Students, faculty and staff at UT may find their smartphones capable of securing sensitive data from their home computers, thanks to researchers from the University of Toronto.
David Lie, University of Toronto electrical and computer engineering professor, worked with other researchers from the University of Toronto as well as Concordia University in Montreal to develop a security software incorporating smartphone technology. Lie and his team have come up with a prototype of an application called “Unicorn: Two-Factor Attestation for Data Security.” The application combines elements that combat malware and phishing, which Lie said are the two biggest threats currently facing users attempting security-sensitive tasks.
Lie brought his research to UT in a presentation titled “Using Smartphones to Improve Security: New Capabilities and Challenges” on Thursday. The lecture was part of the Security Seminar Speaker Series in the department of computer science.
The lecture series began last year in the Center for Information Assurance and Security, said computer science associate professor and director of the center Vitaly Shmatikov. Shmatikov said the center tries to bring lecturers who have relevant research in the computer science field.
“I have seen a fair bit of research on the topic of [smartphone security],” Shmatikov said. “[Lie’s] work, however, takes an unusual direction with the connection between phones and computers.”
Lie’s talk focused on the ways that smartphones allow users to impose security features on their own online activity. Features of smartphones that provide this kind of security include a stronger defense against malware compared to PCs due to a restriction on software installation. Users’ constant connection with their smartphone is an additional factor in these strengthened security measures, Lie said.
“We’re looking at how we could use some of these wireless capabilities to solve some old security problems,” Lie said.
The Unicorn prototype first protects authentication credentials with a security token requiring attestation of the fact that a computer is free of malware before releasing credentials, according to the abstract of the project. The second security factor involves validating the computer with either a remote server or a Trusted Platform Module (TPM).
Aloysius Mok, computer science professor and attendee at the seminar, said Lie’s computer security research is important and brings something new to the field.
“I think that he had some pretty interesting research,” Mok said. “I would not be surprised if his project turned into a successful commercial product.”
Printed on Friday, February 3, 2012 as: Lie discusses security by smartphones