The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded Northeastern University (NEU) $645,229 to develop a system that organizations and individuals can use to audit and control personally identifiable information (PII) leaks from connected devices.
The award was made through the S&T Cyber Security Division’s (CSD) Data Privacy project. CSD is part of the Homeland Security Advanced Research Projects Agency. CSD’s Data Privacy project seeks architectures, tools, applied models and other solutions across the research-and-development (R&D) lifecycle along three primary contexts: connected devices, mobile computing and sensor platforms; large-scale and heterogeneous data and algorithms; and the delivery of digital services.
“In today’s digital age, we need new technologies that will empower us to control the sharing of our personally identifiable information by our connected devices,” said Acting Under Secretary for Science and Technology William N. Bryan. “The new capability envisioned by this project will help protect our information from exploitation by cybercriminals and also build confidence in our growing online presence.”
The combination of rich sensors and ubiquitous connectivity make mobile devices, web browsers and Internet of Things (IoT) devices perfect vectors for cybercriminals to invade the privacy of connected-device users.
Through a project titled “Revealing and Controlling Privacy Leaks in Network Traffic,” NEU will develop a solution that will enable the auditing and controlling of PII leaks and address the key challenges of how to identify and control information leaks when a user’s PII is not previously known. The research team will investigate how to use machine learning to reliably identify PII in network flows and develop algorithms that incorporate user feedback to adapt to the constantly changing landscape of privacy leaks. The team at NEU will build open-source applications that will allow users to control how their information is shared with third-parties. Importantly, the team also will extend the solution to address privacy leaks from IoT devices.
“We must equip our connected environments to detect, analyze and respond to PII collections, uses and disclosures that infringe on personal rights of privacy,” said Erin Kenneally, Program Manager for the Data Privacy project. “This NEU project will develop the tools that will empower owners and operators of critical infrastructure and individuals to measure the extent of personal information protections and ultimately to foster trust in connected systems so all stakeholders can benefit from innovation.”
