Eaton partnership boosts cybersecurity learning and research
For cybersecurity students in RIT’s new Eaton Lab, the first step in fixing a product is to break it.
“That’s the goal of our penetration tests,” said Issa Hafiri, a computing security graduate student from Palestine, who’s working in the Eaton Lab. “Look at the internet-connected device from an attacker’s perspective and figure out how to leverage its vulnerabilities.”
Beginning last fall, a team of three students and one lecturer began the partnership with Eaton Corp., a global power management company that offers an array of electrical products and services. By performing penetration tests and vulnerability analysis on internet of things devices created by Eaton, students are gaining hands-on experience while helping the company better secure their new products.
“There is a demand for cybersecurity talent throughout the U.S.,” said Max Wandera, director of Eaton’s Product Cybersecurity Center of Excellence (CoE), Electrical Sector. “The lab allows Eaton to leverage our experience to train students majoring in computing security at RIT on our products and build trust and branding that will help Eaton tap into this top talent.”
In the extracurricular lab, Hafiri strategizes with Christian Halbert, a fifth-year computing security student from Nunda, N.Y., Kegan Sovay, a third-year computing security student from Canton, N.Y., and Robert Olson, a lecturer in RIT’s Department of Computing Security. Every few weeks the team receives a new Eaton product to dissect.
The devices come with an architectural review for students to better understand how the device works and would be used in the field. While some devices may need to communicate securely with cloud services using Bluetooth, others could be web-facing and vulnerable to denial-of-service attacks. Security can’t be overlooked.
“We appreciate Eaton’s assistance in providing field experience to students,” said Olson, who is also technical director of the SAFE (Security Assessment and Forensics Examination) Lab in RIT’s Center for Cybersecurity. “This type of hands-on, experiential learning is critical for understanding offensive methodologies and will help students whether they choose to pursue defensive or offensive security roles in the future.”
After analyzing the attack surface of the product and its functionality, the team determines the best avenue of attack and commences the authorized penetration test. From the test results, they develop a comprehensive written assessment that details hardware and software security weaknesses in the product and the associated risks.
“This process is a fun challenge,” said Halbert. “It changes your mindset from looking at the process step-by-step, like in an academic lab, to looking at security from a broad sense.”
Throughout the spring semester, the team will continue their work with Eaton. They even hope to see familiar products come back their way, with a few modifications.
“We’ll get products back and see that the problem is gone because of something that we did,” said Hafiri. “People rely on your work to make their products more secure, and that’s really rewarding.”
July 19, 2019
RIT incorporates ‘soft skills’ elective into engineering educational curriculum
As part of a growing trend in enriching engineering education, RIT has approved a new course in soft skills for engineers. The one-credit elective course, originally piloted in the last academic year, has been approved as a credit-bearing option for students in RIT’s College of Engineering Technology and will begin in September.
July 18, 2019
Continued concern over FaceApp's ties to Russia
WHAM-TV talks to student Nicole Baldwin, applied arts and sciences, and Jonathan Weissman, senior lecturer of computing security, about security concerns surrounding FaceApp, a mobile app that transforms faces in photo.
July 16, 2019
RIT Tigers make game used as a therapeutic tool for children and families
A therapeutic game called Space Adventure designed by an RIT class officially launched this month on the Rochester Society for the Protection and Care of Children (SPCC) website. The SPCC specializes in supporting families whose lives have been impacted by trauma.
July 16, 2019
NSF funds RIT project to help other colleges earn federal STEM grants
In an effort to expand science, technology, engineering and math (STEM) education for all, RIT is developing a new program to help other colleges compete for federal government funding that supports programming for talented, low-income students.