Lincoln Laboratory honored for transfer of security-enhancing technologies
The Federal Laboratory Consortium for Technology Transfer (FLC) awarded their 2021 Excellence in Technology Transfer Award for the Northeast region to two Lincoln Laboratory technologies developed to improve security. The first technology, Forensic Video Exploitation and Analysis (FOVEA), is a suite of analytic tools that makes it significantly easier for investigators to review surveillance video footage. The second technology, Keylime, is a software architecture designed to increase the security and privacy of data and services in the cloud.
Both technologies have transitioned to commercial use via license or open-source access. “These Federal Laboratory Consortium awards are an acknowledgement that the advanced capabilities developed at MIT Lincoln Laboratory are valued, not only for their contribution to enhancing national security, but also for their value to related private-sector needs,” says Bernadette Johnson, the chief technology ventures officer at Lincoln Laboratory. “Technology transfer is considered an integral element of the Department of Defense’s mission and is explicitly called out in the laboratory’s Prime Contract and Sponsoring Agreement. The transfer of these two technologies is emblematic of the unique ‘R&D-to-rapid-prototyping’ transition pipeline we have been developing at Lincoln.” Speeding up video review
The FOVEA program first began under sponsorship from the Department of Homeland Security (DHS) to address the challenge of efficiently reviewing video surveillance footage. The process of searching for a specific event, investigating abandoned objects, or piecing together activity from multiple cameras can take investigators hours or even days. It is especially challenging in large-scale closed-circuit TV systems, like those that surveil subway stations.
The FOVEA suite overcomes these challenges with three advanced tools. The first tool, video summarization, condenses all motion activity into a visual summary, transforming, for example, an hour of raw video into a three-minute product that only highlights motion. The second tool, called jump back, automatically seeks a portion of the video when an idle object, such as a backpack, first appeared.
The third tool, multi-camera navigation and path reconstruction, allows an operator to track a person or vehicle of interest across multiple camera views. Notably, FOVEA’s analytic tools can be integrated directly into existing video surveillance systems and can be processed on any desktop or laptop computer. In contrast, most commercial offerings first require customers to export their video data for analysis and to purchase proprietary server equipment or cloud services.
“The project team worked very hard on not just the development of the FOVEA prototype, but also packaging the software in a way that accommodates hand-off to third-party deployment sites and transition partners,” says Marianne DeAngelus, who led the development of FOVEA with a team in the Homeland Sensors and Analytics Group. Under government sponsorship, the developers first deployed FOVEA to two mass transit facilities. Through participation in an MIT-led Innovation-Corps program, the team then adapted the technology into a commercial application.
Doradus Lab, Inc. has since licensed FOVEA for security surveillance in casinos. “Though FOVEA was originally developed for a specific use case of mass transit security, our tech transfer to industry will make it available for a broader set of security applications that would benefit from accelerated forensic analysis of surveillance video. We and our DHS sponsor are happy that this may lead to a wider impact of the technology,” adds Jason Thornton, who leads the technical group. Putting trust in the cloud
Keylime is making it possible for government and industry users with sensitive data to increase the security of their cloud and internet-of-things (IoT) devices. This free, open-source software architecture enables cloud customers to securely upload cryptographic keys, passwords, and certificates into the cloud without divulging these secrets to their cloud provider, and to secure their cloud resources without relying on their provider to do it for them. Keylime started as an internal project funded through Lincoln Laboratory’s Technology Office in 2015.
Eventually, the Keylime team began discussions with RedHat, one of the world’s largest open-source software companies, to expand the technology’s reach. With RedHat’s help, Keylime was transitioned in 2019 into the Cloud Native Computing Foundation as a sandbox technology with more than 30 open-source developers contributing to it from around the world. Most recently, IBM announced its plans to adopt Keylime into its cloud feet, enabling IBM to attest to the security of its thousands of cloud servers.
“Keylime’s transfer and adoption into the open-source community and cloud environments helps to empower edge/IoT and cloud customers to validate provider claims of trustworthiness, rather than needing to rely solely on trust of the underlying environment for compliance and correctness,” says Charles Munson, who developed Keylime with former laboratory staff member Nabil Schear and adapted it as an open-source platform with Luke Hinds at RedHat. Keylime achieves its cloud security by leveraging a piece of hardware called a TPM, an industry-standard hardware security chip. A TPM generates a hash, a short string of numbers representing a much larger amount of data, that changes significantly if data are even slightly tampered with.
Keylime can detect and react to this tampering in under a second. Before Keylime, TPMs were incompatible with cloud technology, slowing down systems and forcing engineers to change software to accommodate the module. Keylime gets around these problems by serving as a piece of intermediary software that allows users to leverage the security benefits of the TPM without having to make their software compatible with it.
Transferring to industry The transition of Lincoln Laboratory’s technology to industry and government is central to its role as a federally funded research and development center (FFRDC). The mission of the FLC is to facilitate and educate FFRDCs and industry on the process of technology transfer.
More than 300 federal laboratories, facilities, research centers, and their parent agencies make up the FLC community. The transfer of these FLC-awarded technologies was supported by Bernadette Johnson and Lou Bellaire in the Technology Ventures Office; David Pronchick, Drinalda Kume, Zachary Sweet, and Jayme Selinger of the Contracting Services Department; and Daniel Dardani in MIT’s Technology Licensing Office, along with the technology development teams. Both FOVEA and Keylime were also awarded R&D 100 Awards in 2020, acknowledging them among the year’s 100 most innovative technologies available for sale or license.
The FLC will recognize the award recipients at a regional meeting in October.