Anupam Joshi and Yelena Yesha working with several UMBC students. Photo by Mitro Hood/Feature Photo Service.

UMBC and IBM Research have announced a collaboration to create the Accelerated Cognitive Cybersecurity Lab (ACCL), opening at UMBC in fall 2016. Housed in the College of Engineering and Information Technology and supported with a multi-year commitment from IBM, it will advance scientific frontiers in cybersecurity and machine learning. Anupam Joshi, director of the UMBC Center for Cybersecurity and chair of the Computer Science and Electrical Engineering Department, will lead the ACCL.

The lab will build on UMBC’s prior research on AI, high performance computing, data visualization and cybersecurity and work IBM researchers to apply IBM’s cognitive computing systems and tools, including the Watson computer system.

You can read more about the new partnership from IBM’s press releases (here and here), UMBC’s announcement and other new media (e.g., here).

IT & Engineering Alumni Happy Hour
6:00–8:00pm Tuesday, 14 June 2016

Union Jack’s, 10400 Little Patuxent Parkway, Columbia MD 21044

Join fellow graduates of the College of Engineering and Information Technology and those who now work in those fields for a networking happy hour. Enjoy fabulous food and drinks on us while connecting with other IT&E Retrievers. Sponsored by the UMBC Alumni Association. RSVP by June 6 here. Questions? Contact Amy Dalrymple at .

America is ‘dropping cyberbombs’ – but how do they work?

Richard Forno and Anupam Joshi

Recently, United States Deputy Defense Secretary Robert Work publicly confirmed that the Pentagon’s Cyber Command was “dropping cyberbombs,” taking its ongoing battle against the Islamic State group into the online world. Other American officials, including President Barack Obama, have discussed offensive cyber activities, too.

The American public has only glimpsed the country’s alleged cyberattack abilities. In 2012 The New York Times revealed the first digital weapon, the Stuxnet attack against Iran’s nuclear program. In 2013, former NSA contractor Edward Snowden released a classified presidential directive outlining America’s approach to conducting Internet-based warfare.

The terms “cyberbomb” and “cyberweapon” create a simplistic, if not also sensational, frame of reference for the public. Real military or intelligence cyber activities are less exaggerated but much more complex. The most basic types are off-the-shelf commercial products used by companies and security consultants to test system and network security. The most advanced are specialized proprietary systems made for exclusive – and often classified – use by the defense, intelligence and law enforcement communities.

So what exactly are these “cyberbombs” America is “dropping” in the Middle East? The country’s actual cyber capabilities are classified; we, as researchers, are limited by what has been made public. Monitoring books, reports, news events and congressional testimony is not enough to separate fact from fiction. However, we can analyze the underlying technologies and look at the global strategic considerations of those seeking to wage cyber warfare. That work allows us to offer ideas about cyber weapons and how they might be used.

Read more @ The Conversation and also on the Scientific American Web site.

The third Innovations in Cybersecurity Education Workshop (ICEW) will be held from 9:00am to 5:00pm on Friday, June 3, 2016 on the UMBC campus.

ICEW is a free regional workshop on cybersecurity education from high school through post-graduate. It is intended primarily for educators who are teaching cybersecurity at high schools, colleges, and community colleges. Anyone is welcome to attend, including teachers, students, administrators, researchers, and government officials. It will highlight master teachers and ongoing educational projects, including an effort at the US Naval Academy to teach cybersecurity to all midshipmen. The workshop will feature hands-on learning activities, including secure programming, cyber competition, and an educational game.

Sessions will include:

• Secure coding through hands-on exercise: Blair Taylor and Siddharth Kaza (Towson University) will show how to carry out self-contained, lab-based modules designed to be injected into CS0-CS2 introductory computer science courses.
• Using a message board as a hands­-on learning tool for Cyber Security II: LCDR Chris W. Hoffmeister (US Naval Academy) will discuss how to solve security challenges involving a simple, configurable HTML message board.
• Hands-on vulnerability testing: Marcelle Lee (Anne Arundel Community College) and Steve Morrill (Loyola Blakefield) will demonstrate how to engage in a hands-on challenge and learning experience to help highlight the vulnerabilities in systems, with you in the driver’s seat. Participants of any skill level will learn strategies and techniques for determining if a system is vulnerable.
• Hands-on group threat brainstorming with Security Cards: Tamara Denning (University of Utah) will demonstrate teaching students how to think broadly and creatively about computer security threats using 42 Security Cards along four dimensions (suits): human impact, adversary’s motivation, adversary’s resources, and adversary’s methods.

ICEW is free and open to the public — all are welcome to attend. This workshop will to be of interest to educators, school administrators, undergraduate and graduate students, and government officials. Lunch will be provided. There is ample parking.

For more information and to register, see the 2016 ICEW Web site.

The UMBC Cyber Defense Lab presents

Statistical Testing of Hash Bit Sequences

Enis Golaszewski
CSEE, UMBC

11:15am-12:30pm Friday, 6 May 2016, ITE 237

We tested bit sequences generated from the MD5 hash function using multinomial distribution and close-point spatial statistical tests for randomness. We found that bit sequences generated from truncated-round MD5 hash fail these tests for high- and low-density input choices.

In 2000, the National Institute of Standards and Technology concluded a competition to select the Advanced Encryption Standard. One of the requirements for candidates was randomness of output bits. The techniques used to evaluate symmetric block cipher randomness have not been extensively applied to hash functions.

In this study, we adapt a subset of the techniques used to analyze the randomness of AES candidate algorithms to study the randomness of the well-known MD5 hash function. Our approach uses high-density, lo- density, and chained-input methods to generate MD5 hashes. We concatenate these hash outputs and subjected them to multinomial distribution and close-point spatial tests. We iterated this approach over reduced-round versions of MD5. Our presentation includes specifications for the input methods, details on the statistical tests, and analysis of the statistical results.

Through statistical testing of concatenated MD5 hashes, we derive results that demonstrate a link between the performance of the concatenated hash bit sequences in our statistical testing and the number of hash rounds applied to the high-density and low-density input methods. Randomness is a desirable property for cryptographic hash functions. We present a new approach that facilitates the analysis and interpretation of hash functions for statistical randomness.

About the Speaker. Enis Golaszewski is a prospective PhD student in CS at UMBC, working with Dr. Alan T. Sherman. His research interests include the security of software-defined networks. He graduated from UMBC in CS in December 2015 and was a student in the fall 2015 INSuRE class. Email: <>

Host: Alan T. Sherman,

UMBC undergraduate and graduate students interested in cybersecurity can apply for an Federal CyberCorps: Scholarship For Service scholarship by 15 May 2016. This application deadline will be the last one under the current NSF grant, which ends August 2017.

The Federal CyberCorps: Scholarship For Service program is designed to increase and strengthen the cadre of federal information assurance professionals that protect the government’s critical information infrastructure. This program provides scholarships that may fully fund the typical costs incurred by full-time students while attending a participating institution, including tuition and education and related fees. Participants also receive stipends of $22,500 for undergraduate students and $34,000 for graduate students.

Applicants must be be full-time UMBC students within two years of graduation with a BS or MS degree; a student within three years of graduation with both the BS/MS degree; a student participating in a combined BS/MS degree program; or a research-based doctoral student within three years of graduation in an academic program focused on cybersecurity or information assurance. Recipients must also be US citizens or permanent residents; meet criteria for Federal employment; and be able to obtain a security clearance, if required.

For more information and instructions on how to apply see the UMBC CISA site (use old application form, and be sure to include the cover sheet).

Design, Analysis and Security of Automotive Networks

Sekar Kulandaivel
University of Maryland, Baltimore County

2:00-3:30pm Friday, 29 April 2016, ITE 325b

As more electronic and wireless technologies permeate modern vehicles, understanding the design of an embedded automotive network becomes necessary to protect drivers from external agents with a malicious intent to disrupt onboard electronics. By analyzing the different types of automotive networks and current security issues that the industry faces, we will learn how intruders are able to access an automotive network, read data that streams from the connected nodes and inject potentially malicious messages. This presentation will cover the electrical design of automotive networks, the communication protocols between electronic control units, methods for analyzing network messages and a detailed overview of previous automotive attacks and current security issues.

Sekar Kulandaivel is a Meyerhoff Scholar and Computer Engineering undergraduate student at UMBC. He currently works on designing an intrusion detection system for automotive networks with Dr. Nilanjan Banerjee of the UMBC Eclipse Cluster. Sekar has had previous internships at MIT Lincoln Laboratory, Northrop Grumman Corporation and Johns Hopkins University. He will attend Carnegie Mellon University in Fall 2016 to pursue a PhD in Electrical and Computer Engineering with a focus in electric vehicle security.

UMBC Cyber Defense Lab

Securing the Cloud: The Need for Quantum Network Security
Brian Kelley, Senior Member IEEE
Associate Professor of ECE
The University of Texas at San Antonio

11:15am-12:30pm Friday, 22 April 2016, UMBC, ITE 227

A significant trend in cloud data centers virtualization has been the migration away from virtual machines (VMs) with multiple guest operating systems (OS) to containers with a single Host OS. Whereas VMs incorporate a hypervisor manager layer enabling the Host OS to spawn multiple guest OSs, containers support all the code, run-time tools, and system libraries to run workload applications from a single Host OS.

While all cloud-based platforms posses security vulnerabilities, the additional security challenges with container systems stem from the sharing of the Host OS among independent container applications.

In this presentation we pose the question, “Can we use quantum information concepts to protect the cloud?” We introduce Quantum Key Distribution (QKD) protocols. We present schemes for cloud container security based upon concepts drawn from QKD and related concepts in quantum teleportation. We also propose a new framework for Quantum Container Security drawing upon concepts of quantum entanglement. We will also present information the Cloud Academic Research Center at the University of Texas at San Antonio.

Dr. Brian Kelley is Associate Professor of ECE at the University of Texas at San Antonio. He is a leading researcher on communication systems, 4G and 5G cellular, cloud communications, and smart grid communications. He is also a member of the Cloud Academic Center at the University of Texas. Dr. Kelley is currently on sabbatical leave as a consultant with the DoD in Washington D.C. His current research focus is on the intersection of software-defined networks, 5G communications, and cloud systems. He is Senior Member of the IEEE, was an Oak Ridge National Laboratory Summer Faculty Fellow in Quantum Information Science during the summer of 2015, was Globecom 2014 Chair for the High-Level Technical Program Committee, Associate Editor and Editorial Board of IEEE System Journal, 2011-2012, and Associate Editor of Computers & Electrical Engineering, Elsevier, 2008-2011; he founded the San Antonio IEEE Communications and Signal Processing Chapter, in 2008. From 2000-2006, he was Distinguished Member of the Technical Staff at Motorola and a senior lecturer at the University of Texas at Austin. Since 2007, he has been Associate Professor of ECE and Director of the Wireless Next Generation Systems (WiNGS) Lab at the University of Texas at San Antonio. Dr. Kelley received his BSEE from Cornell University and his MS/PhD in EE from the Georgia Institute of Technology in 1992, where he was an ONR Fellow. He is a member of Tau Beta Pi and Eta Kappa Nu. Contact: Dr. Brian Kelley, (210) 706-0854

Host: Alan T. Sherman,

The UMBC Cyber Defense Lab meets biweekly Fridays (May 6: Enis Golaszewski, Hash bit sequences)

UMBC CSEE Seminar

IoT Device Security Research at Morgan State University

Dr. Kevin T. Kornegay

Professor and IoT Security Endowed Chair,
School of Electrical and Computer Engineering, Morgan State University

12:00-1:00pm Friday, 15 April 2016, ITE 239, UMBC

The Internet of Things (IoT) and its myriad of components are proliferating as they increasingly permeate all areas of life and work, with unprecedented economic effect. The IoT is the network of dedicated physical objects (things) whose embedded system technology senses or interacts with their internal state or external environment. Embedded systems use a combination of computer hardware and software to perform dedicated functions within a larger mechanical or electrical system. Examples of embedded systems include cell phones, personal digital assistants, gaming consoles, global positioning systems, etc. Over 98 percent of all microprocessors being manufactured are used in embedded system applications. In private industry and the public sector, IoT growth and possible uses are evolving rapidly. Critical infrastructures in transportation, smart grid, manufacturing and health care are highly dependent on embedded systems for distributed control, tracking, and electronic data collection. While it is paramount to protect these systems from hacking, intrusion or physical tampering, our current solutions are often based on a patchwork of legacy systems, and this is unsustainable as a long-term solution. Transformative solutions are required to protect these systems by engineering secure embedded systems. Secure embedded systems use cryptography and countermeasures to protect electronic data and commands to systematically achieve resiliency, stability, safety, integrity, and privacy. Engineering secure embedded implementations that are resistant to attacks is vital. Essential to achieving this goal is obtaining fundamental knowledge and understanding of the various types of vulnerabilities embedded systems present. Hence, in this talk, we will present our embedded systems security research activities including the IoT testbed, side-channel and fault injection analysis, and associated research projects.

Kevin T. Kornegay received the B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and the M.S. and Ph.D. degrees in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is presently Professor and IoT Security Endowed Chair in the School of Electrical and Computer Engineering at Morgan State University in Baltimore, MD. His research interests include hardware assurance, reverse engineering, secure embedded system design, side-channel analysis, differential fault analysis, radio frequency and millimeter wave integrated circuit design, high-speed circuits, and broadband wired and wireless system design. Dr. Kornegay serves or has served on the technical program committees of several international conferences including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), EEE International Solid State Circuits Conference, the IEEE Custom Integrated Circuits Conference, and the Radio Frequency Integrated Circuits Symposium. He has also served a two-year term on the IEEE Solid-State Circuits AdCom committee, as well as, on the editorial board of the IEEE Transactions on Circuits and Systems II and as Editor of IEEE Electron Device Letters and Guest Editor of the IEEE Journal of Solid-State Circuits Special Issue on the 2004 Compound Semiconductor IC Symposium. He is the recipient of numerous awards, including the National Society of Black Engineers’ Dr. Janice A. Lumpkin Educator of the Year in 2005, the 2002 Black Engineer of the Year Award in Higher Education from U.S. Black Engineer and Information Technology magazine, the NSF CAREER Award, an IBM Faculty Partnership Award, the National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He was also selected as a participant in the National Academy of Engineering Frontiers of Engineering Symposium, and the German–American Frontiers of Engineering, where he later served on the organizing committee. He is a Distinguished Lecturer of the IEEE Electron Devices Society and a senior member of the IEEE, as well as a member of Eta Kappa Nu and Tau Beta Pi.

Hosts: Professors Fow-Sen Choa () and Alan T. Sherman ()

About the CSEE Seminar Series: The UMBC Department of Computer Science and Electrical Engineering presents technical talks on current significant research projects of broad interest to the Department and the research community. Each talk is free and open to the public. We welcome your feedback and suggestions for future talks.

Karuna Joshi (UMBC) and Seung Geol Choi (USNA) present during the USNA-UMBC Partnership Symposium. Photo by Marlayna Demond ’11 for UMBC.

UMBC and U.S. Naval Academy (USNA) faculty researchers presented updates on five collaborative cybersecurity projects funded by the Office of Naval Research (ONR) during the inaugural USNA-UMBC Partnership Symposium, hosted by UMBC’s Office the Vice President for Research on March 22, 2016. The five projects presented are supported by three-year grants from the ONR, most of which are entering their second year of funding.

When the joint research initiative launched a year ago, Karl V. Steiner, vice president for research at UMBC, described it as “the start of a long-term partnership.” The recent symposium was the first formal opportunity for the research teams to formally present their progress on tackling major cybersecurity challenges outlined when the partnership began.

Read more about the joint research and symposium here.