Cracking the code

August 11, 2022

Warning: Your password has been compromised. The computer pop-up message sends your head spinning; is your email account safe? Your banking information? Your Social Security number?

With more and more of our day-to-day lives happening online, never before has cybersecurity been so critical. According to the Identity Theft Resource Center’s 2021 Data Breach Report, there were a record 1,862 data breaches last year, with more than 80% revealing sensitive personal information. Meanwhile, the demand for qualified cybersecurity professionals is high and growing, with some estimates for currently unfilled jobs ranging in the millions.

A new University of Louisville program is tackling both issues head-on through innovative online curriculum and research. Thanks to $8.3 million from the National Security Agency’s (NSA) National Centers of Academic Excellence in Cybersecurity, UofL and its multidisciplinary Digital Transformation Center (DTC) are developing the next generation of cybersecurity tools and professionals to prevent future cyberattacks and keep your information safe.

New digital signature

Passwords are easily stolen — perhaps you leave your computer unattended for just a moment, someone looks over your shoulder or it’s revealed in a company data breach.

But what’s harder to steal is how you move — the unique way you interact with your computer, how you move your mouse and tap, tap, tap on your keyboard. Researchers at UofL are using these unique movements, or haptics, to create a new security authentication method using neural network models.

Adel Elmaghraby, co-principal investigator for the NSA project and professor in the Speed School of Engineering, leads a research collaboration with Mississippi-based, historically Black institution Alcorn State University to conduct this pioneering research. The idea is to use those movements as a sort of digital signature which, along with your username and password, would provide an added layer of cybersecurity.

“Those movements are uniquely you, and they’re very hard to replicate,” Elmaghraby said. “By adding this layer to existing user verification, we can create a more secure cyber environment, and continuously verify that you are you.”

The researchers have already published two papers showing the security benefits of improved keystroke dynamics. While their research now focuses on desktop computers and laptops, they believe it may be possible to adapt the technology for tablets and smartphones, perhaps using your touchscreen interactions as your haptic signature.

This work, Elmaghraby said, builds on UofL’s earned expertise in tackling the most pressing and emergent problems in cybersecurity through research and innovation. For example, UofL was recently selected by the U.S. Department of Defense to work on research and education to strengthen the country’s cyber defenses. UofL was the only school selected from Kentucky for both networks and one of only a handful to hold the competitive Carnegie Research-1 classification. These efforts, together with others backed by the U.S. departments of Homeland Security and Labor, create a hub of cybersecurity research, innovation and expertise at UofL.

“The work we’re doing here at UofL is truly at the leading edge of cybersecurity research,” he said. “We’re anticipating and addressing these major issues that affect safety and security on a personal and even global level.”

Strengthening the cyber workforce

UofL also is working to develop the next generation of cybersecurity professionals, via its NSA-backed Cybersecurity Workforce Certificate Program. The certificate leverages technology industry badging from Microsoft, IBM and Google as well as gamification and hands-on applied learning with use cases from industry partners to teach artificial intelligence, blockchain and other cutting-edge aspects of cybersecurity.

UofL’s Digital Transformation Center leads the curriculum development for the online program, working with a coalition that now includes nine other institutions, including those serving diverse populations. UofL is currently piloting the six-month, instructor-led certificate program, but once completed, it will be made available to other institutions at no charge.

“As technology continues to become more of an integral piece of our everyday lives, a strong cybersecurity industry and workforce are the most important protections we have to make our financial and health care systems secure,” said Sharon Kerrick, a principal investigator on the NSA grant, associate professor and assistant vice president of the UofL Digital Transformation Center. “We can fill that need with this focused, accelerated curriculum that prepares diverse students of all backgrounds for careers in cybersecurity.”

Students are already graduating from the program, many of whom are alumni returning to campus to layer on a cybersecurity credential. That’s true for Kelly Kramer, who graduated in 2012 with a bachelor’s degree in psychology. He landed a job in law enforcement as a data analyst and legal assistant but grew increasingly interested in cybersecurity, where his interests in psychology, technology and protecting people converged.

“This program has taught me quite a bit about securing not only those essential entities like hospitals, businesses, government agencies, but also ourselves,” said Kramer, who now plans to return for his master’s degree in computer science. “It is a complex web of networks, nodes, servers, databases, and much more. We need people to understand each of these if we are to effectively secure them. I have no doubt that this program will open up opportunities for myself and others.”

The same goes for JT Corcoran ’14, who graduated with his bachelor’s and master’s degrees in computer engineering and computer science. He joined the U.S. Air Force and spent seven years on active duty, working in data analytics, cyber incident response and network architecture planning.

When Corcoran’s service was ending, he started looking at new career opportunities. His mom, also a UofL alum, sent him a link about the certificate program; he decided to enroll.

“Since I had prior background in cybersecurity, many of the topics were familiar but I haven’t done some of these things in a while,” said Corcoran, who now works as a health care security analyst. “The certificate provided a nice refresher on doing things like writing firewall rules, configuring network infrastructure, integrating cloud services and conducting forensics in a lab environment. Additionally, the inclusion of newer technology topics like blockchain and post-quantum cryptography was fantastic to help brainstorm new ways of innovating in the security space.”

UofL received an initial $6.3 million from the NSA to back the research and curriculum development in 2020. For the curriculum, UofL partnered with the University of Arkansas Little Rock, the University of North Florida, the Kentucky Community and Technical College System — Bluegrass Community and Technical College and Owensboro Community and Technical College, and a coalition liaison from the City University of Seattle.

In 2022, UofL received an additional $2 million to add six more colleges and universities to the coalition: Kentucky State University and Simmons College, both historically Black colleges and universities (HBCUs); The City College of New York, a Hispanic-serving institution; Kennesaw State University, Hood College and Northwest Missouri State University. Each of the schools in the coalition is an NSAdesignated National Center of Academic Excellence in Cyber Defense and contributes interests, experience and skills aligned with health care cybersecurity systems.

“It’s great that we’re getting to know our colleagues at neighboring universities — we’re working together, and sharing ideas,” said Richard Maiti, an assistant professor of computer science at Kentucky State University, who serves as the lead for the project for his institution. “This is a great opportunity, and it’s helping to bring cybersecurity awareness and training to everyone — our students, professionals and folks in the community.”

More information on the Cybersecurity Workforce Certificate Program, including how to enroll, is available at louisville.edu/education/nsacybersecurity.

Baylee Pulliam leads research marketing and communications at UofL, building on her experience as an award-winning business, technology, health care and startups reporter. She is a proud product of the UofL College of Arts and Sciences, where she earned her undergraduate degree in English. She also holds an MBA, a Master of Arts in Organizational Leadership and is pursuing a Ph.D. in the latter with a focus on corporate innovation.