Eaton partnership boosts cybersecurity learning and research
For cybersecurity students in RIT’s new Eaton Lab, the first step in fixing a product is to break it.
“That’s the goal of our penetration tests,” said Issa Hafiri, a computing security graduate student from Palestine, who’s working in the Eaton Lab. “Look at the internet-connected device from an attacker’s perspective and figure out how to leverage its vulnerabilities.”
Beginning last fall, a team of three students and one lecturer began the partnership with Eaton Corp., a global power management company that offers an array of electrical products and services. By performing penetration tests and vulnerability analysis on internet of things devices created by Eaton, students are gaining hands-on experience while helping the company better secure their new products.
“There is a demand for cybersecurity talent throughout the U.S.,” said Max Wandera, director of Eaton’s Product Cybersecurity Center of Excellence (CoE), Electrical Sector. “The lab allows Eaton to leverage our experience to train students majoring in computing security at RIT on our products and build trust and branding that will help Eaton tap into this top talent.”
In the extracurricular lab, Hafiri strategizes with Christian Halbert, a fifth-year computing security student from Nunda, N.Y., Kegan Sovay, a third-year computing security student from Canton, N.Y., and Robert Olson, a lecturer in RIT’s Department of Computing Security. Every few weeks the team receives a new Eaton product to dissect.
The devices come with an architectural review for students to better understand how the device works and would be used in the field. While some devices may need to communicate securely with cloud services using Bluetooth, others could be web-facing and vulnerable to denial-of-service attacks. Security can’t be overlooked.
“We appreciate Eaton’s assistance in providing field experience to students,” said Olson, who is also technical director of the SAFE (Security Assessment and Forensics Examination) Lab in RIT’s Center for Cybersecurity. “This type of hands-on, experiential learning is critical for understanding offensive methodologies and will help students whether they choose to pursue defensive or offensive security roles in the future.”
After analyzing the attack surface of the product and its functionality, the team determines the best avenue of attack and commences the authorized penetration test. From the test results, they develop a comprehensive written assessment that details hardware and software security weaknesses in the product and the associated risks.
“This process is a fun challenge,” said Halbert. “It changes your mindset from looking at the process step-by-step, like in an academic lab, to looking at security from a broad sense.”
Throughout the spring semester, the team will continue their work with Eaton. They even hope to see familiar products come back their way, with a few modifications.
“We’ll get products back and see that the problem is gone because of something that we did,” said Hafiri. “People rely on your work to make their products more secure, and that’s really rewarding.”
May 15, 2019
RIT research helps artificial intelligence be more accurate, fair and inclusive
RIT has received a grant from the National Science Foundation to help make artificial intelligence smarter and more inclusive. The grant creates the Research Experiences for Undergraduates (REU) Site in Computational Sensing for Human-centered AI and will allow a total of 30 undergraduate students from across the country to spend 10 weeks at RIT.
May 15, 2019
RIT to gather computational astrophysics experts from across the globe for workshops in June
Scientists conducting cutting-edge research in computational astrophysics will converge at RIT for two workshops in June. Experts from RIT, NASA Goddard Space Flight Center, Berkeley and other prestigious institutions will speak at the events hosted by RIT’s Center for Computational Relativity and Gravitation.
May 14, 2019
RIT Esports competes with best colleges in the nation at ESPN Championships in Houston
A team of Hearthstone players represented RIT and joined 20 other top colleges at the first-ever ESPN Collegiate Esports Championship. RIT became one of the top four teams in the country and the three RIT student players received $7,500 in tuition scholarships.
May 13, 2019
Mobile apps give the blind and visually impaired a new sense of freedom
CNET features Kristen Shinohara, assistant professor in the Department of Information Sciences and Technologies.