Researchers at Waterloo’s Cybersecurity and Privacy Institute have received funding from the National Cybersecurity Consortium (NCC) under the Cyber Security Innovation Network program. This funding marks a significant milestone for CPI, Waterloo and the NCC, reinforcing a commitment to advance Canada’s cybersecurity ecosystem.
Twenty eligible projects were awarded a combined total of $11.2 million across three categories — commercialization, research and development, and training.
Among these, six projects had direct involvement or collaboration with Waterloo, collectively amounting to $3.3 million, representing approximately 30 per cent of the total awards. Notably, four out of the six projects fell under the research and development category, securing 44 per cent of the funds designated for research and development proposals.
Members of CPI will collaborate with industry partners Mastercard, BlackBerry, eSentire, Acronis, Ericsson, RMDS Innovation, Arcfield, Continental, Sera4 and Palitronica Inc.
Academic partners Concordia University, University of Manitoba, University of Alberta, University of New Brunswick and École Polytechnique de Montréal will also team up with CPI researchers on various initiatives.
The complete list of funding recipients and collaborators, please see NCC 2023 Funded Projects.
• Read the full article on Waterloo News
Research and development projects with Cheriton School of Computer Science researchers
Designing a Scalable and Performant Confidential Backup System — $370,036
Project description: Data backup systems use data deduplication techniques, to reduce the stored data size, support more users, and reduce service costs. Data deduplication is a widely used technique by modern cloud-based storage systems such as Acronis Cyber Protect and Dropbox. State-of-the-art techniques for deduplication require storing the data without encryption. Consequently, clients must have complete trust in the service provider and its cybersecurity protections. This trust model is unacceptable to clients and businesses with regulatory and privacy constraints. In this project, the research team will explore building Backup with Confidential Dedup (BCD), a backup system that performs data deduplication while keeping the data encrypted at the service provider.
Building Cyber Resilient and Secure 5G Network Through Automation and AI — $1,000,000
Project description: The shift towards 5G networks will be accompanied with the coexistence of previous generations (e.g., LTE 4G, which exposes 5G networks to security risks related to vulnerabilities of its predecessors due to the inter-working modes and the threats related to the cross-protocol attacks. 5G adoption of new enabling technologies (such as NFV, SDN, and network slicing) increases its attack surface. This project studies 5G security concerns by developing intelligent anomaly detection, mitigation and prevention mechanisms using Machine Learning and Artificial Intelligence solutions. Thereby providing mobile operators with automated, closed-loop control security mechanisms that secure their network against attacks that hinders their network availability, and ensure 5G clients the services they desire.
Next-Generation User Fingerprinting for Fraud Detection and Prediction — $288,099
Project description: Different people behave in different ways while visiting online websites or while engaging in the metaverse. This forms a user’s behavioural fingerprint, which can be used for benign or malicious purposes. This project collects various datasets with behavioural data from both real-world websites and the metaverse to determine which features of the collected data are useful for creating individual user fingerprints from these datasets. It will establish the potential of using these fingerprints for several purposes, including, user profiling, user impersonation, fraud detection, and fraud prevention. The goal is to detect and defend against fraudulent activities such as with credit cards.
Transfer Fuzzing for Devices without Firmware — $270,470
Project description: IoT device vulnerabilities are increasing. Recently the adoption of fuzzing techniques for automated vulnerability detection in IoT firmware has evolved but are limited because the need to obtain firmware for a particular device is hard. This project will address the challenge of transfer fuzzing. The idea is based on the observation that a device is expected to function similarly to its counterparts. As a result, if we can obtain firmware samples from the counterparts, we can fuzz test these samples and apply the fuzzing results to guide the testing of the target device. Solutions will benefit clients/customers who need to secure IoT devices for industrial and commercial usage.