Name: 
CHAN Pui, Barbara
Title ( post ): 
Professor
Department: 
Biomedical Engineering
email: 
bpchan [at] cuhk.edu.hk
phone: 
3943 0509
website: 
https://www2.sbs.cuhk.edu.hk/en-gb/people/academic-staff/prof-chan-pui-barbara
Avatar: 
Class: 
faculty_member
glossary_index: 
C

CUHK research team reveals vulnerabilities in enterprise networking services and mobile facial recognition systems

Date: 
2023-10-26
Thumbnail: 
Body: 
  • 11 out of 18 mobile facial recognition software development kits have security flaws. 
  • 63 out of 132 VPN front-end apps have serious vulnerabilities.
  • Out of more than 2,000 colleges and universities worldwide, 86% instruct users to adopt unsafe Wi-Fi settings on at least one device platform.
 
The use of facial recognition technology has become prolific, and with the rise of Wi-Fi and virtual private networks (VPNs), their security has become a hot-button topic. Two research teams from The Chinese University of Hong Kong (CUHK)’s Department of Information Engineering have recently revealed security vulnerabilities in mobile facial recognition software and enterprises’ Wi-Fi and VPN setups that have a real-world impact.
 
Bypassing facial identification in mobile apps is easier than previously thought
 
Users’ identity documents and selfies are easily stolen and sold on the black market, allowing them to be used for identity fraud. To prevent this from happening, most facial recognition systems require users to perform actions such as blinking or shaking their heads, known as liveness detection. While many researchers have studied deepfake or 3D mask attacks that target machine learning models, few have addressed the protocol design or implementation issues in facial recognition systems that can enable low-cost, easy-to-scale attacks. 
 
A research team led by Professor Lau Wing-cheong from the Department of Information Engineering analysed 18 mobile facial recognition software development kits (SDKs), including those from industry leaders, and revealed security flaws in 11 of them that can result in liveness detection bypasses. After building an automatic app analyser to scan more than 18,000 apps, CUHK researchers found that around 300 contained at least one of the vulnerable facial recognition libraries. By exploiting design flaws in the SDKs, an attacker can circumvent facial identification using only static photos of the victim.
 
The research team has provided security tips for the design of app facial recognition systems and contacted the software companies about the vulnerabilities. The team recently presented its findings at the Black Hat USA 2023 conference, under the title “The Living Dead: Hacking Mobile Face Recognition SDKs with Non-Deepfake Attacks”. 
 
Safety tips for the design of facial recognition systems:
  • Perform cloud-based liveness detection when possible. Never trust client-side results.
  • Defense in depth: adopt multiple layers of security control; enforce robust client protection, including app hardening and anti-debugging.
  • Properly encrypt configurations and data that are exchanged between library, app and server during the facial recognition process.
 
Insecure enterprise Wi-Fi & VPNs allow attackers to compromise passwords and devices
 
Many employers provide their employees with enterprise Wi-Fi and VPN services, making it easier for them to use mobile devices such as laptop computers and smartphones to work on the go. To better understand their security issues, a research team led by Professor Chau Sze-yiu from the Department of Information Engineering conducted in-depth testing and analysis of enterprise Wi-Fi and VPNs. 
 
With enterprise Wi-Fi, the research team discovered several design and implementation flaws in mainstream operating systems, which force users to adopt insecure wireless network settings, making them susceptible to attacks. The team also analysed more than 7,000 Wi-Fi setup guides from more than 2,000 colleges and universities around the world and found that about 86% instruct users to adopt unsafe Wi-Fi settings on at least one mainstream operating system. Due to these unfortunate oversights from software vendors and IT admins, attackers can steal users’ passwords using low-cost Wi-Fi impersonators. 
 
With VPNs, the research team tested 132 front-end applications used around the globe and found serious yet previously unknown vulnerabilities in 63. These vulnerabilities allow hackers to steal user passwords easily and stealthily. In addition, the front-end applications of some VPN products allow a network attacker to execute arbitrary malicious code with high privileges on the user’s device, compromising the entire system. The research team also analysed about 2,000 VPN user manuals from universities worldwide and found configuration issues in more than 300 of them, which could make users fall into traps and have their passwords stolen by hackers. 
 
Given the severity of these findings, the research team has made various safety recommendations to people affected and informed a number of local and foreign institutions about the defects. This research has led to the publication of three papers at well-known international academic conferences. The team was given the Best Paper Award at the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2023). 
 
Safety tips for enterprise Wi-Fi and VPNs. 
  • For vendors: good products are not just about functionality and usability; they need to be designed carefully to nudge users into choosing secure settings, and also tested thoroughly to prevent implementation defects that can reduce security.
  • For IT admins: when it comes to educating users, it is important to teach them not only how to make things work, but also how to make things safe. Think about scenarios where the unexpected can happen and teach users how to deal with them properly. 
  • For users: although it can be very tempting, blindly clicking buttons like “OK”, “Connect” and “Accept” is generally bad practice. Try to understand the potential implications before giving in to the convenience. When in doubt, talk to IT admin and ask questions. 
 
Appendix
 
Please click the links below for the conference briefing and papers.
 
 

 

A low-cast, portable Evil Twin (ET) attack setup

Professor Chau Sze-yiu’s team won the Best Paper Award at the 16th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2023)

Different types of liveness detection schemes used by facial recognition systems

From left: Professor Lau Wing-cheong and Professor Chau Sze-yiu

 

Filter: Dept: 
Faculty
IE
Media Release

55 Engineering Professors listed as World's Top 2% Scientists by Stanford University

Date: 
2023-10-24
Thumbnail: 
Body: 
55 Engineering professors, i.e., more than one-third of the academic staff of the Faculty of Engineering, are listed as the world’s top 2% most-cited scientists by Stanford University in its recently updated science-wide author database.   3 of them are ranked among the top 100 of their respective fields. This recognition manifests the substantial impacts of the research accomplished by the Faculty members, and hence their research strengths worldwide. 
 
Stanford University published in October 2023 its updated database (version 6) of the top 2% scientists that are most widely cited till end of citation year 2022. In this update of the database, over 100,000 top worldwide scientists in 22 scientific fields and 174 sub-fields are ranked. The ranking is twofold: the scientists’ career-long citation impacts up to the end of 2022 and their impacts specific to the year 2022. Among the 55 Engineering professors of CUHK, 54 of them are on the career-long ranking list, and 42 are on the list of the single-year impacts in 2022. The ranking in the database is based on various indicators, for instance the number of citations they received, their individuals’ scientific research output, and citations to papers in different authorship positions.
  
The database could be downloaded at: https://elsevier.digitalcommonsdata.com/datasets/btchxktzyw/6. This version of the database details out various standardized citation metrics of individual top-cited scientists, such as h-index, co-authorship adjusted hm-index and a composite indicator (c-score), according to the 1 October 2023 snapshot of the data updated to end of citation year 2022 by Scopus, an abstract and citation database covering over eight million records of scholarly literature across a wide variety of disciplines.  
 
A list of the aforementioned 55 Engineering professors is available here.  Congratulations to our Faculty members!
 

 

Filter: Dept: 
Faculty

CUHK and HKMA sign MoU to establish CBDC Expert Group

Date: 
2023-10-20
Thumbnail: 
Body: 
The Chinese University of Hong Kong (CUHK) together with four other local universities, signed a Memorandum of Understanding (MoU) with The Hong Kong Monetary Authority (HKMA) on 20 October 2023 for the establishment of a Central Bank Digital Currency (CBDC) Expert Group in supporting the foster of collaboration and exchange on CBDC research between the practitioner and the academia. 
 
The MoU was signed by Prof. Hon Ki TSANG, Interim Dean of the Faculty of Engineering of CUHK and Mr Colin POU, Executive Director (Financial Infrastructure) of HKMA. 
 
Professor Tsang remarked, “It is our honour to be a part of the CBDC Expert Group, working alongside the HKMA and other experts to address key policy and technical issues in CBDC research. The Faculty of Engineering is recognized for our excellence in research. With our experts in Engineering and FinTech, we are delighted to witness the development and enhancement of CBDC research with our advanced technologies.” 
 
Through the establishment of the CBDC Expert Group, experts from a range of disciplines, including business, computer science, economics, finance, and law are brought together with the aim to foster collaboration and knowledge exchange on CBDC research work. Under the MoU, the group will support the exploration of key policy and technical issues surrounding CBDC, and offer advices, training sessions, and workshops pertaining to CBDC and related fintech topics to the HKMA.
 

Professor Hon Ki Tsang (right) and Mr Colin Pou (left) signed the MoU.

 

 

Filter: Dept: 
Faculty
Media Release

MPhil/PhD Virtual Information Session 2023 - Faculty of Engineering

Date: 27 Oct 2023 (Friday)
Time: 4:30pm - 5:45pm (Hong Kong Time)
Mode of Delivery: Online via ZOOM
Registration Deadline: 5pm, 26 Oct 2023
 
Rundown:
• Brief Introduction of the Faculty of Engineering by Associate Dean (Research)
• Brief Introduction of Engineering MPhil/PhD Programmes by Vice-Chairmen (Graduate) or Programme Representatives 
   -- MPhil-PhD in Biomedical Engineering
   -- MPhil-PhD in Computer Science and Engineering
   -- MPhil-PhD in Electronic Engineering
   -- MPhil-PhD in Information Engineering
   -- MPhil-PhD in Mechanical and Automation Engineering
   -- MPhil-PhD in Systems Engineering and Engineering Management
• Q&A
Venue
online via Zoom [registration link: https://cloud.itsc.cuhk.edu.hk/webform/view.php?id=13673728]
Date: 
Friday, October 27, 2023
Time
Friday, October 27, 2023 to 17:45
e_title: 
MPhil/PhD Virtual Information Session 2023 - Faculty of Engineering
Not Available
Allow Regsiter: 

港中大廖維新獲達文西獎 為首位獲獎香港學者

香港新聞網9月18日電 香港中文大學18日公佈,機械與自動化工程學系系主任廖維新最近獲美國機械工程師學會(ASME)設計工程分部頒發2023年達文西獎,是該獎項創立45年來首位獲獎的香港學者。

Date: 
Monday, September 18, 2023
Media: 
HKCNA
Media LInk: 
http://www.hkcna.hk/docDetail.jsp?id=100472185&channel=5531

表揚運動輔助設計發明 中大學者獲美達文西獎

為表彰在設計和發明人體運動輔助器械和設備的傑出貢獻,及對義肢、外骨骼、智能手表等發展的重要影響,美國機械工程師學會(ASME)設計工程分部今年8月向中大機械與自動化工程學系系主任廖維新(圖),頒發2023年達文西獎,廖為該獎創立45年來首位獲獎的香港學者。

Date: 
Tuesday, September 19, 2023
Media: 
MingPao Daily
Media LInk: 
https://news.mingpao.com/pns/%E6%95%99%E8%82%B2/article/20230919/s00011/16950569…

CUHK Professor Liao Wei-hsin wins Leonardo Da Vinci Award 2023

Date: 
2023-09-18
Thumbnail: 
Body: 

The first awardee from Hong Kong to receive the honour

Professor Liao Wei-hsin, Chairman of The Chinese University of Hong Kong (CUHK)’s Department of Mechanical and Automation Engineering, recently won the 2023 Leonardo Da Vinci Award from the Design Engineering Division of the American Society of Mechanical Engineers (ASME). Professor Liao is the first scholar from Hong Kong to win the ASME Leonardo Da Vinci Award in its 45-year history.

The ASME commended Professor Liao for his outstanding contributions to the design and invention of machines and devices for human motion assistance, with applications in prostheses, exoskeletons and wearables such as smartwatches and wristbands.

Professor Rocky S. Tuan, Vice-Chancellor and President of CUHK, congratulated Professor Liao, remarking, “This prestigious accolade is a fine tribute to Professor Liao’s contributions to the design and invention of machines and devices for human motion assistance. His commitment to technological advancement has been a great inspiration to the global community. The University and I are proud of his achievements and passion for innovation.”

Professor Liao said, “I am honoured to have received the award from the ASME. This is a recognition of our research and achievement in machine design, and I am grateful to the University for all the support over the years. I hope our invention will make an impact on society and inspire the next generation of youngsters.”

Inventions that get people moving

Professor Liao has led his team to important advances in machine design over the years, in particular three inventions for human motion assistance: a powered ankle-foot prosthesis, a magneto-rheological series elastic actuator for robotic exoskeletons, and human motion energy-harvesting apparatus and conversion.

The powered ankle-foot prosthesis developed by the team can provide net power to the wearer. The wearer can use it to regain a gait that is smoother and more natural, and the human effort in walking can be reduced by 15% or more compared with commercially available passive prostheses. The magneto-rheological (MR) series elastic actuator for exoskeletons can generate large controllable braking torque while consuming little energy. Novel MR actuators can improve energy efficiency by 53% and prolong the working time of batteries by up to 112%. The output power and power density of the embedded generator are more than 10 times higher than those of the existing products.

Furthermore, the lightweight energy harvester was developed to capture biomechanical energy from the motion of the human knee and convert it to electricity that can be used to power wearable electronics such as smart watches. This revolutionary device made possible the dream of generating an inexhaustible and sustainable power supply just from walking.

These innovative designs won three gold and three silver medals at the International Exhibition of Inventions Geneva between 2018 and 2022.

 

Appendix

Biography of Professor Liao Wei-hsin

Professor Liao is an international expert in mechanical engineering. Since 1997, he has been with CUHK, where he is currently the Choh-Ming Li Professor of Mechanical and Automation Engineering, the Chairman of the Department of Mechanical and Automation Engineering, and the Director of the Institute of Intelligent Design and Manufacturing. Striving for an innovative spirit, his research has led to the publication of more than 380 papers in international journals and conference proceedings, and 25 patents.

About the Leonardo Da Vinci Award

The Leonardo Da Vinci Award was established in 1978 to recognise eminent achievement in the design or invention of a product which is universally recognised as an important advance in machine design. The award is granted annually by the ASME, and is named after 15th and 16th century inventor Leonardo Da Vinci.

About the American Society of Mechanical Engineers (ASME)

Founded in 1880, the ASME promotes the art, science and practice of multidisciplinary engineering and allied sciences around the globe. With more than 85,000 members in over 135 countries, the ASME is a not-for-profit professional organisation that enables collaboration, knowledge sharing and skill development across all engineering disciplines, while promoting the vital role of the engineer in society.

Professor Liao Wei-hsin

Professor Liao Wei-hsin (centre) received the certificate of the Leonardo Da Vinci Award at the ASME International Design Engineering Technical Conferences and Computers and Information in Engineering Conference in August 2023.

 

Filter: Dept: 
Faculty
Media Release

CUHK develops magnetic hydrogel micromachines with on-demand reactive oxygen species release for anti-biofilm treatment

Date: 
2023-09-14
Thumbnail: 
Body: 

A Chinese University of Hong Kong (CUHK) collaborative research team achieved a breakthrough in magnetic microrobots. The team, led by Professor Zhang Li from the Department of Mechanical and Automation Engineering in CUHK’s Faculty of Engineering, has developed magnetic hydrogel micromachines that can combat biofilm within small tubular medical implants. Featuring new on-demand reactive oxygen species (ROS) releasing technology, the micromachines open up the possibility of applying the treatment to a broader range of body parts, especially hard-to-reach regions deep inside the body. The findings have been published in the scientific journal Advanced Intelligent Systems and highlighted in Advanced Science News.

 

Biofilm infection in medical implants is difficult to tackle

Biofilms are slimy films composed of microorganisms and the substances produced by them. They act as a physical barrier that protects the bacteria from antibiotics, making it difficult to completely eliminate them. Biofilms can grow on various surfaces, including medical implants such as artificial tubes inserted into the human body during treatment. Unlike body organs, which are protected by the immune system, antibiotic implants are prone to the growth of biofilms.

Medical implants are often located in hard-to-reach locations in the human body, creating challenges for effective treatment of biofilm infections. Antibiotics used to be effective means to treat microbial infections, but the emergence of antibiotic-resistant bacteria and the overuse of antibiotics in recent years has made it necessary to develop new approaches to treat microbial infections without using them.

 

Micromachines that are designed for tiny tubular structures

The magnetic hydrogel micromachines are designed to disrupt the biofilm mechanically and to control the release of antibacterial agents to inactivate the bacteria. Professor Zhang explained, “The microrobotic platform we have developed can navigate the magnetic micromachine to the desired location with external magnetic fields. The mechanical force induced by the micromachines can break up biofilms physically and the chemical agents released locally can treat the biofilm more effectively.”

Professor Tony Chan Kai-fung, Research Assistant Professor of the Chow Yuk Ho Technology Centre for Innovative Medicine in CUHK’s Faculty of Medicine, added, “The previously developed helical microrobot was designed to be used in ear tubes. The current design of the magnetic hydrogel micromachines is a long shape, with the capability of controlled ROS delivery in a localised region. We tested the micromachine for the eradication of Escherichia coli and Bacillus cereus biofilms in curved and tiny tubes, which simulate the narrow lumens in the body like the implants and catheters used in medical treatments.”

“The micromachines may be applied to biofilm treatments for a wider range of body regions, including biliary stents and urinary catheters for urinary tract diseases. It is also possible to use micromachines for targeted drug delivery in the tiny and tortuous lumens inside the human body.”

 

Drug loading and on-demand release function

The micromachines contain tiny hydrogel compartments inside them that are able to store antibacterial agents. When the soft, wet, biocompatible hydrogel is heated above its lower critical solution temperature of about 32°C, it expels the liquid it carries, making it a great candidate for various biomedical applications.

Professor Zhang explained, “Thermosensitive hydrogel has been widely investigated as a carrier for controlled drug release. Previously, our team conducted a study that incorporated iron particles into the thermosensitive hydrogel to make it responsive to an external magnetic field. We then further utilised this to construct the magnetic micromachine to fight biofilms.

“The magnetic hydrogel carries hydrogen peroxide solution, which acts as an antibacterial agent in the procedures.” Professor Chan added, “The new drug loading function, combined with mechanical disruption, reduces the amount of antibacterial agents used to treat the biofilm and ensures effective treatment. Besides, the controlled release of hydrogen peroxide in a localised region also minimises the impact on surrounding healthy tissues, as well as the side effects of the treatment.”

Professor Zhang said, “We are now discussing suitable, significant application scenarios with our medical partners, and planning for further animal experiments with the microrobotic technology. At the same time, we are working on human-scale magnetic actuation systems compatible with clinical imaging modalities for clinical application in patients. In addition, we are also working with non-medical collaborators and industrial partners to apply microrobots to environmental and industrial applications.”

Professor Zhang Li (left) and Professor Tony Chan Kai-fung.

The magnetic hydrogel micromachines can combat biofilm within small tubular medical implants.

Driven by the external magnetic field, the micromachine moves to the biofilm location with a wobbling motion.

The micromachines can disrupt the biofilm mechanically and kill bacteria cells by catalysing the released hydrogen peroxide solution.

Filter: Dept: 
Faculty
Media Release

中大研磁性水凝膠微型機械人 可人體清除聚積細菌菌膜毋須開刀

中大工程學院團隊研發磁性水凝膠微型機械人,可深入人體清除聚積細菌的菌膜,毋須開刀做手術。
 
不少手術都會在人體植入支架管道,但容易滋生細菌,甚至形成菌膜,令身體出現感染...
Date: 
Thursday, September 14, 2023
Media: 
TVB News
Media LInk: 
https://news.tvb.com/tc/focus/6502e8437a1c5753126d8a6a

Pages