On April 24, the Center for Long-Term Cybersecurity (CLTC) welcomed a group of students currently enrolled in the UC Berkeley School of Information’s (I School) Masters in Information and Cybersecurity (MICS) program, an online degree program that prepares students with the cybersecurity skills needed to assume leadership positions in private-sector technology companies as well as government and military organizations.
The students were on campus for a three-day “immersion” designed to complement the online curriculum. Over the course of three days, they enjoyed a wide range of experiences, including visits to Bay Area companies, a “capture the flag” security game, a cybersecurity executive management role-playing simulation, and conversations with industry leaders.
The three-hour session at CLTC was the closing event for the immersion, and provided the MICS students with an opportunity to hear presentations about a wide range of research topics.
“We fund faculty and students across campus who are doing cybersecurity research broadly envisioned, with the notion that the long-term health of the digital ecosystem depends on a full spectrum of research, from basic research or theoretical computing to elements that are psychological, behavioral, political, and commercial,” explained Ann Cleaveland, Executive Director of CLTC, in her opening remarks. “We’ve funded over 80 projects across 10 departments, and we’re really excited to bring you some of those talks today.”
Among the researchers who presented was Jessica Cussins Newman, Research Fellow and Al Policy Specialist for CLTC and the Future of Life Institute, who provided an overview of her recently released report, Toward Al Security: Global Aspirations for A More Resilient Future. Using an “AI Security Map” as an organizing framework, the report provides an analysis of the AI strategies for 10 countries, based on a range of social, political, and economic variables.
“There is significant divergence in terms of how all these countries are addressing AI,” Cussins Newman said. “Human rights, disinformation, and reducing inequalities are only mentioned by one or two actors, and less than half are looking at the potential for malicious use of AI, such as the automation of cyberattacks.”
The MICS students also heard a presentation by Max Curran, a PhD candidate in the I School, who explained his research on using custom-fit, in-ear electroencephalography (EEG) to achieve one-step, three-factor authentication. Curran explained that, with ear pieces capable of reading thoughts based on the electrical activity in the brain, three factors of authentication—knowledge, possession, and inherence—can be achieved in a single step.
“Memorizing a password is a pain, but memorizing an activity that you like do to might be easier, like repeating a part of a favorite song, or imagining executing your favorite activity in sports,” Curran said. “With this system, the inherence factor comes from your brain being unique to you; brain activity from every single person is different. The knowledge factor is having knowledge of a pass-thought that only you know. And the possession factor is having the ear piece. You think your thought and get all three factors in a single step.”
Fattaneh Bayatbabolghani, a Postdoctoral Scholar and Lecturer from the UC Berkeley School of Information, presented on “Enforcing Input Correctness in Secure Multi-Party Computation Techniques,” while Serge Egelman, Research Director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI), presented “Mobile App Privacy Analysis with AppCensus,” detailing how his team has developed infrastructure to measure the privacy behaviors of Android apps. Last year, Egelman’s team used this infrastructure to examine children’s apps’ compliance with the Children’s Online Privacy Protection Act (COPPA) and found that a majority of applications in the Google Play Store appear to be violating this federal law.
Alisa Frik, Postdoctoral Fellow in the International Computer Science Institute, presented her project, “Smart Home Surveillance of Domestic Employees,” which addresses how the expanding use of smart home devices affects the privacy of individuals who did not choose to deploy them—and may not even be aware of them—including in-home employees, such as nannies. “We plan to run interviews and surveys with both nannies and employers to see, what are the power dynamics, what are the concerns, and what can designers do to make the situation better?”
Alexei Efros, Professor in the Department of Electrical Engineering and Computer Sciences, presented “Learning Photo Forensics,” an overview of how advances in photo editing and manipulation tools have made it significantly easier to create fake imagery. “We are trying to find ways to detect if people have Photoshopped images,” Efros explained. “What we want to do is detect this but also have an undo button and see what as there before. It’s a hard problem, but we’re making progress.”
Following lunch, Chris Hoofnagle, Professor in the School of Information and School of Law, presented the program’s keynote talk, “Quantum and Cybersecurity: Making Sense of the Hype,” an overview of the current state and expectations for quantum cybersecurity. “There is a ton of hype around quantum,” Hoofnagle said. “In any given week you can find a news article that claims there’s going to be a privacy apocalypse right around the corner…. But quantum computing is really hard. You have to get everything right to make one of these devices work.”
The MICS students posed insightful questions throughout the day and engaged in lively dialogue with the researchers. To close out the event, the students wrote out notes of appreciation about their immersion experience; their comments were read aloud by fellow participants.
In their overwhelmingly positive remarks, students praised the “opportunity to meet everyone in person,” with one noting that “this immersion was well beyond my expectation.”
“I appreciate meeting everyone in person and getting to know more about each other outside the program,” one student wrote. “The passion and enthusiasm for the subject of cybersecurity has made a huge difference in this journey.”