College of Computing News

Students Compete for $125,000 in Funding for Cutting-Edge Cybersecurity Projects

From phishing scams to forensic cyberattack software, the next big security breakthrough will debut at the Cybersecurity Demo Day Finale on April 12.

Last fall, Georgia Tech students brought ideas on the cutting-edge of cybersecurity research to the Georgia Tech Cybersecurity Summit. The most promising teams continued in the competition with entrepreneurial coaching from VentureLab.

[RSVP now for the IISP Demo Day Finale]

Now the top five Georgia Tech student teams will present their projects with a TED-esque talk in front of business leaders like entrepreneur Christopher Klaus, managing partner for Tech Square Ventures Blake Patton, and vice president of strategy and product design at IBM Security Kevin Skapinetz. These teams are competing for $125,000 prize pool that includes: $5,000 cash, a spot in the Create-X Startup LAUNCH incubator –  with $20,000 toward a prototype, $50,000 in legal services, and 27-weeks of free business mentoring – and eligibility for a $50,000 grant from the National Science Foundation.

We sat down the four School of Computer Science teams to learn more about their projects and what they hope to achieve at Demo Day.

"Phish or Fish"

Tony Zhaocheng Tan, with Anisha Bandihari and Simon Chung

What is your project?
Phishing, where an attacker sends an email under false pretenses to trick users into giving up their passwords, is the first step in many high-profile cyberattacks, such as the Democratic National Convention hack of 2016. Currently, the industry solution is to train users to hover over links and identify suspicious messages and websites. When this tedious and ineffective solution inevitably fails, users are often blamed for the fallout.

In this project, we propose to mitigate phishing by providing users with a more effective and usable interface. When a user clicks on an unknown link in an email, we automatically present them with a page that displays succinct and necessary information to help the user to make the right decision. By making critical security information easily accessible, but only when necessary, we can draw attention to anomalies and avoid user fatigue that often plagues typical security software.

What made you interested in entering Demo Day?
We entered Demo Day primarily to showcase our project and invite feedback from the public and industry.

If you win Demo Day, what would you do with the funds?
If we win Demo Day, we plan to use new resources to continue the development of our project in furtherance of cybersecurity.

"rtCaptcha"

Erkam Uzun

What is your project?
Today, there is a new trend in replacing passwords with biometric authentication, and it seems it will be used widely in the future since it is easy to adopt. Major companies (e.g., Uber, Alipay and Mastercard) are using these services for biometric authentication. In our research, we found that many third-party, cloud-based services are providing audio and facial authentication to other large organizations, but their methods are prone to primitive spoofing attacks. The common mistake of current systems is that they still use simple challenges, such as smiling and blinking to prevent spoofing attacks. Any system that uses a fixed challenge like that is not secure. The challenge should always be randomized.

We are making the challenge harder by sending unpredictable requests in a Captcha image form and limiting the response time in order to rule out manipulation. The response time is a normal human response/reflex time to start reading a text when presented one. In our user study, the overall response time of the participants is less than a second (we fix this time to two seconds to eliminate false rejections).

In this way, rtCaptcha strengthens the computational challenge by forcing adversaries to figure out what the authentication tasks are and quickly combine them by synchronizing the voice, face, and personal knowledge of an individual in a way that appears lifelike. We force attackers to show, share, and say what only an individual could know  – and do that in less than two seconds.

What made you interested in entering in Demo Day?
We want to improve and commercialize rtCaptcha and reach to companies that are using or have potential to use audio/visual authentication.

If you win Demo Day, what would you do with the funds?
We will possibly use the funds to advertise our technology. A spot in the Create-X Startup LAUNCH incubator is a great advantage to improve our technology by getting mentoring services from real business experts.

"OSS Police"

Ashish Bijlani, Ruian Duan, and Meng Xu

What is your project?
We are building a cloud-based audit platform for businesses that offers software under dual free/commercial licenses terms. This system quickly detects mobile apps violating a businesses’ licensing terms and creating new customers. Multiple companies have already expressed interest in using the technology.

What made you interested in entering in Demo Day?
We see Demo Day as a great opportunity to present our technology, share progress, and get valuable feedback. It will help us to be seen under a spotlight. We are very excited about it.

If you win Demo Day, what would you do with the funds?
We plan to invest the funds to further our engineering and customer discovery process. 

"RAIN: Refinable Attack Investigation with On-demand Inter-process Information Flow Tracking"

Yang Ji, with Evan Downing, Mattia Fazzini, Sangho Lee, and Weiren Wang

What is your project?
RAIN pushes the granularity of cyber forensic analysis to a new level. It is able to reproduce any previous program state to recover the data causal relations at the lowest instruction level. Notably, RAIN incurs a low runtime overhead (less than 5 percent) to the program by using a record replay technique. We believe RAIN can help improve the analysis accuracy of many data breach incidents, such as Equifax and Yahoo!, by reporting which piece of data were exactly leaked without false positive.

What made you interested in entering in Demo Day?
Demo Day is a great platform for us to showcase recent research results to other interested people such as peer researchers and industries. It builds a channel for us to receive feedback to further improve our work. Also, it gives us a chance to earn more support to future research.

If you win Demo Day, what would you do with the funds?
We would like to extend the current prototype to a full commercial level and try deploying it in real systems.