Think about the startling international news stories surrounding the hacking of our American voting files and the Meltdown and Spectre bugs, the two recently announced security flaws that can expose personal data to hackers and could potentially affect Linux systems, along with computers and devices running Windows, Mac, and other operating-system software. These and many other news events prove the resounding importance of cybersecurity in today’s uncertain world. The significance of cybersecurity is also reflected in the coursework and research flourishing in our Electrical and Computer Engineering (ECE) Department, which has also demonstrated its commitment to computer-related security by collaborating with five other campus departments to form the new University of Massachusetts Cybersecurity Institute.
The perfect example of the growing cybersecurity emphasis in the ECE curriculum is a new course for undergraduates being developed by ECE Professor Wayne Burleson, who is also a co-director of the Cybersecurity Institute.
“I helped develop a security course at the undergraduate level, which is a new thing for ECE, a 300 level course [ECE 371] that I am leading,” says Burleson. “It’s a lab course. The idea is that by learning how to break and break into systems, the students learn many things that will help them design and build more secure systems.”
Burleson adds that “ECE faculty members have been going through a full curriculum revision, and the faculty decided to introduce security earlier, in the third year.”
The new undergraduate cybersecurity course joins a quartet of graduate-level courses already embedded in the curriculum. ECE Professor Aura Ganz teaches ECE 544/644 Trustworthy Computing. ECE Professor Israel Koren runs ECE 597CR/697CR Introduction to Cryptography. And Burleson has two graduate cybersecurity courses, ECE 547/647 Security Engineering and a new course, ECE 597RE/697RE Reverse Engineering.
As Professor Ganz describes her Trustworthy Computing Course: “The Internet age of universal electronic connectivity is vital for every aspect of our lives and our economy. It enables businesses, transportation, electronic banking, health records, as well as entertainment. To maintain the integrity of the Internet, it is vital to protect and defend this infrastructure from malicious viruses, worms, eavesdropping, electronic fraud, denial-of-service attacks, etc. In this course we introduce the fundamentals of network security as well as provide a practical survey of network security applications and standards as implemented on the Internet and for corporate networks.”
Introduction to Cryptography is a course on the theory and practice of cryptography, which involves creating written or generated codes that allow information to be kept secret. Cryptography converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without anyone decoding it back into a readable format, thus compromising the data. “The main focus is on how crypto algorithms and protocols work, and how they can be applied in the real world,” writes Koren about his course.
What’s the difference between cybersecurity as covered in the ECE curriculum and cybersecurity as taught in our neighboring College of Information and Computer Sciences? It’s a question that Burleson says often comes up among potential students. “In general,” he explains, “electrical and computer engineering tends to do more hardware security, and computer science tends to do more software, although there are exceptions in both cases. It’s a little tricky to distinguish, but what we offer in ECE is a much more hardware-intensive approach.”
The ECE department also boasts the new Cyber M.S. program for Raytheon students. “I helped establish that program,” says Burleson. “It’s modeled after the Raytheon Microwave program, in place in ECE for many years, in which Raytheon sends employees here fulltime for a year, then do a project back at Raytheon. Two students began this new Cyber M.S. program in the fall of 2017, and ECE is hoping to expand this program to BAE Systems and others.”
Incoming ECE students, both undergraduate and graduate, who are focused on cybersecurity as a future career path could do no better than to get involved with some of the multiple research projects dealing with cybersecurity. The ECE department now has at least a dozen faculty members whose labs work on fascinating cybersecurity projects.
Take the captivating research of ECE Professor Hossein Pishro-Nik. As he explains, by exploiting a wealth of user-specific data to improve user experiences, the Internet of Things (IoT) will revolutionize people’s lives in the decades ahead through such phenomena as smart cities, connected vehicles, smart homes, and connected healthcare devices. However, as we’ve witnessed with recent much-publicized data hacks, the sharing of such info can compromise users’ privacy. Now Pishro-Nik is the principal investigator (PI) on a $1-million grant from the National Science Foundation to study this issue so critical to the adoption of the IoT. The new proposal is entitled “A Unified Framework for IoT Privacy.”
The proposal’s co-PIs are Professors Dennis Goeckel of ECE and Amir Houmansadr of the College of Information and Computer Sciences.
Pishro-Nik’s project highlights an important and fundamental challenge critical to the science of cyber-physical systems. As he says, “Even if IoT data [are] carefully anonymized, significant privacy leaks can occur due to the sheer amount of the data generated and the use of powerful mathematical techniques by an adversary to match current behavior with traces of past user behavior.”
This project will develop a systematic approach to understand the fundamental underpinnings of privacy in IoT systems and develop verifiable private IoT implementations that are robust to uncertainties in the models.
Another good example is the cybersecurity research of ECE Professor Lixin Gao, who was recently selected to this year’s list of the Networking Networking Women (N2 Women) “Stars in Computer Networking and Communications,” previously known as “10 women in networking /communications that you should KNOW.”
Gao is director of the Multimedia Networking and Internet Lab, which focuses on enhancing the reliability and security of the Internet, including research on wired and wireless networks as well as Internet backbone networks. Current research topics include manageability and reliability of future routing systems, programmable routers for network virtualization, and multimedia streaming in the Internet.
Here’s another example of timely research. ECE Professors Qiangfei Xia and J. Joshua Yang led a team of scientists who have developed a groundbreaking new type of hardware security device enabled by memristors, or resistive switching devices, as described in an article in the prestigious scientific journal Nature Communications. The title of the article is “A Novel True Random Number Generator Based on a Stochastic Diffusive Memristor.” This work paves the way for memristors in hardware security applications for the era of the IoT.
As the research team says in its Nature Communication article, “The intrinsic variability of switching behavior in memristors has been a major obstacle to their adoption as the next generation universal memory. On the other hand, this natural stochasticity can be valuable for hardware security applications. Here we propose and demonstrate a novel true random number generator utilizing the stochastic delay time of threshold switching in an Ag:SiO2 [silver : silicon dioxide] diffusive memristor, which exhibits evident advantages in scalability, circuit complexity, and power consumption.”
Burleson and Pishro-Nik are also involved in an exploratory research program on unmanned aerial systems (UAS), which recently received one of the $100,000 Science and Technology Grants issued to campus faculty from the University of Massachusetts President’s Office. The UMass Unmanned Aerial System Research and Education Collaborative (or UMassAir) is being established to study unmanned aerial systems, also known as drones, and advance cutting-edge, interdisciplinary, collaborative research and education.
One aspect is UAS operational safety, security, privacy and reliability. A key area of research is to study security approaches, measures, and technologies to prevent hacking and cyberattacks against UAS, intended to explore potential threats to UAS operations and countermeasures and eliminate or minimize their negative impacts.
The ever-increasing emphasis on cybersecurity in ECE is one reason why Burleson helped create the Cybersecurity Institute, a five-department, multi-disciplinary focal point for security research and education at UMass. The institute brings together dozens of internationally recognized faculty from across five UMass Amherst schools and colleges to address the critical, cross-industry need for innovative security research and well-trained cybersecurity professionals in the region. Working with partners in government, industry, and academia, the institute seeks to advance scientific and societal understanding of pressing issues related to the field.
The institute is a fairly young entity,” says Burleson. “and in some ways is basically a wrapper for the outside world to look at with a lot of things that are going on. Among many other things, the institute is a brand, it’s a website, and it’s a placeholder for many very important future activities.”
Burleson says that “I really have to give credit to Professor Brian Levine in the College of Information and Computer Sciences for founding the institute and the UMass Provost Katherine Newman at the time. They put together this idea to have an institute that would span four or five departments and secured a President’s Science and Technology Grant in 2015.”
Faculty that are part of the Institute work in research areas spanning security and privacy challenges in networking and communications, embedded systems, software engineering, software systems, applied cryptography, policy, fintech, and more.
As the institute’s official website explains, “Across many colleges, we offer a world-class curriculum in security as part of certificates and B.A., B.S., M.S., and Ph.D. degrees. The Institute's core mission is to create a sustained cybersecurity community, bringing together not only faculty from the UMass campus and the Five-College consortium, but also partners across government, industry, and academia in New England to advance scientific and societal understanding of the pressing issues raised by cybersecurity.”
Burleson says that one main benefit of the institute is that it’s a mechanism for cross-disciplinary interaction. “Really, it’s about networking,” says Burleson. “Connecting, shared seminars, shared discussions about recruiting, kind of figuring out which departments will cover which areas. A lot of it also has a lot to do with external visibility.”
For instance, as Burleson says, “When a company visits campus, it might want to know what we have formally set up in terms of cybersecurity. This institute gives us something concrete and demonstrable for connecting all the cybersecurity elements across campus. Grantsmanship is also a big part of it. The institute nurtures lots of interdisciplinary research efforts which result in external grants, but these are not under the umbrella of the institute.”
As part of the institute, the UMass Amherst Graduate-level Certificate in Information Security is offered by the College of Information and Computer Sciences. The program is open to the public and offers comprehensive training in information technology security, policy, and risk management. The program's aim is to help students build the sought-after skills and knowledge needed to distinguish themselves in a highly competitive field by offering comprehensive training in information technology, policy, and risk management. It is an academic sequence of five courses that altogether comprise an official certificate from UMass Amherst.
Among many other activities, the institute also features a student-run Cybersecurity Club to hold seminars, inform students about cybersecurity related topics, and teach students useful skills in the cybersecurity field. Another event for the institute was to initiate an annual Massachusetts cybersecurity conference.
This article touches only the virtual tip of the iceberg of cybersecurity efforts in the ECE department, but the faculty have been mobilizing, and will continue to mobilize, as the department deploys its finest resources to deal with the growing problems of security for the Internet, computers, systems, and numerous electronic devices. (February 2018)