Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

3/12/2012
12:38 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Carnegie Mellon CyLab Researchers Develop New Smartphone App To Protect Consumers From Cybercriminals And Unsafe Communications

SafeSlinger provides secure communications and file transfer even if the servers involved are tainted with malware

PITTSBURGH, March 12, 2012 /PRNewswire/ -- Carnegie Mellon University CyLab researchers have developed a new smartphone app that leverages the growing proliferation of these devices to establish a secure basis for Internet communications.

"With SafeSlinger, users can gain control over their exchanged information through end-to-end encryption, preventing intermediate servers or service providers from reading their messages or other sensitive stored data in their smartphones," said Adrian Perrig, technical director of Carnegie Mellon CyLab and a professor of electrical and computer engineering at CMU.

Perrig along with Michael W. Farb, a CyLab research programmer, Jon McCune, a CyLab research systems scientist, and CMU students Gurtej Singh Chandok and Manish Burman developed SafeSlinger to help mobile phone users safely and privately retrieve information from trusted sources.

"SafeSlinger provides you with the confidence that the person you are communicating with is actually the person they have represented themselves to be," Farb said. "Perhaps the most impressive feature is that SafeSlinger provides secure communications and file transfer even if the servers involved are tainted with malware."

As more and more consumers access the Internet from an ever-expanding pool of mobile devices, including smartphones and tablets, Web-based threats continue to become more frequent and increasingly sophisticated.

"We increasingly lose control over our data. But SafeSlinger's user-centric security design includes an advanced protocol, which incorporates elements of several cryptographic schemes and factors in the prevention of numerous types of attacks," said Perrig, a 2006 winner of the Sloan Research Fellowship for securing sensor networks and a 2004 recipient of a Career Award from the National Science Foundation for work on secure and resilient sensor network communication infrastructure.

"SafeSlinger gives end-users the opportunity to secure their communications with a state-of-the-art, easy-to-use Android smartphone app, without relying on obscure mechanisms," McCune said. "SafeSlinger provides users with an easy way to securely exchange messages for free, finally providing people with control over their own information.''

For more information about SafeSlinger, see http://www.cylab.cmu.edu/safeslinger.

About Carnegie Mellon University: Carnegie Mellon (www.cmu.edu) is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 11,000 students in the university's seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon's main campus in the United States is in Pittsburgh, Pa. It has campuses in California's Silicon Valley and Qatar, and programs in Asia, Australia, Europe and Mexico. The university is in the midst of "Inspire Innovation: The Campaign for Carnegie Mellon University," which aims to build its endowment, support faculty, students and innovative research, and enhance the

About Carnegie Mellon CyLab: CyLab (http://www.cylab.cmu.edu) is a bold and visionary effort, which establishes public-private partnerships to develop new technologies for measureable, secure, available, trustworthy and sustainable computing and communication systems. CyLab is a world leader in both technological research and the education of professionals in information assurance, security, technology, business and policy, as well as security awareness among cyber-citizens of all ages. Building on more than two decades of Carnegie Mellon leadership in information technology, CyLab is a university-wide initiative that involves more than 50 faculty and 100 graduate students from more than six different departments and schools. As a vital resource in the effort to address cyber vulnerabilities that threaten national and economic security, CyLab is closely affiliated with the CERT Coordination Center, a leading internationally recognized center of Internet security expertise.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...