Cybersecurity in numbers
Mourad Debbabi doesn’t mince words when he talks about the number of cyberattacks he and his Concordia colleagues monitor on a daily basis.
“It’s a lot — it’s thousands per day,” says Debbabi, who becomes interim dean of Concordia's Gina Cody School of Engineering and Computer Science in May. He is currently a professor at the Concordia Institute for Information Systems Engineering (CIISE), and holds the NSERC/Hydro-Québec Thales Senior Industrial Research Chair in Smart Grid Security.
“Most of them are not reported because people have a brand to protect, but the threats are real.” Since 2003, Concordia has been at the forefront of cybersecurity in Canada. The university is home to the Security Research Centre — which promotes research excellence in cybersecurity, critical infrastructure security and resilience, privacy and cyber forensics— as well as three graduate programs in information systems security.
Moreover, 70-plus researchers are currently investigating different aspects of cybersecurity at Concordia, including one Canada Research Chair, one Concordia University Research Chair and three Natural Sciences and Engineering Research Council (NSERC) Industrial Research Chairs. Notably, more than 1,000 alumni qualify as cybersecurity experts; many oversee operations for governments, high-tech companies and financial institutions.
“We have been among the first institutions in Canada to recognize cybersecurity as an area that is extremely important,” Debbabi says. “It’s going to be even more important with time because society is moving towards more digitalization.”
Here are five recent success stories that highlight the work of cybersecurity researchers at the Gina Cody School of Engineering and Computer Science.
Concordia and its partners create a new industrial research chair
A new Industry Research Chair in Software-Defined Networking and Network Functions Virtualization (SDN/NFV) Security aims to bring together graduate students, professors, industrial researchers and subject matter experts to proactively strengthen cybersecurity for the networks of the future.
Created in partnership with Ericsson and NSERC, Concordia will receive $1.8 million over five years to develop novel processes, techniques and technologies for compliance-driven monitoring, attack prevention, detection and mitigation solutions.
Lingyu Wang, chairholder and professor with the CIISE, notes that 5G telecommunications networks come amid increasing tension between privacy awareness, regulation and security threats.
“As the Internet-of-Things grows in tandem with emerging 5G technology, it’s crucial to assure the security and stability — peace of mind — of both physical and virtual infrastructures across our increasingly networked world,” Wang says.
“I’m honoured to partner with Ericsson for our research on SDN/NFV security. We aim to strengthen Canada’s leadership in innovation and creating high-skilled workers in such a strategically important area.”
25 students join Ericsson’s global AI accelerator
Mitacs, a non-profit national research organization, and Ericsson, the telecommunications multinational, announced that they would welcome 80 graduate-level interns to work within the Global Artificial Intelligence Accelerator, a research hub unveiled in Montreal in May 2019.
Over the next three years, the interns will use artificial intelligence and machine-learning technologies to create data-driven, intelligent and robust systems, including a fifth-generation (5G) network in Canada.
Out of the eight Canadian universities involved, Concordia’s delegation is the largest, with 25 students. Their projects attracted $1.2 million in funding from Mitacs-Ericsson.
“We are thrilled about this collaboration because it will help train highly qualified personnel in hot topics related to the development and application of AI techniques,” says Nizar Bouguila, professor with the CIISE.
Samr Ali, a PhD student in Concordia’s Department of Electrical and Computer Engineering, adds that she is looking forward to working closely with likeminded people on the initiative. “It’s so exciting for me to be able to see the impact of my work in real life and to be in a place that fosters teamwork and innovation.”
$1.38M to evaluate cryptocurrencies and blockchain technologies
Concordia has partnered with Raymond Chabot Grant Thornton, Catallaxy and NSERC to evaluate cryptocurrencies and blockchain technologies.
Valued at $1.38 million over five years, the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies will bring together engineers, graduate students, software developers and business analysts to figure out how to manage blockchain and digital currencies under current financial regulations.
Principal chairholder Jeremy Clark’s goal is to work closely with Catallaxy members to ensure the program’s research output is useful for industry needs. Catallaxy is a Montreal-based subsidiary of Raymond Chabot Grant Thornton that develops technological products and solutions to authenticate and certify digital data.
“Our research aims to improve our understanding of how much of the financial infrastructure can be positively impacted by blockchain technology, while identifying bad interference with regulation,” says Clark, who is also a professor at the CIISE. “From there, we can think about how we can shape regulation and technology together to maintain the principles they are based on.”
New study examines electric vehicles and power-grid security
At the IEEE Canada Electrical Power and Energy Conference in October, Amr Youssef, a professor and cryptography expert with the CIISE, presented a study he co-authored entitled, “Impact of Electric Vehicle Botnets on the Power Grid.” The findings are a cautionary tale that warn how botnets — defined as a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge — could exploit vulnerabilities in transmission and distribution systems.
“When electric vehicles are widespread and fast-charging stations are plentiful, cyberattackers could create a network of infected electric vehicles and charging stations that create power outages at will,” says Youssef.
Using data obtained from the Toronto Parking Authority about electric vehicles and fast-charging direct-current stations, the researchers simulated the effect of an electric vehicle’s botnet on the power grid transmission and distribution systems.
“We showed that an attack is possible on both levels — distribution and transmission. Load-altering attacks can cause a power outage when a botnet instructs vehicles to charge at multiple fast-charging stations at the same time, resulting in a voltage limit violation,” says Youssef. “The threat isn’t at our doorstep, but it’s imminent.”
Concordians expose the security risks of public wi-fi
In September, Suzan Ali, a master’s student at the CIISE, presented her findings on the privacy risks of using public Wi-Fi at the Data Privacy Management International Workshop in Luxembourg. Funded by the Office of the Privacy Commissioner of Canada, the study saw Ali and her supervisors, Mohammad Mannan and Amr Youssef, look at 67 open-access Wi-Fi hotspots around Montreal to shed light on web tracking and data collection behaviours.
The results revealed that 40 per cent of the hotspots performed unnecessary collection of sensitive data via social media, registration or surveys, then shared it with several third parties. All but three of the hotspots employed varying levels of user-tracking technologies on their captive portals and more than half created persistent third-party tracking cookies designed to stay active for up to 20 years.
“If you value privacy and security, you need to stay as anonymous as possible,” Ali says. She strongly cautions against using public Wi-Fi, in general, but specifically when dealing with anything sensitive, like financial information.