Method for Detecting Malware with Electromagnetic Emanations Wins $5,000

Atlanta, GA
Demo Day Finale S'17

Winners of the Spring '17 Demo Day Finale received a $5,000 check to support commercialization efforts. (From L to R: Bo Rotoloni, co-director of the IISP; Harold Solomon, principal, VentureLabs; Rob Callan, postdoctoral researcher; Jeff Garbers, principal, VentureLabs; Farnaz Behrang, Ph.D. student; Dr. Wenke Lee, co-director of the IISP, and Thiago Olson, fintech entrepreneur-in-residence, ATDC.) Photo by Anthony Stalcup Photography

Download Image

Consumer electronics and IoT devices are challenging to secure because they rely on low-power processors with limited options for security software. A lack of standardization across hardware, software, and development environments makes it difficult to deploy or update security software.

Georgia Tech's Rob Callan, a post-doctoral researcher, and Ph.D. Student Farnaz Behrang brought the winning cybersecurity solution with a new approach for detecting malware in embedded devices. The pair landed 1st Place and $5,000 toward commercialization at the Institute for Information Security & Privacy's "Demo Day Finale" with a method to monitor radio frequency emissions ("electromagnetic emanations") and help detect unwanted code or hijacks.

The method first characterizes electromagnetic emanations generated by software running on an uncompromised device. To protect another device against intrusions, Callan and Behrang continually monitor its EM emanations, and when those differ from the uncompromised device, they examine for a possible hack. This approach separates (or "air-gaps") the monitor from the device being monitored.

Judges at Demo Day Finale immediately saw numerous applications for commercialization.

"Healthcare is a dream problem set for this method because countless devices roll in and each from its own maker," says Jeff Garbers, a Demo Day Finale judge and principal at VentureLabs. "These types of devices are rarely updated or known when they are out of compliance, and there is no sensor smart enough to tell if the software inside is failing."

The method by Callan and Behrang is an evolution of work that began under the direction of Georgia Tech faculty Milos Prvulovic and Alenka Zajic, who co-advise Callan in the School of Electrical & Computer Engineering. Knowing that "side channel" emanations could be read from a nearby device, the researchers further explored what the technique might reveal as a preventative measure for nuanced IoT, personal or embedded devices.

"We're grateful for the recognition and feedback, and we look forward to commercializing this research to solve tough cybersecurity problems in the near future," Callan said on behalf of his team.

Also winning $5,000 at Demo Day Finale was Ph.D. Candidate David Formby from the School of Electrical & Computer Engineering for another approach to preventing malware – this time in industrial control systems, such as water plants or utilities. Formby’s software suite won the 2nd Place prize of $3,000 from judges, plus a surprise nab as the audience favorite for the $2,000 People’s Choice Award.

“I was optimistic, but I didn’t expect to win both,” Formby cheerfully said after the event, posing with two prize checks and encircled by congratulatory students.

Formby is expected to graduate in Summer 2017 and already has formed a company, Fortiphyd Logic, to begin commercializing his invention. Callan graduated from Georgia Tech in December 2016 with a Ph.D. in electrical and computer engineering. Behrang is a Ph.D. student in the School of Computer Science, studying software evolution and testing. She is advised by Alessandro Orso.

About Demo Day
Each year, students are invited to compete before venture capitalists and industry leaders at the Institute for Information Security & Privacy's "Demo Day." Students bring initial research ideas to the fall Georgia Tech Cyber Security Summit, where public vote determines which projects are invited back in the Spring. Students return six months later at the Demo Day Finale for a TED-style talk about their developing project. A panel of business leaders and investors from across the United States advise students about future considerations for commercialization. Student research with the best chance of commercialization or demonstrating the most impact toward resolving an information security need receives a cash prize.

"The Institute for Information Security & Privacy wants to move good ideas to market," says Wenke Lee, co-director. "We know industry leans on academic researchers to raise new ideas and we lean on industry to take solutions to the public. Our hope is that by introducing students to business mentors early in the research timeline that we can help them naturally build productive relationships and reduce time to market. All students participating in Demo Day will benefit from the insight and critique of those closest to industry needs today."

Last revised April 17, 2017