Welcome!

News Feed Item

Cybersecurity Protocol that Fends off Automobile Hacks Named to Popular Science Magazine's List of Top 100 Technologies of the Year

Software Protection Developed by Researchers at NYU Tandon School of Engineering, University of Michigan Transportation Research Institute, and Southwest Research Institute

BROOKLYN, N.Y., Oct. 18, 2017 /PRNewswire/ -- A protocol for protecting automotive software updates from hackers was today named one of the top 100 technologies of the year — the Best of What's New— by Popular Science magazine. Uptane is an open-source framework that aims to safeguard the more than 100 million lines of code in modern automobiles — code that experience and experiments show is as vulnerable to hacking as the personal data more commonly targeted by cybercriminals.

NYU Tandon School of Engineering Logo (PRNewsFoto/NYU Tandon School of Engineering)

Uptane evolves the widely used TUF (The Update Framework), developed by NYU Tandon School of Engineering Associate Professor of Computer Science and Engineering Justin Cappos to secure software updates. Uptane is a collaboration of NYU Tandon, the University of Michigan Transportation Research Institute (UMTRI), and the Southwest Research Institute (SwRI), and is supported by contracts from the U.S. Department of Homeland Security, Science and Technology Directorate (DHS S&T).

Much like smartphone device makers, automobile manufacturers rely on remote updates to ensure that a vehicle's onboard software — which controls everything from airbag deployment to seat belt performance and braking systems — is up to date. However, without proper encryption and verification, those updates are vulnerable to viruses, malware, and ransomware — malicious attacks that may pose catastrophic safety issues. Uptane allows automobile manufacturers to verify the security of third-party software prior to issuing an update and stores the encryption keys for software updates offline.

"As cars become increasingly connected, it's critical to incorporate the same rigorous security infrastructure that we rely on with other cyber-physical systems such as smart grids, medical devices, and industrial monitoring systems," said Cappos. "Mounting a widespread vehicle software attack is complex but entirely possible, and now is the time to put the necessary safeguards in place."

Uptane was chosen among nine technologies in the Security category of the Best of What's New Awards and is featured in the December issue of Popular Science.  "The Best of What's New Awards honor the innovations that shape the future," said Joe Brown, editor in chief of Popular Science. "From lifesaving technology to incredible space engineering to gadgets that are just breathtakingly cool, this is the best of what's new."

To learn more about Uptane and the Best of What's New, visit www.popsci.com.

About the New York University Tandon School of Engineering
The NYU Tandon School of Engineering dates to 1854, the founding date for both the New York University School of Civil Engineering and Architecture and the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly). A January 2014 merger created a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention and entrepreneurship and dedicated to furthering technology in service to society. In addition to its main location in Brooklyn, NYU Tandon collaborates with other schools within NYU, the country's largest private research university, and is closely connected to engineering programs at NYU Abu Dhabi and NYU Shanghai. It operates Future Labs focused on start-up businesses in downtown Manhattan and Brooklyn and an award-winning online graduate program. For more information, visit http://engineering.nyu.edu.

www.facebook.com/nyutandon  @NYUTandon

NYU Tandon Professor Justin Cappos with examples of automotive components that Uptane can protect from malicious software: the instrument panel, which hackers can attack to indicate a car is traveling safely when it is in fact speeding and a gas gauge that might not signal when the tank is nearing empty; pictured right, the actuator that control the brakes.

View original content with multimedia:http://www.prnewswire.com/news-releases/cybersecurity-protocol-that-fends-off-automobile-hacks-named-to-popular-science-magazines-list-of-top-100-technologies-of-the-year-300538678.html

SOURCE NYU Tandon School of Engineering

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Serverless applications increase developer productivity and time to market, by freeing engineers from spending time on infrastructure provisioning, configuration and management. Serverless also simplifies Operations and reduces cost - as the Kubernetes container infrastructure required to run these applications is automatically spun up and scaled precisely with the workload, to optimally handle all runtime requests. Recent advances in open source technology now allow organizations to run Serv...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It's clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Th...
The benefits of automated cloud deployments for speed, reliability and security are undeniable. The cornerstone of this approach, immutable deployment, promotes the idea of continuously rolling safe, stable images instead of trying to keep up with managing a fixed pool of virtual or physical machines. In this talk, we'll explore the immutable infrastructure pattern and how to use continuous deployment and continuous integration (CI/CD) process to build and manage server images for any platform....
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. This...
Is advanced scheduling in Kubernetes achievable?Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? In his session at @DevOpsSummit at 21st Cloud Expo, Oleg Chunikhin, CTO at Kublr, answered these questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and co...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cloud environments. The winners in the cloud services industry will be those organizations that understand how to leverage these technologies as complete service solutions for specific customer verticals. In turn, both business and IT actors throughout the enterprise will need to increase their engagement with multi-cloud deployments today while planning a technology strategy that will constitute a ...
GCP Marketplace is based on a multi-cloud and hybrid-first philosophy, focused on giving Google Cloud partners and enterprise customers flexibility without lock-in. It also helps customers innovate by easily adopting new technologies from ISV partners, such as commercial Kubernetes applications, and allows companies to oversee the full lifecycle of a solution, from discovery through management.
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...