Hopkins Mechanical Engineering students Partner with the Information Security Institute to Assess Security of Authentication System

March 19, 2018

Senior Mechanical Engineering (ME) students have developed an authentication and authorization system that will be used to grant or deny access to machinery in the Whiting School’s machine shop.  In order to use a machine in the machine shop, a person must have been trained on that machine and have a budget to which machine time can be charged.  This system will automate the verification of training and budget.

As part of the development effort, Geordan Gutow (ME) and his team reached out to JHUISI’s Senior Security Engineer, Joe Carrigan.  “I met with Geordan and his team to review the security of the system they’ve developed.  They have taken security into consideration from the start, which is great.  Geordan and his team are concerned with ability of an attacker to circumvent the authentication and authorization the system provides.  I recommended that they allow our students to test the security of the system of the system.”

When Carrigan asked for student volunteers the response was huge.  “I was expecting to have four to five students interested.  I got enough volunteers to build four teams of four and five students each.”  He asked JHUISI students and students on the CTF team.

The team leaders from the four JHUISI teams toured the WSE machine shop to see the system in its production environment.  A copy of the system has been set up on the JHUISI network and the penetration tests will begin soon.

JHU Information Security Institute