NSA Codebreaker challenge and student opportunities Webinar

4-6 pm EDT Thursday, 9 September 2021, Online

Register Here

NSA will hold an NSALive Adobe Webinar on Thursday, September 9, 2021, from 4-6 pm EDT to learn about the National Security Agency and Student Program opportunities, as well as a deep dive into the 2021 Codebreaker Challenge. Register for the online session here.

The Codebreaker Challenge is the NSA’s annual cybersecurity and cryptanalysis challenge with a realistic, NSA mission-centric scenario open to U.S-based academic institutions. The 2021 challenge is open now and runs through December 31, 2021.

While the challenge is intended for students, faculty are encouraged to participate as well. Furthermore, the site was designed to make it easy for those faculty interested in incorporating the challenge into their courses (see the additional FAQ entries below.)

The 2021 Codebreaker Challenge consists of a series of tasks worth a varying amount of points based upon their difficulty. Schools will be ranked according to their students’ total number of points with the current ranking shown on a leaderboard. Solutions may be submitted at any time for the duration of the Challenge.

While not required, it is recommended that participants solve tasks in order since they flow with the storyline. Later tasks may rely on artifacts or inputs from earlier tasks. Each task in the 2021 challenge will require a range of skills. You will need to call upon all of your technical expertise, intuition, and common sense.

The UMBC Cyber Defense Lab presents

Transparent Dishonesty: Front-Running Attacks on Blockchain

Professor Jeremy Clark
Concordia Institute for Information Systems Engineering
Concordia University, Montreal, Canada

12–1 pm ET Friday, March 26, 2021
online via WebEx

We consider front-running to be a course of action where an entity benefits from prior access to privileged market information about upcoming transactions and trades. Front-running has been an issue in financial instrument markets since the 1970s. With the advent of blockchain technology, front-running has resurfaced in new forms we explore here, instigated by blockchain’s decentralized and transparent nature. I will discuss our “systemization of knowledge” paper which draws from a scattered body of knowledge and instances of front-running across the top 25 most active decentral applications (DApps) deployed on Ethereum blockchain. Additionally, we carry out a detailed analysis of Status.im initial coin offering (ICO) and show evidence of abnormal miner’s behavior indicative of front-running token purchases. Finally, we map the proposed solutions to front-running into useful categories.

Jeremy Clark is an associate professor at the Concordia Institute for Information Systems Engineering. At Concordia, he holds the NSERC/Raymond Chabot Grant Thornton/Catallaxy Industrial Research Chair in Blockchain Technologies. He earned his Ph.D. from the University of Waterloo, where his gold medal dissertation was on designing and deploying secure voting systems including Scantegrity—the first cryptographically verifiable system used in a public sector election. He wrote one of the earliest academic papers on Bitcoin, completed several research projects in the area, and contributed to the first textbook. Beyond research, he has worked with several municipalities on voting technology and testified to both the Canadian Senate and House finance committees on Bitcoin. email: *protected email*

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings: April 9, (UMBC), MeetingMayhem: A network adversarial thinking game; April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking;
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer.

The UMBC Cyber Defense Lab presents

Moving Target Mobile IPv6 Defense

Prof. Vahid Heydari
Computer Science, Rowan University

12:00–1 pm ET, Friday, 26 February 26, 2021

remotely via WebEx  

Remote cyberattacks can be started from an unlimited distance through the Internet. These attacks include particular actions that allow attackers to compromise systems remotely. Address-based Distributed Denial-of-Service (DDoS) attacks and remote exploits are two main categories of these attacks. A remote exploit takes advantage of a bug or vulnerability to view or steal data or gain unauthorized access to a vulnerable system. Current security solutions in IPv6 such as IPsec, firewall, and Intrusion Detection and Prevention System (IDPS) can prevent remote attacks against known vulnerability exploits. However, zero-day exploits can defeat the best firewalls and IDPSs due to using undisclosed and uncorrected computer application vulnerability. Therefore, a new solution is needed to prevent these attacks. This talk discusses a Moving Target Mobile IPv6 Defense (MTM6D) that randomly and dynamically changes the IP addresses to prevent remote attacks in the reconnaissance step. The talk briefly covers the wide range of applications of MTM6D including critical infrastructure networks, virtual private networks, web servers, Internet-controlled robots, and anti-censorship.

 Vahid Heydari received the M.S. degree in Cybersecurity and the Ph.D. degree in Electrical and Computer Engineering from the University of Alabama in Huntsville. He is currently an Associate Professor of Computer Science and the Director of the Center for Cybersecurity Education and Research at Rowan University, Glassboro, NJ. He is also a co-founder of a cybersecurity startup ObtegoCyber. His research interests include moving target defenses, mobile ad-hoc, sensor, and vehicular network security. He is a member of ACM, IEEE Computer Society and Communications Society. 

Host: Alan T. Sherman, *protected email*, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays.  All meetings are open to the public. Upcoming CDL Meetings:

Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
Mar 26, Jeremy Clark (Concordia)
April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

Three CSEE faculty receive MIPS research awards

This post is adapted from a UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations written by Adriana Fraser.

Six UMBC faculty members have just received grants from the Maryland Industrial Partnerships (MIPS) program to develop new technologies with potential to grow the state’s economy. This is UMBC’s largest number of winning proposals within a single proposal round since MIPS began in 1987. The program connects University System of Maryland (USM) faculty and students with Maryland businesses. UMBC’s latest MIPS grantees include computer science and electrical engineering faculty Tim Oates, Chein-I Chang, and Anupam Joshi; Soobum Lee, mechanical engineering; Dipanjan Pan, chemical, biochemical, and environmental engineering; and Vikram Vakharia, marine biotechnology. Among their industry partners are UMBC alumni entrepreneurs who are building businesses in Maryland.

Joshi, professor and chair of computer science and electrical engineering, received a MIPS grant for a cybersecurity collaboration with the startup CyDeploy. They are developing a platform that automates the quality assurance process for cybersecurity updates made to IT and “internet of things” (IoT) devices like Amazon Alexa, Google Home, and health and medical devices. CyDeploy CEO Tina Williams-Koroma ’02, computer science, presented Joshi with the idea to develop a “cybersecurity-driven change management system.” The technology is based on and leverages the use of artificial intelligence and machine learning to create a cloud-based replica of a company’s systems. 

Williams-Koroma and Joshi’s group at UMBC developed a conceptual prototype. It shows the infrastructure and technology that would make the system feasible, combining off-the-shelf tools with novel research. “Increasingly, the government is now beginning to mandate security requirements around IoT devices. The longer-term vision that CyDeploy has is capturing the state of these systems, virtually recreating them and then running the security changes against virtual versions to see how the changes would affect those systems,” Joshi adds. 

Williams-Koroma, who is also an adjunct instructor at UMBC, projects that the initial development of the platform will be complete in late spring 2021. They anticipate launching a free pilot version for businesses to test their IT systems. IoT pilots will come in a later phase.

Read more about these awards in the UMBC News article UMBC faculty, alumni entrepreneurs receive record-number of MIPS awards for tech collaborations.

Two UMBC alumnae featured in The CyberWire podcast

The CyberWire produced a special podcast, In the clear: what it’s like working as a woman in the cleared community, that features three women working on cybersecurity atNorthrop Grumman. Two are UMBC alumnae, software engineering manager Lauren and cyber software engineer Priyanka.

Lauren received a BS in Computer Science in 2015 and an M.S. in Computer Science in 2017. As an undergraduate student, she worked part-time as an IT Security Analyst tracking, locating, and performing forensics on infected computers located on campus. She joined Northrop Grumman in 2015 and continued her studies as a part-time graduate student, doing research on investigating different ways of characterizing cybersecurity exploit kits and the malware they produce.

Priyanka received a BS in Computer Science in 2018 and an MS in Computer Science in 2019. Her MS research was on multilingual text alignment for cybersecurity. She has been a lecture in the UMBC Computer Science program and the UMD Advanced Cybersecurity Experience for Students (ACES) program. She is currently working on a Computer Science Ph.D. at UMBC focused on how AI can help protect cybersecurity systems from data poisoning attacks.

Listen to the 47 minute podcast here.

UMBC’s Cyber Defense Lab presents

Presentations of the UMBC INSuRE Research Projects from Fall 2020

12:00noon–1:30pm, Friday, 18 December 2020

via WebEx

The Information Security Research and Education (INSuRE) research collaborative is a network of National Centers of Academic Excellence in Cyber Defense Research (CAE-Rs) universities that cooperate to engage students in solving applied cybersecurity research problems. Since fall 2012, INSuRE has fielded a multi-institutional cybersecurity research course in which BS, MS, and Ph.D. students work in small groups to solve unclassified problems proposed by the National Security Agency (NSA) and by other government and private organizations and laboratories.

Schedule
12:00-12:15pm poster presentations
12:15-12:40pm Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories
12:40-1:05pm Meeting Mayhem: A Network Adversary Game
1:05-1:30pm Analysis of the 5G AKA protocol with Comparison to 4G AKA

Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories
Naomi Albert, Elias Enamorado, Benjamin Padgette, Anshika Patel
Technical Director: William J. La Cholter (APL)
UMBC Expert: Charles Nicholas

With the ever-increasing popularity of browser-based cryptomining it is now more important than ever to detect malicious cryptojacking code. This paper serves to identify reliable indicators of injected cryptomining code in open-source repositories using static source code analysis techniques. We analyze static source code features of a curated set of cryptomining projects and innocuous codebases that are available as open-source projects on GitHub. Through this analysis we show that a novel Normalized Halstead Difficulty metric can be an important indicator of the presence of cryptomining software. Specifically, the Normalized Halstead complexity is significantly higher for cryptomining source code files as compared to the sampled non-miners. Using this newfound knowledge of the complexity of browser-based JavaScript cryptominers, supply-chain cryptojacking injection attacks in open-source repositories may be easier to identify through automated code review techniques.

Meeting Mayhem: A Network Adversary Game
Richard Baldwin, Trenton Foster
Technical Director: Edward Zieglar (NSA)
UMBC Experts: Marc Olano, Linda Oliva

Meeting Mayhem, a web-based educational game, teaches adversarial thinking through the Dolev-Yao security model. Meeting Mayhem is based on the paper-and-pencil “Protocol Analysis Game,” introduced by Edward Zieglar and adapted by UMBC PhD student Enis Golaszewski. Two or more users try to arrange a meeting time and place by sending messages through an insecure network controlled by an adversary. Through self discovery, players learn the dangers of network communications and the value of sound protocols supported by encryption, hashing, and digital signatures.

Formal Methods Analysis of the 5G AKA protocol, with Comparison to 4G AKA
Prajna Bhandary, Ryan Jahnige, Jason Schneck
Technical Director: Edward Zieglar (NSA)

We analyze the Fifth Generation (5G) Authentication and Key Agreement (AKA) protocol and the Fourth Generation (4G) Evolved Packet System Authentication and Key Agreement (EPS-AKA) protocol for possible structural faults using the Cryptographic Protocol Shapes Analyzer (CPSA). It is fundamental to provide authentication and key management in the security of cellular networks. 5G AKA provides mutual authentication between subscribers and the network, by providing the keys to protect both signaling and user plane data. 4G defines an authentication method, EPS-AKA, whereas 5G offers several different authentication techniques: 5G AKA, 5G EAP-AKA, and 5G EAP-TLS. In addition to our formal method analysis of 5G AKA and 4G EPS-AKA, we also analyze the differences in security properties between the 4G EPS-AKA protocol, and 5G AKA protocol. We verify that the upgrades made to 4G EPS-AKA improves control of the Home Network (HN) in 5G AKA. Additionally, we found that the ambiguous nature of the documentation regarding the channel between Serving Network (SN) and HN results in authentication concerns and we propose a solution.

Course Instructor: Alan T. Sherman

Support for this event is provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings:

Biweekly CDL talks will resume in the spring 2021 semester.
The 2021 UMBC SFS/CySP Research Study will take place remotely in January (likely January 11-15).

Alan Sherman and collaborators develop VoteXX with new strategies for secure online voting

Over the past several months, the topic of online voting has been at the top of the minds of millions of Americans and has been widely debated. Supporters often highlight how it would increase voter turnout through improved accessibility and convenience. Privacy and election integrity are among the top concerns about implementing an online voting system.

Researchers from UMBC and xx.network have been working to design an online voting system that is resistant to coercion and would provide a secure way for people to cast their ballots from computers, tablets, and smartphones in the future. Alan Sherman, professor of computer science and electrical engineering, is developing the system, VoteXX, with David Chaum, a cryptographer known for his work on privacy-centered technology, and Richard Carback ‘05, M.S. ‘08, Ph.D. ‘10, computer science, who has spent his career deflecting would-be hackers.

The security of devices that voters might use to cast their ballot is a significant concern, notes Sherman. He explains that malware on the devices that voters use might change the votes or spy on the voter.

Alan Sherman, right, talking with Rick Forno on campus in 2018. Photo by Marlayna Demond ’11 for UMBC.

As described in a press release and the researchers’ new whitepaper, VoteXX allows voters to confirm that their ballots were accurately cast, collected, and counted. This system uses ideas from an earlier system, Remotegrity, that the collaborators developed and used in a municipal election in Takoma Park, Maryland, in 2011. Voters received secret vote codes on a scratch-off card via traditional mail, which they used to hide their votes from the software and hardware. Remotegrity was based on Scantegrity, an earlier in-person verifiable voting that was also used in binding elections in Takoma Park, Maryland.

VoteXX uses a combination of simple strategies and complex cryptography to create a more secure online voting scheme. For example, to address the issues of coercion and vote selling, VoteXX allows voters to cancel or change their vote up to a certain deadline. David Chalm explains how this simple capability undermines vote selling. “You make it possible to flip (change or cancel) that vote outside the voting process. Because a vote buyer cannot be sure you didn’t or won’t flip your vote, they can’t be sure that a voter has been honest with them, making it useless to buy votes.”

This “vote flipping” approach provides a subversively simple yet powerful tool to voters. It’s accomplished by creating a “flip code” during the registration process that allows the voter to flip their vote after casting.

You can read more about this research in a UMBC News article by Megan Hanks.

UMBC Cyber Defense Lab

BVOT: Self-Tallying Boardroom Voting with Oblivious Transfer

Farid Javani, CSEE, UMBC

12:00–1:00pm, Friday, 6 November 2020

http://umbc.webex.com/meet/sherman

(Joint work with Alan T. Sherman)

A boardroom election is an election with a small number of voters carried out with public communications. We present BVOT, a self-tallying boardroom voting protocol with ballot secrecy, fairness (no tally information is available before the polls close), and dispute-freeness (voters can observe that all voters correctly followed the protocol).

BVOT works by using a multiparty threshold homomorphic encryption system in which each candidate is associated with a masked unique prime. Each voter engages in an oblivious transfer with an untrusted distributor: the voter selects the index of a prime associated with a candidate and receives the selected prime in a masked form. The voter then casts their vote by encrypting their masked prime and broadcasting it to everyone. The distributor does not learn the voter’s choice, and no one learns the mapping between primes and candidates until the audit phase. By hiding the mapping between primes and candidates, BVOT provides voters with insufficient information to carry out effective cheating. The threshold feature prevents anyone from computing any partial tally—until everyone has voted. Multiplying all votes, their decryption shares, and the unmasking factor yields a product of the primes each raised to the number of votes received.

In contrast to some existing boardroom voting protocols, BVOT does not rely on any zero-knowledge proof; instead, it uses oblivious transfer to assure ballot secrecy and correct vote casting. Also, BVOT can handle multiple candidates in one election. BVOT prevents cheating by hiding crucial information: an attempt to increase the tally of one candidate might increase the tally of another candidate. After all votes are cast, any party can tally the votes.

Farid Javani is a Ph.D. candidate in computer science at UMBC, working with Alan Sherman. His research interests include algorithms, security, applied cryptography, and distributed systems. He is the manager of the Enterprise Architecture team at CCC Information Services in Chicago. email: *protected email*

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1:00 pm. All meetings are open to the public. Upcoming CDL Meetings: Oct. 30, Jonathan Katz (UMCP), [possibly on secure distributed computation]; Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; and Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]

UMBC Data Science Meetup Talk

Exploding Blockchain Myths

Maria Vachino and Dr. James P. Howard

5:30-7:00pm Tuesday, 13 October 2020

In this talk, Maria Vachino from Easy Dynamics and Dr. James P. Howard from APL will provide an overview of what blockchain is and isn’t, focusing on non-cryptocurrency use cases, will explain the results of their research for the DHS S&T Cybersecurity Directorate, and will provide insight into the value (or lack therefore) of the technology.

References:
• https://ieeexplore.ieee.org/document/8965252/
• http://jitm.ubalt.edu/XXX-3/article3.pdf

Maria Vachino is the Director of Digital Identity at Easy Dynamics where she is focused on Identity Credential & Access Management (ICAM) technologies, policies, & standards, Cybersecurity, and IT modernization for the US Federal Government. She started investigating applications for blockchain technology in 2015 as the Technical and Government Engagement Lead for the DHS S&T Cyber Security Directorate’s Identity Management Research & Development Program while a member of the Senior Professional Staff at the Johns Hopkins Applied Physics Lab. Maria has a BS in Computer Science from UMBC and an MS in Cybersecurity.

Dr. James P. Howard, II (UMBC Ph.D. ’14) is a scientist at the Johns Hopkins Applied Physics Laboratory. Previously, he was a consultant to numerous government agencies, including the Securities and Exchange Commission, the Executive Office of the President, and the United States Department of Homeland Security, and worked for the Board of Governors of the Federal Reserve System as an internal consultant on scientific computing. He is a passionate educator, teaching mathematics and statistics at the University of Maryland Global Campus since 2010 and has taught public management at Central Michigan University, Penn State, and the University of Baltimore. His most recent work has modeled the spread of infectious respiratory diseases and Ebolavirus, predicted global disruptive events, researched using blockchain for government services, and created devices for rescuing victims of building collapse. He is the author of two books.