The UMBC Cyberdawgs will host a 48-hour Jeopardy-style Capture The Flag cybersecurity competition, online and in person for UMBC participants.

DawgCTF 2022 will be a Jeopardy-style CTF, so things are pretty simple. Players register online, either in teams or alone. At 1300 EDT on April 29, 2022, the competition will open. Players will have access to a board of challenges, ranging from easy to nigh-impossible, and scored appropriately. Whoever earns the most points by solving challenges wins! The in-person part of the event will take place in room 206 of the Public Policy Building.

The CTF will begin at 1:00 PM EDT on Friday, April 29, 2022, and end at 1:00 PM EDT on Sunday, May 1, 2022, for a total runtime of 48 hours. The maximum team size is four. There will be an in-person component for UMBC participants only.

At 8:00 PM on Friday, April 29^th (7 hours after the start), we will give out some prizes to UMBC competitors, depending on their current position on the scoreboard at 8:00 PM. Only UMBC competitors will be eligible for these prizes. Don’t worry, they’ll be small prizes, mostly just for fun, and the clout and CTFtime credit will go to the “official” winners at competition closing time (1 pm on Sunday).

See the Dawg CTF 2022 site to register, get more information, and join the Discord server.

The UMBC Cyberdawgs will host a 48-hour Jeopardy-style Capture The Flag cybersecurity competition, online and in person for UMBC participants.

DawgCTF 2022 will be a Jeopardy-style CTF, so things are pretty simple. Players register online, either in teams or alone. At 1300 EDT on April 29, 2022, the competition will open. Players will have access to a board of challenges, ranging from easy to nigh-impossible, and scored appropriately. Whoever earns the most points by solving challenges wins! The in-person part of the event will take place in room 206 of the Public Policy Building.

The CTF will begin at 1:00 PM EDT on Friday, April 29, 2022, and end at 1:00 PM EDT on Sunday, May 1, 2022, for a total runtime of 48 hours. The maximum team size is four. There will be an in-person component for UMBC participants only.

At 8:00 PM on Friday, April 29^th (7 hours after the start), we will give out some prizes to UMBC competitors, depending on their current position on the scoreboard at 8:00 PM. Only UMBC competitors will be eligible for these prizes. Don’t worry, they’ll be small prizes, mostly just for fun, and the clout and CTFtime credit will go to the “official” winners at competition closing time (1 pm on Sunday).

See the Dawg CTF 2022 site to register, get more information, and join the Discord server.

UMBC researchers publish book on
Cybersecurity and Local Government

UMBC researchers Donald Norris, Laura Mateczun, and Richard Forno have published a new book on the the risks of cyberattacks that local governments face and how they are addressing them. Their book Cybersecurity and Local Government published by WIley summarizes several years of research and surveys on the issues and practices of city, county, and state governments.

Some of this is summarised in a recent article by Forno in The Conversation, Local governments are attractive targets for hackers and are ill-prepared.

Donald Norris is Professor Emeritus and former chair of UMBC’s School of Public Policy, Laura Mateczun, JD, is a PhD student in Public Policy, and Richard Forno is a Principal Lecturer and director of UMBC’s Graduate Cybersecurity Program and Assistant Director of UMBC’s Center for Cybersecurity.

UMBC researchers publish book on
Cybersecurity and Local Government

UMBC researchers Donald Norris, Laura Mateczun, and Richard Forno have published a new book on the the risks of cyberattacks that local governments face and how they are addressing them. Their book Cybersecurity and Local Government published by WIley summarizes several years of research and surveys on the issues and practices of city, county, and state governments.

Some of this is summarised in a recent article by Forno in The Conversation, Local governments are attractive targets for hackers and are ill-prepared.

Donald Norris is Professor Emeritus and former chair of UMBC’s School of Public Policy, Laura Mateczun, JD, is a PhD student in Public Policy, and Richard Forno is a Principal Lecturer and director of UMBC’s Graduate Cybersecurity Program and Assistant Director of UMBC’s Center for Cybersecurity.

The UMBC Cyber Defense Lab presents

Designing Quantum Resistant Key
Exchange Protocols with CPSA

Dr. Edward Zieglar, CSEE, UMBC

12–1 pm, Friday, 15 April 2022
online via WebEx

With developments in quantum computers and algorithms, the public-key systems that we rely upon for secure network communication will become vulnerable to exploitation. Quantum-resistant key exchange protocols are needed to replace our existing vulnerable protocols. Much of the work has focused on developing new mathematical problems that are conjectured to be quantum-resistant as replacements for our current public-key algorithms. We took a different approach, looking to an old secret-key agreement protocol developed by Leighton and Micali at MIT for the Clipper Chip symmetric encryption system. We will present our analysis of the Leighton-Micali key agreement protocol, weaknesses we uncovered with the Cryptographic Protocol Shapes Analyzer (CPSA), and verification of a new protocol based on their ideas that corrects deficiencies in the original protocol.

Dr. Zieglar is an expert in protocol analysis and computer security at the National Security Agency. He is an adjunct faculty member at UMBC and a member of the UMBC Protocol Analysis Lab. Dr. Zieglar earned his Ph.D. in computer science from UMBC working under Dr. Sidhu. Email: eziegl1@umbc.edu

Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: April 29, Ian Blumenfeld (UMBC), May 13, Enka Blanchard (Digitrust Loria, France).

The UMBC Cyber Defense Lab presents

Designing Quantum Resistant Key
Exchange Protocols with CPSA

Dr. Edward Zieglar, CSEE, UMBC

12–1 pm, Friday, 15 April 2022
online via WebEx

With developments in quantum computers and algorithms, the public-key systems that we rely upon for secure network communication will become vulnerable to exploitation. Quantum-resistant key exchange protocols are needed to replace our existing vulnerable protocols. Much of the work has focused on developing new mathematical problems that are conjectured to be quantum-resistant as replacements for our current public-key algorithms. We took a different approach, looking to an old secret-key agreement protocol developed by Leighton and Micali at MIT for the Clipper Chip symmetric encryption system. We will present our analysis of the Leighton-Micali key agreement protocol, weaknesses we uncovered with the Cryptographic Protocol Shapes Analyzer (CPSA), and verification of a new protocol based on their ideas that corrects deficiencies in the original protocol.

Dr. Zieglar is an expert in protocol analysis and computer security at the National Security Agency. He is an adjunct faculty member at UMBC and a member of the UMBC Protocol Analysis Lab. Dr. Zieglar earned his Ph.D. in computer science from UMBC working under Dr. Sidhu. Email: *protected email*

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: April 29, Ian Blumenfeld (UMBC), May 13, Enka Blanchard (Digitrust Loria, France).

The UMBC Cyber Defense Lab presents

A Formal Methods Analysis of the Session Binding Proxy Protocol

Kirellos N. Abou Elsaad, UMBC

12-1 pm, Friday, 1 April 2022, via WebEx

Proposed by Burgers, Verdult, and Eekelen in 2013, the Session Binding Proxy (SBP) protocol intends to prevent session hijacking by binding the application session to the underlying network session (i.e., binding the session token to the SSL/TLS shared key). We present a formal methods analysis of SBP using the Cryptographic Protocol Shapes Analyzer (CPSA). Our analysis reveals that SBP relies critically on the successful establishment of a secure SSL/TLS channel, which can be undermined using well-known attacks. Also, we find that SBP allows for the partial hijacking of a session using a tailgating attack. In this attack, the adversary uses the server to inject and execute malicious code inside the client’s browser to extract the session token and forge a valid state-changing request to the server. This attack is not neutralized by SBP because the request contains a valid session token and is sent over the client’s existing SSL/TLS channel.

Kirellos N. Abou Elsaad is a master’s student in computer science at UMBC working under Dr. Sherman and a member of the Protocol Analysis Lab (PAL). email: abou3@umbc.edu

Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: April 15, Edward Zieglar (NSA); April 29, Ian Blumenfeld (UMBC); May 13, Enka Blanchard (Digitrust Loria, France).

The UMBC Cyber Defense Lab presents

A Formal Methods Analysis of the Session Binding Proxy Protocol

Kirellos N. Abou Elsaad, UMBC

12-1 pm, Friday, 1 April 2022, via WebEx

Proposed by Burgers, Verdult, and Eekelen in 2013, the Session Binding Proxy (SBP) protocol intends to prevent session hijacking by binding the application session to the underlying network session (i.e., binding the session token to the SSL/TLS shared key). We present a formal methods analysis of SBP using the Cryptographic Protocol Shapes Analyzer (CPSA). Our analysis reveals that SBP relies critically on the successful establishment of a secure SSL/TLS channel, which can be undermined using well-known attacks. Also, we find that SBP allows for the partial hijacking of a session using a tailgating attack. In this attack, the adversary uses the server to inject and execute malicious code inside the client’s browser to extract the session token and forge a valid state-changing request to the server. This attack is not neutralized by SBP because the request contains a valid session token and is sent over the client’s existing SSL/TLS channel.

Kirellos N. Abou Elsaad is a master’s student in computer science at UMBC working under Dr. Sherman and a member of the Protocol Analysis Lab (PAL). email: *protected email*

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public. Upcoming CDL Meetings: April 15, Edward Zieglar (NSA); April 29, Ian Blumenfeld (UMBC); May 13, Enka Blanchard (Digitrust Loria, France).

The UMBC Cyber Defense Lab presents

Voting Technology

Ted Selker

Research Professor
UMBC CSEE Department

12–1 ET Friday, 4 March 2022 via WebEx

Traditionally most votes are lost in registration, voting ballot design problems, and polling place operations, causing long lines and possibly mail-in ballot fraud. This talk will describe voting-process problems and technological problems, and some possible solutions for voting improvement. Voting disenfranchisement is much higher for people with perceptual, physical, and cognitive disabilities. More than 14% of registered voters are in danger of increased errors due to dyslexia, and more than 6.5% due to short-term memory problems. We will describe and demonstrate technologies we are making that help disabled people and improve voting universally as well.

Dr. Ted Selker is an entrepreneur inventor who also mentors innovation. Ted spent five years as director of Considerate Systems research at Carnegie Mellon University Silicon Valley and in developing the campus’s research mission. Prior to that, Ted spent ten years as an associate professor at the MIT Media Laboratory, where he created the Context Aware Computing group, co-directed the Caltech/MIT Voting Technology Project, and directed the Industrial Design Intelligence future for product design project. Prior to that, his successes at targeted product creation and enhancement at IBM earned him the role of IBM Fellow. Ted’s work birthed successful products ranging from notebook computers to operating systems. It accumulated numerous awards, patents, and papers and has often been featured in the press. Ted is co-recipient of the Computer Science Policy Leader Award for Scientific American 50, the American Association for People with Disabilities Thomas Paine Award for his work on voting technology, and the Telluride Tech Fest Award.

Host: Alan T. Sherman, *protected email* Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL Meetings: March 18, Nilanjan Banerjee (UMBC); April 1, Kirellos Elsaad (UMBC); April 15, Edward Zieglar (NSA); April 29, Ian Blumenfeld (UMBC); May 13, Enka Blanchard (Digitrust Loria, France)