology to validate the methodology and test the research prototype for use at OmniSOC for applicability to SOC workflows using data OmniSOC aggregates from IU as the first of these explorations of machine learning approaches.
The team is using a subset of an anonymized parallel feed of (only) IU’s OmniSOC data. This data is pipelined to a prototype deployed on IU’s virtualization infrastructure. The results will be provided to OmniSOC engineers and analysts to determine if the method has utility for OmniSOC’s workflows. This project aims to catalyze further applied AI research for cybersecurity by taking advantage of the size of the security data set aggregated by OmniSOC, the expertise of CACR staff, and the relationships both organizations have within higher-ed security and research communities.
Ryan Kiser is a senior security analyst at the Indiana University Center for Applied Cybersecurity Research and one of the researchers involved in the project. We spoke with Kiser to catch up on how the project got started and where the project stands now.
Trusted CI: How did you learn about Dr. Jay Yang’s work?
Jay was a member of the Trusted CI cybersecurity cohort. The intent of the cohort was to get a group of security researchers together so that we could help make connections with the community that Trusted CI serves -- that is, the higher-ed and research communities and the facilities that are funded by NSF.
Some of Jay’s work is related to machine learning. Jay visited Bloomington to visit IU. It was a good opportunity for us to talk about his research. It seemed like the ability to generate models of attack was potentially applicable to OmniSOC. One of his grad students was working on a series of visualizations and a way for people to interact with the results from ASSERT, and he was able to demonstrate it for us in person.
Trusted CI: Where does the project stand now?
The project happened in phases. We planned to do it that way from the start because we weren't sure from the beginning that this would be something that could provide real value because it's still a research prototype.
We interacted with the researcher early on to find out what they need. We then tried to figure out how we can reduce this data down to reduce the risk of using operational data while still providing the functionality that is needed for the research. We determined a way to anonymize data and got approval from the security and policy offices for the use of the data in the way we proposed. Once we had that approval we could start.
The first phase was to just get a testbed set up and get the prototype deployed into the testbed, then start to get the right data from OmniSOC into the prototype. That concluded in early January.
We were starting to get results, so we started the second round to see if we can make use of this. Part of that was to develop a set of use cases for OmniSOC.
Another part of the project is that we had an undergraduate student here at IU develop visualizations as part of his capstone project and we set up some additional software to enable us to do that on the testbed. That's the phase of the project that is concluding now.
Suricata is a network monitoring and alerting tool used at IU. We wanted to take a subset of the data that Suricata is generating at IU and use that as the basis for an initial analysis, an exploration. The hope is that ultimately this can be applied more broadly, that we could do something like full network sensor data.
Another tool called Zeek captures a lot more data than Suricata about what is flowing over the network. Our hope is that once the groundwork is laid using the small dataset with Suricata, OmniSOC can start using the much larger volume of data that Zeek captures, hopefully getting much more valuable results out of it.
We have learned a lot throughout this process. One of the biggest takeaways that I have from this is the way in which it is limited. You cannot take a dataset and throw it at a neural network and then have a usable model that you can use to analyze other data. You have to tailor these things to the use case in order to solve a particular problem.
Our goal now is to work with OmniSOC and Jay to come up with a roadmap for OmniSOC and Jay to use to realize this potential. We're going to write up what we found by the end of July and plot a path forward for Jay’s group and OmniSOC to try to bring it into a real production environment.
S. Jay Yang, professor at the Rochester Institute of Technology, is a 2019 Trusted CI Fellow and the first 2020 Trusted CI Transition to Practice (TTP) Fellow. His research group has developed several pioneering machine learning, attack modeling, and simulation systems to provide predictive analytics and anticipatory cyber defense. His earlier works included FuSIA, VTAC, ViSAw, F-VLMM, and attack obfuscation modeling.
In 2019, the Center for Applied Cybersecurity Research (CACR) and OmniSOC, the security operations center for higher education, began working with Dr. Yang and his team at Rochester Institute of Technology to implement Dr. Yang’s ASSERT research prototype with the OmniSOC. ASSERT is a machine learning system that automatically categorizes attacker behaviors derived from alerts and other information into descriptive models to help a SOC operator more effectively identify related attacker behavior.
“SOC analysts are overwhelmed by intrusion alerts,” said Yang. “By providing a characteristic summary of different groups of alerts, ASSERT can bring SOC analysts’ attention to critical attacks quicker and help them make informed decisions.”
CACR staff are working with OmniSOC engineers and Yang’s team from Rochester Institute of Technology to validate the methodology and test the research prototype for use at OmniSOC for applicability to SOC workflows using data OmniSOC aggregates from IU as the first of these explorations of machine learning approaches.
The team is using a subset of an anonymized parallel feed of (only) IU’s OmniSOC data. This data is pipelined to a prototype deployed on IU’s virtualization infrastructure. The results will be provided to OmniSOC engineers and analysts to determine if the method has utility for OmniSOC’s workflows. This project aims to catalyze further applied AI research for cybersecurity by taking advantage of the size of the security data set aggregated by OmniSOC, the expertise of CACR staff, and the relationships both organizations have within higher-ed security and research communities.
Ryan Kiser is a senior security analyst at the Indiana University Center for Applied Cybersecurity Research and one of the researchers involved in the project. We spoke with Kiser to catch up on how the project got started and where the project stands now.
Trusted CI: How did you learn about Dr. Jay Yang’s work?
Jay was a member of the Trusted CI cybersecurity cohort. The intent of the cohort was to get a group of security researchers together so that we could help make connections with the community that Trusted CI serves -- that is, the higher-ed and research communities and the facilities that are funded by NSF.
Some of Jay’s work is related to machine learning. Jay visited Bloomington to visit IU. It was a good opportunity for us to talk about his research. It seemed like the ability to generate models of attack was potentially applicable to OmniSOC. One of his grad students was working on a series of visualizations and a way for people to interact with the results from ASSERT, and he was able to demonstrate it for us in person.
Trusted CI: Where does the project stand now?
The project happened in phases. We planned to do it that way from the start because we weren't sure from the beginning that this would be something that could provide real value because it's still a research prototype.
We interacted with the researcher early on to find out what they need. We then tried to figure out how we can reduce this data down to reduce the risk of using operational data while still providing the functionality that is needed for the research. We determined a way to anonymize data and got approval from the security and policy offices for the use of the data in the way we proposed. Once we had that approval we could start.
The first phase was to just get a testbed set up and get the prototype deployed into the testbed, then start to get the right data from OmniSOC into the prototype. That concluded in early January.
We were starting to get results, so we started the second round to see if we can make use of this. Part of that was to develop a set of use cases for OmniSOC.
Another part of the project is that we had an undergraduate student here at IU develop visualizations as part of his capstone project and we set up some additional software to enable us to do that on the testbed. That's the phase of the project that is concluding now.
Suricata is a network monitoring and alerting tool used at IU. We wanted to take a subset of the data that Suricata is generating at IU and use that as the basis for an initial analysis, an exploration. The hope is that ultimately this can be applied more broadly, that we could do something like full network sensor data.
Another tool called Zeek captures a lot more data than Suricata about what is flowing over the network. Our hope is that once the groundwork is laid using the small dataset with Suricata, OmniSOC can start using the much larger volume of data that Zeek captures, hopefully getting much more valuable results out of it.
We have learned a lot throughout this process. One of the biggest takeaways that I have from this is the way in which it is limited. You cannot take a dataset and throw it at a neural network and then have a usable model that you can use to analyze other data. You have to tailor these things to the use case in order to solve a particular problem.
Our goal now is to work with OmniSOC and Jay to come up with a roadmap for OmniSOC and Jay to use to realize this potential. We're going to write up what we found by the end of July and plot a path forward for Jay’s group and OmniSOC to try to bring it into a real production environment.
Tuesday, May 19, 2020
Transition to practice success story: Securing payment card readers with Skim Reaper
Skimmers want the data on your payment cards
Transition to practice is really a passion of mine. It is wonderful to write papers and have great ideas. But it is even cooler to get a million people using it. – Professor Patrick Traynor.
Patrick Traynor, Ph.D., is the John and Mary Lou Dasburg Preeminent Chair in Engineering and a professor in the Department of Computer and Information Science and Engineering (CISE) at the University of Florida. His research focuses on the security of mobile systems, with a concentration on telecommunications infrastructure and mobile devices. He is also a co-founder of Pindrop Security, CryptoDrop, and Skim Reaper. (Read his full bio at the end of this article.)
Trusted CI spoke with Professor Traynor about his experience transitioning Skim Reaper from a lab experiment into a real-world product.
Trusted CI: How did the Skim Reaper project get started?
We were doing work on how mobile payments are done in the developing world. Imagine that you don't have a credit card, you don't have access to a traditional bank, but you have a cell phone. People were texting each other and trading top-up minutes as currency. Safaricom in Kenya started allowing people to exchange cash instead of minutes.
The first digital payment system for much of the developing world is called M-Pesa. There'll be tremendous advantages bringing such systems here to the US. But in the process of doing that work, we were looking at how traditional payment systems work.
Skim Reaper was an offshoot of an NSF-funded project on trying to secure modern payments (NSF grant 1526718). It's not like credit cards are going to disappear anytime soon. We're going to have more types of payments, so we're going to have to secure these legacy things.
I had my credit card stolen six times in three years. When I talk to academics about credit card fraud, everyone treats it as a solved problem. When I went through the process with a debit card, the money was out of my account for a long period. I started thinking about how people who are financially vulnerable might go long periods without cash. I thought we needed to do something—to look at how we can push back against credit card skimming.
Trusted CI: How does Skim Reaper work?
The Skim Reaper is a card that's swiped or dipped into the payment terminal, just like a credit card. It's a device about the size and shape of a credit card. It determines how many times it's being read. That's a very simplistic version of what it's doing. But with the kind of credit card skimming that we're going after, the adversary adds a second read head to the card reader. They'll do that by overlaying it. Or they'll put one deep inside, called deep insert.
The card reader itself is going to get a normal read, but so too will the attacker. By developing a device that counts the number of times it's being read and then compares that to the number of times it should be being read, we know whether you have additional read heads in place and therefore whether there's a skimmer.
If a skimmer is in place, the device will turn on a red LCD. If the blue LCD lights up, everything is fine. Something like 10% of the population is red-green colorblind. So, we chose a blue light instead of green. We tried to be as inclusive as possible in the design.
Trusted CI: Did you have any NSF funding for Skim Reaper?
We had no explicit NSF funding for Skim Reaper other than the grant to study securing modern payments that preceded it. I have not applied for TTP-explicit funding before, but I am in the process of applying for some now. I have also applied for SBIR funding in the past as part of my work on Pindrop.
Trusted CI: Tell us how things got started.
When we started on this path, we didn't have access to credit cards skimmers. We started by looking online and trying to reach out to various law enforcement agencies, many of whom, of course, said, “who are you and why are you asking for credit card skimmers?” But we got quite lucky. We were in the process of prototyping our devices. We'd seen enough of the things online and had access to a few small units.
Then, we happened to meet the NYPD Financial Crimes Task Force attending a conference about traditional theft in retail at the University of Florida in 2017. When we met these detectives, we ran back to our lab, grabbed our prototypes, and showed them. They said they could use something like that. We flew up to New York in January 2018 at our expense with our devices for them to teach us everything they know about skimmers and then used our devices on skimmers they had previously recovered. We were in New York City for three days and the NYPD was fantastic. I mean, they were amazing. The care and the skill. They took us through the world of skimming, how it works, where it happens, and the motivations. We worked with the detectives during the day, and we'd go back at night and we would rewrite user interfaces.
Initially, our card had a box with a little LCD screen that would give instructions. They were great instructions for lab guys like me. But that's not what the detectives wanted. They said “nope, it's pretty much got to give us a thumbs up, thumbs down. The tiny print is not going to help us when we're out in the field, you just have to give us a clear signal.” We'd run back to the hotel, rewrite user interfaces, bring them back, test them again. Then on the second day, we saw how they were using them. And the original devices we had literally held together with electrical tape and Gorilla glue. We had to find a Home Depot in Manhattan on the second night because we had to essentially tape them back together.
We learned a lot about how users wanted to use the device, how durable it would have to be, and what the procedures around the use of the device might be. That experience was invaluable. We kept great contact and left five prototypes with the NYPD. About a month and a half later, they came back to us and said that they had used the device on an ATM in Queens. They had a positive hit. They did a stake out, and ultimately were able to make an arrest and conviction based on the use of our device.
Trusted CI: How did the project then transition to a product?
From there, things grew quickly. We started getting media coverage and all of a sudden this project that had happened really out of my own shame for having my credit card stolen so many times, resulted in probably 2,000 phone calls to my office and thousands and thousands of emails. We realized this was widespread. We were prototyping as fast as we possibly could. It probably took us fifteen hours to make a single device. But now, we had requests for thousands. We had to try and do this professionally because we couldn't send out something that as we saw lasted a couple of days. We needed to transition this into a real product. And that's what we spent the next year doing.
Trusted CI: Talk about the scope of your potential customers.
We started off working with law enforcement because they had the most examples of credit card skimmers and they're the ones who are generally called in to deal with the problem when it exists. But ultimately what we're doing is trying to make this available to companies, vendors, and retailers because they're the ones that have the point-of sale-units. They're the ones who are being attacked. It’s the same reason that every retailer needs to have locks on their doors. We think every retailer that takes credit cards, debit cards, or gift cards needs to have a Skim Reaper. They need to know that their customers are going to be secure when they make those payments. And in fact, we've heard anecdotally, and I know for myself, when consumers feel like yours is the store where their card has been skimmed, they stop going there. We think it's on retailers to deploy these devices.
Trusted CI: What about banks or ATM manufacturers?
We are working with multiple companies in the financial industry. There are multiple banks of varying sizes that we currently have as customers.
One of the most important things for a transition that I've found is it's not just about having a good pitch. It's not just about having a good product; it's about getting in front of the right people. The media coverage has really helped. (How the 'Skim Reaper' is trying to kill credit card skimming devices) (How the 'Skim Reaper' protects you from credit card skimmers)
Many industries don't want to talk about security problems, at least publicly. And that's a natural thing. You don't want your consumers to think that you are more vulnerable than the competition. But by working with law enforcement, by doing media outreach with them, this allows other businesses to admit that is a problem for them and they often reach out directly to us.
Trusted CI: Without disclosing any customers, how big have you grown?
We started selling in August of 2019, and we're now deployed in 20 states and internationally.
Trusted CI: Would you like to make any acknowledgments?
I really want to thank the NYPD Financial Crimes Taskforce. If they hadn't taken a chance on us early on, we probably wouldn't be having this conversation. But I'm also grateful to the local police department here in Gainesville, Florida. They've been tremendous. Beyond that, the Department of Agriculture and Consumer Services in the State of Florida are responsible for ensuring that gas pumps pump the correct amount that you pay for. But because they're on the ground and out inspecting pumps, they're often the ones that come across skimmers. And for the last two years they've really been a tremendous resource and we very much enjoyed working with them. All these folks continue to help us by giving us access to the newest skimmers that are out there so that we can make sure that number one, our devices continue to work. And number two, we have new things in the pipeline which will come out soon.
Again, I can't speak highly enough about our law enforcement partners. These folks work hard and need the resources to do their job as effectively as possible. And all throughout this transition process, it just wouldn't have been possible without willing law enforcement partners.
Trusted CI: Tell us about your support structure.
We provide videos and we often Skype with customers to make sure that they know how to use it correctly. So far, we've had minimal requests for support. But again, the experience with the NYPD showed us how to simplify the interface. A tool that's likely to give retailers any kind of help in this space has got to be easy enough that it can be learned in two minutes.
Trusted CI: How widespread is skimming?
This is one of the interesting questions we're trying to answer. The best example comes from colleagues at the Department of Agriculture. They often pull out skimmers from gas pumps and they're wrapped in tape and on occasion they'll have numbers on them. I was told a story where somebody in one day pulled out a number 17, a number 32, and he said, “that's great, I have two but where's one through 16, 18 through 31? And what's the stopping number?” Their guess, based on how many they were pulling, was that they were getting about 5% of what's out there.
Prior to the Skim Reaper, there really weren't any tools to know the numbers because these things are often undetected. Sometimes they are recovered and taken away, sometimes the bad guys come back and take them and move them to other spots. Knowing the scale of the problem is quite difficult. But I think anecdotally, we all know someone who's had their credit card stolen. And if it's not you, you're lucky.
Trusted CI: Talk about some of the other things you're working on.
I'm fortunate to have a wonderful group of incredibly talented and diverse students here at the University of Florida. We're working on a huge range of problems, everything from security and microfinance to detecting deep fake voices and disinformation. We're also looking at strengthening two-factor authentication for common users. Our work really runs the gamut. And that's only possible because of NSF funding. Most of my students are indeed funded by the NSF, and we're quite fortunate.
Skim Reaper is my third startup. I want to try and help incentivize junior scientists and help make that path a lot easier because it's tough, but it's been worth it.
Trusted CI: Why is transitioning to practice important?
In a keynote I gave, I had a slightly darker take on this. The NSF is funding us for a long time and we're quite fortunate and we're doing great work. But at some point, they might say, “We're just not winning the battle. The return on investment isn't high enough.” We may need to do this for our own survival. And quite frankly, the world needs us, and the world needs our innovation. I like that more positive spin on it.
Trusted CI: Any last thoughts?
One last thing I do want to plug. We made a conscious decision that are our devices are manufactured in the US. They're manufactured in Houston. This is important to us because the ideas were generated in the US and we're now helping to create high-tech jobs in Houston. We think that this is a great example of reasons to invest in science. We're creating jobs from the ideation to the manufacturing phase. And they're all happening here in the US.
Bio
Patrick Traynor is the John and Mary Lou Dasburg Preeminent Chair in Engineering and a Professor in the Department of Computer and Information Science and Engineering (CISE) at the University of Florida. His research focuses on the security of mobile systems, with a concentration on telecommunications infrastructure and mobile devices. His research has uncovered critical vulnerabilities in cellular networks, developed techniques to find credit card skimmers that have been adopted by law enforcement and created robust approaches to detecting and combating Caller-ID scams.
He received a CAREER Award from the National Science Foundation in 2010, was named a Sloan Fellow in 2014, a Fellow of the Center for Financial Inclusion at Accion in 2016 and a Kavli Fellow in 2017. Professor Traynor earned his Ph.D and M.S. in Computer Science and Engineering from the Pennsylvania State University in 2008 and 2004, respectively, and his B.S. in Computer Science from the University of Richmond in 2002. He is also a co-founder of Pindrop Security, CryptoDrop, and Skim Reaper.
Transition to practice is really a passion of mine. It is wonderful to write papers and have great ideas. But it is even cooler to get a million people using it. – Professor Patrick Traynor.
Patrick Traynor, Ph.D., is the John and Mary Lou Dasburg Preeminent Chair in Engineering and a professor in the Department of Computer and Information Science and Engineering (CISE) at the University of Florida. His research focuses on the security of mobile systems, with a concentration on telecommunications infrastructure and mobile devices. He is also a co-founder of Pindrop Security, CryptoDrop, and Skim Reaper. (Read his full bio at the end of this article.)
Trusted CI spoke with Professor Traynor about his experience transitioning Skim Reaper from a lab experiment into a real-world product.
Trusted CI: How did the Skim Reaper project get started?
We were doing work on how mobile payments are done in the developing world. Imagine that you don't have a credit card, you don't have access to a traditional bank, but you have a cell phone. People were texting each other and trading top-up minutes as currency. Safaricom in Kenya started allowing people to exchange cash instead of minutes.
The first digital payment system for much of the developing world is called M-Pesa. There'll be tremendous advantages bringing such systems here to the US. But in the process of doing that work, we were looking at how traditional payment systems work.
Skim Reaper was an offshoot of an NSF-funded project on trying to secure modern payments (NSF grant 1526718). It's not like credit cards are going to disappear anytime soon. We're going to have more types of payments, so we're going to have to secure these legacy things.
I had my credit card stolen six times in three years. When I talk to academics about credit card fraud, everyone treats it as a solved problem. When I went through the process with a debit card, the money was out of my account for a long period. I started thinking about how people who are financially vulnerable might go long periods without cash. I thought we needed to do something—to look at how we can push back against credit card skimming.
Trusted CI: How does Skim Reaper work?
The Skim Reaper is a card that's swiped or dipped into the payment terminal, just like a credit card. It's a device about the size and shape of a credit card. It determines how many times it's being read. That's a very simplistic version of what it's doing. But with the kind of credit card skimming that we're going after, the adversary adds a second read head to the card reader. They'll do that by overlaying it. Or they'll put one deep inside, called deep insert.
The card reader itself is going to get a normal read, but so too will the attacker. By developing a device that counts the number of times it's being read and then compares that to the number of times it should be being read, we know whether you have additional read heads in place and therefore whether there's a skimmer.
If a skimmer is in place, the device will turn on a red LCD. If the blue LCD lights up, everything is fine. Something like 10% of the population is red-green colorblind. So, we chose a blue light instead of green. We tried to be as inclusive as possible in the design.
Trusted CI: Did you have any NSF funding for Skim Reaper?
We had no explicit NSF funding for Skim Reaper other than the grant to study securing modern payments that preceded it. I have not applied for TTP-explicit funding before, but I am in the process of applying for some now. I have also applied for SBIR funding in the past as part of my work on Pindrop.
Trusted CI: Tell us how things got started.
When we started on this path, we didn't have access to credit cards skimmers. We started by looking online and trying to reach out to various law enforcement agencies, many of whom, of course, said, “who are you and why are you asking for credit card skimmers?” But we got quite lucky. We were in the process of prototyping our devices. We'd seen enough of the things online and had access to a few small units.
Then, we happened to meet the NYPD Financial Crimes Task Force attending a conference about traditional theft in retail at the University of Florida in 2017. When we met these detectives, we ran back to our lab, grabbed our prototypes, and showed them. They said they could use something like that. We flew up to New York in January 2018 at our expense with our devices for them to teach us everything they know about skimmers and then used our devices on skimmers they had previously recovered. We were in New York City for three days and the NYPD was fantastic. I mean, they were amazing. The care and the skill. They took us through the world of skimming, how it works, where it happens, and the motivations. We worked with the detectives during the day, and we'd go back at night and we would rewrite user interfaces.
Initially, our card had a box with a little LCD screen that would give instructions. They were great instructions for lab guys like me. But that's not what the detectives wanted. They said “nope, it's pretty much got to give us a thumbs up, thumbs down. The tiny print is not going to help us when we're out in the field, you just have to give us a clear signal.” We'd run back to the hotel, rewrite user interfaces, bring them back, test them again. Then on the second day, we saw how they were using them. And the original devices we had literally held together with electrical tape and Gorilla glue. We had to find a Home Depot in Manhattan on the second night because we had to essentially tape them back together.
We learned a lot about how users wanted to use the device, how durable it would have to be, and what the procedures around the use of the device might be. That experience was invaluable. We kept great contact and left five prototypes with the NYPD. About a month and a half later, they came back to us and said that they had used the device on an ATM in Queens. They had a positive hit. They did a stake out, and ultimately were able to make an arrest and conviction based on the use of our device.
Trusted CI: How did the project then transition to a product?
From there, things grew quickly. We started getting media coverage and all of a sudden this project that had happened really out of my own shame for having my credit card stolen so many times, resulted in probably 2,000 phone calls to my office and thousands and thousands of emails. We realized this was widespread. We were prototyping as fast as we possibly could. It probably took us fifteen hours to make a single device. But now, we had requests for thousands. We had to try and do this professionally because we couldn't send out something that as we saw lasted a couple of days. We needed to transition this into a real product. And that's what we spent the next year doing.
Trusted CI: Talk about the scope of your potential customers.
We started off working with law enforcement because they had the most examples of credit card skimmers and they're the ones who are generally called in to deal with the problem when it exists. But ultimately what we're doing is trying to make this available to companies, vendors, and retailers because they're the ones that have the point-of sale-units. They're the ones who are being attacked. It’s the same reason that every retailer needs to have locks on their doors. We think every retailer that takes credit cards, debit cards, or gift cards needs to have a Skim Reaper. They need to know that their customers are going to be secure when they make those payments. And in fact, we've heard anecdotally, and I know for myself, when consumers feel like yours is the store where their card has been skimmed, they stop going there. We think it's on retailers to deploy these devices.
Trusted CI: What about banks or ATM manufacturers?
We are working with multiple companies in the financial industry. There are multiple banks of varying sizes that we currently have as customers.
One of the most important things for a transition that I've found is it's not just about having a good pitch. It's not just about having a good product; it's about getting in front of the right people. The media coverage has really helped. (How the 'Skim Reaper' is trying to kill credit card skimming devices) (How the 'Skim Reaper' protects you from credit card skimmers)
Many industries don't want to talk about security problems, at least publicly. And that's a natural thing. You don't want your consumers to think that you are more vulnerable than the competition. But by working with law enforcement, by doing media outreach with them, this allows other businesses to admit that is a problem for them and they often reach out directly to us.
Trusted CI: Without disclosing any customers, how big have you grown?
We started selling in August of 2019, and we're now deployed in 20 states and internationally.
Trusted CI: Would you like to make any acknowledgments?
I really want to thank the NYPD Financial Crimes Taskforce. If they hadn't taken a chance on us early on, we probably wouldn't be having this conversation. But I'm also grateful to the local police department here in Gainesville, Florida. They've been tremendous. Beyond that, the Department of Agriculture and Consumer Services in the State of Florida are responsible for ensuring that gas pumps pump the correct amount that you pay for. But because they're on the ground and out inspecting pumps, they're often the ones that come across skimmers. And for the last two years they've really been a tremendous resource and we very much enjoyed working with them. All these folks continue to help us by giving us access to the newest skimmers that are out there so that we can make sure that number one, our devices continue to work. And number two, we have new things in the pipeline which will come out soon.
Again, I can't speak highly enough about our law enforcement partners. These folks work hard and need the resources to do their job as effectively as possible. And all throughout this transition process, it just wouldn't have been possible without willing law enforcement partners.
Trusted CI: Tell us about your support structure.
We provide videos and we often Skype with customers to make sure that they know how to use it correctly. So far, we've had minimal requests for support. But again, the experience with the NYPD showed us how to simplify the interface. A tool that's likely to give retailers any kind of help in this space has got to be easy enough that it can be learned in two minutes.
Trusted CI: How widespread is skimming?
This is one of the interesting questions we're trying to answer. The best example comes from colleagues at the Department of Agriculture. They often pull out skimmers from gas pumps and they're wrapped in tape and on occasion they'll have numbers on them. I was told a story where somebody in one day pulled out a number 17, a number 32, and he said, “that's great, I have two but where's one through 16, 18 through 31? And what's the stopping number?” Their guess, based on how many they were pulling, was that they were getting about 5% of what's out there.
Prior to the Skim Reaper, there really weren't any tools to know the numbers because these things are often undetected. Sometimes they are recovered and taken away, sometimes the bad guys come back and take them and move them to other spots. Knowing the scale of the problem is quite difficult. But I think anecdotally, we all know someone who's had their credit card stolen. And if it's not you, you're lucky.
Trusted CI: Talk about some of the other things you're working on.
I'm fortunate to have a wonderful group of incredibly talented and diverse students here at the University of Florida. We're working on a huge range of problems, everything from security and microfinance to detecting deep fake voices and disinformation. We're also looking at strengthening two-factor authentication for common users. Our work really runs the gamut. And that's only possible because of NSF funding. Most of my students are indeed funded by the NSF, and we're quite fortunate.
Skim Reaper is my third startup. I want to try and help incentivize junior scientists and help make that path a lot easier because it's tough, but it's been worth it.
Trusted CI: Why is transitioning to practice important?
In a keynote I gave, I had a slightly darker take on this. The NSF is funding us for a long time and we're quite fortunate and we're doing great work. But at some point, they might say, “We're just not winning the battle. The return on investment isn't high enough.” We may need to do this for our own survival. And quite frankly, the world needs us, and the world needs our innovation. I like that more positive spin on it.
Trusted CI: Any last thoughts?
One last thing I do want to plug. We made a conscious decision that are our devices are manufactured in the US. They're manufactured in Houston. This is important to us because the ideas were generated in the US and we're now helping to create high-tech jobs in Houston. We think that this is a great example of reasons to invest in science. We're creating jobs from the ideation to the manufacturing phase. And they're all happening here in the US.
Bio
Patrick Traynor is the John and Mary Lou Dasburg Preeminent Chair in Engineering and a Professor in the Department of Computer and Information Science and Engineering (CISE) at the University of Florida. His research focuses on the security of mobile systems, with a concentration on telecommunications infrastructure and mobile devices. His research has uncovered critical vulnerabilities in cellular networks, developed techniques to find credit card skimmers that have been adopted by law enforcement and created robust approaches to detecting and combating Caller-ID scams.
He received a CAREER Award from the National Science Foundation in 2010, was named a Sloan Fellow in 2014, a Fellow of the Center for Financial Inclusion at Accion in 2016 and a Kavli Fellow in 2017. Professor Traynor earned his Ph.D and M.S. in Computer Science and Engineering from the Pennsylvania State University in 2008 and 2004, respectively, and his B.S. in Computer Science from the University of Richmond in 2002. He is also a co-founder of Pindrop Security, CryptoDrop, and Skim Reaper.
Tuesday, April 14, 2020
Transition to Practice success story, part two: How CILogon powers science gateways
Different authentication scenarios must all work together for science gateways
Marlon Pierce, Ph.D., is director of the Cyberinfrastructure Integration Research Center at Indiana University (formerly the Science Gateways Research Center). Pierce leads distributed systems research into scalable cyberinfrastructure to support computational and data-driven science.
Trusted CI spoke with Pierce about how science gateways use CILogon. CILogon enables researchers to log on to cyberinfrastructure (CI). CILogon provides an integrated open source identity and access management platform for research collaborations, combining federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage). (Read the interview with Jim Basney who leads the CILogon project >>)
Pierce and his team have worked with Jim Basney and the CILogon team for quite a while, especially with two projects. One of those is an NSF-funded project called the Science Gateway Platform as a Service (SciGaP) that uses their Apache Airavata software-as-a-service.
The platform and one code-based installation can support many different gateway tenants. Each of those gateway tenants can support many different users.
“We might have a gateway that could be out of anywhere,” says Pierce. “They could work with communities all over the country or all over the world that are not tied to Indiana University, for example, where we are. We work with PIs from all over the country who want to offer their gateways.”
The essence of a gateway is that it supports communities of users who need to be authenticated. The gateways are not just anonymous. In fact, that is an important characteristic that they are not an anonymous science service. They need to be able to log in and use it through a sequence of actions that need to be recorded so that the gateway can keep track of work they do.
“You could think of those as creating digital objects,” says Pierce, “so the ability to do federated authentication is a cornerstone of all these projects which we outsource to the CILogon team. That is extremely valuable because it’s already solved for us.”
Pierce says now they can automate through some new services that CILogon provides. “Now every time we create a new gateway tenant, it also becomes a new tenant inside the CILogon system. That gateway could decide what authentication providers it wants to use. It could turn on the spigot and say, ‘come with whatever you have.’ For example, ‘I only want this for my university.’ CILogon provides many different capabilities.
Pierce has another NSF-funded project called Custos (NSF Award 1840003) that is about halfway finished that incorporates CILogon.
“It’s a cyberinfrastructure program that Jim Basney is co-PI on,” says Pierce, “that takes on some of the things we learned from SciGaP. Many gateways want some of our services but not all of them. Let’s say a gateway has solved for their own purposes this problem of running a job with a supercomputer but they'd like to outsource some of the other things that we built. For example, the security pieces. CILogon is a key part of the Custos project for us to provide a targeted set of capabilities that are specifically for gateways use cases with authentication being the cornerstone.”
Currently, Pierce estimates that between 2,000 and 3,000 science gateway users are directly impacted by CILogon.
Pierce and his team first started using CILogon several years ago with a project called SeaGrid that was part of the SciGaP project. At the time, their other projects were using in-house authentication methods. During the SeaGrid project and designing the security infrastructure, they realized early on that CILogon was the way to go.
“We’d worked with Jim on an earlier project in 2010 or 2012,” says Pierce. “We realized there was no other service that offered this type of reliability and the type of support we get from them.”
“They've done all the hard work with the ‘plumbing’ of authentication systems, so we don't have to do it. There are things out there like Open ID Connect, which they support, but we needed more than that. Since gateways are typically with academic partners, that means that we need solutions where we have any number of different authentication scenarios that all work together that are appropriate for a gateway.”
SciGaP is funded by the National Science Foundation's Software Infrastructure for Sustained Innovation (SI2) program through award #'s 1339774, 1339856, and 1339649.
Marlon Pierce, Ph.D., is director of the Cyberinfrastructure Integration Research Center at Indiana University (formerly the Science Gateways Research Center). Pierce leads distributed systems research into scalable cyberinfrastructure to support computational and data-driven science.
Trusted CI spoke with Pierce about how science gateways use CILogon. CILogon enables researchers to log on to cyberinfrastructure (CI). CILogon provides an integrated open source identity and access management platform for research collaborations, combining federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage). (Read the interview with Jim Basney who leads the CILogon project >>)
Pierce and his team have worked with Jim Basney and the CILogon team for quite a while, especially with two projects. One of those is an NSF-funded project called the Science Gateway Platform as a Service (SciGaP) that uses their Apache Airavata software-as-a-service.
The platform and one code-based installation can support many different gateway tenants. Each of those gateway tenants can support many different users.
“We might have a gateway that could be out of anywhere,” says Pierce. “They could work with communities all over the country or all over the world that are not tied to Indiana University, for example, where we are. We work with PIs from all over the country who want to offer their gateways.”
The essence of a gateway is that it supports communities of users who need to be authenticated. The gateways are not just anonymous. In fact, that is an important characteristic that they are not an anonymous science service. They need to be able to log in and use it through a sequence of actions that need to be recorded so that the gateway can keep track of work they do.
“You could think of those as creating digital objects,” says Pierce, “so the ability to do federated authentication is a cornerstone of all these projects which we outsource to the CILogon team. That is extremely valuable because it’s already solved for us.”
Pierce says now they can automate through some new services that CILogon provides. “Now every time we create a new gateway tenant, it also becomes a new tenant inside the CILogon system. That gateway could decide what authentication providers it wants to use. It could turn on the spigot and say, ‘come with whatever you have.’ For example, ‘I only want this for my university.’ CILogon provides many different capabilities.
Pierce has another NSF-funded project called Custos (NSF Award 1840003) that is about halfway finished that incorporates CILogon.
“It’s a cyberinfrastructure program that Jim Basney is co-PI on,” says Pierce, “that takes on some of the things we learned from SciGaP. Many gateways want some of our services but not all of them. Let’s say a gateway has solved for their own purposes this problem of running a job with a supercomputer but they'd like to outsource some of the other things that we built. For example, the security pieces. CILogon is a key part of the Custos project for us to provide a targeted set of capabilities that are specifically for gateways use cases with authentication being the cornerstone.”
Currently, Pierce estimates that between 2,000 and 3,000 science gateway users are directly impacted by CILogon.
Pierce and his team first started using CILogon several years ago with a project called SeaGrid that was part of the SciGaP project. At the time, their other projects were using in-house authentication methods. During the SeaGrid project and designing the security infrastructure, they realized early on that CILogon was the way to go.
“We’d worked with Jim on an earlier project in 2010 or 2012,” says Pierce. “We realized there was no other service that offered this type of reliability and the type of support we get from them.”
“They've done all the hard work with the ‘plumbing’ of authentication systems, so we don't have to do it. There are things out there like Open ID Connect, which they support, but we needed more than that. Since gateways are typically with academic partners, that means that we need solutions where we have any number of different authentication scenarios that all work together that are appropriate for a gateway.”
SciGaP is funded by the National Science Foundation's Software Infrastructure for Sustained Innovation (SI2) program through award #'s 1339774, 1339856, and 1339649.
Thursday, March 12, 2020
Transition to Practice success story: Simplifying scientist access to cyberinfrastructure with CILogon
Service provides identity management, so research projects don’t have to.
[Want to learn the basics about Transition to Practice? Read an introduction to the Trusted CI Cybersecurity Technology Transition to Practice (TTP) program >>]
CILogon enables researchers to log on to cyberinfrastructure (CI). CILogon provides an integrated open source identity and access management platform for research collaborations, combining federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage).
Jim Basney is a senior research scientist, cybersecurity division, National Center for Supercomputing Applications (NCSA), University of Illinois at Urbana-Champaign. Jim is also deputy director for Trusted CI. We spoke with Jim about CILogon and about its transition to practice.
TRUSTED CI: Please tell us about the scope of your work, and how CILogon fits into that.
I'm here in the security group at NCSA. We are focused on enabling secure access to computational resources for scientists.
One aspect of that is working with Trusted CI. In my role as the deputy director for Trusted CI, I help researchers with their cybersecurity challenges. That includes identity and access management but also cybersecurity policies, data management, and operational security topics -- a wide range of cybersecurity topics.
Outside of my Trusted CI work, I mainly focus on the topic of identity and access management. CILogon is one of the projects that I work on in that context.
I also work on a related project called SciTokens which is about using JSON Web Tokens for access to scientific cyberinfrastructure.
We are integrating the research that's coming out of the SciTokens project into the CILogon service.
TRUSTED CI: How will that help CILogon?
It's going to give researchers more options for authorizing access to the variety of scientific services that they're using. Right now, CILogon is providing ID tokens that identify the researcher. This allows research collaborations to do attribute-based access control and identity-based access control using the researcher’s login.
SciTokens also adds capability-based access control so that you can have a least-privilege access control policy based on a potentially complex set of policy rules to say, “Yes, you are authorized to access this file” or “You're authorized to access this cloud resource or this space on the wiki.” It does not need to be based on your individual identity.
TRUSTED CI: Users can get lots of information on the CILogon website. Tell us in your own words what you see as the primary benefit and what value it brings to users.
Our goal is to enable logon to scientific cyberinfrastructure. We want to make it seamless for researchers to access the cyberinfrastructure that they need to conduct their research and their scientific collaborations.
Part of making that seamless is we want researchers to be able to use their existing identities. In most cases that's a campus identity through their campus identity provider. That could be part of the InCommon Federation or globally part of the eduGAIN interfederation service, in many cases using the open source Shibboleth single sign-on software. But it could also be identities from other providers like Google or GitHub or ORCID.
In addition to enabling that logon, we want to enable the providers of cyberinfrastructure to manage the access to those resources through onboarding and offboarding procedures that control how researchers log on; the duration of the collaboration; the ability to set collaboration-specific attributes, groups, and roles; and to do that in one place so that researchers have a consistent level of access across all the different cyberinfrastructure services that they're using.
Enabling that consistency means that we need to provide a service that supports many APIs and protocols for integrating identity management with the variety of research applications that the scientists need to use.
In CILogon, we support a long list of standards including OpenID Connect, OAuth, JSON Web Tokens, SAML [Security Assertion Markup Language], LDAP, certificates, and public keys.
We provide all these capabilities in a nonprofit, open-source, reliable, hosted software-as-a-service offering from NCSA, which manages our resources, contracting, and subscription process.
The goal of providing it as a service is that we understand that identity and access management software is fairly complex to operate, so we have a team on the CILogon project with the needed operational experience. We provide that as a service to a variety of research projects so they don't have to become experts in the software themselves -- they can just rely on us.
Institutions can make it available to the research projects that their researchers are part of. Because we're using standards like SAML, Shibboleth, and the InCommon Federation, we connect with what the institutions are doing because so many institutions in the US and around the world are part of these academic research and education federations.
We are compatible with the identity and access management services that are already on campus, and we're providing the glue to make that work with research cyberinfrastructure.
TRUSTED CI: Can you give some specific examples or scenarios of the kind of infrastructure you're describing; who might be connecting to that and why?
First, I'll talk about different types of applications.
We see in different science projects that scientists may use a science gateway, which is a web portal that hosts a variety of science applications and data through a web interface. They may be logging in to an HPC cluster to submit a large simulation. They may create a Jupyter Notebook to develop their reproducible workflow for their scientific work. They may be posting results and having discussions on wikis or mailing lists. They might also be developing services and deploying them on Kubernetes. These are some of the services that we get requests to integrate with a common identity and access management system.
LIGO [Laser Interferometer Gravitational-Wave Observatory] is an example of a scientific collaboration that uses many of these services and is a CILogon subscriber. LIGO is an international collaboration making it possible for the researchers that are part of that collaboration to access all of these different applications in a convenient way. This means that they can get access to the signals from the scientific instrument so that they can quickly analyze those results and publish their scientific results in a collaborative and secure way.
We're focused on the academic research and scholarship use case and that's a very broad set of researchers -- thousands of researchers on thousands of campuses across the US and many more globally.
On one end of the scale, we serve the research project that is only one or two investigators with some grad students on one campus. Then on the other end of the scale are international collaborations that may have thousands of participants. By offering a software-as-a-service platform that has these common integration points and is easy to get connected to, we intend to make it easy both for the small projects and larger projects to take advantage of the services.
TRUSTED CI: Do they pay for this service?
We have a free tier and then we have paid tiers that provide additional functionality and that also provide the contracted service-level agreements that especially the larger research projects depend on.
TRUSTED CI: Any restrictions on your target audience? In other words, do you have to be a US facility to be a paid client or a free client or could it be any other country?
It's not restricted to US facilities or just to NSF projects. Our requirement is that you do need to be focused on academic research. We're not serving the commercial research space.
In part, our target audience is meant to be compatible with what's called the REFEDS Research and Scholarship Entity category. That's an internationally recognized identity management policy about information sharing between academic institutions to support research using Federated Identity. That really enables all the work that we do with CILogon.
It's very important for us to stay within the bounds of that policy focused on the academic research use case.
TRUSTED CI: Do you have many international users?
Yes. We currently have about 8,000 active users each month and a significant percentage of those users are international. For example, we have over 100 active users from CERN [the European Organization for Nuclear Research]. We also see users from Germany, the UK, Italy, the Czech Republic, South Korea, Australia, and elsewhere.
TRUSTED CI: Anything else our readers need to know that is not documented on the website?
Everything should be documented on the CILogon website, and users can log in right from there.
TRUSTED CI: Talk a bit more about your support structure and particularly the paid tiers.
We have three tiers that are described on the website where your readers can find more details.
We call the no-charge tier our basic authentication tier. As the name implies, it's just providing our authentication service without any group management or attribute management -- just a basic authentication service with best-effort support.
The first paid tier is called Essential Collaboration Management. That adds the collaboration support -- the onboarding and offboarding, groups, attributes, and roles that are managed through open source software called COmanage. We publish that information into an LDAP directory and a SAML attribute authority providing multiple standard interfaces to the information about the researcher’s role in the collaboration. When a collaboration subscribes to that tier, that gives them the ability to manage that information about their collaboration in our environment.
The full-service tier includes all those capabilities plus it adds the SciTokens capability and adds Grouper for advanced access management and also provides dedicated service instances for more customized capabilities and improved performance.
TRUSTED CI: What is the chronology of CILogon?
CILogon grew out of NSF grants back in 2004 called GridShib for grid computing and Shibboleth. Combining those two technologies, we've built up the capability thanks to several NSF grants over the years, along with a Department of Energy grant. We had our first CILogon award from NSF in 2009 but we built that using software that was developed from the 2004 GridShib award [NSF award 0438385]. CILogon went live in 2010 with the free service tier.
In 2019, we transitioned from grant funding to the subscription funding model. We're now in our second year of subscription funding support.
Except for some core operational support that we get from XSEDE [the Extreme Science and Engineering Discovery Environment], which is really critical for the sustainability of that free tier, we are fully subscriber-funded.
TRUSTED CI: Are there other collaborators that you want to mention?
Scott Koranda is my co-PI. Scott works for a company called Spherical Cow Group. And of course, none of this would be possible without InCommon.
TRUSTED CI: Are there other things you've spawned from CILogon that are adding additional value?
Grouper and COmanage are existing products that we integrated into the CILogon service offering. Out of CILogon, SciTokens is one example where we spun off research building on some of the existing CILogon technology, developed new capabilities, and are bringing it back into the CILogon operational service.
TRUSTED CI: Is the software available to others?
All of our software is open source and published on GitHub.
The RCauth.eu service in Europe is an example of offering similar services using our open source software. Other large infrastructure providers can take the software and operate it themselves if they’d like, though we believe there is significant value provided by the CILogon operational team through our software-as-a-service offering.
___
This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, 1547268, and 1548562 and by the Department of Energy under award number DE-SC0008597. CILogon operations is supported by subscribers.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
[Want to learn the basics about Transition to Practice? Read an introduction to the Trusted CI Cybersecurity Technology Transition to Practice (TTP) program >>]
CILogon enables researchers to log on to cyberinfrastructure (CI). CILogon provides an integrated open source identity and access management platform for research collaborations, combining federated identity management (Shibboleth, InCommon) with collaborative organization management (COmanage).
Jim Basney is a senior research scientist, cybersecurity division, National Center for Supercomputing Applications (NCSA), University of Illinois at Urbana-Champaign. Jim is also deputy director for Trusted CI. We spoke with Jim about CILogon and about its transition to practice.
TRUSTED CI: Please tell us about the scope of your work, and how CILogon fits into that.
I'm here in the security group at NCSA. We are focused on enabling secure access to computational resources for scientists.
One aspect of that is working with Trusted CI. In my role as the deputy director for Trusted CI, I help researchers with their cybersecurity challenges. That includes identity and access management but also cybersecurity policies, data management, and operational security topics -- a wide range of cybersecurity topics.
Outside of my Trusted CI work, I mainly focus on the topic of identity and access management. CILogon is one of the projects that I work on in that context.
I also work on a related project called SciTokens which is about using JSON Web Tokens for access to scientific cyberinfrastructure.
We are integrating the research that's coming out of the SciTokens project into the CILogon service.
TRUSTED CI: How will that help CILogon?
It's going to give researchers more options for authorizing access to the variety of scientific services that they're using. Right now, CILogon is providing ID tokens that identify the researcher. This allows research collaborations to do attribute-based access control and identity-based access control using the researcher’s login.
SciTokens also adds capability-based access control so that you can have a least-privilege access control policy based on a potentially complex set of policy rules to say, “Yes, you are authorized to access this file” or “You're authorized to access this cloud resource or this space on the wiki.” It does not need to be based on your individual identity.
TRUSTED CI: Users can get lots of information on the CILogon website. Tell us in your own words what you see as the primary benefit and what value it brings to users.
Our goal is to enable logon to scientific cyberinfrastructure. We want to make it seamless for researchers to access the cyberinfrastructure that they need to conduct their research and their scientific collaborations.
Part of making that seamless is we want researchers to be able to use their existing identities. In most cases that's a campus identity through their campus identity provider. That could be part of the InCommon Federation or globally part of the eduGAIN interfederation service, in many cases using the open source Shibboleth single sign-on software. But it could also be identities from other providers like Google or GitHub or ORCID.
In addition to enabling that logon, we want to enable the providers of cyberinfrastructure to manage the access to those resources through onboarding and offboarding procedures that control how researchers log on; the duration of the collaboration; the ability to set collaboration-specific attributes, groups, and roles; and to do that in one place so that researchers have a consistent level of access across all the different cyberinfrastructure services that they're using.
Enabling that consistency means that we need to provide a service that supports many APIs and protocols for integrating identity management with the variety of research applications that the scientists need to use.
In CILogon, we support a long list of standards including OpenID Connect, OAuth, JSON Web Tokens, SAML [Security Assertion Markup Language], LDAP, certificates, and public keys.
We provide all these capabilities in a nonprofit, open-source, reliable, hosted software-as-a-service offering from NCSA, which manages our resources, contracting, and subscription process.
The goal of providing it as a service is that we understand that identity and access management software is fairly complex to operate, so we have a team on the CILogon project with the needed operational experience. We provide that as a service to a variety of research projects so they don't have to become experts in the software themselves -- they can just rely on us.
Institutions can make it available to the research projects that their researchers are part of. Because we're using standards like SAML, Shibboleth, and the InCommon Federation, we connect with what the institutions are doing because so many institutions in the US and around the world are part of these academic research and education federations.
We are compatible with the identity and access management services that are already on campus, and we're providing the glue to make that work with research cyberinfrastructure.
TRUSTED CI: Can you give some specific examples or scenarios of the kind of infrastructure you're describing; who might be connecting to that and why?
First, I'll talk about different types of applications.
We see in different science projects that scientists may use a science gateway, which is a web portal that hosts a variety of science applications and data through a web interface. They may be logging in to an HPC cluster to submit a large simulation. They may create a Jupyter Notebook to develop their reproducible workflow for their scientific work. They may be posting results and having discussions on wikis or mailing lists. They might also be developing services and deploying them on Kubernetes. These are some of the services that we get requests to integrate with a common identity and access management system.
LIGO [Laser Interferometer Gravitational-Wave Observatory] is an example of a scientific collaboration that uses many of these services and is a CILogon subscriber. LIGO is an international collaboration making it possible for the researchers that are part of that collaboration to access all of these different applications in a convenient way. This means that they can get access to the signals from the scientific instrument so that they can quickly analyze those results and publish their scientific results in a collaborative and secure way.
We're focused on the academic research and scholarship use case and that's a very broad set of researchers -- thousands of researchers on thousands of campuses across the US and many more globally.
On one end of the scale, we serve the research project that is only one or two investigators with some grad students on one campus. Then on the other end of the scale are international collaborations that may have thousands of participants. By offering a software-as-a-service platform that has these common integration points and is easy to get connected to, we intend to make it easy both for the small projects and larger projects to take advantage of the services.
TRUSTED CI: Do they pay for this service?
We have a free tier and then we have paid tiers that provide additional functionality and that also provide the contracted service-level agreements that especially the larger research projects depend on.
TRUSTED CI: Any restrictions on your target audience? In other words, do you have to be a US facility to be a paid client or a free client or could it be any other country?
It's not restricted to US facilities or just to NSF projects. Our requirement is that you do need to be focused on academic research. We're not serving the commercial research space.
In part, our target audience is meant to be compatible with what's called the REFEDS Research and Scholarship Entity category. That's an internationally recognized identity management policy about information sharing between academic institutions to support research using Federated Identity. That really enables all the work that we do with CILogon.
It's very important for us to stay within the bounds of that policy focused on the academic research use case.
TRUSTED CI: Do you have many international users?
Yes. We currently have about 8,000 active users each month and a significant percentage of those users are international. For example, we have over 100 active users from CERN [the European Organization for Nuclear Research]. We also see users from Germany, the UK, Italy, the Czech Republic, South Korea, Australia, and elsewhere.
TRUSTED CI: Anything else our readers need to know that is not documented on the website?
Everything should be documented on the CILogon website, and users can log in right from there.
TRUSTED CI: Talk a bit more about your support structure and particularly the paid tiers.
We have three tiers that are described on the website where your readers can find more details.
We call the no-charge tier our basic authentication tier. As the name implies, it's just providing our authentication service without any group management or attribute management -- just a basic authentication service with best-effort support.
The first paid tier is called Essential Collaboration Management. That adds the collaboration support -- the onboarding and offboarding, groups, attributes, and roles that are managed through open source software called COmanage. We publish that information into an LDAP directory and a SAML attribute authority providing multiple standard interfaces to the information about the researcher’s role in the collaboration. When a collaboration subscribes to that tier, that gives them the ability to manage that information about their collaboration in our environment.
The full-service tier includes all those capabilities plus it adds the SciTokens capability and adds Grouper for advanced access management and also provides dedicated service instances for more customized capabilities and improved performance.
TRUSTED CI: What is the chronology of CILogon?
CILogon grew out of NSF grants back in 2004 called GridShib for grid computing and Shibboleth. Combining those two technologies, we've built up the capability thanks to several NSF grants over the years, along with a Department of Energy grant. We had our first CILogon award from NSF in 2009 but we built that using software that was developed from the 2004 GridShib award [NSF award 0438385]. CILogon went live in 2010 with the free service tier.
In 2019, we transitioned from grant funding to the subscription funding model. We're now in our second year of subscription funding support.
Except for some core operational support that we get from XSEDE [the Extreme Science and Engineering Discovery Environment], which is really critical for the sustainability of that free tier, we are fully subscriber-funded.
TRUSTED CI: Are there other collaborators that you want to mention?
Scott Koranda is my co-PI. Scott works for a company called Spherical Cow Group. And of course, none of this would be possible without InCommon.
TRUSTED CI: Are there other things you've spawned from CILogon that are adding additional value?
Grouper and COmanage are existing products that we integrated into the CILogon service offering. Out of CILogon, SciTokens is one example where we spun off research building on some of the existing CILogon technology, developed new capabilities, and are bringing it back into the CILogon operational service.
TRUSTED CI: Is the software available to others?
All of our software is open source and published on GitHub.
The RCauth.eu service in Europe is an example of offering similar services using our open source software. Other large infrastructure providers can take the software and operate it themselves if they’d like, though we believe there is significant value provided by the CILogon operational team through our software-as-a-service offering.
___
This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, 1547268, and 1548562 and by the Department of Energy under award number DE-SC0008597. CILogon operations is supported by subscribers.
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
Tuesday, January 21, 2020
Transition to Practice success story: Boston University - Secure multiparty computation and the Boston Women's Workforce Council
We can have security, privacy and confidentiality in pay gap analysis across many companies
[Want to learn the basics about Transition to Practice? Read an introduction to the Trusted CI Cybersecurity Technology Transition to Practice (TTP) program >>]
Boston University (BU) has been working with the Boston Women's Workforce Council (BWWC) since 2014 to help them understand the root causes and range of the gender wage gap and measure progress toward the goal of 100% equal pay for equal work. Secure multiparty computation (secure MPC) was the only way to get this measurement without compromising the privacy of the data, and without the risk and expense of a third-party data arbiter.
There is a lot of value from sharing data, but the more data you have, the more it can be breached, or others can use in ways you don’t want. MPC allows secure collaborative analysis of private data.
To learn more, we spoke with Mayank Varia, a research associate professor in the computer science department at Boston University (BU).
His personal research interests center around cryptography—both innovations within the field of cryptography and connecting it to problems throughout the rest of computer science and beyond such as the social sciences. He is also the co-director of the Center for Reliable Information Systems and Cyber Security (RISCS).
Trusted CI: Please tell us about the scope of your work, and how secure MPC fits into that.
M.V. RISCS is a group of people throughout BU who have either interest in cybersecurity research or interest in research studies dealing with cybersecurity generally. That includes areas like law, economics, philosophy, or areas beyond traditional computer science that are impacted by things like cybercrime, nation-state influencing, legal questions, and so on. Our group wants to see secure multiparty computation deployed around the world.
Trusted CI: What is secure MPC? What do you see as the primary benefits of secure MPC? What value does it bring to users?
M.V. Secure MPC allows organizations, state officials, companies, governments, etc., that each have private data to do collaborative analysis to learn about the data without sharing any of the data with anyone else.
You can do collaborative analysis of data that remains in these organizations’ own systems without it being breached or revealed to any other party. They don't need to find some trusted arbiter who holds the data in order to compute things for them. They can get the benefits of doing collaborative analysis, such as any kind of data science, without sacrificing the privacy or the security of the underlying data.
Trusted CI: Tell us about the use case example with the city of Boston, who the client(s) are, how the connection was made between the researchers and the users, what value they received from secure MPC, how long it took for the project, and whether they still use it.
M.V. BU has been working with the Boston Women's Workforce Council since 2014, but the story starts in 2013. BWWC was created by Mayor Thomas Menino before he retired. Creating it was one of his last big initiatives. His goal was to make Boston the premier city for working women. He brought together lots of people who had been thinking about the gender equity problem.
They wanted to understand root causes of wage gap and address them—what gets measured gets done. The goal was 100% equal pay for equal work.
They also wanted to measure how well they were doing towards that goal. The initial pledge called on any company that signs on to agree to participate in data analysis to determine what the wage gap was across the city of Boston.
When Mayor Menino retired, he met Azer Bestavros here at BU and mentioned they were stuck on the measurement component because the data was sensitive and had to remain private. Azer was familiar with secure MPC. Within a year, they convinced about 90 companies to join the compact.
MPC was the only way to get this measurement to happen. It's much cheaper, safer, easier, and more effective for nobody to have access to the data than for somebody to have access to the data.
Trusted CI: How does secure MPC keep the data secure?
M.V. Each company has their own payroll information. Each company goes to the website (100talent.org) where they can drag and drop a spreadsheet that represents their payroll information. It’s the same format they already use for the Equal Employment Opportunity Commission.
They click a button, sending the data to two different places. Data is being split such that the real data is not going anywhere, but fake encoded data is going to two separate places.
The data is being encoded in such a way that one piece of the data is going to the Boston Women's Workforce Council and one piece of the data is going to Boston University. And these two pieces have the property that individually they look like random garbage. There's no meaning in the data that Boston University gets or that the Boston Women's Workforce Council gets. But the data has the property that the two of us working together can still do an analysis over the data even though each one of us individually has no idea what it says.
Trusted CI: Who would be the broader set of target users for secure MPC? What challenges would they have that secure MPC might solve?
M.V. MPC has value but there are a few constraints for an application to be amenable to MPC. It must have pieces that involve multiple organizations. Or rather, that it crosses privacy silos. It could be even various divisions within one company that are not interested in sharing data with each other. It doesn't have to be a corporate boundary, but there must be a privacy/security boundary that's being crossed.
You'd want scenarios where there's some interesting data analysis that has either commercial or social value—where the result of the calculation is something that is safe to share, safe to make public. It should have social benefit, but the data is sensitive, protected, and can't be revealed. This is when MPC can help.
It takes a while to tease out of the researchers what they really want, as opposed to just the questions they think they can answer. The benefit of MPC is it helps them figure out what is the real question they are after. Social scientists are very good at thinking about those questions. And we can help them with how to go about doing that in a way that doesn't breach privacy and confidentiality.
Trusted CI: What if people want to use the secure MPC assets, how do they access them?
M.V. We have several software packages that are available and are open-source on GitHub (github.com/multiparty) that anyone can use:
1. web-MPC - very easy to use
2. JIFF – web-based but more flexible, can do more complicated analysis, but requires more tuning
3. Conclave - for high-performance data processing at scale, where you have hundreds of gigabytes of data, and can run on the cloud
Trusted CI: Is there any type of support structure?
M.V. We have a group of professional software engineers and we are happy to collaborate with any interested parties. We also have a Collaboratory of many different interested companies. And we're always happy to have new members join. We have a website that's separate from our GitHub repository: multiparty.org.
Trusted CI: Please tell us more about the secure MPC Transition to Practice journey.
M.V. After I joined BU in 2015, I connected with Professor Azer Bestavros who, as previously stated, had learned about Boston’s need through former Mayor Menino. Azer is not a cryptographer, but he knew of MPC, so he started working with our group. It was all very serendipitous.
Since then we've been working with the Boston Women's Workforce Council for the past five years. The goal is to do an analysis every year or every other year to get a longitudinal analysis of whether we are moving rapidly towards a world of equal pay for equal work. The first calculation happened in 2015 once we built the software and started running it. The second one in 2016 and the third one in 2017. They chose not to do one in 2018. The most recent one happened in 2019. All of the 2016-17 data analyses are publicly available on the City of Boston website.
Not only did they have a problem where MPC could help, they tried solving the problem without MPC and failed. But one of the hardest pieces towards getting adoption of MPC is for people to even know that it's possible. If they had found a trusted third party that they were all somehow magically willing to use and that was willing to take the data, then this probably never would have happened.
Trusted CI: What is the chronology of MPC?
M.V. MPC has been researched since the mid-1980s as a theoretical concept, but there have been rapid advances in the last 5 years to make it practical and take it out of the lab, and benefit from faster computers. While BU has been doing theoretical research in MPC for a while, the interaction with the Mayor's office has spurred several tech transition opportunities and catalyzed even more research from our group. We are very grateful to the National Science Foundation for sponsoring all of these recent endeavors under grants #1430145 (SCOPE), #1414119 (MACS), #1718135, #1739000, 1915763 and 1931714.
Trusted CI: Are you creating a business model for transitioning secure MPC to practice, like a services model?
M.V. We are very interested in working with technology transfer partners to deploy this technology. Companies like Red Hat and Honda are interested in partnering with us and giving us grants as a university to continue this development. Because it's a symbiotic relationship, it's in their interest to see these products continue to be developed, to continue to be matured, to continue to be made faster, to be made better. Everything is also open source, so anyone is free to use it.
This work is partially supported by the National Science Foundation under Grants #1430145 (SCOPE), #1414119 (MACS), #1718135, #1739000, 1915763 and 1931714. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
[Want to learn the basics about Transition to Practice? Read an introduction to the Trusted CI Cybersecurity Technology Transition to Practice (TTP) program >>]
Boston University (BU) has been working with the Boston Women's Workforce Council (BWWC) since 2014 to help them understand the root causes and range of the gender wage gap and measure progress toward the goal of 100% equal pay for equal work. Secure multiparty computation (secure MPC) was the only way to get this measurement without compromising the privacy of the data, and without the risk and expense of a third-party data arbiter.
There is a lot of value from sharing data, but the more data you have, the more it can be breached, or others can use in ways you don’t want. MPC allows secure collaborative analysis of private data.
To learn more, we spoke with Mayank Varia, a research associate professor in the computer science department at Boston University (BU).
His personal research interests center around cryptography—both innovations within the field of cryptography and connecting it to problems throughout the rest of computer science and beyond such as the social sciences. He is also the co-director of the Center for Reliable Information Systems and Cyber Security (RISCS).
Trusted CI: Please tell us about the scope of your work, and how secure MPC fits into that.
M.V. RISCS is a group of people throughout BU who have either interest in cybersecurity research or interest in research studies dealing with cybersecurity generally. That includes areas like law, economics, philosophy, or areas beyond traditional computer science that are impacted by things like cybercrime, nation-state influencing, legal questions, and so on. Our group wants to see secure multiparty computation deployed around the world.
Trusted CI: What is secure MPC? What do you see as the primary benefits of secure MPC? What value does it bring to users?
M.V. Secure MPC allows organizations, state officials, companies, governments, etc., that each have private data to do collaborative analysis to learn about the data without sharing any of the data with anyone else.
You can do collaborative analysis of data that remains in these organizations’ own systems without it being breached or revealed to any other party. They don't need to find some trusted arbiter who holds the data in order to compute things for them. They can get the benefits of doing collaborative analysis, such as any kind of data science, without sacrificing the privacy or the security of the underlying data.
Trusted CI: Tell us about the use case example with the city of Boston, who the client(s) are, how the connection was made between the researchers and the users, what value they received from secure MPC, how long it took for the project, and whether they still use it.
M.V. BU has been working with the Boston Women's Workforce Council since 2014, but the story starts in 2013. BWWC was created by Mayor Thomas Menino before he retired. Creating it was one of his last big initiatives. His goal was to make Boston the premier city for working women. He brought together lots of people who had been thinking about the gender equity problem.
They wanted to understand root causes of wage gap and address them—what gets measured gets done. The goal was 100% equal pay for equal work.
They also wanted to measure how well they were doing towards that goal. The initial pledge called on any company that signs on to agree to participate in data analysis to determine what the wage gap was across the city of Boston.
When Mayor Menino retired, he met Azer Bestavros here at BU and mentioned they were stuck on the measurement component because the data was sensitive and had to remain private. Azer was familiar with secure MPC. Within a year, they convinced about 90 companies to join the compact.
MPC was the only way to get this measurement to happen. It's much cheaper, safer, easier, and more effective for nobody to have access to the data than for somebody to have access to the data.
Trusted CI: How does secure MPC keep the data secure?
M.V. Each company has their own payroll information. Each company goes to the website (100talent.org) where they can drag and drop a spreadsheet that represents their payroll information. It’s the same format they already use for the Equal Employment Opportunity Commission.
They click a button, sending the data to two different places. Data is being split such that the real data is not going anywhere, but fake encoded data is going to two separate places.
The data is being encoded in such a way that one piece of the data is going to the Boston Women's Workforce Council and one piece of the data is going to Boston University. And these two pieces have the property that individually they look like random garbage. There's no meaning in the data that Boston University gets or that the Boston Women's Workforce Council gets. But the data has the property that the two of us working together can still do an analysis over the data even though each one of us individually has no idea what it says.
Trusted CI: Who would be the broader set of target users for secure MPC? What challenges would they have that secure MPC might solve?
M.V. MPC has value but there are a few constraints for an application to be amenable to MPC. It must have pieces that involve multiple organizations. Or rather, that it crosses privacy silos. It could be even various divisions within one company that are not interested in sharing data with each other. It doesn't have to be a corporate boundary, but there must be a privacy/security boundary that's being crossed.
You'd want scenarios where there's some interesting data analysis that has either commercial or social value—where the result of the calculation is something that is safe to share, safe to make public. It should have social benefit, but the data is sensitive, protected, and can't be revealed. This is when MPC can help.
It takes a while to tease out of the researchers what they really want, as opposed to just the questions they think they can answer. The benefit of MPC is it helps them figure out what is the real question they are after. Social scientists are very good at thinking about those questions. And we can help them with how to go about doing that in a way that doesn't breach privacy and confidentiality.
Trusted CI: What if people want to use the secure MPC assets, how do they access them?
M.V. We have several software packages that are available and are open-source on GitHub (github.com/multiparty) that anyone can use:
1. web-MPC - very easy to use
2. JIFF – web-based but more flexible, can do more complicated analysis, but requires more tuning
3. Conclave - for high-performance data processing at scale, where you have hundreds of gigabytes of data, and can run on the cloud
Trusted CI: Is there any type of support structure?
M.V. We have a group of professional software engineers and we are happy to collaborate with any interested parties. We also have a Collaboratory of many different interested companies. And we're always happy to have new members join. We have a website that's separate from our GitHub repository: multiparty.org.
Trusted CI: Please tell us more about the secure MPC Transition to Practice journey.
M.V. After I joined BU in 2015, I connected with Professor Azer Bestavros who, as previously stated, had learned about Boston’s need through former Mayor Menino. Azer is not a cryptographer, but he knew of MPC, so he started working with our group. It was all very serendipitous.
Since then we've been working with the Boston Women's Workforce Council for the past five years. The goal is to do an analysis every year or every other year to get a longitudinal analysis of whether we are moving rapidly towards a world of equal pay for equal work. The first calculation happened in 2015 once we built the software and started running it. The second one in 2016 and the third one in 2017. They chose not to do one in 2018. The most recent one happened in 2019. All of the 2016-17 data analyses are publicly available on the City of Boston website.
Not only did they have a problem where MPC could help, they tried solving the problem without MPC and failed. But one of the hardest pieces towards getting adoption of MPC is for people to even know that it's possible. If they had found a trusted third party that they were all somehow magically willing to use and that was willing to take the data, then this probably never would have happened.
Trusted CI: What is the chronology of MPC?
M.V. MPC has been researched since the mid-1980s as a theoretical concept, but there have been rapid advances in the last 5 years to make it practical and take it out of the lab, and benefit from faster computers. While BU has been doing theoretical research in MPC for a while, the interaction with the Mayor's office has spurred several tech transition opportunities and catalyzed even more research from our group. We are very grateful to the National Science Foundation for sponsoring all of these recent endeavors under grants #1430145 (SCOPE), #1414119 (MACS), #1718135, #1739000, 1915763 and 1931714.
Trusted CI: Are you creating a business model for transitioning secure MPC to practice, like a services model?
M.V. We are very interested in working with technology transfer partners to deploy this technology. Companies like Red Hat and Honda are interested in partnering with us and giving us grants as a university to continue this development. Because it's a symbiotic relationship, it's in their interest to see these products continue to be developed, to continue to be matured, to continue to be made faster, to be made better. Everything is also open source, so anyone is free to use it.
This work is partially supported by the National Science Foundation under Grants #1430145 (SCOPE), #1414119 (MACS), #1718135, #1739000, 1915763 and 1931714. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
Subscribe to:
Posts (Atom)