A secure and resilient digital transformation
Led by Carnegie Mellon University Africa, Upanzi leverages the strengths of the African Engineering and Technology (Afretec) network. Launched in September 2022, the Upanzi is funded by the Bill & Melinda Gates Foundation.
Upanzi is an Africa-based network of engineering research labs that is working towards a secure and resilient digital transformation on the continent. The network focuses on creating, testing, innovating, and assisting in implementing digital technologies at scale such as identity, payments, cybersecurity, cloud computing, data governance, artificial intelligence and machine learning, and influencing technology policy recommendations to support low- and middle-income countries.
- Build, experiment with, and contribute back to existing open-source digital technologies for the public good, and demonstrate technological solutions that can provide beneficial, cost-effective and interoperable digital services for Africans
- Implement secure, privacy-protecting, fair, resilient and trustworthy digital technologies
Enable a more inclusive digital technology environment through the development of digital services that are well-suitable to resource-constrained individuals and environments
- Empower users of digital technologies by building and promoting the development of human-centered digital solutions
- Build a network of existing African academic institutions that will act as trusted players where decision makers get trustworthy guidance about different technological solutions
Investigating MOSIP deployability and security
MOSIP is an open-source foundational digital ID system that allows users to enroll and get authenticated using their biometric credentials. While MOSIP as a DPG has the potential to deliver value to the digitalization of Africa, very few countries have successfully implemented it. The low adoption may be associated with the lack of publicly available MOSIP deployment guides, the difficulty in maintaining a MOSIP deployment, and the deficiencies of the official documentation. The aim of this project is to identify and document MOSIP implementation challenges through an internal deployment, and to use our experiences to improve the publicly available MOSIP implementation resources.
picoCTF-Africa is a free computer security competition for undergraduate and graduate students across the African continent, created by security and privacy experts at Carnegie Mellon University Africa. This competition is part of picoCTF, the annual computer security competition and learning platform created by CyLab Security and Privacy Institute. Participants of picoCTF-Africa will be ranked on an African-only leaderboard within the annual picoCTF competition.
Vulnerability assessment and penetration testing of digital financial applications in Africa
In a bid to achieve financial inclusion, organizations and individuals have developed various innovative financial solutions such as web applications and mobile applications. However, these applications collect and store sensitive client information. If an attacker compromises those systems, personal information will be disclosed putting the organization and individuals at risk. In this project, we will adopt black-box testing to investigate how much security is built into these applications and the level and class of permissions requested by mobile applications.
A machine learning approach to detect smishing messages in the African context
SMS phishing (smishing), a form of phishing that uses SMS messages to deceive victims into disclosing sensitive information such as PINs, passwords, and ID numbers, or to click on malicious links, has been on the rise in Africa with the increased proliferation and use of mobile phones. While there has been some work done on smishing detection, these have been based on extensive languages like English. There are no data sets for local dialects in Africa. In this project, we intend to deploy infrastructure for collecting SMS datasets in low-resource languages. The collected data will be used to train a machine learning model for detecting smishing messages on mobile devices. The smishing detection model will include URL link analysis.
Diagram of rural connectivity project
There is still a huge digital divide between people living in rural areas and those living in urban areas. With some of the barriers being those related to technological infrastructure, underserved communities may be excluded from various services such as those offered by the government and other institutions. The aim of this project is to deploy an opportunistic connectivity network that could provide communication opportunities to areas that are under-served by operators or areas with no existing communication infrastructure. We aim to ensure that this can be delivered at a low cost and requires little or no downtime to limit the frequent interventions of service providers.
Building a digital model for malaria screening
The lack of malaria data in African countries leaves the continent in a state where it is struggling to timely and accurately diagnose malaria, making treatment difficult, and leading to high morbidity and mortality. In this project, we aim to digitize the malaria screening process by building a digital system model for malaria monitoring to improve the detection and identification of malaria parasites. We will utilize a special camera mounted on a light microscope to collect blood sample images and employ machine learning classification methods to classify the malaria parasites. This process will also contribute to providing a public data repository that can allow various stakeholders to access and visualize malaria data.
Measuring internet resilience in Africa
The internet has become an integral part of the lives of individuals, companies, and many other entities. Ensuring that all the components work together to make the internet function with minimal disruption is critical. One of these components is the domain name system (DNS), whose resilience has been threatened by increasing internet attacks. The goal of this project is to quantify the resilience of DNS attacks in Africa and to provide solutions to strengthen its infrastructure. In achieving this goal, we will also examine the hosting and reliability of African country code top-level domain (ccTLDs) and all global DNS services with a presence in Africa.
Developing a framework for the interoperability of Digital Public Goods
Digital public goods (DPGs) are being developed across different sectors and for different user groups and populations. However, there is little interaction between DPGs, and this introduces the risk of having DPGs developed in silos thus underutilizing the benefits of interoperability. In this project, we are working to develop and test middleware that supports DPG interoperability. This will be accomplished by developing and testing the interoperability between MOSIP (an open-source foundational digital ID system that allows users to enroll and get authenticated using their biometric credentials) and DPGs like OpenMRS and DHIS2. We aim to develop software that can facilitate the two platforms to seamlessly utilize the MOSIP platform as a source of digital biometric identity and authentication.
Exploring use cases for livestock identification and biometrics
Strict collateral requirements by formal financial institutions mean that rural, poor, and marginalized residents, who typically store wealth in the form of livestock cannot easily access formal credit. We propose to develop a system for the unique identification and tracking of livestock, linked with national ID and disease surveillance systems. This will enable livestock farmers to prove identity, health, and ownership of their livestock, and explore the uses of such possibilities for needs such as credit access, inter-regional trade, and livestock disease/health tracking and surveillance.
Automatic signature authentication using machine learning
The main goal of this project is to make online signature verification more reliable, and usable in resource-constrained environments by developing a mobile application to collect dynamic signature characteristics such as pressure, speed, and signature coordinates. We will use the pool of data to train a machine learning model to identify a genuine from a forged signature.
Stakeholder collaboration in Rwanda’s digital transformation
CyLab-Africa and the Upanzi Network, AfricaNenda, and Rwanda Information Society Authority jointly hosted a digital public infrastructure and digital public goods stakeholder engagement workshop. This workshop served as a catalyst for collaborative efforts aimed at advancing Rwanda’s digital transformation.
picoCTF-Africa sees significant growth in competition’s second year
In just its second year, the cybersecurity hacking competition saw over 1250 students, as the number of female participants doubled, and the number of high school participants increased by more than 365 percent. Additionally, four teams finished in the top 50 on picoCTF’s global leaderboard, demonstrating the initiative’s immediate impact.
A collaboration between CyLab Security and Privacy Institute and CMU-Africa