Update 11/16/2011: This work was also mentioned in a CACM article Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at the University of South Carolina and Rutgers University. Dr. Wenyuan Xu, an assistant professor in the department of computer science and engineering at USC and the lead investigator on the project, said tire pressure monitoring communications systems in many new cars are not properly secured, allowing anyone to eavesdrop on the wireless communication and send false messages to drivers.
Most new cars manufactured or sold in the U.S. after 2007 are equipped with the tire pressure monitoring system. As technology evolves and more wireless sensors and devices are introduced into cars, Xu said carmakers need to pay more attention to securing wireless communication before more serious vulnerabilities emerge. For example, although not a reality yet, if the tire pressure reading is used to assist the stability control, then sending a forged message with the wrong tire pressure could be dangerous. USC researchers and their colleagues at Rutgers University studied tire-pressure monitoring systems (TPMS), the devices that monitor air pressure inside tires and trigger a dashboard warning if a tire’s pressure drops.
Researchers were able to intercept the wireless signals 120 feet away from the car using a simple receiver. “Hopefully, as a result of our project, the security and privacy concerns from consumers will push the car industry to design in-car wireless networks with security and privacy in mind,” Xu said. Virtually all new cars use direct TPMS, which relies on wireless technologies. Since wireless communication is prone to eavesdropping and malicious hacking, the researchers wanted to analyze the security and privacy aspects of the first widely used wireless systems, Xu said. “Since the wireless communication contains unique identifiers of each car, it is possible to track vehicles by listening to the tire pressure monitoring system’s wireless communication,” Xu said. “Further, we have shown that we can transmit false messages to make the car trigger the ‘low pressure warning light’ on the dashboard while all tire pressures are normal. We managed to ‘damage’ the tire pressure monitoring system by sending false messages.”
Xu is a co-author of the paper, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” and presented it at the USENIX Security Symposium in Washington, D.C., earlier this month. The automotive security and privacy research project is a joint project between USC and the Wireless Information Network Laboratory (WINLAB) at Rutgers. USC students Ishtiaq Rouf, Hossen Mustafa and Travis Taylor, along with Rob Miller, Sangho Oh, Marco Gruteser, Wade Trappe and Ivan Seskar from Rutgers participated in the project. Most of the experiments were conducted at USC. Computerworld has an article on the research into the vulnerabilities of cars' tire pressure monitor systems performed by Dr. Xu and her collaborators. MIT's Technology Review has another similar article.
The new entry, "Virtual USC," is taking shape at the College of Engineering and Computing to provide an insider's virtual tour of the Carolina Horseshoe. "This is going to be very cool," said Duncan Buell, the professor of computer science who guided a group of 10 undergraduate students involved in the software application's development during the spring semester. Buell is aiming for a prototype smart phone tour of the Horseshoe in which users can click on Gamecock icons embedded in a campus map to reveal historic and contemporary interior pictures of several buildings.
Among highlights will be the South Caroliniana Library and the Gressette Room in Harper College. University Archives provided historical photos and University Technology Services provided current pictures. "Once we get the first couple of stops on the tour done adding more of them won't be conceptually difficult," said Buell, adding that tours of each building will take users through an animation that walks them to a starting point where they can then access other available images. "With a program like this, once you get the basic structure of the app done, adding locations means a little more work and having to worry about bandwidth and things like that, but it's not that much more of an effort."
Buell embarked on the project with the intent of producing an app for an Android smart phone that would be relevant to a National Endowment for the Humanities-funded computer gaming institute at the University this summer. The institute is a project of the University's Digital Humanities Initiative. "The first couple of weeks the students just brainstormed on various ideas along the lines of, ‘What could you do with a mobile phone like this, and how could you use a location awareness to know where you were and pull up something of interest?' "Gradually, we converged on this project as something that could be done in 15 weeks and end up with close to a 100 percent professional product. It's not really a game, but once you get an app like this built out you can change the content and the programming and easily put it into something else, like a scavenger hunt. "The hard part of the programming is getting all the pieces to fit together with the maps, overlays, and the images," said Buell. "It's not hard dealing with the content once you have it. So this project is partly an adaptation to what we could undertake that was interesting and relevant."
The 10 students were drawn from three different computer science courses. They had worked as programmers and helped come up with the design and structure of the overall software. Once the Android app is working, the next project will be to port it to the iPhone, "a huge difference because the programming is very different," Buell said. The group has also drawn on the expertise of faculty members in the University's Digital Humanities Initiative who offered guidance on such things as the app's visual elements and other factors that would add to its user friendliness and appeal. Buell anticipates that once the app is perfected for both Android and iPhones, it could be adapted to a wide variety of other campus uses. These could include wider virtual tours of the campus, plant or museum tours envisioned by Allison Marsh, an assistant professor of history who supervises the museum track in the history department's public history program, or applications like teaching outdoor courses that link GPS coordinates with radio frequency ID chips positioned at various locations on campus. "You could do a lot of fun applications like this and even expand it to Columbia and the Vista," Buell said. By Office of Publications
Since 2004 our REU site has hosted student interns overt the summer and provided them with the opportunity to conduct research under the supervision of our faculty. The program also includes multiple special events such as seminars, workshops, visits to local industry and other social activities. The experience helps students learn to work in a professional environment and provides them with a competitive edge when applying to graduate schools.
The program continues to be a large success, with students attending from Universities across the country and many of them going on to do graduate studies in computer science. The program has had a total of 63 participants, about 9 to 11 per year, with over half of them for under-represented minority groups and almost a third female. About 90% of the student participants present their research at regional or national conferences. A recent research project involved the design and implementation of programs for mote communication and tests of its performance under different combinations of temperature and humidity.
Professor Chin-Tser Huang, an assistant professor in the Department of Computer Science and Engineering, recently received an NSF grant for his project titled Dynamic Early Filtering of Botnet Garbage Traffic".
Currently in the Internet there is an increasing number of unwanted, unsolicited "garbage" packets mainly generated by botnets, which can launch Distributed Denial-of-Service attacks, worm attacks, and spam. These garbage packets are allowed to traverse the Internet to cause severe traffic burdens, waste communication resources, and disrupt the Internet's normal functions. Such packets need to be discarded as close to their sources as possible to increase the availability and reliability of the Internet.
This project aims to address the above problem by establishing a comprehensive and sustainable architecture that coordinates the routers in the Internet to filter out botnet garbage packets from Internet traffic as early as possible. The architecture comprises four major components: rule generation component, rule dissemination component, rule management component, and rule security component. The objective is to investigate and quantify the tradeoff between the saved bandwidth originally consumed by the garbage traffic and the throughput slowdown introduced by the routers' extra filtering overhead, and find optimal solutions under the tradeoff function. The evaluation plan will use benchmarks developed under various traffic traces and network topologies to evaluate the performance of the developed algorithms and technologies, and derive insights on how far and wide the filtering rules should be disseminated and installed under different attack scenarios in order to optimize the performance.
The Computer Science and Engineering and its ACM Student Chapter played host to the first Columbia Code Camp right here in the Swearingen building. The event is organized by the Columbia Enterprise Developers Guild and is a meeting of local and invited software developers where they can learn from each other how to use the latest technologies.
By all accounts the event was a major success with over 160 people in attendance. The rooms in Swearingen were filled to capacity and over $10,000 in swag (including two Backberry devices, one XBox Elite, more than 80 books, and many software licenses) was given away. The agenda included talks on technical topics such as LINQ to SQL Tricks and Tips, Parameter sniffing, Silverlight, iPhone SDK, Windows Presentation Foundation as well as general talks on career and wages.
The event was made possible in part by our ACM Student Chapter and other student volunteers who helped visitors find their way around Swearingen and coordinated the use of the facilities.
Below are a few photos from the event. You can view more by visiting the Columbia CodeCamp's flickr page.