Cornell Tech Students Build Cybersecurity Tools in Product Studio
As people get increasingly dependent on using technology to control aspects of daily life from ordering on-the-go coffee to tracking circadian rhythms at night, cybersecurity has become paramount for large organizations and individual users to protect the data created.
Leading companies and organizations in New York City tasked Cornell Tech students to develop innovative technology solutions to their respective cybersecurity challenges. Interdisciplinary Product Studio teams collaborated throughout the fall semester and demonstrated their final prototype — backed by user research and strategy — to key stakeholders.
Here are three solutions Cornell Tech students built:
Blockchain Banking & Marketing Advisors asked: How might we understand cryptocurrencies to help startups launch initial coin offerings that are compliant, valuable, and relevant to the business and customers needs?
The initial public offering (IPO) process has existed for centuries, but the cryptocurrency counterpart is still in its infancy. Initial Coin Offering (ICO) is an unregulated way of crowd-fundraising using cryptocurrencies. The amount of money raised through ICOs has exploded in recent years, but there is still a lot of distrust in the process.
A team of Cornell Tech masters students worked with Blockchain Banking & Marketing Advisors (BBMA), a firm that helps companies manage the initial coin offering process, to try to improve trust in the ICO process.
Cyrus Ghazanfar, Master in Computer Science ‘19 said, “ICOs aren’t subject to the same laws and regulations as IPOs. IPO buyers usually have a vesting period for the shares so they don’t take advantage of the market. It is pre-regulated. That doesn’t exist in the ICO market.”
Some companies participate in an ICO lock-up period, similar to the traditional IPO lock-up period, to ensure that insiders who purchased the stock before the company went public can’t liquidate their assets right away and, in doing so, destabilize the market. However, Ghazanfar explains that there was no way to ensure that the funds were locked during an ICO lock-up period due to the unregulated nature of it.
The cross-disciplinary team from Cornell Tech built Vestvault, a client-facing user interface that leverages smart contract technology to allow founders and other executives within a company to enter the specifications of the shareholder distribution without needing to code. The smart contract vests the tokens to the specified shareholders over time automatically and without the need for a third party. The information they submit is automatically used to generate and upload a smart contract to the blockchain and all users can transparently view any activity in real time to ensure the lock-up period is maintained. The funds are instantly released when the lock-up period ends.
“This solution is completely decentralized. You don’t need to trust a third party,” said Ghazanfar, “It is the rule of the code. It is a completely autonomous end-to-end solution.”
The most difficult part of building the technology — which relies on coding languages Solidity and Python — was making sure that the smart contract securely and correctly transfers value between “wallets,” Pooja Kale, Masters in Computer Science ’19 said. In the past, companies have lost millions of dollars because of buggy code, according to Ghazanfar.
The team, which also includes Jim Campbell, Johnson Cornell Tech MBA ‘19, and Kibum “George” Byun, Master of Laws in Law, Technology and Entrepreneurship ‘19, may continue to work on their project after graduation and they have already generated interest from meetups they’ve attended and introductions to industry leaders.
Citigroup asked: How might we realize the benefits of shared data and computational models amongst untrusted parties while maintaining the security and privacy of each party and their data?
Cornell Tech students worked with Citigroup to create a prototype that would address anti-money laundering when financial institutions share bank client transaction data. Although the data is not sold or disclosed between financial institutions, it is used to train a model that all of the institutions can access. As soon as the model is built, the data is erased from the local memory. Their product, datawall, enables institutions to share machine-learning models securely.
They built a privately distributed machine-learning platform, enabling the marketization of data that allows multiple financial institutions to work together to train and use machine-learning models. “Central to this framework is the use of smart contracts that executes payment and compensation transactions between the parties per the terms of the contract for any inferences generated by a party querying the model,” said Peng.
“Through this business model innovation, datawall becomes a platform that enables the monetization of data assets and the creation of an inference-as-a-service marketplace,” Peng said. “In addition to a flexible architecture that allows for easy integration of newer security technologies, datawall includes security features such as data validation to protect against security threats such as data poisoning and breaches.”
“The price [financial institutions] pay to access the data and the payout every time a query is used is based on the amount of data [the firm] contributes and the value of the data,” said Daniel Nissani, Technion-Cornell Dual Master’s Degrees in Connective Media ‘20.
The team, which also includes Anthony Bisulco, Master in Electrical and Computer Engineering ’19 and Wei Duan, Master in Computer Science ’19, plans to continue to work on the project and have already had one venture capital meeting. Datawall would generate revenue as a percentage fee on all transactions.
Roku asked: How might we gain the trust, not just consent, of consumers to use their data for personalizing their ad-viewing experience:
Roku tasked Cornell Tech students with helping consumers feel more comfortable sharing their data with the company. At first, the team had trouble assessing if viewers trusted Roku. But then they realized, “You don’t need to say how much you trust a company, but you will show your trust based upon how much you use the product,” said Sergio Campos, Master of Laws in Law, Technology and Entrepreneurship ’19. The team, advised by Ben Biddle and Michael Gladstone from Roku, decided to create a unique ad experience that provides users with more relevant and valuable ads.
“Our theory is that if we give people control of when they engage to see ads and make those ads relevant and personalized, they’ll get more of what they want, our algorithm will get better at giving them what they want, and as a result, trust will be built,” said Ryan Sydnor, Johnson Cornell Tech MBA ‘19.
KonnActAd was different from other products in the clinic because it did not exclusively address technical security. “There was an element of ‘social security.’ If there is a group of people in my living room watching my TV and it personalizes embarrassing ads for me, is that acceptable? No, of course not! That would erode trust,” said Sydnor. “Professor Ristenpart was the first to pick up on this and was happy to dive into both technical and social implications of security. His ability to see multiple perspectives on the problem is something that stood out to me about him.”
The team, which also includes Zhenwei Zhang, Technion-Cornell Dual Master’s Degrees in Connective Media ‘20, and Roger Wang, Master in Computer Science ‘19, may continue to work on the project. Campos says that the interdisciplinary team and collaborative experience taught them all new skills — he even submitted his first line of code to GitHub. Instead of sticking to their individual skill sets, they made all decisions together, taught each other, and provided regular feedback.