UMBC Cyber Dawgs are named CyberForce national champions

UMBC’s Cyber Defense Team, known as the Cyber Dawgs, has emerged the national champion team in the U.S. Department of Energy’s fifth annual CyberForce Competition. The Cyber Dawgs earned first place overall out of more than 100 teams from universities across the country.

Ten national laboratories hosted competing teams this year, November 15 – 16. UMBC competed at the Argonne National Laboratory near Chicago, Illinois, while other teams traveled to sites like the Pacific Northwest National Laboratory in Washington state and Oak Ridge National Laboratory in Tennessee. Competing teams hailed from a broad range of institutions, including Virginia Tech, Carnegie Mellon, Georgia Tech, Texas A&M and the U.S. Air Force Academy.

The competition tasks students with defending critical energy infrastructure during simulated cyberattacks. The scenarios are designed to be realistic, focused on water and power systems and including real-world constraints, such as insufficient budget for system upkeep and limited information on system needs. During the competition, “red teams,” including industry professionals, attack the system, while the students work to ensure that the infrastructure is available to their customers, or “green teams,” who test system usability.

The teams receive points based on how successfully they address attacks, while still allowing users to access the infrastructure they need. The teams are also awarded points for innovative defense tactics and ideas. This year’s competition saw several leading teams with neck-and-neck scores until the final round, when UMBC’s Cyber Dawgs pulled ahead for the victory.

The competition offers students a unique opportunity to develop their cybersecurity skills in relation to critical infrastructure, and have hands-on experience in a realistic cyberattack situation.

“The CyberForce competition is the most unique of our annual events, allowing us to experiment with network configurations to defend an industrial control system against adversaries while playing the roles of an IT organization,” explains RJ Joyce ’18, M.S. ’20, computer science, a member of the winning team. “The hard work, dedication, and creativity that each member brought to the team lifted us from a regional win last year to a national win this year.”

In addition to Joyce, last weekend’s winning team included Anna Staats ’20, computer science; Drew Barrett ’20, computer science; Grant Spencer ’20, computer science; Cyrus Bonyadi, Ph.D. ’23, computer science; and Seamus Burke ’20, computer science.

“The team’s second national championship in three years shows the enthusiasm, grit, and tenacity of our students in demonstrating their technical cyber expertise in a competitive arena,” says Rick Forno, senior lecturer of computer science and assistant director of UMBC’s Center for Cybersecurity.

Forno advises the Cyber Dawgs with Charles Nicholas, professor of computer science and electrical engineering. “It’s an awesome thing not just for the team and university,” he says, “but for each competitor individually, as they prepare to enter the cybersecurity workforce after graduation.”

UMBC students have a strong record in state and national competition. In 2018, UMBC computer science and information systems students won the top prize at the Maryland Cyber Challenge. A year earlier, the UMBC Cyber Dawgs won the National Collegiate Cyber Defense Competition.

Adapted from a UMBC News article by Megan Hanks.

Cyberdawgs place first out of 105 teams in DOE’s 5th CyberForce Competition

Congratulations to the UMBC CyberDawgs team for their first place finish in a field of 105 collegiate teams in the U.S. Department of Energy’s Fifth Annual CyberForce Competition. The distributed event was held at ten of the DOE’s National Laboratories and challenged 105 teams to defend a simulated energy infrastructure from cyber-attacks.

The took place on November 15 and 16 with the goal of bolstering the U.S. cybersecurity workforce by extending skill-building opportunities for students, offering memorable hands-on experiences and highlighting the crucial role this field plays in preserving national energy security. The Cyberdawgs participated at the Argonne National Laboratory site in Illinois.

During the competition, teams competed to defend their simulated infrastructure from attacks by adversarial ​“red teams” composed of industry professionals, all while maintaining service for their ​“green team” customers, played by volunteers. The scenarios included simulated industrial control system components, real-world anomalies and constraints, and interaction with users of the systems.

Teams were scored on their success in protecting the infrastructure against attacks while ensuring the usability of the system, with additional points awarded for innovative ideas and defenses.

The team that competed in this year’s competition was chosen from members of the CyberDawgs student group, composed of students from a variety of majors who share a common interest in computer and network security. No prior experience is required to join and any UMBC students who want to learn more about cybersecurity and learn new skills in the field are encouraged to subscribe to its mailing list and attend meetings.

The CyberDawgs group is advised by CSEE faculty Charles Nicholas and Richard Forno.

The UMBC Cyber Defense Lab presents

Reasoning About Time in a Crypto Protocol Analysis Tool

Dr. Catherine Meadows, Naval Research Laboratory

12:00–1:00pm Friday, 15 November 2019, ITE 227

The ability to guarantee timing properties, and in turn to use assumption about time to guarantee the security of protocols, is important to many of the applications we rely upon. For example, to compute locations, GPS depends on time synchronization between entities. Blockchain protocols require loose time synchronization to guarantee agreement on block timestamps. Distance-bounding protocols use the roundtrip time of an RF signal to enforce constraints on location. To analyze these types protocols formally, it is necessary to reason about time. This talk describes recent research in extending the Maude-NPA cryptographic protocol analysis tool to reason about cryptographic protocols that rely on or enforce timing properties. We describe the timing model we have created for the tool. We show how we we represent timing properties as constraints, whose solution is outsourced to an SMT solver. We also discuss our experimental results.

Catherine Meadows is a senior researcher in computer security at the Center for High Assurance Systems at the Naval Research Laboratory and heads that group’s Formal Methods Section. She was the principal developer of the NRL Protocol Analyzer (NPA), which was one of the first software tools to find previously undiscovered flaws in cryptographic protocols, and was used successfully in the analysis of a number of protocol standards. She is also leading, or has recently led, a number of projects related to the design and analysis of cryptographic protocols, including one focused the development of an analysis tool, Maude-NPA, that takes into account the the complex algebraic properties of cryptosystems, another that is focusing on the automatic generation of secure cryptosystems, and another devoted to formal methods for the design of cyber-physical systems with legacy components.

This work was supported by ONR 321 ()

Host: Alan T. Sherman, . Support for this event was provided in part by the National Science Foundation under SFS grant 175368. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Events:

• December 6, Karl Henderson, Verisign
• 9am—5pm daily, January 13-17, UMBC SFS/CySP Research Study, ITE 456
• January 31, 2020, TBA, biweekly CDL talks resume

Maryland Public Television’s Charles Robinson reports on how Baltimore continues to recover after city computers were infected with ransomware in the May 2019 Baltimore ransomware attack and interviews Dr. Rick Forno, associate director of the UMBC Center for Cybersecurity and graduate director of UMBC’s Cybersecurity MPS degree program.

From Wikipedia: On May 7th 2019, most of Baltimore’s government computer systems were infected with a new and aggressive ransomware variant named RobbinHood. All servers, with the exception of essential services, were taken offline. In a ransom note, hackers demanded 13 bitcoin (roughly $76,280) in exchange for keys to restore access. The note also stated that if the demands were not met within four days, the price would increase and within ten days the city would permanently lose all of the data.

As of May 13, 2019 all systems remained down for city employees. It is estimated that it will take weeks to recover. According to Mayor Jack Young, US Federal Law enforcement continue to investigate the attack. The attack had a negative impact on the real estate market as property transfers could not be completed until the system was restored on May 20th. However, the restoration of all systems was, as of May 20, 2019, estimated to take weeks more.

Baltimore was susceptible to such an attack due to its IT practices, which included decentralized control of its technology budget and a failure to allocate money its information security manager wanted to fund cyberattack insurance. The attack has been compared to a previous ransomware attack on Atlanta the previous year, and was the second major use of the RobbinHood ransomware on an American city in 2019, as Greenville, North Carolina was also impacted in April.

The UMBC Cyber Defense Lab presents

Analysis of the Secure Remote Password (SRP) Protocol Using CPSA

Erin Lanus, UMBC Cyber Defense Lab

12:00–1:00pm, Friday, 6 September 2019, ITE 227, UMBC

Joint work with Alan Sherman, Richard Chang, Enis Golaszewski, Ryan Wnuk-Fink, Cyrus Bonyadi, Mario Costa, Moses Liskov, and Edward Zieglar

Secure Remote Password (SRP) is a widely deployed password authenticated key exchange (PAKE) protocol used in products such as 1Password and iCloud Keychain. As with other PAKE protocols, the two participants in SRP use knowledge of a pre-shared password to authenticate each other and establish a session key. I will explain the SRP protocol and security goals it seeks to achieve. I will demonstrate how to model the protocol using the Cryptographic Protocol Shapes Analyzer (CPSA) tool and present my analysis of the shapes produced by CPSA.

Erin Lanus earned her Ph.D. in computer science in May 2019 from Arizona State University. Dr. Lanus is currently conducting research with Professor Sherman’s Protocol Analysis Lab at UMBC. Her previous results include how to use state to enable CPSA to reason about time in forced-latency protocols. Her research also explored algorithmic approaches to constructing combinatorial arrays employed in interaction testing and the creation of a new type of array for attribute distribution to achieve anonymous authorization in attribute-based systems. In October she will begin as a research assistant professor at Virginia Tech’s Hume Center in Northern Virginia. email:

Support for this research was provided in part by grants to CISA from the Department of Defense, CySP grants H98230-17-1-0387 and H98230-18-0321.

Dr. Ben Shariati co-author of NIST guide on mobile device security and privacy

Dr. Behnam Shariati, Assistant Director of the UMBC Graduate Cybersecurity Program, is one of the authors of a new NIST Cybersecurity Practice Guide guide on how organizations can use standards-based, commercially available products to help meet their mobile device security and privacy needs. Dr. Shariati is also a lecturer in Cybersecurity graduate program and oversees its operations at the Universities at Shady Grove in Rockville, MD.

To address the challenge of securing mobile devices while managing risks, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a laboratory environment to explore how various mobile security technologies can be integrated within an enterprise’s network.

A draft version of the document is available as NIST SPECIAL PUBLICATION 1800-21A, Mobile Device Security, Corporate-Owned Personally-Enabled (COPE) and NIST solicits comments on it by September 23, 2019.

From the summary:

“The rapid pace at which mobile technologies evolve requires regular reevaluation of a mobility program to ensure it is accomplishing its security, privacy, and workplace functionality. Built-in mobile protections may not be enough to fully mitigate the security challenges associated with mobile information systems. Usability, privacy, and regulatory requirements each influence which mobile security technologies and security controls are going to be well-suited to meet the needs of an organization’s mobility program.

The goal of the Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) project is to provide an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security needs for using mobile devices to access enterprise resources.

The sample solution details tools for an enterprise mobility management (EMM) capability located on-premises, mobile threat defense (MTD), mobile threat intelligence (MTI), application vetting, secure boot/image authentication, and virtual private network (VPN) services.”

This NCCoE project is the first in a series on Mobile Device Security for Enterprises. The next one, Mobile Device Security: Bring Your Own Device (BYOD), is under development.

UMBC partners with five universities in the US, UK, and Japan to launch International Cybersecurity Center of Excellence

UMBC has partnered to create a global university network dedicated to securing critical systems against cyber threats: the International Cybersecurity Center of Excellence (INCS-CoE).

The INCS-CoE has its foundations in a 2018 cybersecurity collaboration that included UMBC, Keio University in Japan, and Royal Holloway University of London. That initial group has now formally expanded to include Northeastern University, Kyushu University in Japan, and Imperial College London.

The INCS-CoE will support the efforts of the participating universities as they work together to address cybersecurity challenges facing society. The collaboration focuses on cybersecurity for critical national infrastructures including information technology, public transit, and financial services. Additionally, the Center of Excellence will include research, advocacy, and education components.

“Trust is one of the key pillars for a free and interconnected world, for commerce and for exchange of information, be it in the real world or in the digital world,” says Karl V. Steiner, UMBC’s vice president for research. “In order for machines to communicate well with each other, we need to put in place policies and technologies that establish a trust basis.”

He explains, “The INCS-CoE is built on a similar strong layer of trust among six institutions from three different continents. This first-of-its-kind global Center of Excellence will enable us to rapidly exchange ideas and find solutions to developing issues in an increasingly networked world.”

In the future, INCS-CoE may expand to include government and corporate partners, says Steiner.

“The challenges this first-of-its-kind partnership aims to solve span a complex set of cybersecurity issues,” said David Luzzi, senior vice provost for research at Northeastern.

Each academic institution has specific strengths and areas of expertise that they bring to the partnership. UMBC’s Center for Cybersecurity and Center for Accelerated Real Time Analytics will be instrumental in contributing to INCS-CoE’s goals for UMBC.

Learn more about the INCS-CoE.

Adapted from a UMBC News article by Megan Hanks, photo by Marlayna Demond ’11 for UMBC.

The Evolution of Mobile Authentication

Prof. Keith Mayes, Royal Holloway University of London

1:00pm Tuesday 30 April 2019, ITE325, UMBC

Mobile communication is an essential part or modern life, however it is dependent on some fundamental security technologies. Critical amongst these technologies, is mobile authentication, the ability to identify valid users (and networks) and enable their secure usage of communication services. In the GSM standards and the 3GPP standards that evolved from them, the subscriber-side security has been founded on a removable, attack-resistant smart card known as a SIM (or USIM) card. The presentation explains how this situation came about, and how and why the protocols and algorithms have improved over time. It will cover some work by the author on a recent algorithm for 3GPP and then discuss how Machine-to-Machine and IoT considerations have led to new standards, which may herald the demise of the conventional removable SIM, in favour of an embedded eSIM.

Professor Keith Mayes B.Sc. Ph.D. CEng FIET A.Inst.ISP, is a professor of information security within the Information Security Group (ISG) at Royal Holloway University of London. Prior to his sabbatical, he was the Director of the ISG and Head of the School of Mathematics and Information Security. He is an active researcher/author with 100+ publications in numerous conferences, books and journals. His current research interests are diverse, including, mobile communications, smart cards/RFIDS, the Internet of Things, and embedded systems. Keith joined the ISG in 2002, originally as the Founder Director of the ISG Smart Card Centre, following a career in industry working for Pye TVT, Honeywell Aerospace and Defence, Racal Research and Vodafone. Keith is a Chartered Engineer, a Fellow of the Institution of Engineering and Technology, a Founder Associate Member of the Institute of Information Security Professionals, a Member of the Licensing Executives Society and an experienced company director and consultant. He is active in the UK All Party Parliamentary Group (APPG) on Cyber Security and is an adjunct professor at UMBC.

UMBC Cyber Defense Lab

Using CPSA to Analyze Force-Latency Protocols

Dr. Edward Zieglar, National Security Agency

12-1 Friday, 19 April 19, ITE 227

Several cryptographic protocols have been proposed to address the Man-in-the-Middle attack without the prior exchange of keys. This talk will describe a formal analysis of one such protocol proposed by Zooko Wilcox-O’Hearn, the forced-latency defense against the chess grandmaster attack. Using the Cryptographic Protocol Shapes Analyzer (CPSA), we validate the security properties of the protocol through the novel use of CPSA’s state features to represent time. We also describe a small message space attack that highlights how assumptions made in protocol design can affect the security of a protocol in use, even for a protocol with proven security properties.

Edward Zieglar is a security researcher in the Research Directorate of the National Security Agency, where he concentrates on formal analysis and verification of cryptographic protocols and network security. He is also an adjunct professor at UMBC where he teaches courses in networking and network security. He received his master’s and doctoral degrees in computer science from UMBC.

Host: Alan T. Sherman,