UMBC Cyber Defense Lab

Security for Smart Cyber-Physical Systems

Prof. Anupam Joshi, UMBC

12:00–1:00pm, Friday, 3 May 2019, ITE 227

Smart Cyber-Physical Systems (CPS) are increasingly embedded in our everyday life. Security incidents involving them are often high-profile because of their ability to control critical infrastructure. Stuxnet and the Ukrainian power-grid attack are some notorious attacks reported against CPS which impacted governmental programs to ordinary users. In addition to the deliberate attacks, device malfunction and human error can also result in incidents with grave consequences. Hence the detection and mitigation of abnormal behaviors resulting from security incidents is imperative for the trustworthiness and broader acceptance of smart cyber-physical systems. We propose an automatic behavioral abstraction technique, ABATe, which automatically learns their typical behavior by finding the latent “context” space using available operational data and is used to discern anomalies. We evaluate our technique using two real-world datasets (a sewage water treatment plant dataset and an automotive dataset) to demonstrate the multi-domain adaptability and efficacy of our approach.

Anupam Joshi is the Oros Family Professor and Chair of Computer Science and Electrical Engineering Department at the University of Maryland, Baltimore County(UMBC). He is the Director of UMBC’s Center for Cybersecurity, and one of the USM leads for the National Cybersecurity FFRDC. He is a Fellow of IEEE. Dr. Joshi obtained a B.Tech degree from IIT Delhi in 1989, and a Masters and Ph.D. from Purdue University in 1991 and 1993 respectively. His research interests are in the broad area of networked computing and intelligent systems. His primary focus has been on data management and security/privacy in mobile/pervasive computing environments, and policy driven approaches to security and privacy. He is also interested in Semantic Web and Data/Text/Web Analytics, especially their applications to (cyber) security. He has published over 250 technical papers with an h-index of 79 and over 23,250 citations (per Google scholar), filed and been granted several patents, and has obtained research support from National Science Foundation (NSF), NASA, Defense Advanced Research Projects Agency (DARPA), US Dept of Defense (DoD), NIST, IBM, Microsoft, Qualcom, Northrop Grumman, and Lockheed Martin amongst others

The post talk: Security for Smart Cyber-Physical Systems, 12-1 5/3, ITE 227 appeared first on Department of Computer Science and Electrical Engineering.

The Evolution of Mobile Authentication

Prof. Keith Mayes, Royal Holloway University of London

1:00pm Tuesday 30 April 2019, ITE325, UMBC

Mobile communication is an essential part or modern life, however it is dependent on some fundamental security technologies. Critical amongst these technologies, is mobile authentication, the ability to identify valid users (and networks) and enable their secure usage of communication services. In the GSM standards and the 3GPP standards that evolved from them, the subscriber-side security has been founded on a removable, attack-resistant smart card known as a SIM (or USIM) card. The presentation explains how this situation came about, and how and why the protocols and algorithms have improved over time. It will cover some work by the author on a recent algorithm for 3GPP and then discuss how Machine-to-Machine and IoT considerations have led to new standards, which may herald the demise of the conventional removable SIM, in favour of an embedded eSIM.

Professor Keith Mayes B.Sc. Ph.D. CEng FIET A.Inst.ISP, is a professor of information security within the Information Security Group (ISG) at Royal Holloway University of London. Prior to his sabbatical, he was the Director of the ISG and Head of the School of Mathematics and Information Security. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His current research interests are diverse, including, mobile communications, smart cards/RFIDS, the Internet of Things, and embedded systems. Keith joined the ISG in 2002, originally as the Founder Director of the ISG Smart Card Centre, following a career in industry working for Pye TVT, Honeywell Aerospace and Defence, Racal Research and Vodafone. Keith is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and an experienced company director and consultant. He is active in the UK All Party Parliamentary Group (APPG) on Cyber Security and is an adjunct professor at UMBC.

The post talk: The Evolution of Mobile Authentication, 1pm 4/30, ITE325, UMBC appeared first on Department of Computer Science and Electrical Engineering.

Why are memory-corruption bugs still a thing?

The challenges of securing software at an assembly level

Doug Britton
CTO, RunSafe Security Inc.

10:30-11:30 Monday, 8 April 2019, ITE346

Methods to chip away at the danger of memory-corruption bugs have been available for some time.  Why has the going-price of memory-corruption-based exploits not spiked?  If the methods were have a broad-based result in mitigating exploit vectors, there would be a reduction in supply, causing an increase in prices.  Also, there would be a reduction in the pool of people qualified to develop zero-days, allowing them to push the prices up.  The data suggest that prices have remained generally stable and attackers are able to move with impunity.  What are the challenges to large-scale adoption of memory-corruption based mitigation methods. 

Doug Britton serves as Chief Technology Officer and Director of RunSafe Security, Inc. Mr. Britton Co-founded Kaprica Security, Inc., in 2011 and serves as its Chief Executive Officer. Prior to his leadership role in Kaprica, Mr. Britton was a cyber-security focused research and development manager at Lockheed Martin. He has an MBA and MS from University of Maryland and a BS in Computer Science from the University of Illinois.

The post talk: Why are memory-corruption bugs still a thing?, 10:30am Mon 4/8, ITE325 appeared first on Department of Computer Science and Electrical Engineering.

Exploiting IoT Vulnerabilities

Dr. Yatish Joshi, Senior Engineer, Cisco Systems

11:45am-1:00pm Monday, 18 February 2019, ITE 325-B

The past decade has seen explosive growth in the use and deployment of IoT (Internet of Things) devices. According to Gartner there will be about 20.8 billion IoT devices in use by 2020. These devices are seeing wide spread adoption as they are cheap, easy to use and require little to no maintenance. In most cases, setup simply requires using a web or phone app to configure Wi-Fi credentials. Digital home assistants, security cameras, smart locks, home appliances, smart switches, toys, vacuum cleaners, thermostats, leakage sensors etc are examples of IoT devices that are widely used and deployed in home and enterprise environments.

The threat landscape is constantly evolving and threat actors are always on the prowl for new vulnerabilities they can exploit. With traditional attack methods yielding fewer exploits   due to the increased focus on security testing, frequent patches, increased user awareness, Threat actors have turned their attention on IoT devices and are exploiting inherent vulnerabilities in these devices. The vulnerabilities, always ON nature, and autonomous mode of operation allow attackers to spy on users, spoof data, or leverage them as botnet infrastructure to launch devastating attacks on third parties. Mirai, a well known IoT malware utilized hundreds and thousands of enslaved IoT devices to launch DDoS attacks on Dyn affecting access to Netflix, Twitter, Github and many other websites. With the release of the Mirai source code numerous variants of the malware are infecting IoT devices across the world and using them to carry out attacks.

These attacks are made possible because the devices are manufactured without security in mind!. In this talk I will demonstrate how one can hack a widely available off-the-shelf IP Camera and router by exploiting the vulnerabilities present in these devices to get on the network, steal personal data, spy on a user, disrupt operation etc. We will also look at what can be done to mitigate the dangers posed by IOT devices.

So attend hack & defend!

Dr. Yatish Joshi is a software engineer in the Firepower division at Cisco Systems where he works on developing new features for Cisco’s security offerings. Yatish has a PhD in Computer Engineering from UMBC. Prior to Cisco Yatish worked as a lecturer at UMBC, and was a senior software engineer developing TV software at Samsung Electronics. When not working, he enjoys reading spy thrillers and fantasy novels.

The post talk and demo: Exploiting IoT Vulnerabilities, 11:45-1:00pm Mon 2/18 appeared first on Department of Computer Science and Electrical Engineering.

Using Deep Learning in Identifying Network Intrusions

Dr. Rajeev Agrawal
Information Technology Laboratory
US Army Engineer Research and Development Center

10:30-11:30 Monday, February 11, 2019, ITE325

Deep Learning algorithms have been very successful in computer vision, natural language processing, and speech recognition. However, there is a big challenge in applying it in cyber security domain due to non‐availability of ‘real’ cybersecurity data. Many researchers have tried using synthetic data such as KDD‐NSL or newer UNSW-NB15 network intrusion datasets, however, it is difficult to determine the performance of the proposed research on a dataset captured from an enterprise network. The DoD’s High Performance Computing Modernization Program (HPCMP) operates Defense Research Engineering network (DREN), which has multiple security software and hardware tools installed across the network. A variety of cybersecurity logs are captured using these tools. We use a TensorFlow based framework to analyze DREN’s Bro alert data generated under Cybersecurity Environment for Detection, Analysis and Reporting (CEDAR) project. These alerts are marked as bad or normal by the cybersecurity analysts and used as ground truths. This labeled data is used to measure the performance of our approach in identifying network intrusions. We are able to achieve high level accuracy by tuning hyper-parameters used in any deep learning approach. In this presentation, we will discuss the results of our approach which harnesses the power of HPC systems to train our proposed model.

Dr. Rajeev Agrawal joined Cyber Engineering and Analysis branch (CEAB), Information Technology Laboratory in 2016. He is the Data Science lead of the High Performance Computing Architecture (HPC) for Cyber Situational Awareness (HACSAW) Project. The goal of this project is to analyze the cybersecurity data captured across Defense Research and Engineering Network (DREN). He is also a member of the HPC-based deep learning project team and exploring deep learning applicability in cybersecurity domain. Dr. Agrawal received his Ph.D. in Computer Science with minor in Engineering from Wayne State University in 2009. Prior to joining ITL, he was an Associate Professor in the Department of Computer Systems Technology at North Carolina A&T State University.  Dr. Agrawal’s research interests include Deep Learning, Cyber Security, SCADA/ICS, Machine Learning and Pattern Recognition. He has published more than 80 technical papers and book chapters in refereed conferences and journals in these areas. He was selected a Data Science Fellow by the National Consortium of Data Science (NCDS) in 2014. His research has been funded by NSF, US Army, John Deere, ACM, RedHat, National Consortium of Data Science and Michigan State University.

The post talk: Using Deep Learning in Identifying Network Intrusions, 10:30am Mon 2/11, UMBC appeared first on Department of Computer Science and Electrical Engineering.

MD Data Science Conference
Friday, 25 January, PAH Concert Hall, UMBC

Miner & Kasch, a AI and data science consulting firm founded by two UMBC alumni, will hold a one-day Data Science Conference at UMBC on Friday, January 25 in the Linehan Concert Hall of the UMBC Performing Arts & Humanities Building. A limited number of free tickets are available for current UMBC students. To attend, you need to register here.

The event was originally scheduled for January 14, but had to be rescheduled due to inclement weather. If you had registered and obtained a ticket earlier, you will need to re-register.

The event brings together local companies and professionals to share what new and exciting things they are doing with their data. It will be attended by business managers, startup founders, software engineers, data scientists, students, and other curious people that want to learn more about the cutting edge of data science, machine learning, and AI. See the conference website for topics and speakers.

The post Maryland Data Science Conference, Fri. 1/25, UMBC (new date) appeared first on Department of Computer Science and Electrical Engineering.

The UMBC Cyber Defense Lab

Workshop on Usable Security

Nikola K. Blanchard
10am-4pm, Tuesday, 18 December, 2018, ITE 228, UMBC

We invite people interested in cybersecurity to join us for research conversations with Nikola Blanchard, an expert in usable security. Visitors are welcome to participate in any or all of the workshop.

How do we make better codes and passwords? As security constraints increased at the expense of usability, we saw no real improvement in practical performance. This session will introduce some basic notions of usability of security (with applications to voting technology), and the first mental-only password management algorithm. Participants will then be presented with the problem of evaluating such algorithms, and will have a brainstorming activity on designing alternative methods.

Biographical Sketch. After an initial training in mathematics and informatics at ENS Paris, Nikola K. Blanchard started a PhD at IRIF, supervised by Nicolas Schabanel and Ted Selker. In 2015, they joined the Random Sample Voting Project to develop voting protocols, prevent vote selling and improve the deployment of new voting technologies, organizing multiple test elections. They recently started doing research on usability of security with Ted Selker, initially for secure voting technologies but expanding into the field of password research. As e-democracy research requires not just security or usability but also political science, they joined the Chôros think tank and teamed up with Géza Tessényi to co-found the Public Opinion Platform, adding the deliberation aspect needed for any e-democracy project. They are currently in the process of publishing a book on the use of randomness in political institutions.

Host: Alan T. Sherman, *protected email*

Biweekly Cyber Defense Lab meetings will resume in the spring term, 12noon-1pm on Fridays

This event is supported in part by the National Science Foundation under SFS Grant 1241576

The post Workshop on Usable Security, 10-4 Tue 12/18 appeared first on Department of Computer Science and Electrical Engineering.

Dr. Jacob Mendel, Tel Aviv University

11:00am Thursday, 15 November 2018, ITE 459, UMBC

The last decades have witnessed unprecedented population and urbanization growth with the implication that today, for the first time in human history, more than half of the world’s population lives in cities. The consequences of the cybersecurity threats of this urbanization trend along with the notion of smart cities are the main subject of this session. The smart city (system of systems) integrates Big-data and the Internet of Things (IoT) to optimize the operation cost, efficiency and to provide a better services to the residents. Smart cities worldwide are checking blockchain as the foundation for urban living. Using blockchain technology in smart city can create a marketplace for Smart Grid.

The increased complexity of smart cities (system of systems), globally connected, economic and political systems has increased the cybersecurity vulnerability. The cybersecurity threats get magnified by the city big-data and its dependency on the technology. The cybersecurity challenges that smart cities faces demand for research and investment in physical security and economic security. In this session we will highlight various cybersecurity and blockchain parameters of a smart city, existing cybersecurity challenges and possible solutions.

Dr. Jacob Mandel is The Moshe Hogeg Blockchain Research Institute managing director at the Tel Aviv University, and former the General Manager Cyber Security COE at Intel. He is a serial cyber security entrepreneur; He has been the CEO and Co-Founder of SCsquare Ltd., where he founded a business enabler for cybersecurity technologies. Dr. Jacob holds 16 approved patents in the area of cybersecurity. His career in cybersecurity over the past 20 years is a unique mixture of broad practical experience and research expertise. His practice included extensive involvement in cybersecurity offensive projects (software and hardware), business development and product management. Proven worldwide track records in secure operating systems, digital rights management, security certification (CC, FIPS), penetration test, reverses engineering, Machine Learning, Blockchain, IoT security and Smart Grid cybersecurity.

His current main research interest is on The Economic Perspective on Smart Grid Cybersecurity and Blockchain technology with a special focus on malware attacks, privacy issues and business continuation. He holds a PhD in Economics from Poznan University of Economics and Business, Poland and Masters of Business Administration (MBA) degree from Ben-Gurion University of the Negev, Israel.

The post talk: Challenges of Smart Cities Cybersecurity and Privacy with Blockchain, 11am Thr 11/15 appeared first on Department of Computer Science and Electrical Engineering.

Threats remain to US voting system – and voters’ perceptions of reality

Richard Forno, University of Maryland, Baltimore County

As the 2018 midterms proceed, there are still significant risks to the integrity of the voting system – and information warfare continues to try to influence the American public’s choices when they cast their ballots.

On the day of the election, there were a number of early hitches in voting at individual polling places, such as polling places opening late and vote-counting machines not plugged in. But there seem not – at least not yet – to be major problems across the country.

However, not all the election-related news and information voters have been encountering in recent days and weeks is accurate, and some of it is deliberately misleading. As this election’s results come back, they will reveal whether the misinformation and propaganda campaigns conducted alongside the political ones were effective.

Securing election systems

America’s electoral process remains highly fragmented, because of the country’s cherished tradition of decentralized government and local control. While this may leave some individual communities’ voting equipment potentially vulnerable to attack, the nation’s voting process overall may be more trustworthy as a result of this fragmentation. With no unified government agency or office to provide, administer and protect election technologies, there’s not one central national element that could fail or be attacked.

Across the country, though, many districts’ voters will cast ballots with the help of machines that have long-standing security concerns. Fortunately, 45 states keep a paper record of each vote cast – whether for fear of threats to voting integrity or just budget constraints preventing purchase of newer gear. But that means five states – Louisiana, Georgia, South Carolina, New Jersey and Delaware – don’t keep paper records of their voters’ choices.

Voting machine vendors have been reluctant to appear before Congress to explain their systems’ security practices – and shortcomings. However, federal agencies have helped some states reduce the likelihood of voting machines being hacked or physically tampered with.

Beyond voting machines

Election security is about much more than voting machines and vote-counting systems, though they are the most visible technologies at work on Election Day. State systems that track voter registrations, or allow users to register online, are enticing targets for hackers, too. Security firm Carbon Black reported that 81 million voter records from 20 states are available in online forums. This data, obtained by hacking various official and corporate databases, could be used to facilitate voter fraud or sow confusion at polling places on Election Day: How would you feel if you were told that someone using your name and address had already voted?

There are security concerns even in states like Oregon, where everyone votes on paper and mails in their ballots in advance of Election Day. That state’s election officials were targeted by hackers seeking to gain access to state email and database systems. With that access, attackers might be able to digitally impersonate a government official to send false or confusing emails, press releases or other notifications to citizens, journalists or poll workers.

Also at risk are public-facing official websites that carry election information. Merely changing the reported location of polling places or voting hours could prevent some people from voting. Also vulnerable are states’ methods of announcing preliminary election results. At a major internet security conference in August, children were able to compromise replicas of several states’ election-reporting systems. The most remarkable was that in just 10 minutes, an 11-year-old boy cracked the security on a copy of the Florida secretary of state’s website and was able to change the publicly announced vote totals for candidates. That could be enough to cast doubt on whatever was later reported as the official results – and the integrity of the system itself.

Managing information on social media

A more difficult threat to defend against is information warfare, which doesn’t attack voting machines or election officials’ computers. Rather, it targets voters’ perceptions and decisions, seeking to influence how they vote.

Long before the 2016 U.S. presidential election, information warfare was influencing elections around the world, including in Ukraine, Myanmar and Egypt. But after 2016, Facebook and Twitter came under intense scrutiny for their role in providing digital environments that facilitated the spread of misinformation to sow discontent, and special counsel Robert Mueller began investigating Russians’ influence efforts.

In the run-up to the 2018 midterms, Russians and others were still hard at work trying to influence Americans to vote in ways that help foreign interests. In October, the U.S. Department of Justice charged a Russian woman with creating thousands of fake social media accounts allegedly representing American citizens to “create and amplify divisive social media and political content” before the election.

This year, though, unlike two years ago, social media companies are taking action. Twitter and Facebook have both deleted thousands of accounts they identified as engaging in propaganda and influence-peddling. And they have made other efforts to identify and fight falsehoods on their platforms, too.

Nevertheless, online misinformation continues to thrive. More than 80 percent of the Twitter accounts that often shared links to false and misleading information in 2016 are still active today. And the amount of online misinformation is higher than it was two years ago.

Investigating alleged wrongdoing

U.S. intelligence and police agencies are concerned about the potential effects of misinformation on the American electorate. But large proportions of the country don’t trust those organizations to be politically independent. It doesn’t help that the White House continues to claim, without evidence, that voter fraud is a significant problem.

Mainstream news organizations can find themselves under scrutiny too, either for reporting falsehoods that appear to gain traction online or for failing to filter out or properly identify inaccurate information for their readers.

Looking ahead

Protecting democracy is a huge challenge. I’ve written before that it involves more than technical solutions to computer problems. The U.S. government, and the people it serves, must find the desire and the drive to establish secure and trustworthy procedures for running elections across the country. Education is also key, teaching people from an early age how to recognize propaganda and misinformation, and think critically about the information they encounter. Facts are not subject to alternative views; without widespread agreement on common objective realities, society and government cannot function well.

Technology continues to evolve, presenting challenges to individuals and society alike. Emerging “deepfake” technology is already helping create convincing videos of people appearing to say and do things they never said or did. In addition, intelligent social media bots are becoming more human-like, making identifying and blocking them much more difficult. That’s just some of the challenges that democracies will face in the future.

Many of these problems will not have a clearly defined fix, because they involve a nuanced balancing of individual rights and social necessities. Real and lasting solutions must come from civil discourse by rational and objectively informed people who have, above all, the actual honest desire to do it right.Richard Forno, Senior Lecturer, Cybersecurity & Internet Researcher, University of Maryland, Baltimore County

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The post Richard Forno: Threats remain to US voting system – and voters’ perceptions of reality appeared first on Department of Computer Science and Electrical Engineering.

The UMBC Cyber Defense Lab presents

Legal Aspects of Privacy and Data Protection

Razvan Miutescu
Privacy Counsel, Whiteford, Taylor & Preston

12:00–1:00pm Friday, 9 November 2018, ITE 227, UMBC

Privacy and data security continue to be topics of interest for organizations of all sizes. In addition to being concerned about cyber crimes and data breaches occurring more frequently and with higher operational impact, consumers and regulators around the world are focusing on privacy. Individuals are becoming increasingly aware of the value and the use of the information that identifies them or analyzes their conduct and behavior. Privacy laws around the world are becoming stricter. The European Union’s General Data Protection Regulation (GDPR) is viewed as a flagship law that imposes data protection requirements well beyond the borders of the European Economic Area. California recently passed its Consumer Privacy Act, which borrows concepts from the GDPR, leaving no doubt that privacy laws in the United States are also on track to become more complex. In this context, we will discuss practical legal approaches to an organization’s privacy and data security program.

Razvan Miutescu is a technology and information governance attorney with Whiteford, Taylor & Preston. His practice focuses on privacy and data security, information technology transactions and licensing, intellectual property, and data management, including data broker transactions, cloud services, distributed ledgers/blockchain, and related regulatory and compliance matters. Email: *protected email*

Host: Alan T. Sherman, *protected email*

The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public.

The post talk: Legal Aspects of Privacy and Data Protection, 12-1 Fri 11/9 appeared first on Department of Computer Science and Electrical Engineering.