Two UMBC alumnae featured in The CyberWire podcast

The CyberWire produced a special podcast, In the clear: what it’s like working as a woman in the cleared community, that features three women working on cybersecurity at Northrop Grumman. Two are UMBC alumnae, software engineering manager Lauren and cyber software engineer Priyanka.

Lauren received a BS in Computer Science in 2015 and an M.S. in Computer Science in 2017. As an undergraduate student, she worked part-time as an IT Security Analyst tracking, locating, and performing forensics on infected computers located on campus. She joined Northrop Grumman in 2015 and continued her studies as a part-time graduate student, doing research on investigating different ways of characterizing cybersecurity exploit kits and the malware they produce.

Priyanka received a BS in Computer Science in 2018 and an MS in Computer Science in 2019. Her MS research was on multilingual text alignment for cybersecurity. She has been a lecture in the UMBC Computer Science program and the UMD Advanced Cybersecurity Experience for Students (ACES) program. She is currently working on a Computer Science Ph.D. at UMBC focused on how AI can help protect cybersecurity systems from data poisoning attacks.

Listen to the 47 minute podcast here.

The 2021 SFS Research Study: Vulnerabilities in UMBC’s Incident Management System

Cyrus Bonyadi and Enis Golaszewski
CSEE Department, UMBC

12:00noon–1pm Friday, 29 January 2021

remotely via WebEx 

 January 11–15, 2020, UMBC scholars in the CyberCorps: Scholarship for Service (SFS) and the DoD Cybersecurity Scholarship (CySP) programs collaboratively analyzed the security of UMBC’s Incident Management System (IMS). Students found numerous serious issues, including race conditions, code-injection, and cross-site scripting attacks, improper API implementation, and denial-of-service attacks. We present findings, recommendations, and details of these vulnerabilities.

UMBC’s Incident Management System (IMS) is a web application under development by UMBC’s DoIT to supplement their RequestTracker (RT). IMS allows DoIT security staff to supplement the information in RT by linking IMS incidents to RT tickets. IMS incidents store additional information and files regarding existing and potential security campaigns. Using the information in IMS and RT, DoIT generates executive reports, which can influence decisions related to budget, training, and other security concerns. Our study is helping to improve the architecture and implementation of IMS.

Participants comprised BS, MS, MPS, and Ph.D. students studying computer science, computer engineering, information systems, and cybersecurity, including SFS scholars who transferred from Montgomery College (MC) and Prince George’s Community College (PGCC) to complete their four-year degrees at UMBC.

About the Speakers. Cyrus Jian Bonyadi is a Ph.D. Student at UMBC working on distributed computing consensus theory. He is an alumnus of the varsity CyberDawgs team. email: . Enis Golaszewski is a Ph.D. Student at UMBC working on protocol analysis. He is a leading member of the Protocol Analysis Lab under Dr. Sherman. email: , 

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm.  All meetings are open to the public. Upcoming CDL Meetings:

• Feb 12, Richard Carback (xxnetwork), Startup lessons learned
• Feb 26, Vahid Heydari (Rowan University)
• Mar 12, Chao Liu (UMBC), Efficient asynchronous BFT with adaptive security
• Mar 26, Jeremy Clark (Concordia)
• April 9, (UMBC), MeetingMayhem: A network adversarial thinking game
• April 23, Peter Peterson (University of Minnesota Duluth), Adversarial thinking
• May 7, Farid Javani (UMBC), Anonymization by oblivious transfer

UMBC’s Cyber Defense Lab presents

Presentations of the UMBC INSuRE Research Projects from Fall 2020

12:00noon–1:30pm, Friday, 18 December 2020

via WebEx

The Information Security Research and Education (INSuRE) research collaborative is a network of National Centers of Academic Excellence in Cyber Defense Research (CAE-Rs) universities that cooperate to engage students in solving applied cybersecurity research problems. Since fall 2012, INSuRE has fielded a multi-institutional cybersecurity research course in which BS, MS, and Ph.D. students work in small groups to solve unclassified problems proposed by the National Security Agency (NSA) and by other government and private organizations and laboratories.

Schedule
12:00-12:15pm poster presentations
12:15-12:40pm Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories
12:40-1:05pm Meeting Mayhem: A Network Adversary Game
1:05-1:30pm Analysis of the 5G AKA protocol with Comparison to 4G AKA

Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories
Naomi Albert, Elias Enamorado, Benjamin Padgette, Anshika Patel
Technical Director: William J. La Cholter (APL)
UMBC Expert: Charles Nicholas

With the ever-increasing popularity of browser-based cryptomining it is now more important than ever to detect malicious cryptojacking code. This paper serves to identify reliable indicators of injected cryptomining code in open-source repositories using static source code analysis techniques. We analyze static source code features of a curated set of cryptomining projects and innocuous codebases that are available as open-source projects on GitHub. Through this analysis we show that a novel Normalized Halstead Difficulty metric can be an important indicator of the presence of cryptomining software. Specifically, the Normalized Halstead complexity is significantly higher for cryptomining source code files as compared to the sampled non-miners. Using this newfound knowledge of the complexity of browser-based JavaScript cryptominers, supply-chain cryptojacking injection attacks in open-source repositories may be easier to identify through automated code review techniques.

Meeting Mayhem: A Network Adversary Game
Richard Baldwin, Trenton Foster
Technical Director: Edward Zieglar (NSA)
UMBC Experts: Marc Olano, Linda Oliva

Meeting Mayhem, a web-based educational game, teaches adversarial thinking through the Dolev-Yao security model. Meeting Mayhem is based on the paper-and-pencil “Protocol Analysis Game,” introduced by Edward Zieglar and adapted by UMBC PhD student Enis Golaszewski. Two or more users try to arrange a meeting time and place by sending messages through an insecure network controlled by an adversary. Through self discovery, players learn the dangers of network communications and the value of sound protocols supported by encryption, hashing, and digital signatures.

Formal Methods Analysis of the 5G AKA protocol, with Comparison to 4G AKA
Prajna Bhandary, Ryan Jahnige, Jason Schneck
Technical Director: Edward Zieglar (NSA)

We analyze the Fifth Generation (5G) Authentication and Key Agreement (AKA) protocol and the Fourth Generation (4G) Evolved Packet System Authentication and Key Agreement (EPS-AKA) protocol for possible structural faults using the Cryptographic Protocol Shapes Analyzer (CPSA). It is fundamental to provide authentication and key management in the security of cellular networks. 5G AKA provides mutual authentication between subscribers and the network, by providing the keys to protect both signaling and user plane data. 4G defines an authentication method, EPS-AKA, whereas 5G offers several different authentication techniques: 5G AKA, 5G EAP-AKA, and 5G EAP-TLS. In addition to our formal method analysis of 5G AKA and 4G EPS-AKA, we also analyze the differences in security properties between the 4G EPS-AKA protocol, and 5G AKA protocol. We verify that the upgrades made to 4G EPS-AKA improves control of the Home Network (HN) in 5G AKA. Additionally, we found that the ambiguous nature of the documentation regarding the channel between Serving Network (SN) and HN results in authentication concerns and we propose a solution.

Course Instructor: Alan T. Sherman

Support for this event is provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings:

Biweekly CDL talks will resume in the spring 2021 semester.
The 2021 UMBC SFS/CySP Research Study will take place remotely in January (likely January 11-15).

The UMBC Center for Cybersecurity (UCYBR) Presents

“Economics of Law” –
Insights into Cybersecurity Policy

Dr. Tim Brennan
Professor Emeritus, UMBC

Tuesday 8 December 2020 from 12-1 pm

Webex, Meeting #: 120 246 4425

Cybersecurity raises questions about who owns data and how best to discourage security breaches.  This talk will offer some unexpected and perhaps controversial perspectives from economics on relevant questions, including: Who presumptively should own data?  What is the purpose of liability law?  Should those who violate data security always be liable, or only if they fail to take appropriate measures to prevent leaks?  Could “the market” solve the problem, e.g., by people choosing where to shop on the basis of data security?  Would regulation be a better means than liability to promote cybersecurity?  Don’t expect answers to these questions; my hope is to stimulate and hopefully inform the discussion.  If time allows, I’ll review some major actions by the Federal Trade Commission, who is the lead national agency policing privacy-related conduct. 

Dr. Tim Brennan is professor emeritus of public policy and economics at UMBC, retiring in July 2020 after thirty years on the UMBC faculty.  He has also been FCC Chief Economist, held the T.D. MacDonald Chair in the Canadian government’s Competition Bureau, and served on the staff of the White House Council of Economic Advisers.  Before UMBC, he was an associate professor of telecommunications and public policy at George Washington University and a staff economist at the US Department of Justice Antitrust Division.  He has over 130 articles and book chapters and books on competition policy, economic regulation, telecommunications and energy policy, intellectual property, and economic methods.  His MA in math and Ph..D. in economics are from the University of Wisconsin.

Cybersecurity and Local Government: Findings from a Nationwide Survey

Donald Norris & Laura Mateczun

11:00-12:00 EST, Thursday, Nov 19, 2020

register to get the webinar link

This talk will discuss data and results from the first nationwide survey of cybersecurity among local or grassroots governments in the United States, examines how these governments manage this important function. As we have shown elsewhere, cybersecurity among local governments is increasingly important because these governments are under constant or nearly constant cyberattack. Due to the frequency of cyberattacks, as well as the probability that at least some attacks will succeed and cause damage to local government information systems, these governments have a great responsibility to protect their information assets. This, in turn, requires these governments to manage cybersecurity effectively, something our data show is largely absent at the American grassroots. That is, on average, local governments fail to manage cybersecurity well. After discussing our findings, we conclude and make recommendations for ways of improving local government cybersecurity management.

Donald F. Norris is Professor Emeritus, School of Public Policy, University of Maryland, Baltimore County. His principal field of study is public management, specifically information technology in governmental organizations, including electronic government and cybersecurity. He has published extensively in refereed journals in these areas. He received a B.S. in history from the University of Memphis and an M.A. and a Ph. D. in political science from the University of Virginia.

Laura Mateczun is a graduate of the University of Maryland Francis King Carey School of Law, and a member of the Maryland Bar. She is currently a Ph.D. student at the University of Maryland, Baltimore County School of Public Policy studying public management. Her research interests involve local government cybersecurity, criminal justice, and the importance of equity in

Alan Sherman and collaborators develop VoteXX with new strategies for secure online voting

Over the past several months, the topic of online voting has been at the top of the minds of millions of Americans and has been widely debated. Supporters often highlight how it would increase voter turnout through improved accessibility and convenience. Privacy and election integrity are among the top concerns about implementing an online voting system.

Researchers from UMBC and xx.network have been working to design an online voting system that is resistant to coercion and would provide a secure way for people to cast their ballots from computers, tablets, and smartphones in the future. Alan Sherman, professor of computer science and electrical engineering, is developing the system, VoteXX, with David Chaum, a cryptographer known for his work on privacy-centered technology, and Richard Carback ‘05, M.S. ‘08, Ph.D. ‘10, computer science, who has spent his career deflecting would-be hackers.

The security of devices that voters might use to cast their ballot is a significant concern, notes Sherman. He explains that malware on the devices that voters use might change the votes or spy on the voter.

As described in a press release and the researchers’ new whitepaper, VoteXX allows voters to confirm that their ballots were accurately cast, collected, and counted. This system uses ideas from an earlier system, Remotegrity, that the collaborators developed and used in a municipal election in Takoma Park, Maryland, in 2011. Voters received secret vote codes on a scratch-off card via traditional mail, which they used to hide their votes from the software and hardware. Remotegrity was based on Scantegrity, an earlier in-person verifiable voting that was also used in binding elections in Takoma Park, Maryland.

VoteXX uses a combination of simple strategies and complex cryptography to create a more secure online voting scheme. For example, to address the issues of coercion and vote selling, VoteXX allows voters to cancel or change their vote up to a certain deadline. David Chalm explains how this simple capability undermines vote selling. “You make it possible to flip (change or cancel) that vote outside the voting process. Because a vote buyer cannot be sure you didn’t or won’t flip your vote, they can’t be sure that a voter has been honest with them, making it useless to buy votes.”

This “vote flipping” approach provides a subversively simple yet powerful tool to voters. It’s accomplished by creating a “flip code” during the registration process that allows the voter to flip their vote after casting.

You can read more about this research in a UMBC News article by Megan Hanks.

UMBC Cyber Defense Lab

BVOT: Self-Tallying Boardroom Voting with Oblivious Transfer

Farid Javani, CSEE, UMBC

12:00–1:00pm, Friday, 6 November 2020

http://umbc.webex.com/meet/sherman

(Joint work with Alan T. Sherman)

A boardroom election is an election with a small number of voters carried out with public communications. We present BVOT, a self-tallying boardroom voting protocol with ballot secrecy, fairness (no tally information is available before the polls close), and dispute-freeness (voters can observe that all voters correctly followed the protocol).

BVOT works by using a multiparty threshold homomorphic encryption system in which each candidate is associated with a masked unique prime. Each voter engages in an oblivious transfer with an untrusted distributor: the voter selects the index of a prime associated with a candidate and receives the selected prime in a masked form. The voter then casts their vote by encrypting their masked prime and broadcasting it to everyone. The distributor does not learn the voter’s choice, and no one learns the mapping between primes and candidates until the audit phase. By hiding the mapping between primes and candidates, BVOT provides voters with insufficient information to carry out effective cheating. The threshold feature prevents anyone from computing any partial tally—until everyone has voted. Multiplying all votes, their decryption shares, and the unmasking factor yields a product of the primes each raised to the number of votes received.

In contrast to some existing boardroom voting protocols, BVOT does not rely on any zero-knowledge proof; instead, it uses oblivious transfer to assure ballot secrecy and correct vote casting. Also, BVOT can handle multiple candidates in one election. BVOT prevents cheating by hiding crucial information: an attempt to increase the tally of one candidate might increase the tally of another candidate. After all votes are cast, any party can tally the votes.

Farid Javani is a Ph.D. candidate in computer science at UMBC, working with Alan Sherman. His research interests include algorithms, security, applied cryptography, and distributed systems. He is the manager of the Enterprise Architecture team at CCC Information Services in Chicago. email: .

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1:00 pm. All meetings are open to the public. Upcoming CDL Meetings: Oct. 30, Jonathan Katz (UMCP), [possibly on secure distributed computation]; Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; and Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]

UMBC Cyber Defense Lab presents

Secure Computation: From Theory to Practice

Jonathan Katz

Computer Science Department
University of Maryland, College Park

12:00–1:00 pm EDT, Friday, 30 October 2020
Online via Webex

Protocols for secure multi-party computation (MPC) allow a collection of mutually distrusting parties to compute a function of their private inputs without revealing anything else about their inputs to each other. Secure computation was shown to be feasible 35 years ago, but only in the past decade has its efficiency been improved to the point where it has been implemented and, more recently, begun to be used. This real-world deployment of secure computation suggests new applications and raises new questions.

This talk will survey some recent work at the intersection of the theory and practice of MPC, focusing on a surprising application to the construction of Picnic, a “post-quantum” signature scheme currently under consideration by NIST for standardization.

Jonathan Katz is a faculty member in the department of computer science at the University of Maryland, College Park, where he formerly served as director of the Maryland Cybersecurity Center for over five years. He is an IACR Fellow, was named a University of Maryland distinguished scholar-teacher in 2017-2018, and received the ACM SIGSAC Outstanding Contribution Award in 2019.

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.

Upcoming CDL Meetings: Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]

Distinguished Speaker Series

The UMBC Center for Cybersecurity and
Dept. of Computer Science & Electrical Engineering

Tracking Hacking: The Disturbing Proliferation of Commercial Spyware

Ronald J. Deibert, Ph.D.
Prof. of Political Science, Director of Citizen Lab
Munk School of Global Affairs and Public Policy, University of Toronto

1–2:00 pm Friday, 23 October 2020

Webex, Mtg. #: 120 360 5372 Password: 4ExV8dCM3J2

Political struggles in and through the global Internet and related technologies are entering into a particularly dangerous phase for openness, security, and human rights. A growing number of governments and private companies have turned to “offensive” operations, with means ranging from sophisticated and expensive to homegrown and cheap. A large and largely unregulated market for commercial surveillance technology is finding willing clientele among the world’s least accountable regimes. Powerful spyware tools are used to infiltrate civil society networks, targeting the devices of journalists, human rights defenders, minority movements, and political opposition, often with lethal consequences. Drawing from the last decade of research at the University of Toronto’s Citizen Lab, I will provide an overview of these disturbing trends and discuss some pathways to repairing and restoring the Internet as a sphere that supports, rather than diminishes, human rights.

Ronald J. Deibert is Professor of Political Science and Director of the Citizen Lab at the Munk School of Global Affairs and Public Policy, University of Toronto. The Citizen Lab undertakes interdisciplinary research at the intersection of global security, ICTs, and human rights. The research outputs of the Citizen Lab are routinely covered in global media, including over two dozen reports receiving front-page coverage in the New York Times, Washington Post, and other media over the last decade. Deibert is the author of Black Code: Surveillance, Privacy, and the Dark Side of the Internet (Random House: 2013) Reset: Reclaiming the Internet for Civil Society (House of Anansi: 2020) as well as numerous books, chapters, articles, and reports on Internet censorship, surveillance, and cybersecurity. In 2013, he was appointed to the Order of Ontario and awarded the Queen Elizabeth II Diamond Jubilee medal, for being “among the first to recognize and take measures to mitigate growing threats to communications rights, openness and security worldwide.”