Facebook has awarded a series of grants to researchers working in areas including cryptography and encrypted messages, and analysis of malicious activity, including hijacked Facebook accounts.
Facebook’s outgoing chief security officer, Alex Stamos, yesterday awarded $800,000 to the 10 winners of its Secure the Internet grants, the social media giant announced in January.
The $800,000 is part of Facebook’s $1million award for security and privacy related projects that were available to universities and other research organizations, officially called the “Security the Internet Grants”.
Stamos announced the awards at the BlackHat US security conference in Las Vegas. The social network promised the $1m in awards to researchers with proposals for abuse detection and reporting, anti-phishing, and ideas for something better than passwords.
The $800,000 will be divided among 10 winning proposals, with two organizations winning $100,000 grants, and the remainder gaining smaller sums.
SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)
The first $100,000 grant went to researchers from Portland-based Galois, Inc. for its plan to build a verification toolchain for C++ cryptographic libraries.
The tool will help “verify the HKDF key derivation algorithm from two C++ implementations” of the recently IETF-approved Transport Layer Security (TLS) v1.3, including the open-source Botan library and Facebook’s internal implementation, its proposal abstract notes. Facebook’s implementation, dubbed Fizz, was open sourced this week.
The other $100,000 grant was awarded to the Beirut, Lebanon-based Social Media Exchange Association, which submitted a proposal “for “Enhancing Online & Offline Safety During Internet Disruptions in Times of War”.
The group is aiming to understand the impact of internet outages on “the effects of internet disruptions on people’s physical safety and security in times of war in a variety of contexts” and how people can workaround these disruptions.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
A researcher from the University College London was awarded $92,000 for “data-driven study” on how attackers use hijacked Facebook accounts, and discovering better ways to mitigate the hijackings.
New York-based Clarkson University were awarded $75,000 to developed a behavior-based biometrics system that would be used to detect imposters after they log-in.
“We propose to develop behavior-based authentication, where user profiles consist of identifiers derived from user interactions with desktop and mobile devices (e.g. keystrokes, mouse, swipes),” their abstract stated. Another $80,000 grant will also look at improving encrypted messaging.
Facebook will award the remaining $200,000 to researchers through the Internet Defense Prize at the USENIX Security Symposium on August 15.
PREVIOUS AND RELATED COVERAGE
Europe’s top court has just blown a big hole in Facebook’s fan-page terms
New CJEU ruling in Facebook case could have “far-reaching effects” for GDPR contracts.
GDPR attacks: First Google, Facebook, now activists go after Apple, Amazon, LinkedIn
Just days after the new law comes into force, privacy activists add more tech giants to their list of GDPR targets.
Facebook’s delicate dance between privacy and shareholder value (TechRepublic)
Most people or business decision-makers don’t have the time or energy to care about Facebook privacy, said Alex Feinberg, but they should.
North Korea’s hackers are re-using old code to build new attacks
One of the world’s most notorious cyber warfare operations has been cutting corners – but it hasn’t dented their potency.
BIND DNS software vulnerability which could lead to DoS attacks exposed
The bug impacts multiple versions of the open-source software.
Infowars and Alex Jones test limits of free speech on Twitter, Facebook, YouTube, Apple (CNET)
FAQ: The conspiracy theorist extraordinaire becomes the center of a debate about free speech and the internet. Here’s what you need to know.