Month: March 2016
Allison Bishop earns NSF CAREER award
Allison Bishop, an assistant professor within Columbia’s Computer Science Department and a member of the Data Science Institute, has been awarded a five-year $500,000 National Science Foundation (NSF) CAREER award to develop tools for designing and proving the security of new cryptographic systems. The CAREER award is the NSF’s most prestigious honor designed to support junior faculty who exemplify the role of teacher-scholars through their outstanding research and excellent teaching.
With the award, Bishop will build on her current research into provably secure cryptographic systems that can accommodate various levels of access to data, thus allowing different people to access different data within the same data source. The need for fine-grained control over data access has never been greater as vast amounts of sensitive data have to be simultaneously shared and protected, such as when a hospital needs to see almost all of a patient’s data but an insurance company needs to see only what procedures have been done.
Achieving more nuanced cryptographic capabilities means also enhancing the mathematical foundations that support such capabilities so that security at each access level can be enforced in a provable way. For this, Bishop is looking to integrate recent advances in lattice cryptography with her progress in designing security reductions. (In an interview done last year, she details some of this previous work.)
Bishop will also use the award to provide an entry point and training ground for emerging young scientists of all ages, giving advanced graduate classes a more integrated view of cryptographic system design principles, while opening valuable research opportunities to students at both the undergraduate and graduate levels. The educational outreach aspect extends to students of elementary-school age, for whom Bishop is producing a book that uses a fairy-tale setting to introduce mathematical reasoning. Motivating others will help ensure faster progress towards a flexible and more unified theory of cryptography to meet the mounting challenges of huge data sets, cloud computing, and other emerging data systems.
New information extraction techniques
For deep web collections, researchers show how to identify collections with useful documents for the information extraction task, rather than documents topically relevant for a given query.
Technology solutions to unwanted calls
Robocalls are proliferating and becoming increasingly sophisticated and deceptive, purporting to be from banks or government agencies to trick and scare people into revealing personal information or transferring money. Recent advances in technology have reduced the cost of calling to close to nothing and made it easier to “spoof,” or misrepresent, the originating number or caller ID. The famous Do Not Call list, while effective against unwanted calls from legitimate businesses, is no deterrent to criminals intent on fraud. Seniors are especially vulnerable, and for this reason, the Senate Special Committee on Aging held hearings in June on possible new legislation to prevent unwanted calls. Among those testifying was Henning Schulzrinne who provided the biggest takeaway of the day: technology offers solutions.
More than 10 years after the Do Not Call list was instituted, more robocall complaints than ever are being received by the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC).
Technological advances are partly to blame. As the telephone infrastructure is changing from traditional copper wires to Voice-over-IP (VoIP) technology, what was once expensive and difficult—international calling, auto-dialing, falsifying caller ID information—has become cheap and easy, making it possible for almost anyone with a laptop and an Internet connection to flood phones with millions of robocalls and to do so from any location in the world.
The nature of the calls themselves has changed also. Before the list, most robocalls were legitimate telemarketers looking to make a sale. Against those calls, the Do Not Call list has been largely effective, leaving the field wide open to illegitimate operators who, like bank robbers walking past the meter on the way into the bank, ignore the Do Not Call list to commit the bigger crime of fraud, either conning victims into divulging personal information or of selling services or products that never materialize.
What you can do against robocalling
-
- Hang up immediately. Do not press buttons or engage the caller.
-
- Sign up for Nomorobo or other services that blacklist numbers of known robocallers. (Nomorobo is available only in the US and only from certain carriers.) Or sign up for services such as GoogleVoice’s free feature that prompts callers to say state their names before you pick up.
- File a complaint with the FTC. Complaints help define patterns of fraud and abuse, sometimes leading to investigations that result in fines.
To increase their odds of success and because VoIP makes it easy, robocallers often impersonate a legitimate bank or government agency. It’s called spoofing, and it is quasi-legal. The Caller ID Act of 2009 does make spoofing a crime but only when it is used to harm or defraud someone, something possible to prove only after the fact. No one seems too concerned, and companies openly sell spoofing software. There is even a free iPhone app for spoofing. An app is strictly small scale and for targeting specific individuals; for spoofing at industrial-scale, robocallers are likely to turn to open-source phone switch software when inserting fake phone numbers into millions of calls.
And they usually get away with it. Experiments done by system staff at Columbia University showed that even large carriers do not reject implausible phone numbers such as 311-555-2368.
Testing showed that clearly fictitious numbers were transmitted even though it would be easy for phone carriers to identify and block them.
The ability of robocallers to associate their numbers with any other number or caller ID name gives rise to a whole slew of semi-plausible scams: the IRS demanding payment for overdue taxes, the Social Security Administration requesting an account number to make a deposit, an extradition threat from local police if a debt is not immediately repaid. There are many others, like the one that promises a “free” medical alert system. Most people today know enough to be wary of such calls, but the robocallers’ simple business model—flood phones with millions of cheap calls to flush out the few naïve victims that make the business model work—is robust against a low success rate. Even a 95% or 99% suppression rate would not sufficiently discourage robocallers if it leaves the most likely victims unprotected.
Because senior citizens are especially vulnerable to such scams, the Senate Special Committee on Aging in June held hearings on possible legislative solutions. Chaired by Susan Collins (R-Maine), the committee called four witnesses—a small business owner who logged 62 robocalls within a month, an FTC representative who testified about her agency’s difficulty in dealing with the problem, and a Missouri Deputy Attorney General whose office last year fielded 57,000 complaints, 52,000 of which concerned unwanted calls.
Testifying about the technology aspects was Henning Schulzrinne, who developed the key protocols that enable VoIP and who continues to work on VoIP protocols as a professor of computer science at Columbia University. He is also knowledgeable about the policy issues, having served as the Chief Technologist at the FCC from 2012 to 2014. While currently consulting for the agency, it was in his private role as a technology expert that he addressed the committee.
After summarizing eight categories of scams, Schulzrinne described the technology solutions, which fall into roughly three categories: filtering, caller ID and name authentication, and gateway blocking. Each, summarized below, has its strong points and limitations. (For the full transcript of Schulzrinne’s testimony, go here.)
Filtering
Filtering, either through a third-party service or a downloaded app, works by checking each incoming call against a white list of trustworthy phone numbers or a black list of nonacceptable ones compiled in one of several ways: from FTC and FCC customer complaints, crowd-sourced by consumers, or collected through honeypots. (Honeypots are stealth servers programmed to act like normal phones—with numbers not assigned to any individual or company—for the express purpose of capturing the phone numbers of robocallers.) Built-in safeguards can ensure emergency alert calls get through as do calls placed from medical facilities; unknown phone numbers can be verified by making callers prove that they are human rather than robotic.
Filtering today has several drawbacks. It puts the onus on individuals, and it protects only those who know about filtering and are willing to do the setup, generally the most sophisticated people who are unlikely to fall for a scam in any case. By protecting the people who least need it, filtering today leaves the most vulnerable even more exposed.
Extending filtering to others is not currently easy. Filtering works on many landlines, and it is usually available only through large cable companies like Time Warner or Comcast that support external filtering services such as Nomorobo.
And filters are easily avoided by robocallers’ use of spoofing.
Caller ID and name authentication
Spoofing is perhaps the most nefarious aspect of the scamming schemes; almost anyone is likely to pick up when seeing the phone number of the local police department or the IRS. Spoofing has other bad uses as well since a caller ID is often used to verify one’s identity when gaining access to voicemail or when calling a bank, utility, or airline.
Preventing spoofing is necessary both to make filtering effective and to stop robocallers from impersonating others, and Schulzrinne offered possible ways to do it. One is to authenticate the originating number to ensure the caller is authorized to use the caller ID contained in the call setup message. Authentication would require phone carriers to insert links to new cryptographic certificates so any carrier along the way could validate the signature and detect spoofed caller IDs. These calls could then be labeled in some way or, if the customer prefers, rejected.
However, it’s not clear how much the phone carriers will do voluntarily. For years, carriers have resisted appeals to block robocalls, claiming that federal law prohibits them as common carriers from doing so. The FCC pulled the rug out from this excuse in a June 18 vote that explicitly states that phone companies are legally allowed to provide filtering to those customers who request it. (The FCC does not currently, however, obligate phone companies to provide filtering.)
Using his deep knowledge of the protocols, Schulzrinne offered an alternative approach to preventing spoofing, one that does not rely on carriers. The VoIP protocols (specifically the Session Initiation Protocol, or SIP) allow for changing the mechanics how caller ID information is generated, and thus make it difficult to do spoofing in the first place.
Currently ID information is collected from many different databases and is often not validated, making it easy for fraudulent callers to insert any information they like, especially for numbers that have not been assigned to a carrier. Because SIP allows the calling carrier to insert name information directly into the call signaling request, it’s possible to avoid looking up the information in databases and making it easier to track who generated the information. Longer term, carriers may also indicate that they have validated the information by cross-checking them against service address records or credit card billing information, for example.
Blocking at the VoIP gateway (“do not originate”)
Perhaps Schulzrinne’s most innovative proposal is a do-not-originate list that would cut off robocalls closer to the source: at the VoIP gateways that connect VoIP calls to the traditional phone system. While VoIP robocalls can be placed from anywhere in the world, all such calls pass through such gateways to enter the traditional circuit-switched phone lines used by most large US companies and large carriers. (Companies generally contract with a carrier that operates a VoIP gateway on their behalf to handle the transition for all incoming and outgoing calls.)
VoIP gateways currently do not check whether the originating number is valid or not. However, it would be easy to program them to reject originating phone numbers of companies that did not contract for their services or numbers known to be out of service. Any calls from numbers on a list to not originate—a reverse do-not-call list—would be rejected by the gateway and thus blocked from entering the phone system. Alternatively, the gateway could replace the fake caller ID information with a fraud indicator, such as the (made-up) area code 666. Consumer-chosen call filtering technologies can then reject those calls if the carrier prefers not to. While companies would have to list themselves on do-not-originate lists, those companies most likely to be impersonated would have incentive to do so.
The do-not-originate approach has the advantage that it can be implemented quickly and easily, without any changes in telephony protocols. Nor does it require cooperation of other phone carriers. It is no substitute for authentication, but it should prevent many of the most harmful calls from reaching consumers.
Breaking the business model
Each of the three methods—filtering, authentication, VoIP gateway blocking—does its part to add to the difficulty and expense of robocalling, but each addresses only a subpart of the problem. The do-not-originate list addresses spoofing of high-profile numbers of government agencies and banks but not other legitimate-sounding numbers robocallers invent (“Card Svcs,” “Medcare”). Authentication stops robocallers from impersonating legitimate businesses and government agencies (and makes fraudulent calls less likely to pay off) but does nothing to prevent robocalls themselves. Filtering can stop robocalls but currently protects the relatively few individuals who use it and is easily circumvented by spoofing.
But used in combination with one another, the three methods complement one another to undermine the economics of robocalling. Once authentication is in place to prevent spoofing and people can trust that phone numbers are legitimate, white lists of acceptable numbers—government agencies, banks, doctors—can be compiled and safely and widely distributed to protect even the most vulnerable. And without spoofing to disguise their calls, robocallers quickly get identified and black-listed (and in the best case, shut down by law enforcement).
It’s the combination of methods, working in conjunction with the VoIP technology and the supporting protocols, that stands the best chance of approaching the 100% suppression rate needed to put an end to robocalling. Since it was technology that allowed robocalling in the first place, it’s only fitting that technology be part of the solution.
-Linda Crane
About Henning Schulzrinne
Henning Schulzrinne is the Julian Clarence Levi Professor of Mathematical Methods and Computer Science and Professor of Engineering at The Fu Foundation School of Engineering at Columbia University.
He is widely known for developing key protocols, including the Session Initiation Protocol (SIP), that enable Voice-over-IP (VoIP) and other multimedia applications that are now Internet standards. His research interests include Internet multimedia systems, applied network engineering, wireless networks, security, quality of service, and performance evaluation.
Before joining the Computer Science and EE departments at Columbia University, Schulzrinne worked at AT&T Bell Labs and was associate department head at GMD-Fokus (Berlin).
Education
Undergraduate degrees in economics and electrical engineering,
Darmstadt University of Technology, GermanyMSEE degree as a Fulbright scholar,
University of Cincinnati, OhioPhD
University of Massachusetts, Amherst
Darmstadt University of Technology, GermanyMSEE degree as a Fulbright scholar,
University of Cincinnati, OhioPhD
University of Massachusetts, Amherst
Awards and recognitions
2015
ACM Fellow2014
Outstanding Service Award (Internet Technical Committee)2013
Internet Hall of Fame
ACM Fellow2014
Outstanding Service Award (Internet Technical Committee)2013
Internet Hall of Fame
2010, 2011
IEEE William Terry Lifetime Distinguished Service Award
2006
IEEE Fellow
2004
Mayor’s Award for Excellence in Science and Technology (NYC)
2000
NSF Young Investigator Award,VON Pioneer Award
Specialized hardware for meeting demands of big data
Research into accelerators and domain-specific processors—among other innovations—is resulting in faster data processing at less power.
In an article on NASA’s plan to use augmented reality in space, The Week interviews Steven Feiner.
Portable DNA Sequencer MinION Helps Build the Internet of Living Things
The Eternal Camera
In this video, Shree K. Nayar, T.C. Chang Professor of Computer Science at Columbia Engineering, takes us to the Computer Vision Laboratory to demo the self-powered video camera.
David S. Johnson: In Memoriam
David S. Johnson, a leading expert in the area of computational complexity and the design and analysis of algorithms, died Tuesday. Since 2014, Johnson was a visiting professor at Columbia University.
The winner of the 2010 Knuth Prize [1] for his contributions to theoretical and experimental analysis of algorithms, Johnson helped lay the foundation for algorithms used to address optimization problems, in which a best solution is sought among a large set of possible solutions to a problem. His papers on the experimental analysis of approximation algorithms were influential in establishing rigorous standards for algorithms that find an approximately optimal rather than exactly optimal solution. Such approximation algorithms play an important role within computer science both in theory and in practice.
Johnson researched and contributed to a range of foundational topics in both mathematics and computer science, including combinatorial optimization, network design, routing and scheduling, facility location, bin packing, graph coloring, and the Traveling Salesman Problem.
It is however his pioneering work on NP-completeness for which he is best known. He was one of the first to investigate NP-completeness, which deals with problems that are believed to be unsolvable within a reasonable amount of time in the worst case. His book, Computers and Intractability: A Guide to the Theory of NP-Completeness, coauthored with Michael Garey and written in 1979, has been called a classic for its rigorous treatment of NP completeness and for its clear, concise exposition. The book is one of the most cited references in all of computer science, with over 55,000 citations. Johnson continued to write on NP-completeness throughout his career, maintaining a column on the subject from 1982 until 1992 in the Journal of Algorithms.
Born December 9, 1945, Johnson attended Amherst as an undergraduate studying mathematics and went on to MIT where he earned a PhD in mathematics in 1973 for his thesis Near-Optimal Bin Packing Algorithms. The same year, he started his long and productive career at Bell Labs (and later AT&T Research) that would last until 2014. During this time, he published continuously, including several books and well over 100 papers and articles, many of which concern the best ways to cope with computational intractability and his developing interest in the interplay between theoretical and experimental analysis in computer science.
Johnson was an active member and leader in the theoretical computer science community, founding the Symposium on Discrete Algorithms (SODA), a conference that has become a top theory venue; for 25 years he served as SODA’s committee chair. He created also the DIMACS (Center for Discrete Mathematics and Theoretical Computer Science) Implementation Challenges. His work within the community was unflagging. He served on the ACM Council as Member-at-Large (1996-2004), chaired ACM SIGACT (1987-1991), edited the Journal of the Association for Computing Machinery (1983-1987), and he served as associate editor of ACM Transactions on Algorithms (TALG) since its founding in 2004.
In 2014, Johnson joined Columbia’s computer science faculty as a visiting professor, teaching CS students and interacting with faculty.
“We will miss David very much. He was a wonderful colleague and mentor for students,” said Julia Hirschberg, chair of Columbia’s Computer Science department.
In addition to the Knuth Prize awarded to him in 2010, Johnson is a 1995 Fellow of the Association for Computing Machinery and was just this year was elected to the National Academy of Engineering. Johnson has an Erdős number of 2.
These awards do not do justice to his many contributions to the field of computer science, both written and in private consultation with colleagues and students. David Johnson will be missed for his expertise and for the modest and unassuming way in which he set about to better understand and communicate to others the foundational topics in computer science.
– Linda Crane
1 The prize is awarded by ACM SIGACT and by IEEE Computer Society's Technical Committee on the Mathematical Foundations of Computing. Prizes are awarded in alternation at the ACM Symposium on Theory of Computing and at the IEEE Symposium on Foundations of Computer Science, which are among the most prestigious conferences in theoretical computer science. In contrast with the Gödel Prize, which recognizes outstanding papers, the Knuth Prize is awarded to individuals for their overall impact in the field.
NimbleDroid speeds up Android apps
CS startup NimbleDroid pinpoints issues that slow performance in Android apps so developers can make their apps run faster.
1 The prize is awarded by ACM SIGACT and by IEEE Computer Society's Technical Committee on the Mathematical Foundations of Computing. Prizes are awarded in alternation at the ACM Symposium on Theory of Computing and at the IEEE Symposium on Foundations of Computer Science, which are among the most prestigious conferences in theoretical computer science. In contrast with the Gödel Prize, which recognizes outstanding papers, the Knuth Prize is awarded to individuals for their overall impact in the field.
Add to GMail