Demo Day

From L to R: Bo Rotoloni, co-director of the IISP; Harold Solomon, principal, VentureLabs; Rob Callan, postdoctoral researcher; Jeff Garbers, principal, VentureLabs; Farnaz Behrang, Ph.D. student; Dr. Wenke Lee, co-director of the IISP, and Thiago Olson, fintech entrepreneur-in-residence, ATDC. Photo by Anthony Stalcup Photography


Method for Detecting Malware with Electromagnetic Emanations Wins $5,000

Atlanta  |  Apr. 17, 2017 — Consumer electronics and IoT devices are challenging to secure because they rely on low-power processors with limited options for security software. A lack of standardization across hardware, software, and development environments makes it difficult to deploy or update security software.

Georgia Tech's Rob Callan, a post-doctoral researcher, and Ph.D. Student Farnaz Behrang brought the winning cybersecurity solution with a new approach for detecting malware in embedded devices. The pair landed 1st Place and $5,000 toward commercialization at the Institute for Information Security & Privacy's "Demo Day Finale" with a method to monitor radio frequency emissions ("electromagnetic emanations") and help detect unwanted code or hijacks.

The method first characterizes electromagnetic emanations generated by software running on an uncompromised device. To protect another device against intrusions, Callan and Behrang continually monitor its EM emanations, and when those differ from the uncompromised device, they examine for a possible hack. This approach separates (or "air-gaps") the monitor from the device being monitored.

Judges at Demo Day Finale immediately saw numerous applications for commercialization.

"Healthcare is a dream problem set for this method because countless devices roll in and each from its own maker," says Jeff Garbers, a Demo Day Finale judge and principal at VentureLabs. "These types of devices are rarely updated or known when they are out of compliance, and there is no sensor smart enough to tell if the software inside is failing."

The method by Callan and Behrang is an evolution of work that began under the direction of Georgia Tech faculty Milos Prvulovic and Alenka Zajic, who co-advise Callan in the School of Electrical & Computer Engineering. Knowing that "side channel" emanations could be read from a nearby device, the researchers further explored what the technique might reveal as a preventative measure for nuanced IoT, personal or embedded devices.

"We're grateful for the recognition and feedback, and we look forward to commercializing this research to solve tough cybersecurity problems in the near future," Callan said on behalf of his team.

Also winning $5,000 at Demo Day Finale was Ph.D. Candidate David Formby from the School of Electrical & Computer Engineering for another approach to preventing malware – this time in industrial control systems, such as water plants or utilities. Formby’s software suite won the 2nd Place prize of $3,000 from judges, plus a surprise nab as the audience favorite for the $2,000 People’s Choice Award.

“I was optimistic, but I didn’t expect to win both,” Formby cheerfully said after the event, posing with two prize checks and encircled by congratulatory students.

Formby is expected to graduate in Summer 2017 and already has formed a company, Fortiphyd Logic, to begin commercializing his invention. Callan graduated from Georgia Tech in December 2016 with a Ph.D. in electrical and computer engineering. Behrang is a Ph.D. student in the School of Computer Science, studying software evolution and testing. She is advised by Alessandro Orso.

About Demo Day
Each year, students are invited to compete before venture capitalists and industry leaders at the Institute for Information Security & Privacy's "Demo Day." Students bring initial research ideas to the fall Georgia Tech Cyber Security Summit, where public vote determines which projects are invited back in the Spring. Students return six months later at the Demo Day Finale for a TED-style talk about their developing project. A panel of business leaders and investors from across the United States advise students about future considerations for commercialization. Student research with the best chance of commercialization or demonstrating the most impact toward resolving an information security need receives a cash prize.

"The Institute for Information Security & Privacy wants to move good ideas to market," says Wenke Lee, co-director. "We know industry leans on academic researchers to raise new ideas and we lean on industry to take solutions to the public. Our hope is that by introducing students to business mentors early in the research timeline that we can help them naturally build productive relationships and reduce time to market. All students participating in Demo Day will benefit from the insight and critique of those closest to industry needs today."


1) Ph.D. Student Tianxin Tang presents a method for encrypted database search.  2) Ph.D. Candidate David Formby receives the 2nd Place prize of $3,000 from Co-Directors Bo Rotoloni (L) and Wenke Lee (R).  3) Rotoloni explains that moving university research out to market is one way the Institute for Information Security & Privacy is tackling "the grand challenge of our time" -- cybersecurity.  4) Ph.D. Student Marie Le Pichon was first to present with a method for improving privacy and security compliance challenges in research governing documents.  5) Judges Jeff Garbers, Thiago Olson, and Harold Solomon listen intently as they evaluate commercialization potential and presentation strength.  6) Formby explains a software suite designed to protect industrial control systems, such as water treatment plants or utilities.  7) Nader Sehatbakhsh explains how spectral profiling and monitoring could help detect malware in embedded or IoT devices.  8) Students discuss demonstration posters about cybersecurity concepts for commercialization.  9) Farnaz Behrang and Rob Callan were awarded not only 1st Place, but also high compliments for their presentation delivery.


Start Preparing for Fall '17

Wednesday, Sept. 27, 2017
3 - 3:30 p.m.

Georgia Tech Research Institute Conference Center
250 Fourteenth St. NW, Atlanta


Congratulations to all Spring '17 student finalists:

Marie Le Pichon
School of Computer Science
"Requirements Identification for IRB Protocols: The Challenges of Ubiquitous Computing and the Emergent Properties of Big Data"

Tianxin Tang
School of Computer Science
"Keyless Fuzzy Search for Data-based Access Control"

Rob Callan and Farnaz Behrang
School of Electrical & Computer Engineering and School of Computer Science
"Malware Detection Using Unintentional Electromagnetic Emanations"

Monjur Alam, Alireza Nazari and Nader Sehatbakhsh
School of Computer Science
"Spectral Profiling & Monitoring: An Observer-effect-free Method for Profiling and Dynamic Malware Detection"

David Formby
School of Electrical & Computer Engineering
"Under Control: Techniques for Securing Industrial Control Systems"




Thank you to all who participated in the preliminary round at the 14th Annual Georgia Tech Cyber Security Summit!

Taimour Wehbe, ECE
"Detecting Hardware Trojan Attacks on Chip Inputs Using Physiological Features"

Nagendra Posani, INFS
"Automatic Generation of Compact Alphanumeric Shellcodes for x86"

Qi Zhang, CS
"Tenants Attested Trusted Cloud Service"

Kangjie Lu, CS

Nader Sehatbakhsh and Alireza Nazari, CS
"Spectral Profiling: Observer-Effect-Free Profiling by Monitoring EM Emanations"

Rob Callan and Farnaz Behrang, ECE and CS
"Malware Detection Using Unintentional Electromagnetic Emanations"

Lei Yu, CS
"Dynamic Differential Location Privacy"

David Formby, ECE
"Under Control: Techniques for Securing Industrial Control Systems"

Athanasios Kountouras, CS and ECE
"Enabling Network Security through Active DNS Datasets"

M. Yusuf Ozkaya, CS
"Trust as a Service: A Trust Management Evaluation Framework"

Ravi Prakash Giri, INFS
"Cache-based Side-Channel Attacks on AES"

Bharat Srinivasan, CS
"IntelliX: A Cross-Channel Intelligence Platform to Protect Enterprise Assets and Brand Reputation"

Chaz Lever, CS
"Where the Insecure Things"

Yeongjin Jang, CS
"The Autonomous Malware Laboratory"

Marie Le Pichon, CS
"Requirements Identification for IRB Protocols: The Challenges of Ubiquitous Computing and the Emergent Properties of Big Data"

Tianxin Tang, CS
"Keyless Fuzzy Search for Data-based Access Control"