War on Hackers

They're after everything from bank accounts to airplane GPS.

In today’s interconnected world, anything and everything digital is at risk of being hacked, from your social media profile to your bank account, even critical communication systems on ships and aircraft can be compromised. And as new technologies develop, cyber-attackers adapt, becoming more sophisticated, persistent, and stealthy.

NYU Abu Dhabi cybersecurity researchers, along with undergraduate and graduate students, are working on interdisciplinary cyber-defenses they say will not only safeguard sensitive data and systems, but also protect and mitigate risk to human life.

Among their biggest challenges, says Hoda Alkhzaimi, director of the NYU Abu Dhabi Center for Cyber Security, is staying ahead of rapidly changing technology and identifying vulnerable areas before attacks happen.

Alkhzaimi, a cryptology expert, designs algorithms that are trustworthy in both hardware and software and reliable in the real world, but she says the current “cryptographic algorithms we’re developing are not enough. We need to do more to build a holistic and resilient security design and analysis, on all levels.”

Cryptographic algorithms we’re developing are not enough. We need to do more.

Hoda AlKhzaimi

That’s because cyber-threats can affect all types of applications, said Alkhzaimi, “including avionics, autonomous systems, wearable medical devices like insulin pumps, and chips used to analyze brain activity.

“It broke in the news in 2008 ... signals (in pacemakers) were not encrypted so attacks were being facilitated.” It’s now a decade later and there’s finally efficient cryptography developed for some types of pacemakers, she says.

Attacks on pacemakers are just one heart-stopping example of how vulnerable technology can threaten human lives. Airplane communication and tracking systems are another.

“We rely heavily on IT systems for communication and navigation, and many of these systems are vulnerable to attacks,” explained Christina Pöpper, assistant professor of computer science, who works on communication security and wireless applications in her lab at NYU Abu Dhabi.

Satellite navigation systems like GPS, generally, “are inherently difficult to secure, and prone to insecurities … because they are an open communication medium, and based on publicly available data, which makes them easy to fake.”

In GPS spoofing, attackers transmit fake signals that can cause a receiver to compute and display the wrong location or time, resulting in wayward navigation.

Airplanes have a system on board called Automatic Dependent Surveillance Broadcast (ADS-B), which is used to announce the aircraft’s position and altitude without the need for radar. Pöpper says the technology is not secure and unprotected because of slow regulatory updates.

GPS signal arrival times cannot be cryptographically protected.

Christina Popper

To address the lack of GPS cryptographic protection on airplanes, Pöpper’s and Alkhzaimi’s collaborative research at NYU Abu Dhabi aims to expose security weaknesses in existing systems, and create a foundation for more secure systems in the future.

In a recent paper, the researchers leveraged multiple ADS-B receivers to pinpoint, first, that a spoofing attack was happening, and second, to identify the origin of the fake transmission. The idea, Pöpper explained, “is to process ADS-B signals collected on the ground in such a way that false data caused by a GPS spoofer can be detected and leveraged to localize the spoofer.”

NYU Abu Dhabi Associate Dean of Engineering Ozgur Sinanoglu is also working on innovative ways to thwart hackers. His research to securely test and configure computer chips by third-party companies received USD 300,000 in funding over three years from American technology giant Intel Corporation.