The UMBC Cyber Defense Lab presents

Reasoning About Time in a Crypto Protocol Analysis Tool

Dr. Catherine Meadows, Naval Research Laboratory

12:00–1:00pm Friday, 15 November 2019, ITE 227

The ability to guarantee timing properties, and in turn to use assumption about time to guarantee the security of protocols, is important to many of the applications we rely upon. For example, to compute locations, GPS depends on time synchronization between entities. Blockchain protocols require loose time synchronization to guarantee agreement on block timestamps. Distance-bounding protocols use the roundtrip time of an RF signal to enforce constraints on location. To analyze these types protocols formally, it is necessary to reason about time. This talk describes recent research in extending the Maude-NPA cryptographic protocol analysis tool to reason about cryptographic protocols that rely on or enforce timing properties. We describe the timing model we have created for the tool. We show how we we represent timing properties as constraints, whose solution is outsourced to an SMT solver. We also discuss our experimental results.

Catherine Meadows is a senior researcher in computer security at the Center for High Assurance Systems at the Naval Research Laboratory and heads that group’s Formal Methods Section. She was the principal developer of the NRL Protocol Analyzer (NPA), which was one of the first software tools to find previously undiscovered flaws in cryptographic protocols, and was used successfully in the analysis of a number of protocol standards. She is also leading, or has recently led, a number of projects related to the design and analysis of cryptographic protocols, including one focused the development of an analysis tool, Maude-NPA, that takes into account the the complex algebraic properties of cryptosystems, another that is focusing on the automatic generation of secure cryptosystems, and another devoted to formal methods for the design of cyber-physical systems with legacy components.

This work was supported by ONR 321 (*protected email*)

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant 175368. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Events:

• December 6, Karl Henderson, Verisign
• 9am—5pm daily, January 13-17, UMBC SFS/CySP Research Study, ITE 456
• January 31, 2020, TBA, biweekly CDL talks resume

The post TALK: Reasoning About Time in a Crypto Protocol Analysis Tool appeared first on Department of Computer Science and Electrical Engineering.

Maryland Public Television’s Charles Robinson reports on how Baltimore continues to recover after city computers were infected with ransomware in the May 2019 Baltimore ransomware attack and interviews Dr. Rick Forno, associate director of the UMBC Center for Cybersecurity and graduate director of UMBC’s Cybersecurity MPS degree program.

From Wikipedia: On May 7th 2019, most of Baltimore’s government computer systems were infected with a new and aggressive ransomware variant named RobbinHood. All servers, with the exception of essential services, were taken offline. In a ransom note, hackers demanded 13 bitcoin (roughly $76,280) in exchange for keys to restore access. The note also stated that if the demands were not met within four days, the price would increase and within ten days the city would permanently lose all of the data.

As of May 13, 2019 all systems remained down for city employees. It is estimated that it will take weeks to recover. According to Mayor Jack Young, US Federal Law enforcement continue to investigate the attack. The attack had a negative impact on the real estate market as property transfers could not be completed until the system was restored on May 20th. However, the restoration of all systems was, as of May 20, 2019, estimated to take weeks more.

Baltimore was susceptible to such an attack due to its IT practices, which included decentralized control of its technology budget and a failure to allocate money its information security manager wanted to fund cyberattack insurance. The attack has been compared to a previous ransomware attack on Atlanta the previous year, and was the second major use of the RobbinHood ransomware on an American city in 2019, as Greenville, North Carolina was also impacted in April.

The post Dr. Forno discusses the Baltimore Ransomware attack on Maryland Public TV program appeared first on Department of Computer Science and Electrical Engineering.

The UMBC Cyber Defense Lab presents

Analysis of the Secure Remote Password (SRP) Protocol Using CPSA

Erin Lanus, UMBC Cyber Defense Lab

12:00–1:00pm, Friday, 6 September 2019, ITE 227, UMBC

Joint work with Alan Sherman, Richard Chang, Enis Golaszewski, Ryan Wnuk-Fink, Cyrus Bonyadi, Mario Costa, Moses Liskov, and Edward Zieglar

Secure Remote Password (SRP) is a widely deployed password authenticated key exchange (PAKE) protocol used in products such as 1Password and iCloud Keychain. As with other PAKE protocols, the two participants in SRP use knowledge of a pre-shared password to authenticate each other and establish a session key. I will explain the SRP protocol and security goals it seeks to achieve. I will demonstrate how to model the protocol using the Cryptographic Protocol Shapes Analyzer (CPSA) tool and present my analysis of the shapes produced by CPSA.

Erin Lanus earned her Ph.D. in computer science in May 2019 from Arizona State University. Dr. Lanus is currently conducting research with Professor Sherman’s Protocol Analysis Lab at UMBC. Her previous results include how to use state to enable CPSA to reason about time in forced-latency protocols. Her research also explored algorithmic approaches to constructing combinatorial arrays employed in interaction testing and the creation of a new type of array for attribute distribution to achieve anonymous authorization in attribute-based systems. In October she will begin as a research assistant professor at Virginia Tech’s Hume Center in Northern Virginia. email: *protected email*

Support for this research was provided in part by grants to CISA from the Department of Defense, CySP grants H98230-17-1-0387 and H98230-18-0321.

The post talk: Analysis of the Secure Remote Password (SRP) Protocol Using CPSA appeared first on Department of Computer Science and Electrical Engineering.

Dr. Ben Shariati co-author of NIST guide on mobile device security and privacy

Dr. Behnam Shariati, Assistant Director of the UMBC Graduate Cybersecurity Program, is one of the authors of a new NIST Cybersecurity Practice Guide guide on how organizations can use standards-based, commercially available products to help meet their mobile device security and privacy needs. Dr. Shariati is also a lecturer in Cybersecurity graduate program and oversees its operations at the Universities at Shady Grove in Rockville, MD.

To address the challenge of securing mobile devices while managing risks, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a laboratory environment to explore how various mobile security technologies can be integrated within an enterprise’s network.

A draft version of the document is available as NIST SPECIAL PUBLICATION 1800-21A, Mobile Device Security, Corporate-Owned Personally-Enabled (COPE) and NIST solicits comments on it by September 23, 2019.

From the summary:

“The rapid pace at which mobile technologies evolve requires regular reevaluation of a mobility program to ensure it is accomplishing its security, privacy, and workplace functionality. Built-in mobile protections may not be enough to fully mitigate the security challenges associated with mobile information systems. Usability, privacy, and regulatory requirements each influence which mobile security technologies and security controls are going to be well-suited to meet the needs of an organization’s mobility program.

The goal of the Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) project is to provide an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security needs for using mobile devices to access enterprise resources.

The sample solution details tools for an enterprise mobility management (EMM) capability located on-premises, mobile threat defense (MTD), mobile threat intelligence (MTI), application vetting, secure boot/image authentication, and virtual private network (VPN) services.”

This NCCoE project is the first in a series on Mobile Device Security for Enterprises. The next one, Mobile Device Security: Bring Your Own Device (BYOD), is under development.

The post CSEE faculty Ben Shariati co-author of NIST guide on mobile device security and privacy appeared first on Department of Computer Science and Electrical Engineering.

UMBC partners with five universities in the US, UK, and Japan to launch International Cybersecurity Center of Excellence

UMBC has partnered to create a global university network dedicated to securing critical systems against cyber threats: the International Cybersecurity Center of Excellence (INCS-CoE).

The INCS-CoE has its foundations in a 2018 cybersecurity collaboration that included UMBC, Keio University in Japan, and Royal Holloway University of London. That initial group has now formally expanded to include Northeastern University, Kyushu University in Japan, and Imperial College London.

The INCS-CoE will support the efforts of the participating universities as they work together to address cybersecurity challenges facing society. The collaboration focuses on cybersecurity for critical national infrastructures including information technology, public transit, and financial services. Additionally, the Center of Excellence will include research, advocacy, and education components.

“Trust is one of the key pillars for a free and interconnected world, for commerce and for exchange of information, be it in the real world or in the digital world,” says Karl V. Steiner, UMBC’s vice president for research. “In order for machines to communicate well with each other, we need to put in place policies and technologies that establish a trust basis.”

He explains, “The INCS-CoE is built on a similar strong layer of trust among six institutions from three different continents. This first-of-its-kind global Center of Excellence will enable us to rapidly exchange ideas and find solutions to developing issues in an increasingly networked world.”

In the future, INCS-CoE may expand to include government and corporate partners, says Steiner.

“The challenges this first-of-its-kind partnership aims to solve span a complex set of cybersecurity issues,” said David Luzzi, senior vice provost for research at Northeastern.

Each academic institution has specific strengths and areas of expertise that they bring to the partnership. UMBC’s Center for Cybersecurity and Center for Accelerated Real Time Analytics will be instrumental in contributing to INCS-CoE’s goals for UMBC.

Learn more about the INCS-CoE.

Adapted from a UMBC News article by Megan Hanks, photo by Marlayna Demond ’11 for UMBC.

The post UMBC partners with five universities in the US, UK, and Japan to launch International Cybersecurity Center of Excellence appeared first on Department of Computer Science and Electrical Engineering.

UMBC Cyber Defense Lab

Security for Smart Cyber-Physical Systems

Prof. Anupam Joshi, UMBC

12:00–1:00pm, Friday, 3 May 2019, ITE 227

Smart Cyber-Physical Systems (CPS) are increasingly embedded in our everyday life. Security incidents involving them are often high-profile because of their ability to control critical infrastructure. Stuxnet and the Ukrainian power-grid attack are some notorious attacks reported against CPS which impacted governmental programs to ordinary users. In addition to the deliberate attacks, device malfunction and human error can also result in incidents with grave consequences. Hence the detection and mitigation of abnormal behaviors resulting from security incidents is imperative for the trustworthiness and broader acceptance of smart cyber-physical systems. We propose an automatic behavioral abstraction technique, ABATe, which automatically learns their typical behavior by finding the latent “context” space using available operational data and is used to discern anomalies. We evaluate our technique using two real-world datasets (a sewage water treatment plant dataset and an automotive dataset) to demonstrate the multi-domain adaptability and efficacy of our approach.

Anupam Joshi is the Oros Family Professor and Chair of Computer Science and Electrical Engineering Department at the University of Maryland, Baltimore County(UMBC). He is the Director of UMBC’s Center for Cybersecurity, and one of the USM leads for the National Cybersecurity FFRDC. He is a Fellow of IEEE. Dr. Joshi obtained a B.Tech degree from IIT Delhi in 1989, and a Masters and Ph.D. from Purdue University in 1991 and 1993 respectively. His research interests are in the broad area of networked computing and intelligent systems. His primary focus has been on data management and security/privacy in mobile/pervasive computing environments, and policy driven approaches to security and privacy. He is also interested in Semantic Web and Data/Text/Web Analytics, especially their applications to (cyber) security. He has published over 250 technical papers with an h-index of 79 and over 23,250 citations (per Google scholar), filed and been granted several patents, and has obtained research support from National Science Foundation (NSF), NASA, Defense Advanced Research Projects Agency (DARPA), US Dept of Defense (DoD), NIST, IBM, Microsoft, Qualcom, Northrop Grumman, and Lockheed Martin amongst others

The post talk: Security for Smart Cyber-Physical Systems, 12-1 5/3, ITE 227 appeared first on Department of Computer Science and Electrical Engineering.

The Evolution of Mobile Authentication

Prof. Keith Mayes, Royal Holloway University of London

1:00pm Tuesday 30 April 2019, ITE325, UMBC

Mobile communication is an essential part or modern life, however it is dependent on some fundamental security technologies. Critical amongst these technologies, is mobile authentication, the ability to identify valid users (and networks) and enable their secure usage of communication services. In the GSM standards and the 3GPP standards that evolved from them, the subscriber-side security has been founded on a removable, attack-resistant smart card known as a SIM (or USIM) card. The presentation explains how this situation came about, and how and why the protocols and algorithms have improved over time. It will cover some work by the author on a recent algorithm for 3GPP and then discuss how Machine-to-Machine and IoT considerations have led to new standards, which may herald the demise of the conventional removable SIM, in favour of an embedded eSIM.

Professor Keith Mayes B.Sc. Ph.D. CEng FIET A.Inst.ISP, is a professor of information security within the Information Security Group (ISG) at Royal Holloway University of London. Prior to his sabbatical, he was the Director of the ISG and Head of the School of Mathematics and Information Security. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His current research interests are diverse, including, mobile communications, smart cards/RFIDS, the Internet of Things, and embedded systems. Keith joined the ISG in 2002, originally as the Founder Director of the ISG Smart Card Centre, following a career in industry working for Pye TVT, Honeywell Aerospace and Defence, Racal Research and Vodafone. Keith is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and an experienced company director and consultant. He is active in the UK All Party Parliamentary Group (APPG) on Cyber Security and is an adjunct professor at UMBC.

The post talk: The Evolution of Mobile Authentication, 1pm 4/30, ITE325, UMBC appeared first on Department of Computer Science and Electrical Engineering.

UMBC Cyber Defense Lab

Using CPSA to Analyze Force-Latency Protocols

Dr. Edward Zieglar, National Security Agency

12-1 Friday, 19 April 19, ITE 227

Several cryptographic protocols have been proposed to address the Man-in-the-Middle attack without the prior exchange of keys. This talk will describe a formal analysis of one such protocol proposed by Zooko Wilcox-O’Hearn, the forced-latency defense against the chess grandmaster attack. Using the Cryptographic Protocol Shapes Analyzer (CPSA), we validate the security properties of the protocol through the novel use of CPSA’s state features to represent time. We also describe a small message space attack that highlights how assumptions made in protocol design can affect the security of a protocol in use, even for a protocol with proven security properties.

Edward Zieglar is a security researcher in the Research Directorate of the National Security Agency, where he concentrates on formal analysis and verification of cryptographic protocols and network security. He is also an adjunct professor at UMBC where he teaches courses in networking and network security. He received his master’s and doctoral degrees in computer science from UMBC.

Host: Alan T. Sherman, *protected email*

The post talk: Using CPSA to Analyze Force-Latency Protocols, 12-1 4/19 appeared first on Department of Computer Science and Electrical Engineering.

5:30-6:45 Monday 22 April 2019, Math/Psych 101

CMSC 626 Guest Lecture — all are welcome to attend

In this talk, we will introduce the basics of IPv6 and some of the security issues associated with it. Specifically, we discuss the motivations, history and adoption of IPv6, and current status in the global Internet. We then detail the structure of an IPv6 address and the types of addresses used, and the conceptual model for address assignment in IPv6. The modes of deployment of IPv6, and understanding of how dual-stack mode works, is then provided. We then discuss the basic model for IPv6 control protocols, ICMPv6, and how they support low-level network operations. We then identify IPv6’s place in the network stack, and explain how that does, and does not, affect security. Several basic threats to IPv6 devices and networks will be identified as well as how common network security posture/hygiene can be affected by dual stack operation. Lastly, we identify some key concepts in secure use of IPv6, and discuss the concept of NAT and its use in IPv4 and why IPv6 does not use it.

Mr. Neal Ziring is the Technical Director for the National Security Agency’s Capabilities Directorate, serving as a technical advisor to the Capabilities Director, Deputy Director, and other senior leadership. Mr. Ziring is responsible for setting the technical direction across many parts of the capabilities mission space, including in cyber-security. Mr. Ziring tracks technical activities, promotes technical health of the staff, and acts as liaison to various industry, intelligence, academic, and government partners. Prior to the formation of the Capabilities Directorate, Mr. Ziring served five years as Technical Director of the Information Assurance Directorate. His personal expertise areas include security automation, IPv6, cloud computing, cross-domain information exchange, and data access control, and cyber defense. Prior to coming to NSA in 1988, Neal worked at AT&T Bell Labs. He has BS degrees in Computer Science and Electrical Engineering, and an MS degree in Computer Science, all from Washington University in St. Louis.

The post talk: IPv6 and its Security Issues, 5:30 Mon. 4/22 appeared first on Department of Computer Science and Electrical Engineering.

Post-Baccalaureate Certificate in Professional Studies: Digital Forensics

UMBC’s cybersecurity graduate program has added a new 12-credit post-baccalaureate certificate in professional studies focused on digital forensics.

The Digital Forensics certificate program is intended for early and mid-career IT and law- enforcement professionals who want to learn basic and advanced concepts and develop skills in the field of computer forensics. Students will understand the role of digital/computer forensics as a subspecialty of cybersecurity. Through firsthand experience using industry-standard forensic tools, techniques, and procedures in the digital forensic process, students will understand the incident-handling process, the special rules of evidence that apply to cybercrime investigations (i.e., chain of custody, search and seizure, forensic imaging), and the relevant state, federal, and/or regulatory frameworks governing such activities within different industry sectors (such as defense, healthcare, and financial services). The four-course, 12-credit certificate can be applied toward obtaining the MPS in Cybersecurity degree.

• CYBR 620 Intro to Cybersecurity or CMSC equivalent (i.e., CMSC 626, CMSC 687)
• CYBR 641 Computer Crime Investigations
• CYBR 642 Introduction to Digital Forensics
• CYBR 643 Advanced Digital Forensics

The post Post-Bac Certificate in Digital Forensics appeared first on Department of Computer Science and Electrical Engineering.