Filtered by: Security

NUS Presidential Young Professor of Computer Science Reza Shokri Named VMware Early Career Faculty Award recipient

31 May 2021 Department of Computer Science , Faculty , Artificial Intelligence , Security

1 June 2021 – Assistant Professor Reza Shokri was recently awarded the VMware Early Career Faculty Award, a grant program that recognises the next generation of exceptional faculty members from universities all over the world.

Learn more ...


Dr. Reza Shokri and co-authors win IEEE Security and Privacy Test-of-Time Award

25 May 2021 Department of Computer Science , Faculty , Security

25 May 2021 – NUS Presidential Young Professor of Computer Science Reza Shokri and his co-authors have won the prestigious IEEE Security and Privacy (S&P) Test-of-Time Award 2021. The award recognises research papers that have made a broad and lasting impact on both research and practice in computer security and privacy.

Learn more ...


Disney+ won't allow VPN users to access overseas version of video streaming service

16 February 2021 Department of Computer Science , Faculty , News Media , Systems & Networking , Security

 

It may not be possible for some Singaporeans to get their fix of The Mandalorian Star Wars TV series by using technological tricks to watch an overseas version of Disney+, such as before the video streaming service launches here officially on Feb 23. The Walt Disney Company told The Straits Times that in line with the Disney+ subscriber agreement, it does not allow users to access Disney+ using a virtual private network - to bypass geographical restrictions - in a territory where the service is not yet live.

 Associate Professor Liang Zhenkai from the National University of Singapore (NUS) said that when a person uses a VPN, Disney cannot directly detect the overseas clients at the network level.

"These undetected IP addresses used by the VPN service are not easily blocked. If Disney gradually recognises the VPN provider's network, they can block it later," said Prof Liang, who is from NUS' Department of Computer Science.

This could happen if, for example, Disney detects a large number of unrelated users sending in requests from the same IP address, which suggests a delegation service like a VPN service is being used. But Prof Liang said that if the Disney+ app is used for streaming, there are other methods to recognise whether the client is from a different country, such as using the app store's region or global positioning system information of a mobile device.

Learn more ...


Three Singapore smart home hub, Wi-Fi router brands carry new cyber-security label

30 December 2020 Department of Information Systems & Analytics , Faculty , News Media , Security

 

Smart home hubs and Wi-Fi routers from local brands Aztech, HomeAuto Solutions and Prolink are the first technology products to carry cyber-security labels similar to the energy-efficiency labels on home appliances.

Sold on e-commerce platforms such as Lazada and Shopee, four products from these three brands have been given the Level 1 rating under the Cybersecurity Labelling Scheme (CLS), which is aimed at helping buyers gauge how exposed they are to risks.

The Level 1 rating means the device maker has ensured that there is a unique default password and that software updates are automatically pushed to the products. The CLS - a voluntary tiered rating system administered by the Cyber Security Agency of Singapore (CSA) - was launched in October.

Checks by The Straits Times found that the prices of the four CLS-labelled products are comparable to those of non-labelled counterparts. For instance, a single unit of the labelled Wi-Fi router from Prolink costs $150, while one unlabelled Wi-Fi router from TP-Link's Deco X20 line is priced at $149.

Experts have, however, said that labelled products could cost markedly more - such as when, for a higher rating, a manufacturer sends its product to an external laboratory to test its resistance to cyber attacks. This is because complying with the requirements for higher ratings involve "significant effort and resources", said Associate Professor Goh Khim Yong from the National University of Singapore's School of Computing.

While some consumers said they would be willing to pay a small premium for a more secure product, most indicated that they would prioritise other factors such as user-friendliness and reliability over cyber security.

Learn more ...


NUS scientists develop computational tool to help design safer devices

29 December 2020 Department of Computer Science , Faculty , News Media , Security

 

As the world embraces the Internet of Things (IoT), more and more everyday appliances are being connected to the Internet so that people can monitor those appliances remotely. While this makes our lives more convenient, there is a looming threat of cybercriminals using these devices to gain access to sensitive data.

Now, scientists from the National University of Singapore’s School of Computing (NUS Computing) have made it easier to guard against that. They have developed a software tool that can simulate hacker attacks, and which provide an automated way to protect the design. This helps designers create more secure computer chips.

The software works by simulating a physical hardware attack known as laser fault injection. To accomplish this on a real device, the cyber-criminal would first partially disassemble the hardware to gain access to its silicon chip without interrupting its operation. Then, they use a laser to generate a processor error. This throws the gates open, allowing them to extract data and security information.

Previously, it was expensive to protect chips against this kind of attack because they had to be tested manually. If the chip fails the test, the design must start over. The NUS software, called the Laser fault Attack Benchmark Suite or LABS, can now simulate attacks in a wide variety of situations and demonstrate how the chip reacts. All this can be done without having to manufacture a single chip. This helps chip designers figure out how to repel the attack, and even trick the attackers into thinking they have succeeded. With this software, chip manufacturers will be able to simulate any device, and results are available within minutes.

The NUS scientists, led by Assistant Professor Trevor E. Carlson and Professor Peh Li Shiuan, have made the software open source so researchers and the chip design community can use it, or help make it better.

Learn more ...


Protecting IoT devices from attack

28 December 2020 Department of Computer Science , Faculty , Feature , Systems & Networking , Security

 

In 2017, a casino in North America reported that their database had been hacked. The news in itself wasn’t surprising — more than 5,000 such breaches took place last year — but the cause of the leak was: a fish tank.

Learn more ...


Beyond the classroom: Innovations that change the world

14 December 2020 Department of Computer Science , Faculty , News Media , Systems & Networking , Security

 

Lettuce, mint and even tomatoes – Singaporeans may soon be able to grow these vegetables and more in their HDB flats.

Having witnessed “a deep psychological fear” when COVID-19 sparked panic buying here, Toby Fong and his team – superFARM – decided to bolster the nation’s food security. Their plan? Encourage green fingers through home-based farming.

“When we think about food security, it’s usually at a national level so it almost feels like the individual (is disconnected) from the entire food security equation,” said Toby, who graduated with a Master’s from NUS Architecture this year.

Under the “Make Our People Better” category, Toby, NUS Computing graduate Lim Hui Qi and NUS Arts and Social Sciences graduate Ong Jun Ren will design modular farming units that can fit into the smallest of homes. These units can also be customised for bigger spaces.

The plan is to transform niche hydroponics systems into functional mini-farms. In the next six months, half of their $50,000 funding will go to research such as field testing and online surveys, while the rest will be used for prototype development.

The team also wants to expand the individual’s role in food security to make sustainability a way of life.

“We want to recalibrate people’s attitude and behaviour to encourage responsible food consumption,” said Toby.

Learn more ...


Assistant Professor Jun Han and collaborators win Best Poster Runner-Up Award at SenSys 2020

08 December 2020 Department of Computer Science , Faculty , Research , Systems & Networking , Security

8 December 2020 – Assistant Professor Jun Han, Computer Science PhD student Sriram Sami, and final-year undergraduates Yimin Dai (Computer Science) and Sean Rui Xiang Tan (Computer Engineering), as well as Assistant Professor Nirupam Roy from the University of Maryland, won the Best Poster Runner-Up Award at the 18th ACM Conference on Embedded Networked Sensor Systems (SenSys 2020).

Learn more ...


Robot vacuum cleaners can be used by hackers to 'spy' on private conversations: NUS study

08 December 2020 Department of Computer Science , Faculty , News Media , Systems & Networking , Security

 

When your robot vacuum cleaner does its work around the house, beware that it could pick up private conversations along with the dust and dirt. Computer scientists from NUS have demonstrated that it is indeed possible to spy on private conversations using a common robot vacuum cleaner and its built-in Light Detection and Ranging (Lidar) sensor.

The novel method, called LidarPhone, repurposes the Lidar sensor that a robot vacuum cleaner normally uses for navigating around a home into a laser-based microphone to eavesdrop on private conversations.

The research team, led by Assistant Professor Jun Han from NUS Computer Science, and his doctoral student Mr Sriram Sami, managed to recover speech data with high accuracy. NUS students, Mr Dai Yimin and Mr Sean Tan Rui Xiang, as well as Assistant Professor Nirupam Roy from the University of Maryland, also contributed to this work.

Mr Sami shared, “The proliferation of smart devices – including smart speakers and smart security cameras – has increased the avenues for hackers to snoop on our private moments. Our method shows it is now possible to gather sensitive data just by using something as innocuous as a household robot vacuum cleaner. Our work demonstrates the urgent need to find practical solutions to prevent such malicious attacks.”'

The core of the LidarPhone attack method is the Lidar sensor, a device which fires out an invisible scanning laser, and creates a map of its surroundings. By reflecting lasers off common objects such as a dustbin or a takeaway bag located near a person’s computer speaker or television soundbar, the attacker could obtain information about the original sound that made the objects’ surfaces vibrate. Using applied signal processing and deep learning algorithms, speech could be recovered from the audio data, and sensitive information could potentially be obtained.

Learn more ...


New practices needed to stay safe online in era of working from home

08 December 2020 Department of Computer Science , Faculty , News Media , Systems & Networking , Security

 

Say "no" when your child asks to use your work laptop to do his schoolwork, or set up a different user account on the work laptop for different activities.

There are ways to reset habits and practices for a more digitally secure 2021 as working and e-learning from home become the new normal even after Covid-19, said panellists at The Straits Times Reset 2021 Webinar Series: Digitalisation And Cyber Security on Wednesday.

The panellists comprised of Associate Professor Steven Wong from the Singapore Institute of Technology, Mr David Koh, chief executive of the Cyber Security Agency of Singapore; Associate Professor Chang Ee-Chien from the National University of Singapore School of Computing; and Mr Benjamin Ang, head of the Cyber and Homeland Defence Programme at the Centre of Excellence for National Security, a policy research think-tank.

Prof Chang suggested segregating devices at home by individual or workflow. For example, as far as possible, children should use a different desktop or laptop from the ones their parents use for work.

"If that is not possible, then try to segregate by setting up different user accounts on a laptop. Even if you have your own machine, you can segregate accounts for work, for family, or for playing games," he said.

"Segregation is about setting up security parameters, so that when something happens within that parameter it will not spill over to other (areas)."

Learn more ...


Seven NUS professors lauded for their work and service

08 December 2020 Department of Computer Science , Faculty , News Media , Programming Languages & Software Engineering , Security

 

NUS has honoured seven exceptional educators, researchers and professionals at the NUS University Awards 2020. The annual event recognises individuals for their outstanding contributions in the areas of education, research and service to the University, Singapore and the global community.

Professor Dong Jin Song from the NUS' School of Computing was given the University Research Recognition Award for developing a software verification framework that has more than 4,000 users from over 150 countries.

NUS President Professor Tan Eng Chye lauded the award winners for being role models for the university community. “Each award winner has exemplified the spirit of excellence with an indomitable spirit. They are truly esteemed individuals – beacons and pathfinders who inspire us to better ourselves and to scale new heights even in times of crisis. NUS is proud to celebrate their dedication and distinguished accomplishments,” he said.

Learn more ...


60 years of facial recognition: The hidden perils behind Singapore’s ‘facial recognition era’

27 November 2020 Department of Computer Science , Faculty , News Media , Security , Media

 

In recent years, the Singapore government has tapped on facial recognition for various purposes as part of its ‘smart nation’ initiative. For instance, Changi Airport’s Terminal 4 uses facial recognition technology for various purposes such as passenger check-in, immigration and boarding, while GovTech launched a launched the "Lamppost-as-a-Platform" project, which outfits some 95,000 traditional lampposts in the country with a network of wireless sensors and cameras to support urban and transportation planning and operations.

Associate Professor Terence Sim from the School of Computing at the National University of Singapore stated in an exclusive interview with China-based news website The Paper that there are trends of facial recognition technology being abused, and that laws protecting such technology could be further strengthened. He also elaborated further on privacy issues regarding such technology.

Learn more ...


Hackers hijacking WhatsApp accounts by asking for security codes

23 November 2020 Department of Computer Science , News Media , Systems & Networking , Security , Media

 

When a secondary school friend contacted him out of the blue a few months ago asking for a verification code on WhatsApp, administrative executive Tan Jun Heng, 25, did not suspect anything was amiss.

His friend simply claimed to have "accidentally" sent the code to his number. But within seconds of sending the code, Mr Tan was automatically locked out of his own WhatsApp account. It had been hijacked.

Mr Tan and his friends are among a growing pool of WhatsApp users who have become victims of social hacking, where scammers use already hijacked social media accounts to contact victims by posing as their friends or family.

National University of Singapore's Associate Professor Chang Ee-Chien, whose research interests include data privacy, said the impersonation tactics used by hackers are "very low-tech, but very effective, as people tend to trust their friends or family".

With full access to their victim's account, hackers may then exploit the victim's personal relationships and ask for money from friends or family. Or, if they glean enough information about their victim's place of employment, they may also target the victim's workplace, added Prof Chang. 

However, experts say, there are preventive measures that users can take to prevent such attacks.

Ms Wong and AiSP executive committee member James Tan said setting up a two-step verification process on your WhatsApp account can prevent others from signing in to it. Users should not click on suspicious looking links, even if they are purportedly from friends or family, they added.

For impersonation scams, however, "the only solution is to not trust people", said Prof Chang. He added: "It is very important that you must presume that whoever is speaking to you on the other end is not your friend."

Learn more ...


NUS team develops tool that can assess vulnerability of AI systems to attacks

10 November 2020 Department of Computer Science , Faculty , Research , News Media , Security

 

National University of Singapore (NUS) researchers have developed a tool to safeguard against a new form of cyber attack that can recreate the data sets containing personal information used to train artificial intelligence (AI) machines.

The tool, called the Machine Learning (ML) Privacy Meter, has been incorporated into the developer toolkit that Google uses to test the privacy protection features of AI algorithms.

In recent years, hackers have figured out how to reverse-engineer and reconstruct database sets used to train AI systems through an increasingly common kind of attack called a membership inference (MI) attack.

Assistant Professor Reza Shokri, who heads the research team behind ML Privacy Meter, said such attacks involve hackers repeatedly asking the AI system for information, analysing the data for a pattern, and then using the pattern to guess if a data record was used to train the AI system.

Prof Shokri likened MI attacks to thieves probing for weak spots in a house's walls and doors with a needle before breaking in. "But the thief is not going to break in with the needle. Now that he knows (where the weak spots are), he is going to come with a hammer and break the wall," he said.

ML Privacy Meter helps AI developers through a scorecard showing how accurately attackers could recreate the original data sets and suggests techniques to guard against actual MI attacks. The Privacy Meter is the result of three years of work to create an easy-to-use tool which helps programmers see where the weak spots in their algorithms are.

Google started using the tool earlier this year. The tool is open-source, meaning that it can be used for free by other researchers or companies around the world.

"Our main focus was to build an easy-to-use interface for anybody who knows machine learning, but might not know anything about privacy and cyber attacks," said Prof Shokri, who is Iranian by birth and moved to Singapore in 2017. 

The NUS research team that developed the Machine Learning Privacy Meter also consists of master's student Mihir Khandekar, 24, doctoral student Chang Hongyan, 24, research assistant Aadyaa Maddi, 22, and doctoral student Rishav Chourasia, 24.

Learn more ...


How hackers use sound to unlock the secrets of your front door key

25 August 2020 Department of Computer Science , Faculty , Research , News Media , Security

 

A group of security researchers from the department of computer science at the National University of Singapore has created an attack model they call SpiKey to determine the key shape that will open any tumbler lock.

Soundarya Ramesh, Harini Ramprasad and Jun Han are the talented hackers behind SpiKey, which they say "significantly lowers the bar for an attacker," when compared to a more traditional lock-picking attack. The theoretical methodology is deceptively simple, listening for the sound of the key as it moves past tumbler pins in turn when the key is inserted in the lock.

The Singapore hackers use a simple smartphone to record the sound of the key being inserted, and withdrawn, with a smartphone and then observe the time between each tumbler pin click using their custom key reverse-engineering application. This forms the secret of the key, the fine-grained bitting depths which, the researchers report, can differ by as little as 15 milli-inches, or 0.381 millimeters.

"As SpiKey infers the shape of the key, it is inherently robust against anti-picking features in modern locks," the research paper states, "and grants multiple entries without leaving any traces."

Learn more ...


Asian Institute of Digital Finance to fund three NUS Computing research projects

19 August 2020 Department of Computer Science , Department of Information Systems & Analytics , Faculty , Research , Systems & Networking , Security , FinTech , Intelligent Systems

 

19 August 2020 – The Asian Institute of Digital Finance (AIDF) will be funding three research projects by NUS Computing Associate Professors He Bingsheng, Huang Ke-Wei and Liang Zhenkai.

Learn more ...


Enhancing digital privacy by hiding images from AI

02 July 2020 Department of Computer Science , Faculty , News Media , Security

2 July 2020 – In one second, the human eye can only scan through a few photographs. Computers, on the other hand, are capable of performing billions of calculations in the same amount of time. With the explosion of social media...

Learn more ...


Restore privacy with visual distortion

01 July 2020 Department of Computer Science , Faculty , Research , News Media , Security

 

New research by a team of NUS Computing professors is promising to restore privacy to individuals by making their online images unrecognisable to even the most advanced facial recognition technologies.

Led by Professor Mohan Kankanhalli, Dean of NUS Computing, the research team from NUS Computer Science has developed a technique that safeguards sensitive information in photos by making subtle changes that are almost imperceptible to humans, but render selected features undetectable by known algorithms.

Learn more ...


More options for NSF cyber specialists as Mindef and NUS tie-up for new work-learn programme

01 June 2020 Department of Computer Science , Faculty , News Media , Security

Full-time National Servicemen (NSF) who are cyber specialists can now take modules from NUS Computing’s Information Security programme, after the signing of a Memorandum of Understanding for a new Work-Learn Programme by Dean Mohan Kankanhalli and Defence Cyber Chief Brigadier-General Mark Tan.

The academic credits earned in the programme can be counted towards a full degree.

Learn more ...


Making Bitcoin Safer — By Breaking It

25 November 2019 Department of Computer Science , Faculty , Research , Feature , Security

In Greek mythology, Erebus is the primeval god of darkness, son of Chaos. It’s also the region of the underworld, where souls pass through after dying. The word is so evocative of gloom and shadows that naming one of the most dangerous types of Bitcoin attacks after it seems only fitting.

Learn more ...